Polish Ministry of Digitisation has published a draft Act on a national cyber-security system, reported Telko.in. The main purpose of the act will be the establishment of a central information system on cyber-security incidents and prevention thereof. Telecommunications operators will be part of the system and will have additional obligations as so-called key service operators, including IP traffic exchange operators (IXs) and DNS service providers.
The obligations will incur additional costs for internal resources. Every two years, the operators will be subject to a security audit. Some of the obligations may be outsourced. For breach of obligations, operators will face penalties ranging from PLN 1,000 to PLN 100,000.
The cyber-security information system will be established by 2021. The costs of the national cyber-security system over ten years are estimated at PLN 210 million.
The draft assumes distributed control over the system by the Computer Security Incident Response Team (CSIRT), to be affiliated at the Ministry of Defence, Scientific and Academic Computer Network NASK and the Internal Security Agency.