The Legal Status of Public Entities in the Field of Cybersecurity in Poland

Abstract

This monograph provides an in-depth look at the organisation of the national cybersecurity system and the tasks and responsibilities of the entities operating within this system. The objective of the national cybersecurity system is to ensure cybersecurity at the national level, including the uninterrupted provision of essential services and digital services by achieving the appropriate level of security of the information systems used to provide these services and ensuring the handling of incidents. The EU legislators have been explicit in noting that the scale, frequency, and impact of cybersecurity incidents is growing, putting the functioning of information systems at a serious risk. These systems can be targeted by malicious attacks aimed at damaging or disrupting their operations. Such incidents can hamper the functioning of public administration and business, and cause substantial financial losses, undermine user confidence, and lead to considerable losses in national economies, as well as the EU economy at large. Defined as the resilience of information systems against actions which compromise the confidentiality, integrity, availability, and authenticity of processed data, or the related services provided by those information systems, cybersecurity is an area of concern for private and public entities alike. As far as the public-law sphere is concerned, cybersecurity tasks and powers are performed and exercised by government administration, both central and regional, as well as local and regional governments. At the core of the national cybersecurity system in Poland are the public entities which make Poland's cybersecurity policy with the aim of increasing the level of protection against cyberthreats. Despite having different statuses, tasks, and powers, and places in the public sphere, they share the objective of ensuring cyberspace security.