SOME PROBLEMS OF CRITICAL INFRASTRUCTURE PROTECTION IN REPUBLIC OF POLAND

Similar documents
Cyber Security Strategic Level Landscape in Poland. Krzysztof Silicki NASK Institute, Poland ENISA MB, EB

PD 7: Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection

Critical Infrastructure

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Hazard Management Cayman Islands

National Policy and Guiding Principles

RESOLUTION 130 (REV. BUSAN, 2014)

Bradford J. Willke. 19 September 2007

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

TURNING STRATEGIES INTO ACTION DISASTER MANAGEMENT BUREAU STRATEGIC PLAN

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

Brussels, 19 May 2011 COUNCIL THE EUROPEAN UNION 10299/11 TELECOM 71 DATAPROTECT 55 JAI 332 PROCIV 66. NOTE From : COREPER

International Atomic Energy Agency Meeting the Challenge of the Safety- Security Interface

THE CYBER SECURITY ENVIRONMENT IN LITHUANIA

RESOLUTION 45 (Rev. Hyderabad, 2010)

Overview of the Federal Interagency Operational Plans

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

STRATEGIC PLAN. USF Emergency Management

Critical Information Infrastructure Protection Law

The Federal Council s Basic Strategy. for Critical Infrastructure Protection

Cyber Security Strategy

The challenges of the NIS directive from the viewpoint of the Vienna Hospital Association

The UNISDR Private Sector Alliance for Disaster Resilient Societies

SAINT PETERSBURG DECLARATION Building Confidence and Security in the Use of ICT to Promote Economic Growth and Prosperity

Member of the County or municipal emergency management organization

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

RESOLUTION 130 (Rev. Antalya, 2006)

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

ASSEMBLY, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED FEBRUARY 4, 2016

Promoting Global Cybersecurity

RESOLUTION 67 (Rev. Buenos Aires, 2017)

Resolution adopted by the General Assembly on 21 December [on the report of the Second Committee (A/64/422/Add.3)]

About Issues in Building the National Strategy for Cybersecurity in Vietnam

From Hyogo to Sendai. Anoja Seneviratne Disaster Management Centre

March 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience

Inter-American Port Security Cooperation Plan

The role of municipal government in preventing crime and building community safety

Dr. Emadeldin Helmy Cyber Risk & Resilience Bus. Continuity Exec. Director, NTRA. The African Internet Governance Forum - AfIGF Dec 2017, Egypt

GENERIC CONTROL SYSTEM ARCHITECTURE FOR CRITICAL INFRASTRUCTURE PROTECTION

Thailand Digital Government Development Plan Digital Government Development Agency (Public Organization) (DGA)

Commonwealth Cyber Declaration

Building Resilience to Disasters for Sustainable Development: Visakhapatnam Declaration and Plan of Action

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release September 23, 2014 EXECUTIVE ORDER

Directive on Security of Network and Information Systems

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Organizational Structure of the Toronto Environment Office

21ST OSCE ECONOMIC AND ENVIRONMENTAL FORUM

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Global Security Advisor

EUROPEAN ORGANISATION FOR SECURITY SUPPLY CHAIN SECURITY WHITE PAPER

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

IJESRT. (I2OR), Publication Impact Factor: (ISRA), Impact Factor: 2.114

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

NIGERIA SECURITY AND CIVIL DEFENCE CORPS INSTITUTE OF SECURITY OF NIGERIA

Drinking Water Emergency Management Ministry of the Environment 2012 Drinking Water Leadership Summit October 25, 2012

FIRE REDUCTION STRATEGY. Fire & Emergency Services Authority GOVERNMENT OF SAMOA April 2017

Her Majesty the Queen in Right of Canada, Cat. No.: PS4-66/2014E-PDF ISBN:

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

ITG. Information Security Management System Manual

The Office of Infrastructure Protection

Office of Infrastructure Protection Overview

Cybersecurity Strategy of the Republic of Cyprus

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

Recovery and Reconstruction. towards disaster resilient communities - from lessons learnt in Japan - 24 August 2004.

how to manage risks in those rare cases where existing mitigation mechanisms are insufficient or impractical.

Kansas City s Metropolitan Emergency Information System (MEIS)

Resolution adopted by the General Assembly. [on the report of the Second Committee (A/56/561/Add.2)]

Emergency Support Function #2 Communications Annex INTRODUCTION. Purpose. Scope. ESF Coordinator: Support Agencies: Primary Agencies:

LEGAZPI CITY: DISASTER RESPONSE AND RESILIENCY INITIATIVES

ISDR National Platforms for DRR - Guidelines

Critical Infrastructure Resilience

Panel 1 National CSIRT Experience

THE LINK BETWEEN ENTERPRISE RISK MANAGEMENT AND DISASTER MANAGEMENT

Enhancing the security of CIIPs in Europe - ENISA s Approach Dimitra Liveri Network and Information Security Expert

NHS Gloucestershire Clinical Commissioning Group. Business Continuity Strategy

UAE Space Policy Efforts Towards Long Term Sustainability of Space Activities Agenda Item 4; COPUOS June 2017 By: Space Policy and

CIPMA CRITICAL INFRASTRUCTURE PROTECTION MODELLING & ANALYSIS. Overview of CIP in Australia

FINNISH APPROACH TO CRITICAL INFRASTRUCTURE PROTECTION

RESOLUTION 47 (Rev. Buenos Aires, 2017)

NATIONAL CYBER SECURITY STRATEGY. - Version 2.0 -

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

Protecting information across government

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

Assessment of the progress made in the implementation of and follow-up to the outcomes of the World Summit on the Information Society

REGIONAL UTILITY COORDINATION PLAN. Portland, Oregon / Vancouver, Washington Metropolitan Area

Canadian Association of Fire Chiefs Partnerships Toward Safer Communities PROGRAM OVERVIEW

Regional Development Forum For the Arab States(RDF-ARB) 2018

Principles for a National Space Industry Policy

National Disaster Risk Management Plan Disaster Management Centre Ministry of Disaster Management

The Science and Technology Roadmap to Support the Implementation of the Sendai Framework for Disaster Risk Reduction

The J100 RAMCAP Method

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

Telecommunications: Preventing Service Disruption

Presidential Documents

Homeland Security and Geographic Information Systems

EPRO. Electric Infrastructure Protection Initiative EPRO BLACK SKY SYSTEMS ENGINEERING PROCESS

BENCHMARKING PPP PROCUREMENT 2017 IN GABON

CONNECT ARAB STATES SUMMIT

Regional Resilience: Prerequisite for Defense Industry Base Resilience

Transcription:

18. medzinárodná vedecká konferencia Riešenie krízových situácií v špecifickom prostredí, Fakulta špeciálneho inžinierstva ŽU, Žilina, 5. - 6. jún 2013 SOME PROBLEMS OF CRITICAL INFRASTRUCTURE PROTECTION IN REPUBLIC OF POLAND Witalis PELLOWSKI *) ABSTRACT The paper presents the structure, tasks and competencies of the Polish government and the authorities responsible for security in crisis management system. On examples, the "National Programme for Critical Infrastructure Protection" and the "National Crisis Management Plan" presents a system of mutual cooperation, exchange of information and coordination of ongoing projects. Key words: critical infrastructure, security, crisis management ABSTRACT W artykule przedstawiono strukturę, zadania i kompetencje organów administracji RP oraz instytucji odpowiedzialnych za zapewnienie bezpieczeństwa w systemie zarządzania kryzysowego. Na przykładzie Narodowego programu ochrony infrastruktury krytycznej oraz Krajowego planu zarządzania kryzysowego zaprezentowano system wzajemnego współdziałania, wymiany informacji i koordynacji realizowanych przedsięwzięć. Key words: infrastruktura krytyczna, bezpieczeństwo, zarządzanie kryzysowe 1 INTRODUCTION Dynamically changing security situation forces the creation of effective systems of risk prevention. The object of particular concern government is to ensure the continuity of the basic elements of the systems infrastructure to ensure satisfying the needs of society and the economy. *) Witalis PELLOWSKI, PhD, The General Tadeusz Kosciuszko Military Academy of Land Forces, Czajkowskiego Street 109, 51-150 Wroclaw, Poland, witalis_pellowski@wp.pl, phone +48 717658361, fax +48 717658425 457

The result of uncontrollable events caused by forces of nature (natural disasters) or deliberate human activity (anthropogenic factors such as terrorism, regional conflicts etc.) can be damaged or destroyed facilities are important for the efficient functioning of the state and its citizens. Such incidents can have a big impact on economic development and political stability. Particularly important objects - are defined as critical infrastructure (CI) - play a key role in the functioning of the state and the lives of its citizens, and its protection is one of the priorities facing the Polish state. The Act of 26 April 2007 [1] on emergency management defines critical infrastructure as systems and their constituent functionally interrelated objects, including building structures, equipment, installations, services essential for the safety of the state and its citizens, and to ensure the smooth functioning of the public administration, as well as institutions and enterprises [2]. 2 SCOPE, OBJECTIVES, PRIORITIES AND PRINCIPLES OF THE PROGRAMME Critical infrastructure protection is a vital process involving a large number of areas of competence and task forces and involving many stakeholders. This process includes all activities aimed at ensuring the functionality, continuity and integrity of critical infrastructure also involves gradual achievement of expected results and continuous improvement. Tasks in this area include risk prevention and mitigation, to reduce vulnerability to threats to critical infrastructure and the rapid restoration of its proper operation in the event of any events that might disrupt them. This document is a concise and comprehensive defines the vision and objectives of the protection of critical infrastructure, the model of cooperation in the tasks, roles of participants and good practice for protecting CI. National Programme for Critical Infrastructure Protection is based on Article. Paragraph 5b. 1 of the Act on Crisis Management [1]. Operators much of CI are private businesses not related with public administration. The program establishes a framework within which public administration and CI operators cooperate to ensure the continuity of CI, thereby protecting the economic and social foundations of our country. Programme outlines mechanisms for the development of partnerships between public authorities and operators in the protection of CI. Protection of CI as a gradual process of investigating the expected results and continuous improvement. It is not a state, much less the final product. The program itself is not limited by it no end date. Nevertheless, it is assumed that the program contained in the targets should be reached within six years. Attention to proper adaptation of the implemented solutions that makes program will be updated at least every two years, taking into account the changing environment and the characteristics of the protection of CI. In order to optimize the proper identification procedures CI Government Security Centre (GSC), in cooperation with the ministers and heads of central agencies and with the support of private entrepreneurs, has developed criteria for identifying CI. Shown numerical values used to characterize the properties, due to which the 458

infrastructure is classified as CI. In the absence of such a possibility, described the functions performed by the test infrastructure. Identification of the CI, in accordance with the agreed methodology is divided into three steps below: First stage - in order to make a first selection of objects, installations, facilities or services that could potentially be considered for CI in the system, the system infrastructure criteria must be applied system-specific CI system; The second stage - to check whether an object, device, system or service plays a key role in the security of the state and its citizens, and that is to ensure the smooth functioning of the public administration, as well as institutions and entrepreneurs, infrastructure selected in the first stage should be used the definition in art. 3 Section 2 of the Act on Crisis Management [1]; The third stage - in order to assess the potential effects of damage or nonfunctioning of the CI potential, the infrastructure selected in the first stage and the second przekrojowe1 criteria must be applied, with the potential CI must meet at least two cross-cutting criteria. CI is meeting the needs of all citizens. The protection cannot therefore be regarded as the exclusive domain of any of the participants in the program. The skills and knowledge of specific IK system to help achieve the objectives of the Programme. Determining competence program participants, understanding the roles and responsibilities of each of them in the protection of critical infrastructure RP is the basis of effectiveness and sustainability undertaken in this respect the effort and contribute to the achievement of the objectives of the Programme. The Program requires the involvement of all possible interested parties, but the main effort lies in accordance with their respective powers, the GSC for Security, ministers and managers of central offices and operators of critical infrastructure in the list of critical infrastructure. CM Act [1] defined the responsibilities of those involved in the protection of CI. Responsibilities of authorities under other provisions of the Act, especially in light of the inclusion of tasks related to the protection of CI in crisis management plans remain unchanged. Table 1 Shared responsibility for Critical Infrastructure Critical Infrastructure Systems The system of energy supply, energy resources and consumption The Minister responsible for the system of critical infrastructure Minister of Economy Minister of Treasury The communication system The telecommunication networks The financial system The food supply Water supply system Minister of Administration and Digitization The Minister of Finance Minister of Agriculture and Rural Development Minister of the Environment Minister of Administration 459

Critical Infrastructure Systems The health care system The transport system Rescue System System to ensure continuity of government The production, storage, handling and use of chemicals and radioactive substances including hazardous pipelines The Minister responsible for the system of critical infrastructure Minister of Health Minister of Transport, Construction and Maritime Economy Minister of the Interior Minister of Administration Minister of the Environment President of the Republic of Poland, although it is not directly involved in the task for the protection of CI, because of its expertise in the area of national security is an important element of the protection of CI. It is a guarantee of the highest state authorities involved in the process of improving the level of safety CI and thus the state. President takes part in the program in terms of its constitutional competencies including national security and defense. It supports the government and local government in efforts to protect the CI and to achieve the objectives of the Programme. The Council of Ministers shall exercise executive authority and directs the administration of the government. The tasks of the Council of Ministers on all aspects of political, economic, social and cultural state, including ensuring internal and external security of the state and public order. The Council of Ministers, a resolution adopting the National Programme for Critical Infrastructure Protection, gives impetus to achieving the objectives pursued by the subordinate authorities and bodies. Voivodes play an important role in the protection of critical infrastructure and disaster management. In accordance with regulatory requirements, the task of Governors and the appropriate organizational units for crisis management in the regional office. Provincial level is the point of transition between the system and the recognition of territorial responsibilities for the protection of critical infrastructure and services, subject to the guards and inspections. The specific role has been assigned to the Internal Security Agency (ISA). Head of the ISA in the event that the information about the possibility of a crisis which is the result of a terrorist event, threatening the critical infrastructure, human life or health, property of considerable value, national heritage or the environment, may make recommendations to the authorities and entities at risk of these activities and providing them with the necessary information to address threats. Head of the ISA supports public authorities in the activities related to the prevention, prevention and removal of the effects of terrorist events. District governors, mayors and presidents of cities and their subordinate services play an important role in protecting the population exposed to the potential consequences of failure in the CI and the protection of CI, allowing direct and fastest direct support. 460

3 CRITICAL INFRASTRUCTURE PROTECTION The protection of critical infrastructure consists of the following steps: 1. An indication of the scope, objectives to be achieved in the framework of the protection of CI and the public of these activities; 2. Identification of critical resources, functions and determine networks (dependencies) with other CI systems, including operators and authorities; 3. Defining the roles and responsibilities involved in the protection of CI; 4. Risk assessment and identify priorities for action and to prioritize them based on the results of risk assessment; 5. The development and implementation of the system of critical infrastructure protection, including the development and approval of plans to protect and restore CI; 6. Testing (through exercise) and review (through audit and self-esteem) CI protection system and to measure progress towards achieving the goal; 7. Improvement, defined as the introduction of modifications and adjustments as a result of testing, inspection and measurement. The need for continuous improvement in the recognition process allows the protection of CI Deming cycle [3, 4]. Treatment process in CI protection cycle allows, after the measurement results, to take corrective action or improvement to the stage where it was found a deviation from the expected results. It is also possible to redefine the goals. Another repeat the cycle should bring us closer to achieving them. Deming cycle is applied at each level, which is the protection of CI and should be repeated at fixed intervals. Measures for the protection of CI are financed from its own funds and program participants planned their budgets: For administration pursuant to Art. 26, paragraph 1 and paragraph. 2 of the Law on crisis management [1]; For operators CI on the basis of Art. 6 of the Law on Crisis Management [1]. GSC in collaboration with the ministers responsible for CI systems, will seek to prepare and submit for approval by the Minister of Science and Higher Education by the Steering Committee of the National Research and Development Project of the strategic program for research and development to increase the security in the framework of CI research or development for national defense and security. CONCLUSIONS The expected result of the implementation of the Programme will achieve the strategic aims and operational objectives. However, given that these effects occur in the longer term, closer to the effects of the Programme will include: Raise awareness of the critical infrastructure, its importance for national security threats, which may be subject to and protect against these risks; The final formation, based on the experiences, roles and responsibilities in the protection of CI and introduce a mechanism of coordination; Assess the risk of disruption of the functioning of CI, from all types of threats; 461

Establish a hierarchy of priorities playback CI; Development of the operators CI acceptable level of risk and the expected disruption of CI, which remains in their possession; Detect unacceptable risk areas and take corrective action; Improving the information flow between the operators CI, and public administration; Determining the scope operator CI support public administration in emergency situations; The introduction of the legal acts necessary changes to facilitate the protection and restoration of CI; Start work on generating and publishing best practices in the field of CI; Start work on standardization of forms and principles of protection of CI. To examine the effectiveness of the system of protection of CI will be implemented in the future by the major operators, with the support of the public administration as substantive audit procedures. The reports of the audits will be forwarded to the Minister responsible for the CI system. Verification of the system of cooperation between participants CI protection will be implemented in the form of practical exercises involving emergency services and safety (police, fire brigade, ambulance). Pending the development of a comprehensive and measurable indicators showing the effectiveness of the CIP will be prepared reports showing the following numbers (parameters): CI operators in the designated contact person in charge of the administration; Subjects with approved security plan; Operators using internal controls and security audit CI; Exercises broken down by CI systems compared to previous years; Active participants in the forums, and web-based platform. Reports will be made based on surveys of safety facilities, equipment, systems and services CI, internal audit reports submitted by the operators of CI and conclusions of the exercises provided by entities exercising. REFERENCES [1] Crises Management Act dated. 26.04.2007., Journal of Laws of 2007, No. 89, poz.590. and the Law amending the Law on Crisis Management, Official Journal of 19 August 2009. [2] Collective publication, National Programme for Critical Infrastructure Protection, RCB Warszawa 2013 [3] HAMROL, A., MANTURA W: Zarządzanie jakością. Teoria i praktyka. WNT: Warszawa 2003. 67 s. In.: [4] ZAMIAR, Z., ZAMIAR, A., Zarys teorii zarządzania kryzysowego, MSLiT, Wrocław 2010. Článok recenzovali dvaja nezávislí recenzenti 462

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback