COmparIsOn Of the pOlIsh anD UkraInIan CyberseCUrIty systems

Ensuring information security is a challenge in the new COVID-19 home office reality that is essential to be expanded in its tackling across the national borders, throughout the national cybersecurity systems, across the entities that form the national cybersecurity system, i.e. business entities providing services using ICt systems, users, public authorities, and specialised entities dealing with ICt security at the operational level in different countries. As a number of researchers outline in their findings, any significant disruption to the functioning of the information and cyberspace, whether global or local, has an impact on security and safety across borders, the efficiency of public sector institutions, production and service processes, and ultimately on national, community, but also personal security [anderson, hern 1996; buzan, Wæver, de Wilde 1998; Deibert 2002; Hansen, Nissenbaum 2009; Świątkowska 2012]. the purpose of this article is to have a closer look at the operational framework of governmental structures responsible for the assurance of cybersecurity in poland and in Ukraine. poland’s example is important as it is closely linked to the cybersecurity frameworks of natO, the eU, Un and OSCE. This cooperation plays an important role in the fight against the increasing number of incidents. meanwhile, Ukraine is preparing to become a member of the pan-european and transatlantic information and cybersecurity networks, i.e. it is important to have a thorough understanding of the cybersecurity system and its bottlenecks.

On august 1, 2018, the president of the republic of poland signed the act on the national Cyber security system, implementing in the polish legal system the Directive of the european parliament and of the Council on measures for the overall security of network and information systems in the Union (Directive 2016/1148 -nIs Directive). poland completed the implementation of the nIs Directive on november 21, 2018 [Ustawa z dnia 5 lipca 2018 r. o krajowym systemie cyberbezpieczeństwa…]. The purpose of the National Cybersecurity Act, prepared by the ministry of Digitalization, was to develop legislation to implement the nIs Directive and create an effective ICt security system at the national level.
the system includes key service operators (e.g. energy, transport, healthcare and banking), digital service providers, CsIrts (national security response team) at the national level, as well as industry cybersecurity teams, organizations providing cybersecurity services, cybersecurity authorities, and a single point of contact for communication in the framework of cooperation in the european Union in the field of cybersecurity. Operators of essential services are required to take effective security measures, assess cyber security risks, as well as report major incidents and cooperate with national CsIrts.
public administration bodies as well as telecommunications companies are also included in the national cybersecurity system. Cybersecurity requirements also cover digital service providers, i.e. commercial Internet sites, cloud technologies and search engines. Due to the international specificity of these entities, obligations towards digital service providers are subject to a regulatory regime agreed at the eU level. political and strategic responsibility for cybersecurity is shared between the bodies responsible for strategic management, the ministry of Digitalization and the ministry of Defense. some decision-making competencies are also shared between other ministries, agencies and government agencies. the ministry of Digitalization is a key organization responsible for the protection of cyberspace, the process is overseen by the Council of ministers [ministerstwo Cyfryzacji…]. The Ministry should fulfill its obligations with the assistance of a special interdepartmental group appointed by the prime minister, the role of this body is to implement general policies and make proposals for further action aimed at implementing the digital policy of the state. the ministry also supports the Council for Digitalization (Rada do Spraw Cyfryzacji, RC) in making strategic decisions [Rada do Spraw Cyfryzacji…]. The Council provides analytical support to the ministry as well as to the Committee of the Council of ministers for Digitalization, supports the development of the information society, prepares draft decisions, or legislative initiatives. the Council is formed by the ministry and consists of representatives of the ministry, but also acts as a multilateral forum for cooperation between stakeholders on the polish digitalization agenda.
as the main goal of the Council is to act comprehensively and transparently, the selection of members of the Council takes into account primarily the factor of representing the interests of various parties interested in the digitalization of the state, among government agencies, local authorities, entrepreneurs, academia, technical experts and nGOs.
according to art. 17 item 10 of the law on Computerization of the activities of entities performing public tasks, the minister authorized to deal with the questions of digitalization appoints members of the Board for two-year terms from among the recommended candidates [Ustawa z dnia 17 lutego 2005 r. o informatyzacji działalności podmiotów realizujących zadania publiczne…].
In accordance with para. 17 of art. 10 of the above law, the minister of Digitalization determines, by issuing a relevant resolution, the amount of remuneration of a member of the board for participation in meetings, taking into account the functions performed by a member of the board and the scope of duties of a member of the board, taking into account the minimum wage determined on the basis of the law as of October 10, 2002 as the minimum wage that was in force on the day of the appointment of the Council [Ustawa z dnia 19 lipca 2019 r. o zmianie ustawy o minimalnym wynagrodzeniu za pracę…].
In accordance with para. 18 of the law, non-local members of the Council are entitled to additional daily payments and reimbursement of travel and accommodation expenses under the conditions specified in the provisions of Art. 775 para. 2 of the Law of 26 June 1974 -Labor Code [Obwieszczenie Marszałka Sejmu Rzeczypospolitej Polskiej z dnia 16 maja 2019 r. w sprawie ogłoszenia jednolitego tekstu ustawy -Kodeks pracy…]. In item 19 of the Law, the detailed mode of work of the Council is defined in its regulations established at the request of the Council by the minister of Digitalization. Working on a number of issues, the Council may set up ad hoc working groups, which may include representatives of the state and the private sector, as well as of the non-governmental sector, and all stakeholders. for example, the decision adopted at the meeting of the Digitalization Council on march 14, 2019 established the following working groups: -working group on infrastructure (including digital highways, government cloud technology, state information architecture), -working group on digital competencies (including competencies of the future), -working group on public electronic services (including electronic delivery, digitalization of health care), -working group devoted to issues of artificial intelligence, -cybersecurity working group (including data security), -technology working group (including 5G, Internet of things, blockchain). the Cyber security Department of the ministry of Digitalization, established in 2015, performs tasks related to the coordination of cybersecurity issues [Cyber Security Department…]. The main tasks of the Department are: development and implementation of strategic documents and regulations in the field of cybersecurity; national and international cooperation (in particular, with the institutions of the european Union); development of guidelines and standards for appropriate measures to protect It systems; preparation of cybersecurity analyses and related risks to national security; and development of central curricula, cyberlearning and tests. the Department cooperates with universities, institutes, public organizations and the private sector. As the Ministry oversees the Scientific and Academic Computer network (Naukowa Akademicka Sieć Komputerowa, nask), all tasks related to this function are also performed by the Department.
national Cybersecurity Center (Narodowe Centrum Cyberbezpieczeństwa, nC Cyber) focuses on educational and research goals, ensuring the reliability and efficiency of ICT networks.
the national security bureau (Biuro Bezpieczeństwa Narodowego) provides guidance on strategic actions and decisions in the field of cybersecurity. The doctrine is not a legally binding document, but rather shapes the political and strategic approach to cybersecurity in poland.
the Department of law and non-military security (Departament Prawa i Bezpieczeństwa Pozamilitarnego) is responsible for cybersecurity. there is also a special team for the protection of cyberspace, consisting of representatives of the national security bureau and external experts who are responsible for updating the Doctrine.
Other government agencies with core responsibilities for cybersecurity management are: -the ministry of Justice (Ministerstwo Sprawiedliwości, ms), which creates the law on cybercrime and oversees its proper implementation, -the ministry of the Interior and administration (Ministerstwo Spraw Wewnętrznych i Administracji, MSWiA) -monitors police actions in the fight against cybercrime and is responsible for crisis management, oversees the National Police Headquarters. The latter is responsible for the fight against cybercrime within the structure of the Criminal Investigation bureau, -the Internal security agency (Agencja Bezpieczeństwa Wewnętrznego, abW) is a government agency that protects the internal security of poland and its citizens, including the implementation of It security tasks related to the processing of confidential data, -the Government security Center (Rządowe Centrum Bezpieczeństwa, rCb) is an institution accountable to the prime minister that is involved in crisis management at the governmental level. It plays a key role in building a Critical Infrastructure security (CI) system in poland, including the cybersecurity aspect. the Director of the Center, together with ministers and heads of individual central agencies, prepares lists of domestic and european critical infrastructure and maintains the national Critical Infrastructure security program, -Office of Electronic Communications (Urząd Komunikacji Elektronicznej, Uke) -a regulator of the telecommunications market, controlled by the ministry of Digital affairs, which ensures the implementation of the law on telecommunications in the context of cyberspace, and receives information on security incidents and the integrity of telecommunications networks from network and telecommunications service providers and sends them, inter alia, to enIsa, -the financial supervision Commission (Komisja Nadzoru Finansowego, KNF) is a financial regulator that provides advice on the management of information technology and environmental security of ICts in banks, -the Inspector General for personal Data protection (Generalny Inspektor Ochrony Danych Osobowych, GIODO) is a state body authorized to monitor the compliance of data processing with the provisions on personal data protection, issue administrative decisions and consider complaints regarding the implementation of personal data protection provisions, issue opinions on draft laws and regulations, protect personal data, initiate and take measures to improve the protection of personal data.
Cert / CsIrt / sOC system the tasks of the minister responsible for digitalization include: development of the Cybersecurity strategy, information policy on the functioning of the national cybersecurity system, reporting to eU institutions and introduction, from January 1, 2021, of an ICt system to automate incident reporting and processing, assessment ICt risks and cyber threat warnings. CsIrt teams at the national level will work together to ensure a comprehensive and complete cybersecurity risk management and incident response system, including in particular serious and critical cases, inter alia, the threat to the interests of the state. One of the main tasks of CsIrt nask, CsIrt GOV and CsIrt mOn is to coordinate the analysis and respond to reported incidents: In case of CsIrt nask, these are local self-government units, budgetary institutions of local self-government, executive bodies, institutions of budgetary economy, state universities and the polish academy of sciences, Department of technical Inspection, polish air navigation services agency, polish accreditation Center, national fund for environmental protection and Water management and regional funds for environmental protection and Water management, commercial companies that perform utility tasks aimed at constantly meeting the needs of the population, citizens.
In case of CIrt GOV, these are public authorities, including public administration bodies, state control and law enforcement bodies, as well as courts and tribunals, social Insurance Institution (Zakład Ubezpieczeń Społecznych, ZUs), agricultural social Insurance fund (Kasa Rolniczego Ubezpieczenia Społecznego, krUs), national health fund (Narodowy Fundusz Zdrowia, nfZ), national bank of poland (Narodowy Bank Polski, nbp), etc.
CsIrt mOn -entities that report to or are controlled by the minister of national Defense, including the structures of the ICt system or ICt network. those entities are covered by a single list of facilities, devices and services that are part of the critical infrastructure; entrepreneurs who are owners of objects of economic or defense significance, for which the Minister of National Defense is the body that organizes and controls the implementation of tasks for the protection of the state.
the law [Ustawa z dnia 5 lipca 2018 r. o krajowym systemie cyberbez-pieczeństwa…] also defines cybersecurity authorities responsible for overseeing operators of basic services and digital services. Operators of key services are required to take effective security measures, assess cyber security risks, provide information on serious incidents and address them in collaboration with CsIrt at the national level.
the tasks of the relevant competent authority are: -to conduct ongoing analysis of entities in a particular sector or sub-sector in terms of their recognition as a key service operator, -to decide on the recognition of the business entity as the operator of the key service, -to prepare recommendations for actions aimed at strengthening cybersecurity, including sectoral recommendations on countering incidents (cooperation with CsIrt nask, CsIrt GOV, CsIrt mOn and sectoral cybersecurity teams), -to inspect key service operators and digital service providers (monitoring compliance with the provisions of the law), -at the request of CSIRT NASK, CSIRT GOV or CSIRT MON, to appeal to key service operators or digital service providers within a specified period to resolve vulnerabilities that have caused or may lead to a serious, significant or critical incident, -to participate in cybersecurity exercises organized in the republic of poland or the eU, -to establish a sectoral cybersecurity team for the sector or subsector as needed.
COlleGIUm Of CyberseCUrIty the Collegium [Powstaje Kolegium ds. Cyberbezpieczeństwa…] is an advisory body on cybersecurity and the activities of CsIrt mOn, CsIrt nask, CsIrt GOV, sectoral response teams and competent authorities. the Collegium consists of: prime minister, minister of Computerization, minister of national Defense, Minister of Foreign Affairs, Head of the Prime Minister's Office, Head of the national security bureau, if appointed by the president of the republic of poland, a minister member of the Council of ministers authorized to coordinate intelligence services, or the person authorized by him.
the Director of the Government security Center, the head of the Internal security agency or his Deputy, the head of the military Counterintelligence Service or his Deputy, and the Director of the Scientific and Academic Computer Network [Naukowa i Akademicka Sieć Komputerowa…] (a national research institute) attend the discussions within the Collegium board.
among the tasks of the Collegium there can be distinguished: providing opinions on recommendations and plans to combat cybersecurity threats; conducting by CsIrt mOn, CsIrt nask, CsIrt GOV, industry response teams and competent authorities of the tasks assigned to them in accordance with the instructions and plans to combat cybersecurity threats; coordination of cooperation between the bodies that manage or control CsIrt mOn, CsIrt GOV and CsIrt nask; organization of exchange of information concerning cybersecurity and the international position of the republic of poland between public administration bodies. actions at the national level shall include: 1) designation of the national cybersecurity certification authority that is to issue European cybersecurity certificates, 2) overseeing national conformity assessment bodies which assess compliance of products, services and processes with the requirements set forth in the European cybersecurity certification schemes, 3) cooperation with the national accreditation body -the polish Centre for accreditation -in order to monitor and supervise activities of the accredited conformity assessment bodies which are to assess compliance with regulation (eU) no. 2019/881 of the european parliament and of the Council.
the ministry of Digitalization of poland has also recently initiated an amendment to the law on the national cybersecurity system in view of changes in the field of cyberspace at the European level. One of the reasons was the emergence of the european Code of electronic Communications [Directive of the european parliament and of the Council establishing the european electronic Communications Code (Recast)] which allows, among other things, the standardization of cyber incident reporting procedures at the national level. at the same time, the european Commission emphasizes the need to ensure the security of next-generation broadband, i.e. 5G technology. the law also lacked harmonization at the national level of incident reporting procedures, which should also be reported by telecommunications companies. the amendments to the law provide for the creation of conditions for the initiation of computer incident response teams (CsIrts) in sectors and sub-sectors of the economy that are key to the socio-economic security of the state (sectoral CsIrts). It is also envisaged that key service operators will work with competent authorities and national CsIrts in the sector to exchange information on incidents, vulnerabilities, threats and best practices. the possibility of creating centers of analysis and exchange of information (IsaC) was also mentioned.
In the new law, the Collegium of Cybersecurity [Powstaje…] should be empowered to assess the risks borne by suppliers of equipment and software related to cybersecurity of the subjects of the national cybersecurity system [rozporządzenie Rady Ministrów z dnia 2 października 2018 r. w sprawie zakresu działania oraz trybu pracy Kolegium do Spraw Cyberbezpieczeństwa…]. Such risk assessments made by eU member states have been agreed with the european Commission and enIsa as one of the strategic measures in the 5G toolbox.
amendments to the law provide for more dynamic processes of creating sectoral CsIrts in all sectors of the economy, which are key to the socio-economic security of the state and citizens. the establishment and operation of IsaCs -specialized organizations, through which cybersecurity actors will be able to constantly share information on incidents, threats, vulnerabilities and best practices -is also envisaged [Nowelizacja ustawy o krajowym systemie cyberbezpieczeństwa 2020].
key takeaWays On the pOlIsh CyberseCUrIty system a three-track national cyber incident response system has been established with the following responsibilities: the first level of coordination is the level of the ministry of Digitization; the second level is the level of response to incidents which includes civilian and military components: a) the Government Cyber Incident Response Team (CERT.GOV.PL) acts as the main CERT in the field of emergency response within government capabilities and civilian response, coordinates the processes of joint response to computer incidents in cyberspace. the team was established in 2008 and works within the structures of the Internal security agency. Cert.GOV.pl deals with all users of ICt systems within the public sector (with the .gov.pl domain name) and businesses that make up the critical ICt infrastructure of the state; b) the polish military Computer Incident response team (mIl-Cert.pl). the third level of implementation refers to administrators responsible for individual ICt systems.
Crisis management in poland is divided into four stages: prevention, preparation, response and reconstruction. according to the law of april 26, 2007 on Crisis management and the updated national Crisis management plan 2013/2015, the head of the Internal security agency is responsible for crisis management and protection of critical infrastructure and countering threats in cyberspace.
The prevention phase requires the involvement and cooperation of numerous central and local government structures, and is assisted by a number of ancillary institutions. During the prevention phase, the head of the Internal security agency (through Cert.GOV.pl and the It security Department) performs tasks which include the protection of classified information, accreditation of classified information processing systems, as well as security expertise and assessment as part of the certification process. Its tasks also include raising awareness and knowledge of government officials about cyber threats, developing the capacity of government departments to protect against cyber threats, creating catalogs of threats and potential vulnerabilities, and preparing guidelines and instructions for public administration. the agency also acts as a national coordinator for natO's cybersecurity policy. the ministry of the Interior and administration, the ministry of Digitalization, the ministry of Defense, the Government security Center, the Council of Ministers and regional officials are involved in the preparatory phase.
as regards the Internal security agency, this phase includes the issuance of ICt security recommendations, ICt security training for public administration It system administrators, security tests, the development of an early warning system against cyber threats, and the implementation and support of prevention solutions. During the response phase, the head of the Internal security agency is responsible for coordinating the process of reviewing computer incidents in the state administration, detecting, recognizing and combating cyber threats, providing information to administrators when detecting errors in It systems, handling incidents in networks covered by arakIs-GOV., publication of warnings and alerts, post-violation analysis and preparation of recommendations aimed at improving the security of public ICt systems. the supporting institutions at this stage are: the ministry of the Interior and administration, the ministry of Digitalization, the ministry of Defense, the Government security Center, the president of the republic of poland, the Council of ministers, and the Voivode.
During the reconstruction phase, in which Cert.GOV.pl is responsible for post-incident analysis, the supporting institutions are: the ministry of the Interior and administration, the ministry of Defense, the foreign Intelligence agency, the Government Security Center and regional officials. At the same time, Poland's cybersecurity system is multilevel and is actively trying to involve non-governmental structures. for example, in 2016, the national grid operator polskie sieci elektroenergetyczne (pse) signed an agreement with the natO Center for excellence in Energy Security, outlining cooperation in the field of critical infrastructure protection. Cybersecurity was one of the central points of the agreement, PSE was the first polish company to establish this type of cooperation and can serve as an example of a bottom-up initiative that promotes the development of national cyber systems.
It is also worth noting the examples of pro bono activities of the public organization polish Civil Cyber Defense (Polska Obywatelska Cyberobrona), whose activities were launched in 2015. the aim of the association is to bring together cybersecurity experts who are ready to promote national security in the event of an incident free of charge. leGal anD OrGanIZatIOnal frameWOrk Of the UkraInIan CyberseCUrIty system the process of developing an effective cybersecurity system was started in Ukraine in 2014. the key impetus for building a cybersecurity system in Ukraine came from power grid cyberattacks which took place on 23 December 2015 and is considered to be the first known successful cyberattack on a power plant. Hackers were able to successfully compromise information systems of three energy distribution companies in Ukraine and temporarily disrupt electricity supply to the end consumers [Park, Walstrom 2017].
In 2016, the Cybersecurity strategy of Ukraine was approved, where it was first recognized at the legislative level the urgent need to create a national system of cybersecurity as a component of the system of ensuring national security of Ukraine, which, above all, had to ensure interaction on the issues of cybersecurity of major actors -state bodies, local authorities, military formations, law enforcement agencies, scientific institutions, educational institutions, non-governmental organizations and business [Decree of the president of Ukraine of 27 January 2016 On the Decision of the national security and Defense Council of Ukraine "On the Cyber Security Strategy of Ukraine"].
the strategy of Cybersecurity of Ukraine provided the basis for the development of further regulations on cybersecurity issues. It defined the main cyber threats to Ukraine, outlined the priorities and directions of state policy in this area and identified the main state bodies responsible for cybersecurity and their functions. this legal document has become the basis for systematic action to build the national Cyber security system (nCss). the provisions of the strategy have been further developed in the law of Ukraine "On basics of providing Cyber security of Ukraine" (Cyber security law), adopted by Ukraine's parliament (Verkhovna rada of Ukraine) on 5 October 2017.
the law formalized the model of the nCss, announced in the Cybersecurity Strategy of Ukraine, defining it as "a set of actors providing cybersecurity and interrelated measures of political, scientific, technical, informational, educational character, organizational, legal, operative, intelligence, counter-intelligence, defense, engineering and technical measures, as well as measures of cryptographic and technical protection of national information resources, cyber defense of critical infrastructure" [Law of Ukraine "On Basics of Providing Cyber Security of Ukraine" 2017].
the other legal documents that form the basis for cybersecurity legislation in Ukraine are the following: the Constitution of Ukraine; national security strategy of Ukraine; law on national security; law on Information; law on Information protection in Information and telecommunication systems; law on telecommunications; law on protection of personal Data; other laws, as well as statutory legal acts issued in accordance with these laws. the mechanisms of interdepartmental interaction and coordination as well as public-private partnership in the cyber security domain have been established. a number of measures have been taken to increase capabilities of main state bodies, responsible for cybersecurity. International partnership in the sphere of cybersecurity has been reinvigorated, namely the natO trust fund on Cyber Defence for Ukraine has been founded, aimed at helping Ukraine to develop capabilities to counter cyber threats.
at present, the main problematic issues that hamper further development of the nCss of Ukraine are the lack of effective cybersecurity policy implementation, low level of cyber-risk awareness and insufficient human capacity of the main actors of the nCss. among other problems there are absence of legal and organizational framework for critical infrastructure protection, outdated standards for cybersecurity, weak national legislation on cybercrime and necessity to facilitate public-private partnership.
the strUCtUre Of the nCss Of UkraIne the main actors of the nCss are the following: the state service for special Communications and Information protection of Ukraine, the national police of Ukraine, the security service of Ukraine, the ministry of Defense of Ukraine and the General staff of the armed forces of Ukraine, intelligence agencies, the national bank of Ukraine. Coordination and control of the activities of the security and defense sector entities that provide cybersecurity of Ukraine is carried out by the national security and Defense Council of Ukraine (nsDC) through the subsidiary body, the national Coordinational Cyber security Center. the state service for special Communications and Information protection of Ukraine -this organization provides such functions as: -development and implementation of state policy on the protection in cyberspace of governmental information resources and information, the requirement for protection of which is established by law, cyber protection of critical infrastructure, -coordination of the activities of other cybersecurity entities regarding cyber protection, exercise state control in this area, -ensuring the creation and operation of the national telecommunication network, implementation of organizational and technical model of cyber protection, -carrying out organizational and technical measures to prevent, detect and respond to cyber incidents and cyberattacks and to eliminate their consequences, -informing about cyber threats and appropriate methods of protection against them, -coordinating, organizing and conducting critical infrastructure vulnerability audits, -ensuring the functioning of the state Center for Cyber protection and the Government response team for Computer emergencies in Ukraine (Cert-Ua). an important role in cyber protection of the state information resources, detection and counteraction to cyberattacks and cyber incidents is being played by the state Center for Cyber protection and Countering Cyber threats (sCCp-CC) created on July 1, 2015 as a structural unit of the state service for special Communications and Information protection of Ukraine. Creation of the mentioned Center has become an important step towards the development of the national Cybersecurity system in Ukraine. among the main tasks there can be distinguished: assessment of the state of information protection in governmental authorities; ensuring the long-term functioning, security and development of the National Confidential Communication System; ensuring the functioning and development of the antivirus protection system for state authorities; ensuring the functioning and modernization of the system of secured Internet access for the state authorities of Ukraine and the secured Internet access point of the state service for special Communications and Information protection of Ukraine.
the main task of the Center is to ensure the functioning of the emergency response team of Ukraine (Cert-Ua), which is its structural subdivision. the unit was established in 2007. In 2009, it was accredited to the forum in Incident response and security teams (fIrst) [CERT-UA: skoraya kiberpomosht' 2014]. functional tasks of Cert-Ua involve accumulation and analysis of data on cyber incidents, maintenance of the state register of cyber incidents and providing state bodies and private owners of critical infrastructure with practical help in preventing, detecting and eliminating the effects of cyber incidents. What is more, Cert-Ua organizes and conducts practical workshops on cyber protection as well as interacts with law enforcement agencies, foreign and international organizations on responding to cyber incidents.
In addition, the emergency response team of Ukraine provides the operation of a number of services available on its official website: accumulation and processing of information about the compromised Ip-addresses; active monitoring of network threats; service for verifying vulnerabilities; functioning of on-line platform for reporting a cyberincident [emergency response team of Ukraine. Skorystaytesya nashoyu dopomohoyu v likvidatsiyi kiberzahroz]. The CERT-UA plays an important role in the nCss as a practical unit that responds directly to a cyberattack, helps to restore network functioning and eliminate negative impacts of cyber incidents. the most prominent examples of Cert-Ua activity are the elimination of hacker attacks on the automated system "elections" during the extraordinary presidential elections in Ukraine in 2014, the localization and neutralization of the blackenergy virus on the objects of the energy and transport complex of Ukraine in 2015 and 2016. the Cert-Ua team together with specialists from Cyber policies, the security service of Ukraine, foreign partners, and private sector participated in counteracting and eliminating the consequences of largescale hacker attacks against Ukraine in June 2017. On february 2, 2018, a new unit -the Cyber threat response Center (CtrC) -was established within the state Center of Cyber protection and Countering Cyber threats. this unit is engaged primarily in providing cyber protection of state authorities and critical information infrastructure of Ukraine [emergency response team of Ukraine. Vidkryttya Tsentru reahuvannya na kiberzahrozy].
the security service of Ukraine (ssU) -this organization carries out the following tasks: to prevent, detect, suppress and disclose crimes against peace and security of mankind committed in cyberspace; to carry out counter-intelligence, operational and investigative activities aimed at combating cyberterrorism and cyberespionage; to secretly check readiness of critical infrastructure for possible cyberattacks and cyber incidents; to counteract cybercrime, the consequences of which can create a threat to the vital interests of the state; to investigate cyber incidents and cyberattacks concerning the state electronic information resources, the information protection, the requirements of which are established by law, critical infrastructure; to provide response to cyber incidents in the field of national security [law of Ukraine "On basics of providing Cyber security of Ukraine" 2017].
the unit of the ssU responsible for conducting these functions is the Cyber Security Department, whose official name is the Department of Counterintelligence protection of state Interests in the sphere of Information security. this counterintelligence body is the main actor of the national Cyber security system which protects national security of Ukraine from cyber threats. at present, it concentrates mostly on countering russian cyber operations organized by russian special services.
Within the framework of the natO trust fund on Cyber Defense for Ukraine the situational Center for Cybersecurity of the security service of Ukraine was created in 2017 [security service of Ukraine. Holova SBU vidkryv Sytuatsiynyy tsentr zabezpechennya kibernetychnoyi bezpeky]. This is a unique structure as it combines functions and technical abilities of Cert/CsIrt with counterintelligence tools and instruments of special service and law enforcement bodies.
It already proved to be very effective in countering cyber threats of hybrid warfare and greatly facilitated the capacities of the security service of Ukraine in Cyber security. During 2018-2019, three regional Cyber security Centers of the ssU have been established in the cities of Dnipro, Odessa and sumy. their main task is to counter cyber threats at the regional level. another important direction of developing the ssU capabilities is promotion of public-private partnership, impossible to counter cyber threats effectively without cooperation with the private sector. firstly, because more than 80% of Ukrainian critical infrastructure is privately owned and secondly, the nature of cyber threats and cyber space makes no difference between the character of threats to the public sector or to national security. professionals of the Cyber security situational awareness Center of the ssU on the basis of the natO standards created the malware Information sharing platform -Ukrainian advantage (mIsp-Ua). this platform provides on-line automatic information exchange between security service of Ukraine and Critical Infrastructure about indicators of compromise and possible cyber threats. the mIsp-Ua is not yet being used for international information exchange but it might be considered as a further step for its development. through this platform, the ssU provides the private sector with timely information which is important to protect their computer systems from cyberattacks and greatly contributes to enhancing the security of critical infrastructure. at present, there are more than 30 Critical Infrastructure facilities in the sphere of energy, telecommunications, transport, or finance connected to the mIsp-Ua. the legal basis for such cooperation is the memorandum for Information sharing [security service of Ukraine. Ineffective Cybersecurity strategy Implementation -though Ukraine has made a substantial step forward in the cyber security domain, the main obstacle that hampers its further development is the lack of the effective mechanisms of implementing cybersecurity policies, in particular the provisions of the Cybersecurity strategy of Ukraine and the formal approach to this issue by responsible state authorities. many other important issues have still not been resolved: -the register of Critical Infrastructure Information systems as well as the legal framework for its protection is not created, -the budapest Convention on Cybercrime is not fully implemented, -the secure data center for governmental bodies is not built, -any effective measures to stimulate the development of domestic software are not being taken, -the eU directives and standards for the protection of critical infrastructure are not implemented, -no system of cyber security auditing of such objects or main indicators of cybersecurity and risk assessment are formed, -a unified system of cyber threats detection and information exchange between the main state actors of cyber security is not created, -many gaps in cyber security legislation are still not closed, etc. Other efforts should be directed at building a legal framework for critical information infrastructure protection by adopting the national register of Critical Information Objects and a framework law establishing the main requirements and responsibilities of their owners in the sphere of cyber protection. furthermore, providing a high level of critical infrastructure resilience is impossible without updating domestic standards of cyber security on the basis of international and european standards in this sphere.

COnClUsIOns
In the article we have shown that both systems of national cyber security have their own advantages, however, there are still vast bottlenecks, such as inconsistency in terms of inter-agency cooperation, lack of information sharing, and subsequently -lack of synergistic effect from the interagency cooperation.
polish doctrinal approach makes a distinction between the nature, objectives, and methods of many internal and external threats, claiming that national cybersecurity is affected by the actors operating in cyberspace with various skills, targets, and motivations, emphasizing that the number of states capable of and actually initiating cyberattacks is increasing. external threats listed by the doctrine include cyber crises, cyber conflicts, cyberwar, and cyberespionage involving states and other entities, "threats (for poland) coming from cyberspace include extremist, terrorist and international criminal organizations whose attacks in cyberspace can have ideological, political, religious, business or criminal motivations" [Doktryna cyberbezpieczeństwa Rzeczypospolitej Polskiej 2015]. The current model of strategic and institutional coordination of the cybersecurity system of the republic of poland is criticized, but its prompt response to cyber incidents is considered to be quite effective. Poland has a multi-layered approach to cyberattacks. This can be seen in the quick evaluation of risks the national security, or the harmonized division of the tasks between the state institutions that deal with preventing cyberattacks both at the national and regional level. this comprehensive approach to cyberattacks is reflected in Poland's cybersecurity strategy.
meanwhile, in case of Ukraine, efforts should be directed at building a legal framework for critical information infrastructure protection by adopting the national register of Critical Information Objects and a framework establishing the main requirements and responsibilities of their owners. What remains true for both countries is the logic that providing a high level of critical infrastructure resilience is impossible without updating domestic standards of cyber security on the basis of international and european standards in this sphere.
In the face of the widespread globalisation processes and the related informational interdependence between countries, cross-border cooperation is crucial for achieving security in global informational and cyberspace. While carrying out these tasks at the european level, it is important for poland to intensify its efforts to ensure the security of the Digital single market but also to involve countries outside of the eU in this process as a part of the approximation to the Digital single market. It would also be important in further development of the Common foreign and security policy of the european Union.
In addition to reinforcing its international position, Poland will benefit from collaboration with corresponding institutions and agencies responsible for ensuring cybersecurity in Ukraine. Cooperation at the operational and technical level could be carried out, inter alia, via the CsIrt network at the european Union level, through other international cooperation networks, like the fIrst or tf-CsIrt, or through information sharing platforms of different kinds, etc. therefore, Ukraine still needs to implement proper mechanisms. thus, it would be important to develop common operational procedures between the two countries. since the operational frameworks of governmental structures responsible for ensuring cybersecurity in poland and in Ukraine are structurally similar, it gives an additional opportunity to fine-tune both systems as far as tackling cross-border incidents is concerned, as in the case of emOtet malware takedown that was a joint effort of eU and Ukrainian cyber infrastructure systems [https://twitter. com/i/status/1354407402020466689].