With Ukraine in mind, Poland turns its attention to shoring up cyber-defences
With the crisis in Ukraine putting a constant strain on relations between the European Union and Russia, Poland has been busy upgrading its military infrastructure. Improvements to the country's cybersecurity capabilities are being taken seriously by the Polish government, a director of the country's National Security Bureau told ZDNet.
It's no coincidence that one of the main themes of this month's NATO summit was cybersecurity. As is the case with traditional military assaults, it's chiefly the newer NATO member states, especially Poland and the Baltic countries, that are the most likely to become a front in any future cyberwar. Estonia, for example, experienced attacks on its public institutions way back in 2007, with Russian intelligence services considered the prime suspect.
Smaller scale incidents have been reported more recently. This summer, Poland got a scare when it detected spyware on IT systems used by its energy infrastructure. The systems were thought to be one of a number of European and American targets of a hacking group with alleged ties to the Russian government.
A warning shot
Even though the attack, dubbed Energetic Bear, was aimed at gathering information rather than outright sabotage, it has been cause for concern among Polish government institutions, Krzysztof Liedel, deputy director of the National Security Bureau's Department for Legal and Non Military Affairs, told ZDNet.
Despite "not having suffered too much damage from the aforementioned attack, we strive to improve our security whenever we can", he said. "Building independent communication and control measures, [and] gaining sovereign control over those that are not national products, are among the first and most important priorities recognised in the process of counteracting modern threats. Personal and technological information security and the proper shaping of SOPs [standard operating procedures] regarding those areas also come to mind in this context."
Concerns over Poland's energy sector are particularly well-founded. Pawel Nierada, an energy expert at the conservative think tank Sobieski Institute, told me back in 2012 that the Polish energy network is organised in large blocks (mostly coal) that generate electricity for relatively large areas. This contrasts with, for example, the network in Germany, which has a more localised approach with many gas-powered blocks.
In the context of cybersecurity, that would mean successful introduction of a piece of malware into one facility could have dire consequences for Poland's electricity supply, as Nierada added in an interview with broadsheet Rzeczpospolita in the summer. North of the Warsaw-Poznan line, "we only have two electricity plants. One of them is being closed down", he said.
"The energy security of the whole north of the country would then be dependent on energy transfer from the south. A disruption at two large energy points could be enough to leave half of the country without power."
Bolstering defences
It's one of the reasons why Polish institutions are focusing much of their efforts on cybersecurity. Other types of threats are also being tackled: Liedel mentions phishing campaigns directed against public bodies, and of online scammers impersonating public institutions.
According to Liedel, the first step was a question of legal definition. The process began a few years back when the term 'cyberspace' was defined in the Polish legal system, he said. "This milestone has been followed by creation of the Cyberspace Protection Policy of the Republic of Poland," an analysis that was a part of the National Security Bureau's Strategic National Security Review.
The review was designed to create practical security guidelines for public administration users, and was the start of the creation of the Polish Cyber Security Doctrine. Those involved in the initiatives included the Ministry of Administration and Digitisation, Ministry of the Interior, Ministry of National Defence and the Internal Security Agency, Liedel said. It's from their budgets that most of the fight against online attacks is funded, though he declined to give figures. Liedel said he couldn't be too specific about the contents of the doctrine, but added it is scheduled to be released before the end of the year.
Poland's geopolitical situation, which is exemplified by the events surrounding neighbouring Ukraine and tough talk towards Eastern NATO members from the Kremlin, is also a reason to take the subject seriously.
"We are closely monitoring the developments in Ukraine and take into consideration potential threats rising in connection with it," Liedel said. He warned that such threats are not confined to newer members of NATO or the European Union either, as seems to be a common assumption. Because of that, cooperation between allies is extremely important, Liedel added: that's why why Poland joined NATO's Cooperative Cyber Defence Centre of Excellence (CCDCOE) in 2011.
"As for Polish CCDCOE activity we aim at full participation in capacity building and creation of common cyber-defence standards. Interoperability among NATO allies is the key factor in achieving the cybersecurity of the transatlantic region."
However, Poland is still mostly focusing on internal solutions. Earlier this year, Polish defence institutions made a deal with a number of technical universities to start developing their own cryptography systems.
Poland has also been making efforts to secure its phone lines, a move that has been further spurred on by Ukraine-related incidents.
Numerous phone calls between officials have already been eavesdropped on by intelligence agents and (selectively) distributed to news agencies and propaganda institutions. Examples include a call between the American Assistant Secretary of State Victoria Nuland and the US ambassador to Ukraine Geoffrey Pyatt, a call between Estonia's foreign minister Urmas Paet and the EU's foreign affairs chief, Catherine Ashton as well as unconfirmed calls between militants and Russian officers in Eastern Ukraine discussing how they downed the Malaysian Airliner in July.
"Poland puts much emphasis on the implementation of systems of secure communication — on the legal as well as technological level," Liedel claimed. The latter is, he said, "best represented by introduction of CATEL, [a] confidential telephone and electronic communication solution". CATEL is a phone security system in use by Polish security agencies since at least 2011.
However, there are still a number of elements of Poland's information security policies that need work. This summer, a number of politicians and businessmen have been put to shame after private conversations have been taped in a number of high-class restaurants in Warsaw, with transcripts of the tapes published in a weekly magazine. Again, Russian involvement is suspected.