From: mk_thisisit
Poland has been recognized globally for its cyberspace defense forces, placing sixth in a key index of cyberspace defense capabilities and being the only country mentioned by name in that assessment [00:00:01]. The nation is often referred to as the “digital heart of the army” [00:00:07], or even its “nerve” due to the critical role of communication in military operations [00:39:37]. Poland’s strength in this domain is attributed to intellectual prowess and creative thinking [00:00:15].
Establishment of the Cyberspace Defense Forces (CDF)
General of Division Karol Molenda, commander of the Cyberspace Defense Forces (CDF), was appointed to lead this critical area of digitalization and cybersecurity [00:00:54]. Cybersecurity is considered a vital field, especially in the context of hybrid warfare [00:01:18].
NATO’s Role
The importance of cyberspace for state security and defense was highlighted by a NATO summit in Warsaw in 2016 [00:02:11]. At this summit, it was decided that cyberspace should be treated as an operational domain on par with land, water, and air [00:02:17]. Each NATO member state committed to building capabilities to defend this domain [00:02:27]. This decision was influenced by past cyberattacks, such as the paralysis of Estonia’s infrastructure [00:02:57].
Consolidation
Prior to the establishment of the CDF, Poland’s cybersecurity capabilities were scattered across various units, including the National Center for Cryptology and the Information Technology Inspectorate [00:03:20]. These units often prioritized either functionality or security, making it difficult to find a balance [00:03:59]. In 2019, General Molenda was tasked with consolidating these resources under one roof, leading to the creation of the National Cyberspace Security Center [00:04:06]. This consolidation was performed without interrupting any existing processes or services, akin to “building airplanes in flight still with a fire on it” [00:04:35].
Cyber Threats and Modus Operandi
Poland’s military systems are a “tasty morsel” for groups operating under foreign special services, particularly those from countries like Russia, such as APT 28 and APT 29 [00:04:54]. The interest in Polish systems has multiplied five times in the last year, especially since the war in Ukraine, as Poland is a major logistics hub and the second-largest donor of armaments to Ukraine [00:05:26].
Attack Methods
Every day, Polish systems are subjected to attempted attacks [00:06:04]. Most often, human elements are exploited through social engineering, including phishing and spear phishing, to convince users to click on malicious links [00:06:08]. The CDF’s analysts focus on understanding the tactics, techniques, and procedures (TTPs) of opponents [00:06:43].
The CDF sometimes employs a strategy where opponents believe they have penetrated Polish systems, but are actually in controlled environments designed to gather information on their tools and techniques [00:07:11]. This allows Polish analysts to identify the authors of malicious code and predict their future actions [00:09:12].
Poland’s Cyber Capabilities
Poland’s Cyberspace Defense Forces are authorized to conduct operations across the full spectrum of cyberspace [00:07:51].
Defensive Operations
Defensive operations (ASR) are a primary focus [00:08:03]. The CDF proactively searches for adversaries in their networks, assuming that something is always happening [00:11:36]. They use computer forensics and monitoring to detect unusual activities [00:12:16]. Poland has not experienced incidents involving the extraction of data from its sensitive, classified military systems [00:29:51]. Attempted attacks, such as users clicking on malicious links, are caught and stopped daily by security departments [00:30:04]. The hardening of systems and ensuring visibility of protected resources are key to this success [00:31:05].
Offensive Operations
The CDF builds teams with the necessary competences and tools to conduct offensive operations [00:12:44]. These capabilities are developed to enable an adequate response in the event of an attack on the country, recognizing that a purely defensive posture is insufficient [00:12:57]. Poland has achieved certain capabilities in offensive action [00:47:43].
Talent and Expertise
Poland’s CDF leads the largest group of cybersecurity experts in the state administration, characterized by unconventional thinking and creativity [00:08:36]. They develop their own tools to understand opponents [00:09:03]. To foster talent, Poland has increased admissions to military academies in cybersecurity, established a military General Secondary School of Information Technology, and launched “cybermix” classes and Academic Legions [00:40:19]. Recruitment focuses on attracting young individuals “hungry for knowledge” [00:42:04] rather than competing solely on salary [00:40:41]. Soldiers in cybersecurity roles receive special allowances defined by the Minister of National Defense and teleinformatic benefits, which help retain talent [00:41:12].
The CDF emphasizes teamwork, with leaders coordinating teams and encouraging brainstorming [00:48:02]. The team is composed of officers, police officers with industry experience, and security professionals [00:21:45]. Most officers in the CDF structures hold Master of Science degrees in computer science, cybersecurity, or cryptology [00:38:36]. The youngest members hold the rank of private, and all wear uniforms and have military ranks [00:37:38]. They operate in various locations across Poland, including Legionowo (main headquarters), Gdynia, Olsztyn, Bydgoszcz, Krakow, and Warsaw [00:36:22].
Technological Innovation
Poland is heavily investing in emerging technologies like machine learning, artificial intelligence, quantum computers, and quantum communication [00:22:57]. The goal is to leverage these advancements while also being aware of their impact on the security of existing solutions [00:23:29]. The CDF has a dedicated department for innovation [00:23:38]. In cryptology, the focus is on building encryption solutions for classified information, ensuring they meet certification parameters and use algorithms resistant to a post-quantum reality (Quantum Save) [00:24:04]. Quantum entanglement is explored for generating cryptographic keys that are theoretically resistant to eavesdropping, with any disruption being immediately noticeable [00:25:00].
International Cooperation
Poland actively shares its knowledge and experiences with partners. The CDF aims for “win-win” collaborations where all parties exchange information [00:18:20].
US and Israel
Polish soldiers are trained by the Israeli army [00:00:12], known for their cybersecurity experience [00:42:40]. Cooperation with the United States military services and US Cyber Command began in 2019, building trust relationships [00:17:48]. In 2022, the commander of the US Cyber Command appointed General Molenda as the chairman of the Cyber Commanders Forum, an international discussion forum, to present the “Polish way” of building a cyber command [00:35:01][00:50:25]. The next meeting of this forum will be held in Krakow in October [00:51:16].
Ukraine
As an ally, Poland is gaining and sharing significant experience with its Ukrainian partners [00:55:55]. Polish soldiers have trained Ukrainian soldiers in cybersecurity, sharing knowledge about the TTPs of APT groups operating in both Poland and Ukraine (often Russian special services) [00:15:59]. Ukrainians have openly acknowledged that information from Poland helped them counteract various cyberattacks [00:16:19].
Big Tech
Poland has signed cooperation agreements with “Big Tech” companies to enable expert-level dialogue between CDF experts and their private sector counterparts [00:16:54]. This involves reciprocal information exchange: Poland receives advance information about vulnerabilities in products and ongoing solutions, while it informs creators of services about vulnerabilities or zero-day exploits being used by opponents [00:18:30]. This public-private cooperation is crucial for cybersecurity, as no single entity can win alone [00:19:32].
Challenges and Future Outlook
Legal Aspects
Defining when cyber resources can be used, especially since Poland is not in a state of war, remains an issue requiring further legal clarification [00:13:45]. There were initial legal arguments against military involvement in cyberspace due to the traditional understanding of armed forces defending borders [00:14:37]. The Act on the Defense of the Homeland, however, specifically defined the CDF as a specialized component authorized to conduct full-spectrum operations [00:07:43].
Talent Management
A significant challenge is maintaining experts within the country, as the private sector can offer more competitive salaries [00:32:57]. However, the unique challenges, continuous development opportunities, and the patriotic service to the homeland attract and retain talent in the CDF [00:41:40].
Awareness and Training
User awareness is another factor in security [00:33:03]. The CDF conducts active training and awareness campaigns, including “pulp timing” and “Red timing” exercises, to test users’ security levels and provoke them into making mistakes, which helps them learn [00:33:32].
Future Readiness
While the initial declaration for Poland’s Cyber Army was readiness by the end of 2024 [00:45:54], the CDF did not wait and has been actively building capabilities [00:46:09]. Combat readiness in cybersecurity is an ongoing process [00:46:33]. Poland’s performance in international exercises, such as Lock Shields, where they secured third place this year and second place last year, demonstrates the maturity and potential of Poland’s cyberspace defense forces [00:47:12]. The CDF operates 24/7, acknowledging that attackers do not adhere to regular working hours [00:45:09].
Leadership
General of Division Karol Molenda was entrusted with building the Cyberspace Defense Forces in 2019 [00:21:28]. His experience in military counterintelligence, where he co-created cybersecurity and cyber counterintelligence departments from 2006, proved beneficial [00:20:23]. The recent promotion of General Molenda and his deputy to general ranks on the same day is seen as a recognition of the CDF’s effectiveness and functioning [00:52:50]. Poland continues to learn from the war in Ukraine to further enhance its cybersecurity [00:53:21].