Email affair. Cieszyński: This mailbox hack path is closed

By drzwioknarzeszow08/04/2023939 Views

Let's start with the foundations: why is there a question of building a 5G network in the Cybersecurity Act at all?

Advertising

Janusz Cieszyński, Secretary of State, Government Plenipotentiary for Cybersecurity: Undoubtedly, ensuring secure communication for key state institutions is an element of cybersecurity. We are always as secure as the weakest point is vulnerable. For example, at home: so what if we install a very expensive, good lock, since it will be very easy to enter through a window in which there will be no security. We also need to strengthen ourselves on every level and one of them is the communication system. A specific solution is to create a security network operator, and that is why we decided to include it in the Cybersecurity Act.

When can this law come into force?

This is a complicated legal act and therefore the works will probably not be express. We also want to discuss this project. We organize additional consultations with the market, we submitted it for consideration to the Committee for Security and Public Order, and then the Standing Committee of the Council of Ministers. I would like the government to pass the act this year, and then we will have work in the Sejm. We want these regulations to come into force as soon as possible, but it is definitely worth fine-tuning it and not necessarily focusing only on the pace of the proceedings.

PolitykaE-mail scandal. "Intuitively - Duda can gain claim voters"

More e-mails have been published on the network, which - allegedly - come from the e-mail box of the head of the Chancellery of the Prime Minister Michał Dworczyk, the content of which was intercepted by hackers, which was revealed in June. This time the correspondence concerns the strategy in Andrzej Duda's presidential campaign in 2020.

Advertising

So the chances that it will come into force from the beginning of next year are small.

They are null. It is enough to look at the calendar and the work regulations of the Council of Ministers to know that the end of this year is not mathematically tight.

In addition to the establishment of the Polish 5G company itself, the key moment in the act is the auction. This is what the market is waiting for.

The President of the Office of Electronic Communications declared that when this act passes the stage of the Standing Committee of the Council of Ministers, for him the legislative work is sufficiently advanced to publish the documentation necessary to start the auction.

Self-promotionDouble your subscriptions

Buy a quarterly e-subscription and we'll extend your subscription period

BUY NOW

Why do you think 5G has been so delayed in recent years?

This first auction has been canceled due to security concerns just not being addressed. I think it is quite obvious that for the security of the state these doubts must be dispelled. There are also voices - although I believe that they are not legitimate - that this is connected with various types of geopolitical games. It is also heard that this is a law that is aimed against some suppliers ...

Advertising

Isn't it?

Not at all. If someone wants to find a law that is aimed against other suppliers, you don't have to look far - just go to Lithuania, where the regulations clearly state that countries outside the European Union, NATO and OECD simply cannot provide such infrastructure. Our law says that there are clear criteria, there is an administrative procedure that allows you to appeal to the court against the decision. The entire process is carried out based on the opinions of experts from teams responsible for responding to cybersecurity incidents. The process is expert to the core and we have it written down in the regulations, and there is an accusation that all the people involved in it are somehow related to politics. I have sad news for some commentators: there are no positions in the executive branch in Poland that are not filled in some procedure with the participation of people who are elected politicians. This is the essence of democracy, but it is enough to look honestly at who works in the institutions responsible for cyber security - these are people with several years of experience and international recognition. Experts working for Poland with no connection to politics.

PolitykaE-mail scandal. "You have to find a motive and indicate the guilty"

More e-mails have been sent to the network, which are supposed to come from the mailbox of the head of the Chancellery of the Prime Minister, Michał Dworczyk. The published correspondence is supposed to concern the government's reaction to the attacks on Prime Minister Mateusz Morawiecki.

But you will admit that the topic of 5G is delicate and appears in geopolitics.

Of course it appears, because it is the foundation of how we will develop as a country. And we realize, not only in the case of 5G, that technology, like capital, has a nationality. Everyone already knows that talking about companies focused solely on profit and not taking into account the interests of their home country is neoliberal fairy tales. No point in refuting it again.

And this statutory procedure for recognizing a supplier as a high-risk supplier in the course of government legislative work, can it still be changed in the Sejm?

These are such technical matters that to say that we will definitely not change anything would show a lack of imagination. Very often, entities from the market, but also from ministries, receive very interesting and worth taking into account comments. However, as a rule, I do not see a situation here that there is any dispute, any two ways.

Aren't you afraid that this law will not fall victim to the so-called silo?

This is an act that, in another area, i.e. the establishment of the Cybersecurity Fund, has an element that, in my opinion, means that many stakeholders should strive for its adoption as soon as possible. One of such fundamental challenges in the area of cybersecurity is to ensure that state institutions can develop at the same pace as the private market. It is not surprising today that a cybersecurity expert in a commercial company earns tens of thousands of zlotys a month and at work uses tools or services for which millions of dollars are paid. Today, the state has no tools to compete with it. And the Cybersecurity Fund will change that.

So, for example, that high-class specialists work for market rates in government institutions, is this a sine qua non condition for the government's cybersecurity to be at a higher level?

This is a condition for us to maintain cybersecurity at a level not worse than today. I hope it can be improved too, but you have to look at the facts. You can talk to any person who works in these units and they all say one thing: if an offer comes from outside, the problem becomes to keep those people in whose development, upbringing and teaching certain things we have invested a lot of resources. And it's not even a matter of a young MUT graduate wondering whether he will go to the office or to business, it's just a matter of keeping the experts we have today.

Advertising

And to what extent is this law a response to what happened this year, i.e. the matter of e-mails?

Email scandal. Cieszyński: Yeah mailbox hacking path is closed

As I said - in the cybersecurity system, we must ensure that all links are evenly strengthened. Similarly here, we must ensure that all these institutions develop harmoniously and in cooperation. I think that the creation of this Cybersecurity Fund and the remuneration network for experts in this field will make us better able to respond to the challenges that arise around the world and also in Poland. The fact that we had the situation we had in June means that most political forces - those that look responsibly at the future of Poland - should not question certain things. I hope that will be the case.

PolitykaMail scandal. The head of Nowoczesna submits a notification to the prosecutor's office

The chairman of Nowoczesna, Adam Szłapka, submitted a notification to the prosecutor's office about the possibility of committing a crime, including by Prime Minister Mateusz Morawiecki and the head of the Chancellery of the Prime Minister Michał Dworczyk. The case is related to the e-mail scandal.

Will there be good enough coordination after the introduction of this law? Who will be on the front line if needed?

I think this coordination and collaboration is my most important job as a cybersecurity officer. I put a lot of time into it and we already have the first effects of this teamwork. This applies, for example, to the provisions on the Cybersecurity Fund, which we have developed together among all interested parties, all institutions that deal with cybersecurity in Poland. This act is proof that we are open to this cooperation, because each of these institutions will find something for themselves in it.

Advertising

There is an American saying "the buck stops here". So when it comes to cybersecurity, it's in your office.

That's how it can be defined from the political side. But we are talking about an area of life where everything is on the shoulders of experts. My task is to provide these experts with the conditions to be able to perform these tasks well and that there are mechanisms that will allow this cooperation to actually take place.

By the way, what happened when it comes to the security of the most important people in the country, e.g. parliamentarians after the e-mail case exploded. Training and more were announced.

Yes. During these trainings, in addition to knowledge, we also provide such keys for two-factor authentication. And the training itself continues. We had a test series during which representatives of all parliamentary clubs were trained and everyone agreed that these trainings were good. We have good cooperation with the Sejm, we will gradually provide parliamentarians with both the knowledge and the keys to two-factor authentication.

Has the path that was used in this June crisis, in this series of hacks, closed down?

This path yes. But life abhors a vacuum and new ones are opening all the time. It's like a fight between policemen and thieves that has been going on since the beginning of time. When one gate is closed, it quickly turns out that the other side comes up with new ways. Does that mean you should give up, not install locks on your doors, don't set a PIN on your phone? Of course not. Our role is to ensure that the rate of transfer of knowledge about threats is at least the same as the rate of aggravation of these problems and threats.

Do you see departmental silos?

If something can't be done, it's always convenient to say that it's the fault of silos, because these silos have no face, they are just a black hole into which great projects fall. I think you just have to do your own thing and overcome these problems. This is real. I remember when in my previous role, when implementing solutions in the field of e-health, there were also a lot of problems. But in the end, we managed to overcome them, mainly thanks to the fact that we simply explained to our partners what we meant and why we wanted to go in a given direction.

But since we are talking about e-health, by transferring it to another sphere, e.g. housing, we have not been able to create such a system there.

I don't want to talk about housing, because I haven't dealt with it. But with e-health, it certainly helped that I had support from many sides. Prime Minister Mateusz Morawiecki spared no means, and the then chairman of the Standing Committee, Deputy Prime Minister Jacek Sasin, helped introduce changes in the regulations. No one really went into detail, everyone just knew it was important. The possibility of building a small house without unnecessary formalities was fought for many years. Suddenly it turned out that when there is determination, it can be done and these regulations are in force today.

Some will say that it's naive, others that it's positivism, but I believe that if you want to, you have determination, you can always do it.

Coming back to the digitization itself - to what extent is the current fixation of these processes optimal in your opinion?

If something cannot be siloed, then there is always a "wrong structure" or some other organizational inconvenience. in the situation we are in, do the best we can.

However, the fact that digitization is now in the Chancellery of the Prime Minister, i.e. in the political center of the government, has many advantages. It has been raised many times that when the Ministry of Digitization functioned autonomously, it had problems getting through with certain issues. Today, the Minister of Digitization is the Prime Minister. It's hard to imagine a better ambassador for these issues.

What are the most important digitization projects for the next two years, until the elections?

This is an area in which Poles have repeatedly shown that if we provide them with a good IT solution, they will be very happy to use it and this will be very positively assessed. We have a number of services waiting to be digitized. I think that after some areas managed to do it "quickly" during the pandemic, this appetite increased even more.

I'm not an IT specialist - I worked in business and the company wanted us to launch services that would be popular and profitable. We should act in the same way in the case of matters that today are still dealt with on paper and require a visit to the office - starting from the most important, most expected, most popular, we should strive to digitize them step by step. From large projects, we have e-delivery, i.e. the ability to choose whether correspondence from the office will be sent to us on paper or electronically. We are about to develop mObywatel so that it becomes a full-fledged digital document. In the area of digital identity, there is also the issue of popularizing them in business so that it is possible to reliably "identify" them remotely as quickly and easily as against the administration using the Trusted Profile. There are also new technologies that await for wider use - e.g. an application for vaccinations of the Ministry of Health was created in the cloud and I am curious what will happen next. Today, few people remember about it, but it is a huge success, because in a few weeks an application was created, which - it can already be said - saved a number of people We would like to see such speed and efficiency in other projects as well.

What about network access?

We have a gigantic program - this is where most funds are allocated in all EU programs - connecting more households to the Internet. In the previous perspective, we managed to exceed by more than 100%. assumed goal - instead of 750 thousand. we will connect over 2 million households, but there are still places in Poland where this Internet is not available. And it is also an element of the Polish Deal to reach every household in Poland with this high-speed internet. Today, it is difficult to imagine functioning without the network, just as it is difficult to imagine functioning without electricity or gas.

Has the pandemic changed how the government and administration operate? Any conclusions drawn?

You have walked through the building where we are talking. Today, there is practically no one in it, because everyone is working remotely. Before the pandemic, about 20 percent. offers of the largest technology companies in the world allowed for remote work. Today it is 80 percent. Something that would seem completely impossible to us, i.e. that officials will leave the building they have occupied for several decades and will work at least as effectively from home, is a revolution. This is also the answer to the question of silosity - in a crisis situation, a kind of cooperation culture developed and many bonds were established, which now pay off. I believe that the administration will never be the same as before the epidemic.

Do you regret anything about that "front" time? I don't think there is a week without an opposition conference on ventilators.

I definitely came out of that time wiser. Do I regret anything... Let me put it this way: I know what I was doing then. All institutions that had the opportunity to familiarize themselves with the documents share my conviction that there was absolutely no question of anyone acting to the detriment of the state, and in particular in order to achieve any benefits.

It is quite obvious that if it were otherwise, I would certainly not be able to fulfill my current function. The fact that Mr. Joński and Mr. Szczerba built their political careers on this is their choice. I can only say that when they wanted to continue their actions against me here and they appeared at the Prime Minister's office regarding ID cards with a biometric layer, they left through the back door, bypassed the TVN cameras, and probably also said that it was no longer "heating" ".

—cooperation Jakub Mikulski