From: mk_thisisit
General Karol Molenda, commander of Poland’s cyberspace defense forces, was appointed to this role in 2019 to consolidate the military’s cybersecurity resources [04:11:17]. His mandate focused on establishing a robust framework for cyber defense and offense [11:27:29].
Evolution of Poland’s Cyber Defense
In 2016, at the NATO summit in Warsaw, a decision was made to treat cyberspace as an operational domain, alongside land, water, and air [02:11:13]. This commitment required each NATO member state to build capabilities to defend this domain [02:27:29]. The decision was influenced by historical attacks, such as those that paralyzed Estonia [02:57:59].
Before consolidation, the Polish Army’s cybersecurity capabilities were scattered across various units, including the National Center for Cryptology and the Information Technology Inspectorate [03:22:25]. This fragmented structure made it difficult to balance system functionality with security [03:59:02]. The consolidation process in 2019 aimed to bring these resources “under one roof” [04:06:08], leading to the creation of the National Cyberspace Security Center [04:51:52]. This process involved merging two large units without interrupting any ongoing services, akin to “building airplanes in flight” [04:39:42].
Proactive and Offensive Capabilities
The approach to cybersecurity within the Polish forces is highly proactive, actively searching for adversaries in the network rather than waiting for incidents [11:27:29]. Teams are dedicated to “hunt for the enemy” using knowledge from international cooperation and computer forensics [12:01:05].
The cyberspace defense forces are authorized to conduct operations across the full spectrum of cyber warfare, which includes defensive (ASR), intelligence and reconnaissance (Cyber Reconnaissance), and offensive cyber operations [07:53:55]. This includes intentionally allowing adversaries into controlled systems to learn their tools and techniques [07:18:00]. The goal is to be “one step ahead” of the opponent [06:00:02].
While a legal framework for the use of offensive cyber resources is still being clarified, the capability has been built [13:45:00]. This offensive posture is seen as crucial, as an opponent who knows their adversary can only defend gains an advantage [13:07:08].
Key Threats and Opponent Intelligence
Polish military systems are frequent targets for advanced persistent threat (APT) groups, particularly those operating under the aegis of foreign special services, such as Russia’s APT 28 and 29 [04:57:59]. The interest in Polish systems has intensified since the war in Ukraine, given Poland’s role as a logistics hub for aid and a significant donor of armament [05:26:00].
Most attacks utilize social engineering, such as phishing, to trick users into clicking malicious links [06:08:00]. Analysts focus heavily on understanding the tactics, techniques, and procedures (TTPs) of these opponents, to the extent that they can often identify the author of malicious code based on its characteristics [09:12:14]. This deep understanding allows for effective defense and counteraction [09:03:00].
Despite frequent attack attempts, especially against classified military systems, there have been no successful extractions of sensitive data [29:51:52]. The ability to detect and stop attacks quickly, often within 60 days of theoretical penetration, distinguishes Poland from many other entities [30:30:33]. This success is attributed to hardening systems, ensuring visibility of assets, and continuous monitoring [31:06:00].
International Cooperation and Information Sharing
A key aspect of Poland’s cybersecurity strategy is collaboration and information exchange. There’s a cultural shift in Poland towards sharing threat intelligence to build a robust cybersecurity ecosystem [09:47:00]. Weekly meetings among key cybersecurity stakeholders, including military and government representatives, facilitate this [10:16:18].
International cooperation is based on trust and a “win-win” principle, where partners mutually share information and experience [17:58:00]. Agreements have been signed with US military and intelligence services since 2019, building long-term trust relationships [17:40:00]. Cooperation also extends to big-tech companies, allowing for early sharing of information on vulnerabilities in their products and vice versa [18:27:00].
Poland also shares its experience and knowledge with partners, notably training Ukrainian soldiers in cybersecurity and sharing TTPs of APT groups [15:55:00]. This exchange was acknowledged by Ukraine as instrumental in counteracting attacks [16:19:00].
General Molenda was appointed chairman of the Cyber Commanders Forum by the commander of the US Cyber Command, showcasing Poland’s leadership in presenting its successful approach to building a cyber command [50:25:28].
Talent Management and Training
The strength of Poland’s cyber defense lies in its intellectual and creative thinking [00:15:16]. The forces recruit and foster a large group of unconventional and creative experts in cybersecurity, arguably the largest in Polish state administration [08:36:00]. The strategy involves not only recruiting from the military but also bringing in talent with experience from police units and the private sector [22:05:00].
To attract and retain talent, special allowances were introduced for soldiers in cybersecurity roles in 2020 [41:12:00]. Additionally, teleinformatic benefits, dedicated to state administration personnel dealing with cybersecurity, help maintain staff [41:22:00]. These benefits can amount to up to 45,000 gross PLN per month [44:11:00].
Beyond financial incentives, the primary motivation for joining the cyber defense forces is the unique level of challenges and unlimited access to development opportunities [41:48:00]. Soldiers are trained by the best in the world, including the US and Israeli armies [42:28:00]. The sense of patriotism and being part of something larger that truly matters also plays a significant role in retention [42:55:00].
The forces actively work to increase user awareness through “pulp timing” and “Red timing” activities, which involve provoking users to test their security behavior, similar to phishing campaigns [33:36:00]. This helps improve awareness even among management staff [34:27:00].
Future Challenges and Innovations
The Polish cybersecurity forces are investing heavily in emerging technologies, such as machine learning, artificial intelligence, quantum computing, and quantum communication [22:57:00]. These technologies are explored for both their potential advantages in defense and the new security threats they may introduce [23:29:00].
In cryptology, the focus is on building encryption solutions that meet classified information parameters and are resistant to a “post-quantum reality,” using concepts like “Quantum Save” algorithms [24:04:05]. Quantum entanglement, for instance, can generate cryptographic keys theoretically resistant to eavesdropping, with any disruption being immediately noticeable [25:02:00].
However, despite advanced technologies, the most common vulnerabilities still stem from a lack of basic security foundations and “hygiene” in many places, often due to user actions [25:56:00].
Poland’s Position in Global Cybersecurity
Poland is ranked sixth globally in the index of cyberspace defense forces [00:01:01]. This position was notably ahead of countries like Great Britain, which allocates significant resources to cybersecurity [28:16:00]. The Polish cyberspace defense forces have consistently performed well in international exercises, achieving third place in Lock Shields (the world’s largest cybersecurity exercise) this year and second place last year [47:14:00].
The “digital heart” of the army, as it is called, is the cyberspace defense forces, which are integral to the functionality and security of all modern military equipment and communication [39:33:00]. The command operates 24/7, recognizing that attackers do not adhere to traditional working hours [45:09:00]. While full combat readiness for the “digital army” was initially projected for the end of 2024 [45:54:00], capabilities are being acquired and refined daily, with readiness already achieved in many areas [46:33:00].
The development of Poland’s cyber command benefited significantly from learning from US experiences and avoiding their mistakes, allowing Poland to build its command in three years compared to the USA’s ten [49:22:24]. Poland’s unique approach serves as a model for other nations [50:46:00].