Modern economies are increasingly based on digital foundations – without information technology and reliable network infrastructure, it is impossible to talk about the improvement or fundamental functioning of the state today. The provision of cybersecurity has so become a prerequisite for maintaining the stableness of the country's operation – its absence could mean paralysis of the basic functions of socio-economic life. Just imagine blackout Energy caused by a hacking attack: electronic payment systems halt operating, stores shut down, supply chains break down and communication dies. Screenplays that erstwhile resembled science fiction – known for example from the series “Zero Day” or German “Blackout“ present they are becoming more real. Just mention the Stuxnet attack on the atomic power plant or the expanding number of intelligence operations conducted in cyberspace. Cybersecurity has ceased to be a domain exclusively of ICT experts – present it is simply a strategical issue that determines the sovereignty of the state, its economical stableness and the safety of citizens. Poland, if it wants to play a regional leader, must give precedence to this area.
Cybersecurity has ceased to be a domain exclusively of ICT experts – present it is simply a strategical issue that determines the sovereignty of the state, its economical stableness and the safety of citizens.
Technological dependence and State safety
One of the key directions to strengthening cybersecurity is the improvement of the national ICT sector – not only an chance to accelerate economical growth, but above all a essential condition to keep full sovereignty. Edward Snowden's communicative has made us aware of the scale of NSA surveillance, cases of U.S. usage of gaps in abroad software or spying on European politicians. Even close allies do not hesitate to usage intelligence tools against partners. Poland must so make its own exploratory capacity – both method and analytical – and be independent of the infrastructure under the jurisdiction of abroad countries. In this context, it should be stressed how worrying the usage of tools specified as Israeli Pegasus for surveillance not only of criminals, but besides of Polish journalists and politicians was a precedent. In modern cyberspace, the rule “trust no one” should be an iron rule.
For this reason, Poland should introduce independent control over technological purchases, support the improvement of native software and strengthen national competences in the field of detection and analysis of malicious code. A peculiarly crucial threat is the deficiency of control over government communications. If abroad services have access to correspondence from Polish decision-makers, they can influence policies, blackmail or manipulate. It's a real hazard of losing sovereignty. Therefore, public authorities should be able to communicate utilizing infrastructure under the supervision of the State, utilizing safe cryptographic protocols and solutions.
Critical digital infrastructure and competences
Poland must besides urgently catch up with the construction of an integrated PPDR communication strategy (Public Protection and Disaster Relief) — the communication infrastructure for emergency and uniform services. The deficiency of specified a nationwide, disruptive and independent strategy for police, fire department, ambulance or military is simply a major loophole in national safety architecture. Poland, as 1 of the last European Union countries, has inactive not implemented a modern and coherent solution in this area.
If we are serious about digital sovereignty, we must trust on the "trust no one" rule. Developing your own competences, home production capacity and maintaining control over the infrastructure. Without national ICT and safe government communications, the state is exposed to external influence, surveillance and failure of independence.
Meanwhile, global experience shows that the introduction of PPDR systems in the public-private partnership model can benefit twice: to strengthen citizens' safety and to drive economical development. Like the American FirstNet or the British ESN, Poland could build a network core that ensures safety and reliability, while telecommunications operators, selected by tender, would be liable for providing coverage and access infrastructure. This would enable synergies between the public and private sectors, reduce costs and increase investment efficiency.
The improvement of the national PPDR strategy could become a telecommunication equivalent of the CPK – an impulse for the native technological sector. It would open up a space to build competences, make jobs, make intellectual property and modernise solutions for critical sectors. It could aid break the long-term deadlock in the implementation of state systems specified as LTE 450 for energy and GSM-R for railways. Examples of South Korea and another countries show that integrated implementation of critical communication systems is not only possible but besides cost-effective – for the safety of the state and its economy.
We must remember that even the best-protected communication strategy and state-of-the-art equipment do not warrant safety if the human origin fails. The top cyber threats should be seen, not in the area of computers and algorithms, but in the sphere of human influence – indifference, bad habits and deficiency of awareness of users are serious threats to the full system. An example of an email incidental involving Michał Dworczyk showed how disastrous the effects of effective phishing And disregarding basic cyberhygiene. In today's realities, attackers do not gotta break complex safety features – only a weak password, utilized in many places, deficiency of two-component authentication or click on a false link.
The deficiency of an integrated communication strategy for services is simply a safety gap which Poland urgently needs to close. The improvement of national PPDRs may not only strengthen citizens' protection, but will give impetus to innovation, the economy and the restoration of technological sovereignty.
Mandatory cybersecurity training for all public sector workers seems necessary. Their completion should be treated as a circumstantial "driving right" to travel in cyberspace. The work to usage binary authentication should besides be popularised, as well as regular audits and investigating of the resilience of IT systems. The investigation of Digital Poland Foundation shows1 on a typical group of Poles, as many as 45% of us are gaining on personalized campaigns Phishing – is simply a statistic that requires an immediate organization and educational response.
The digital sovereignty dimension besides has a direct impact on defence issues. It is estimated that already present about 25% of military equipment are digital components – from guidance systems, through control software, to integrated communication environments. Experiences from the war in Ukraine show that unauthorized access to specified systems can lead to their distant deactivation or to manipulation of the parameters of weaponry operation. Therefore, Poland must have national capabilities to analyse origin codes, certification of equipment and control of critical digital components in the military.
The top cyber threats must be seen, not in the area of computers and algorithms, but in the area of human influence – indifference, bad habits and deficiency of awareness of users are serious threats to the full system. Sometimes a weak password, a deficiency of two-component authentication, or a false link.
This is simply a good example of Israel, which, erstwhile purchasing F-35 Adir fighters, negotiated the right to modify their software and full control on board IT systems. This shows that digital sovereignty is possible even in relations with the largest arms partners – if the state can clearly specify its needs and enforce them in negotiations. Poland cannot stay a passive recipient of technology without any influence on its operation, as is the case in any Gulf states.
In order to avoid this, investments are needed in the improvement of the indigenous defence manufacture and dual-use technology – especially in areas specified as drones, artificial intelligence and advanced electronics. These areas not only increase defence possible but can besides become a catalyst for economical development, if they are based on national know-howinnovation Deeptech and results of investigation conducted by Polish universities and investigation institutes.
European road to digital resilience
Strengthening Polish digital sovereignty should be done not only by developing national competences and systems, but besides by actively participating in creating a European alternate to technological solutions outside the EU. Poland, together with another associate States, should make an ICT sector based on European standards and values. More importantly, statistic and analyses show how many threats are associated with widely utilized non-European equipment and software – specified as Fortinet or Palo Alto2 contains a number of critical safety gaps. Andrew Grotto, erstwhile manager of cybersecurity policy in Obama and Trump administrations, openly pointed to Microsoft as a possible threat to US national safety – due to the monopolistic spread of Windows systems and shortcomings in safety policy3.
Loud incidents – like last year's CrowdStrike strategy failure, which paralyzed millions of devices – remind how risky it is to depend on closed, centralised solutions. Poland should gradually decision distant from specified ecosystems, advance open source, support the improvement of national and European solutions and diversify technological cooperation, in peculiar for non-EU companies.
The threat concerns not only infrastructure – besides data. American regulations, specified as Cloud Act4 whether the celebrated section FISA 7025 , let U.S. services to access data stored in the cloud, regardless of their physical location. This represents a real threat to Polish public institutions utilizing popular cloud services. Therefore, Poland should make a safe government cloud and support the creation of European infrastructure, for example through initiatives specified as Gaia-X6. The fresh Data Act, which will enter into force on 12 September, could service as a tool to enforce compliance with European standards in public tenders.
In parallel, national rules must be harmonised with EU law. The implementation of the NIS2 directive on minimum cybersecurity standards is an chance to establish consistent rules in all the associate States of the Community. The amendment to the National Cybersecurity strategy Act should not only comply with EU requirements but besides be in line with the rules applied by another countries. This will give Polish companies easier access to another EU markets, simplified certification procedures and greater competitiveness. Harmonised and transparent rules will reduce the hazard of corruption and guarantee greater predictability in decision-making processes. This is peculiarly crucial in the context of the global departure of certain countries from effective anti-corruption regulations.
Digital sovereignty of Poland requires not only the improvement of national competences, but besides active participation in the process of creating a European technological alternative. Only a strong, resilient and digitally independent state can effectively defend its data, institutions and society from external force and information manipulation.
A hybrid war cannot be overlooked in the cybersecurity debate. Modern cyberspaces are not only networks and data, but besides a battlefield for information. Disinformation, impact campaigns and social media manipulation can truly influence political and social decisions. An example of a brexite referendum shows that false content can form the course of history. Poland, which is at the interface of geopolitical interests and is the mark of many information operations, must build social resilience to specified activities. This requires a thoughtful crisis communication strategy, support for independent organisations fact-checking and real regulation for digital platforms – for both fast removal of false content and transparency of moderation or countering manipulation.
At the same time, long-term learning programmes should be conducted in the field of manipulation, critical media content analysis and the improvement of information competences, especially among young people. Only a conscious, resilient and competent society can successfully defy the tools of cognitive war.
1See https://digitalpoland.prowly.com/355483-65-polakow-worry-s-about-your-security-in-internet-new–report–Foundation-digital-Poland–reveals-growth–Hazards-w-networks [access online].
2See https://www.inc.com/kit-eaton/why-a-former-white-house-cyber-director-called-microsoft-a-national-security-risk.html [access online].
3See https://www.inc.com/kit-eaton/why-a-former-white-house-cyber-director-called-microsoft-a-national-security-risk.html [access online].
4See https://www.politico.eu/article/france-wants-cyber-rules-to-stop-us-data-access-in-Europe[ Gasps ]access online].
5See. https://www.eurnews.com/next/2024/06/01/heres- -what-a-us-surveilance-law-means-for-european-data-privacy [access online].
6 Zau. https://gaia-x.eu/ [access online].
