US Cyber Forces as a Model for the Polish Ones

On February 8, 2022, the Safer Internet Day, Polish Minister of National Defense Mariusz Błaszczak officially established the Cyberspace Defense Forces (CDF). Director of the National Cyber Security Centre (NCSC) Brig. Gen. Karol Molenda [1] became their new commander. This is the final stage of the process that began in February 2019. During the past three years, the National Cryptology Center and the IT Inspectorate were integrated and the NCSC was established. The latter took on the role of a centralized center focused on cybernetics, cryptology, and broadly understood IT.

Photo: Twitter

The new forces, based on the idea of the US ones, will secure ICT systems, detect attacks in cyberspace, as well as conduct offensive and defensive actions in it. Similarly to the US, the CDF operates alongside the NCSC. The NCSC provides analytical and intellectual support, much like the National Security Agency (NSA) in the United States. Both soldiers and civilian experts who are proficient in cybersecurity can work at the NCSC. On the other hand, the CDF is a strictly military institution that gives commands to tactical level units. Its employees include almost exclusively full-time soldiers. The CDF can be compared to the US Cyber Command, and, as Brig. Gen. Karol Molenda admitted in an interview with Polska Zbrojna, the new unit was built precisely on the basis of solutions used in America. “The commander of US Cyber Command is at the same time the director of the NSA. This allows for a free flow of personnel between the units and guarantees one person’s responsibility for the entire domain – cyberspace.” Polish policymakers wanted to achieve the same effect, hence the idea that the same person should have the control over both the CDF and the NCSC.

The reality quickly verified the need to create a new type of military unit. During the war between Russia and Ukraine, military specialists observed extremely increased activity of groups inspired by the governments of Russia and Belarus. This activity concerns both cyberattacks against the state infrastructure and disinformation operations against public figures. The importance of defensive and offensive cyber skills is crucial in the context of the current political situation in Europe. This is why Polish cyber soldiers are developing their skills both on the basis of domestic resources as well as the solutions and competencies of allies. Further training courses for Polish experts are created on the basis of the best examples taken from NATO specialists. Their importance could be observed, for instance, by analyzing the works of American specialists who went to Ukraine in order to strengthen the cyber defense of that country just before the outbreak of war. A team of US Cyber Command soldiers and experts of private companies that deal with cyber security, helped Ukraine to face cyberattacks, which targeted its infrastructure, by providing relevant know-how [3]. This limited the scope of cyberattacks targeting Ukraine, both those occurring days before and during the invasion. Poland and other EU members also provided assistance in cyberspace as part of European cooperation. Shortly after the conflict began, a rapid response team was established and included cybersecurity experts from EU member states. Their skills, such as incident response, forensics, and vulnerability assessment, are used exclusively for defending the Ukrainian infrastructure [4].

The development of cyber security cooperation capabilities between Poland and the United States is undoubtedly much needed. Thanks to it, it was possible to take effective action against actively implemented hostile operations of hacking groups, which preceded the war started by Russia. These included mainly DDoS attacks (which aim to restrict access to services), ransomware (extortion of ransom by encrypting data), phishing (attacks using mostly email to steal logins and passwords), and wipers (software that irreversibly destroys data) [5]. Since the conflict began, experts have observed a significant increase in this type of hostile activity. Not only the conflicting parties, but also Poles and Americans are exposed to their effects. The implementation of strong sanctions against Russia, resulting in material losses, exposes us to retaliation from cyber criminals linked to Russia.

[1] https://www.wojsko-polskie.pl/woc/articles/aktualnosci-w/nowe-era-cyberbezpieczenstwa/

[2] http://polska-zbrojna.pl/home/articleshow/36588?t=Jak-bedzie-bilo-cyfrowe-serce-armii[

3] https://cyberdefence24.pl/polityka-i-prawo/amerykanie-przygotowywali-ukraine-do-cyberwojny-na-kilka-miesiecy-przed-inwazja-rosji

[4] https://www.defensenews.com/global/europe/2022/02/22/european-union-cyber-defense-team-deploys-to-aid-ukraine/

[5] https://www.cfr.org/blog/tracking-cyber-operations-and-actors-russia-ukraine-war[6] https://www.cbsnews.com/news/ukraine-russia-cyberattack-chris-krebs/

Wiktor Sędkowski

Security solutions architect and independent security researcher. Certified (CISSP, CCSP, OSCP, OSWE, MCTS) expert in the field of digital threats. He specializes in vulnerability analysis, writing and analyzing exploits. A graduate of ICT at the Wrocław University of Technology, PhD student at the Faculty of Electrical Engineering, Automatics and Computer Science of the Opole University of Technology. He conducts research on the use of artificial intelligence solutions in the threat modeling process. He gained experience as an engineer and technical manager in leading IT companies.

Support Us

If content prepared by Warsaw Institute team is useful for you, please support our actions. Donations from private persons are necessary for the continuation of our mission.

Support

All texts published by the Warsaw Institute Foundation may be disseminated on the condition that their origin is credited. Images may not be used without permission.