The ABC`s of cyber security at the conference in the Polish parliament

Simple reasons like lack of prevention or carelessness may cause problems for local authorities including money loss. Cyber criminals never sleep and attack local authorities too.

A conference on “Cyber security in the local governments” was held on the 12 of April in the Column Hall of the Polish Parliament.  It was organised by the Committee for Local Government and Regional Policy, the Polish Chamber of Information Technology and Telecommunications, the Association of Polish Administrative Districts and the Association of Polish Cities.

Andrzej Maciejewski, Chairman of the Committee  for Local Government and Regional Policy, opened the conference. . In his speech, he emphasised that the conference was held for representatives of business and local governments. The conference is very needed l because the problem of Internet security is coming to the forefront of many discussions.

We were ignorant for a long time but now we have experience. Several municipalities have lost money – the record-holder lost about one million zlotys. Attacks are very simple. They are made possible for simple reasons like lack of prevention, carelessness or negligence – he explained. That is why education on this field is so important. The chairman announced that the Committee will discuss the issue of cyber security in its work. Nevertheless, we must realise that protection of information systems is not so simple. As Andrzej Maciejewski pointed out, to face the issue of Internet security and win this battle, we will need a coalition on practical and legal levels.  

Best practices

This role, among others, should be played by the recent tripartite agreement between  the Polish Chamber of Information Technology and Telecommunications, the Association of Polish Administrative Districts and the Association of Polish Cities. Michał Rogalski, Vice-president of the Polish Chamber of Information Technology and Telecommunications explained that the purpose of the agreement is to create a platform to exchange knowledge on IT and communication technologies, not only concerning new technical solutions but also in relation to implementation and procurement of such solutions. He recalled that the problem of public procurement still exists but positive regulatory changes are being made. These changes facilitate investments by local governments, including IT and communication infrastructure. Nevertheless, the regulations do not govern everything. For this reason best practices are crucial. The new platform should help, exchange experience on how to fight hacking attacks.

Education as a basis

The state of cyber security in Polish local governments was raised by Jan Maciej Czajkowski, the Co-president of the Group for Information Society under the Joint Committee of the Government and Local Governments Commission representing local governments. He emphasised that the issue of cyber security is so important and urgent that it should not be put off. It is the consequence of computerisation. Together with technology development we can also observe the growth in hacking. The more activities local governments undertake for residents, the greater the dangers, including website blocking or data theft.  There are many different threats because local governments not only create their own data bases but also enter data into the central registers. The smaller the entity, the worse preparation for a cyber- attack. The main problem is money. As one expert said, if local governments want to take actions against terrorism they will have to finance this themselves, and  a mainly from current funds which are the most vulnerable according to the Article 243 of the public finance law.  Costs for information security are assigned to the operating budget. Hence,, in opinion of Jan Maciej Czajkowski, the possibility of central support for local governments should be considered.  This expert believes that educational activity – training sessions, standards, guidelines, can be conducted in central-local government relations.. – It is really important, because 90 % of problems related to cyber-attacks are caused by a human factor.  – explained Jan Maciej Czajkowski.

Not only IT specialists

Wojciech Dziomdziora, the Vice -president of the Polish Chamber of Information Technology and Telecommunications, spoke about preparing public entities for cyber-attacks. His explained just how important employee commitment is, not only employees at IT but others , including employees of legal or press departments as well.  According to data collected by the Polish Chamber of Information Technology and Telecommunications , only 11 % of the local government employees have participated in trainings on information security. He gave examples of recent cyber-attacks in Poland experienced by city authorities or the Financial Supervision Authority.

Marcin Spychała from IBM demonstrated various techniques that allow data siphoning from computers or smartphones. WIFI is an example of this threat.

Security of solutions based on cloud technology was explained by Michał Jaworski from Microsoft.

Bartłomiej Michałowski from Orange Polska talked about how  Polish local governments can radically improve cyber-security  He explained the importance of purchasing services from professional suppliers. Janusz Żmudziński from Asseco Data Systems S.A. pointed out cyber-security monitoring.

Joanna Bańkowska and Kamil Galicki representing IKG Technology explained the GDPR regulatory requirements regarding personal data protection. In turn, Marcel Góra from APLaw law offices tried to convince participants to the cyberpolis concept.

On the other hand,  Xawery Konarski and Agnieszka Wachowska, lawyers from Traple, Konarski, Podrecki law offices, talked about the scope of criminal and administrative liability for breaching provisions on cyber-security.

Conference transmission is available HERE.

Editorial assistant Sylwia Cyrankiewicz-Gortyńska