In a time of progressive digitalisation and expanding dependence on the global network of societies and states, the ability to effectively defend information has become a key origin affecting the level of safety and the importance and competitiveness of the state internationally. The protection of delicate information – mass-collected data sets: personal, financial, transactional, etc. gained peculiar rank. This is not just about data valuable to abroad countries from an intelligence perspective. Data from various types of citizen activity has present become a commodity, a fuel driving the improvement of artificial intelligence (SI).
Unauthorised and unfettered access to data, including state secrets, can jeopardise national interests in all areas of the state's functioning and make political, economical and social threats. Especially delicate to unauthorized external access is the military sector, which is heavy dependent on the ability to defend our country. Therefore, it is so crucial that military information, operational planning and safe communication at state level can be effectively classified.
The ability to make and apply unique solutions – especially cryptographic tools and algorithms – is crucial for maintaining military security. Hence the increasing importance of cryptology and the request to prosecute a coherent, coordinated state policy in this area.
Its importance is further increased in the context of extended intelligence operations conducted by many states, including allies, in cyberspace. This is about the surveillance of electronic means of communication and the operations of influence and disinformation in social media. The scale of these actions, depending on the cryptological possible and the policies adopted by the States, may be global, regional or direct to circumstantial countries. The aim of these actions is always to get information giving an advantage – negotiated, military or economic. Data acquisition frequently requires safety breaches, malware and strategy gaps.
In the digital age, data protection is simply a substance of state survival. Information sovereignty starts with its own cryptology, due to the fact that only national algorithms can guarantee that strategical information does not hit the incorrect hands.
Poland, as a country with crucial economic, demographic and territorial possible and an crucial associate of NATO and the EU, cannot stay passive to these phenomena and processes. The war in Ukraine and the real threats to our statehood require urgent action to guarantee digital sovereignty. The aim is to guarantee full control of communication and communication systems and to guarantee the confidentiality of the information transmitted. Let us not forget that this regulation should apply to any unauthorised entities – including our allies.
The way to this is to rebuild national competences and capabilities in cryptology. Polish state communications systems, including military systems, should be protected by Polish cryptography. Only then will it be possible to effectively defend them from interference, seizure, wiretap or deactivation.
Polish cryptology – a large neglected heritage
Traditions of Polish cryptology date back to the 15th century, erstwhile it became common practice in Poland to encrypt diplomatic correspondence by the royal and hetmanian law firm. In the 17th and 18th centuries, the royal services regularly intercepted and decrypted the correspondence of diplomatic representations of another states operating in the Republic. Encryption art was taught in Jesuit colleges.
After Poland regained independency after 1918, much emphasis was placed on the improvement of national cryptology. During the Polish-Bolshevik War (1919–1921), cryptoanalysts of the Branch of the Second General Staff of the Polish Army, who managed to break over 100 codes of the opponent, played an crucial role. At the same time, Polish military units utilized only native encryption systems. In 1929 a peculiar strategy of training of selected students of mathematics was organized for national cryptology. In 1931, the Office of Cryptos was established in the General Staff, liable for the improvement of its own cryptography and analysis of russian and German ciphers.
The level of designation of russian cryptography was advanced adequate that Poles trained even Imperial Staff officers in Japan. However, the top achievements were recorded by a lecture on German ciphers, in which 3 young mathematicians were employed: Marian Rejewski, Jerzy Różycki and Henryk Zygalski. Their work on the German Enigma encryption device led to its independent reconstruction by the Polish side. Since 1936, the Codex Office has regularly read messages from German land, air and sea forces, achieving efficiency of about 65% in 1938. This made it possible to identify 95% of German forces' group and operational plans before aggression in September 1939. The achievements of Polish cryptology were revealed just before the war to representatives of French and British intelligence, which allowed the British to decently focus the work on decoding Enigma within the Ultra project.
After planet War II, Polish cryptography collapsed – Poland utilized mainly russian solutions. However, cryptoanalysis continued to function at a advanced level for a long time, as evidenced, among others, by a counterintelligence breach of 1 of the American diplomatic ciphers (in the 1980s).
Unfortunately, after a systemic transformation in 1989, the state could not clearly spell out its needs in the field of national cryptology. This resulted in the practice of buying ready-to-use cryptographic solutions abroad, in place of developing their own native ciphers and devices. There was no care to get the rights to modify or service them. The rule was adopted that "nathan" solutions are "by definition" good. In many cases abroad counterparties did not offer these opportunities, taking advantage of the deficiency of alternatives in the Polish sector.
Polish cryptology, erstwhile a planet leader and creator of breakthrough solutions, is presently struggling with dependence on abroad technologies. This is the consequence of short-sighted state policy – discounting in the process of developing its own competences and experiences.
As a result, Poland is now heavy dependent on abroad cryptography. This besides applies to the Armed Forces of the Republic of Poland, where the interoperability of NATO communication systems is ensured by cryptographic devices manufactured outside the country.
Importance of origin codes
As a consequence of many years of negligence, there has been crucial regressions in the area of cryptanalytic capacity of the state. The deficiency of knowing of this issue among policymakers – both politicians and military – illustrates the approach to the alleged "source codes". They are the manufacturer's largest substantive good – his business card – enabling verification of product quality and reliability of the contractor. Access to origin codes can identify errors, weaknesses and gaps that are not detectable in functional tests or susceptibility analyses.
If the Polish website had access to the origin codes, we could check whether there are hidden mechanisms in the purchased equipment to enable its deactivation or distant acquisition of control. Unfortunately, many arms purchases made in fresh years have shown far-reaching indifference. The manufacturer's goodwill was assumed, and the quality of devices, systems and software controls were verified only at functional investigating level. The right to get origin codes was not exercised by the contracting party, even erstwhile the supplier was an allied country.
Moreover, method documentation, which should be an integral part of the contracts, remains scattered, unconsolidated in the Ministry of Defence. It is worth assuming that possible military opponents of Poland may have access to origin codes of arms parts and military systems purchased by our army.
The acquisition of origin codes must become a prerequisite for any acquisition negotiations abroad. This should be a basic test of the willingness to cooperate and the openness of the counterparty. The Depositary of all method documentation and origin codes for military equipment and systems should be the isolated command cell of the Cyberspace defence Army Component in Legionowo (formerly: National Center of Krypton).
Mandatory verification of origin codes and method documentation should include: compliance with the order (parameters, ownership, type, version, duration), safety (code quality, susceptibility test results) and the manufacturer's approach to the quality and conformity of the product with the documentation.
The origin codes are not a privilege, but a condition of sovereignty – their absence means giving control over safety of military equipment to abroad manufacturers.
This action will strengthen Poland's position towards abroad arms manufacturers, warrant adequate quality and safety of equipment, and enable centralisation of method documentation in 1 competence centre. At the same time, it will affect national investigation centres in the improvement and audit of modern technological solutions.
Lacks in the legal strategy
In conclusion, the deficiency of awareness of the State authorities about the importance of cryptology for safety and sovereignty has led to a crucial simplification in the powers of the State in this area. And the deficiency of this competence makes it impossible to regain full sovereignty – especially power over purchased weapons.
The deficiency of State policy in this area is evidenced by the existing legislation. Their characteristic feature is not to usage the word Cryptology, although they mention to its main areas: cryptography and cryptoanalysis. The existing government does not comprehensively specify the state's cryptological policy, indicating its objectives, principles, priorities or institutions liable for its implementation. They treat elements of cryptology as a complement to method solutions, focusing mainly on aspects of certification and accreditation.
The absence of a cryptological state policy means giving up control of your own safety and sovereignty – it is simply a gap that urgently needs to be filled out. The change in this situation is not conducive to a gap in the legal strategy (disadvantaged by home companies) and the practice of public institutions in the procurement of equipment and equipment.
For comparison, Turkey's affirmative ability to produce modern weapons is due to a clearly defined state cryptological policy, which is mandatory in both the civilian and military spheres.
The Act on the Protection of Classified Information plays a peculiar function in Poland. Unfortunately, it does not advance the improvement of native cryptology. In the case of systems for the processing of classified information with a ‘restricted’ clause, it allows the designation of certification and accreditation carried out by authorised NATO or EU institutions. specified regulation favours abroad producers.
The Polish Army communicates with NATO utilizing abroad systems and devices. In addition, the abroad Trade Act on goods, technologies and services of strategical importance for the safety of the state speaks only of monitoring cryptographic solutions brought to Poland. It introduces an illusion of control. specified a policy harms Polish cryptography producers who are incapable to compete with the mass import of abroad technologies.
Purchases of cryptographic solutions usually take place under the Public Procurement Act. specified an approach makes the energy of state institutions focused on gathering the requirements of formal tender – aside from key issues of safety and national interest. In practice, this leads to discrimination against Polish cryptographic solutions and home IT products.
In summary, the Polish State has not defined its needs and requirements in the field of national cryptology, including military cryptographic standards for equipment and equipment in the equipment of armed forces. It does not control processes in this area. It did not introduce legal solutions supporting Polish cryptography, does not order from native companies and does not advance national solutions. This situation needs to be changed urgently.
Polish cryptographic manufacture
Currently, Poland has limited possibilities to implement its own cryptographic solutions – both in terms of developing algorithms (due to insufficient number of educated cryptologists) and the production of modern devices of this kind (although real needs, there are no public sector procurements).
Although Polish manufacture and the technological community are working on building national cryptographic solutions, the deficiency of a uniform concept for designing and implementing cryptographically protected systems, as well as the tendency of many state and national entities to usage ready-to-use abroad solutions, makes these activities very limited in effect.
The deficiency of concepts, a tiny scale of orders, and a deficiency of organization support weakened the Polish cryptographic potential, despite the real capacity to make and implement their own solutions a decade ago.
An additional disincentive for national producers is the long-term and costly process of certification of cryptographic devices in Poland – conducted without guarantees of subsequent orders and implementations. The deficiency of a national centre of competence in cryptology and the low awareness of the strategical importance of this field led to the widespread practice of acquiring abroad solutions – especially those ensuring the interoperability of the Polish Armed Forces with NATO.
Despite these problems, 10 years ago the Polish defence manufacture had real capabilities in the design, production and implementation of national cryptographic devices – among others, in the form of a strategy of recognition of a "national alien" and adaptation of Polish cryptographic solutions in the tactical data transmission strategy Link-16, as part of the implemented programs "Superśl" and "Kwisa". It is simply a pity that these competences have not been decently exploited.
Big ambitions, no foundations
Against the background of NATO and EU associate States, most of which are based on their own self-developed cryptographic solutions, Poland's capabilities are modest. Our country does not have its own state-sponsored policy of supporting and stimulating national cryptology – neither in the legal dimension (own cryptographic standards and standards), nor in technological and investigation (home academic centres), nor in investigation and improvement (technology centres), nor in manufacturing (industry), nor in implementation (implementation of national cryptographic solutions).
This state of affairs creates a clear dissonance between the real level of Polish cryptology and the political ambitions of the Polish Republic in terms of gaining an crucial position in NATO and EU structures.
The corrective actions were not taken by the Ministry of National Defence until June 2013, erstwhile the National Centre of Krypton (NCK) was established to consolidate cryptological resources in the Armed Forces of the Republic of Poland. The cooperation of the NCK with military and civilian universities and the implementation of the R & D task under the auspices of the National Centre for investigation and improvement were crucial steps and allowed the creation of basic infrastructure in this field.
The NCK besides started the construction of the Integrated Distribution and Repair Centre (Service Depot) in Legionowo for American cryptography utilized by the Polish army. This project, agreed with US partners in 2014, in case of success, could importantly increase Poland's defence capabilities – exceeding the symbolic "two dense NATO brigades" stationed in the territory of Poland.
Unfortunately, due to the deficiency of adequate support from the erstwhile government, the NCK's actions have taken on a limited scale and have proved insufficient to catch up with the long-term backlog of the state. Furthermore, after 2015, a task to service American cryptography in Legionowo was abandoned. The subsequent consolidation of the resources of the NCK, the Communications Army, and the MON Computers Inspectorate as part of the Cyberspace defence Army Command was perceived as an image treatment alternatively than a real change of approach.
New approach to cryptological policy
It is essential to recognise cryptology as 1 of the pillars of state safety and an crucial attribute of its independency and sovereignty. It is essential to realize that the improvement of national cryptology cannot be an end in itself. Its essence should be to strengthen state defence and to defend 1 of the foundations of democracy – the privacy of citizens, in peculiar their individual data and information sent electronically.
Poland's cryptology remains in clear dissonance of the state's aspirations in NATO and the EU – without a coherent policy, institutions and support, there is no way to build skills that are adequate for ambition.
W Cybersecurity Doctrines of Poland from 2015, signed by president Bronisław Komorowski, it was recorded that "the strategical goal in the area of cybersecurity of Poland, formulated in the National safety strategy of Poland, is to guarantee the safe functioning of the Republic of Poland in cyberspace...". A key component in achieving this goal should be the Polish State's gaining full jurisdiction and sovereignty over its own cyberspace. The means to accomplish it is cybersecurity – not as an nonsubjective in itself, but as a consequence of having national competences and utilizing abroad technologies with large care.
In this context, it is crucial to establish a national cryptological policy that sets out the objectives, directions and principles for the improvement of cryptography and cryptanalysis, as well as supporting safety in cyberspace. Its aim would be to consolidate technological and industrial possible and to advance unified national cryptographic solutions in key sectors of the state: defence, telecommunications, energy, banking, electronic communications and transport. The improvement of artificial intelligence should not take place without the participation of Polish cryptology (control over algorithms).
This policy should besides regulate the State's oversight of national cryptology, recognising it as an integral part of the safety and defence system. The institutions liable for implementing cryptological policy should be identified and the sources and minimum levels of backing for cryptology in research, investigation and exploitation areas should be identified. peculiar emphasis should be placed on the improvement of human resources – by supporting the training and maintenance of cryptology experts.
Ultimately, state policy should mark the efforts of the IT manufacture to make forward-looking, standardised and unified cryptographic solutions. The State must be able to clearly specify and delineate its national cryptography needs.
For this purpose, national cryptographic standards and standards must be introduced. It is besides essential to specify requirements for the implementation of Polish cryptographic solutions in both the civilian and military sectors. State policy should besides be manifested by directing public procurement to the Polish cryptographic industry, while at the same time introducing the request of "hard poloniumization" of abroad solutions. Synergy of these actions will let for the restoration of national cryptological competences and the restaurant of the national cryptographic solutions market.
The improvement of national cryptology is not an end in itself — it is the foundation of sovereign cybersecurity, a condition for effective state defence and a warrant of the protection of the privacy of citizens.
Digital jurisdiction and Polish sovereignty
Poland – as a country, as well as our manufacture and civilian and military administration – was not active in the creation and construction of the global network.
- Polish telecommunications systems were only connected to a dynamically developing web network.
- Digital modernisation of ICT systems in Poland took place in parallel with the privatisation of TP SA and the improvement of mobile telephony. The adaptation of fresh services, specified as mobile broadband net or mini-turging end devices (smartphones, tablets), was based on equipment and software from global manufacturers. A akin phenomenon besides applies to server, network and software devices. The Polish electronic manufacture did not mostly participate in the global production of individual components of online infrastructure.
- The state administration passively accompanied these changes – it did not act as a moderator of the modernisation process, which would take into account the interests of national manufacture and Polish method solutions. She has performed exclusively as a global network user.
- The legal regulations in force in Poland left the issues of the architecture of TI systems – including the requirements for devices and software – exclusively to suppliers, mainly global corporations. The interoperability request has become a lock for imposing production bigtech standards. Subsequent Polish governments resigned from formulating their own hardware requirements, guaranteeing even a minimum level of jurisdiction – at least the powers of the local administrator.
- The long-standing deficiency of government (including military) contracts promoting national solutions, supporting Polish technological and method thought, converging abroad solutions, as well as the deficiency of state cryptological policy – and what is more, the deficiency of awareness of how specified a policy is needed – attest to the regression in the area of strategical military reasoning in the General Staff. The military did not study the request for Polish solutions in the field of cryptography, cryptoanalysis and descriptament. The P-2 Military designation Board of the General Staff of the HR did not take into account the request to descriptate abroad military transmissions in its field of activities.
Cybersecurity is implemented through competences: research, production and the ability to implement their own solutions. Government action and the improvement of national electronic and IT industries are crucial in this regard. The State must show its will to act and establish an appropriate legal framework for the improvement of these competences. Government procurement, especially in the military sphere, should include requirements for the implementation of Polish solutions and technologies, both at application level, algorithms and widely understood software. In the hardware field — network and terminal equipment — preferences should be granted to national production, where possible. In the field of telecommunications protocols and standards, minimum is the improvement of national investigation and audit capabilities.
In cyberspace, each state becomes either an admin or a user – Poland cannot stay just a user on its own network – it is essential to adopt a national cryptological policy to preserve digital sovereignty.
The deficiency of competence and strategical position brings the debate on cybersecurity into error. Poland is increasingly undergoing accelerated digital colonization, preferring a subscription approach to security. large corporations present offer a "tripak" – cloud computing, artificial intelligence and cybersecurity. Just buy a subscription and power the cloud with your own data. As a consequence – in cyberspace everyone is either usereither admin. User There may not only be a single citizen, but there may besides be an full state – anyone who renounces jurisdiction over their own cyberspace.
Poland cannot quit its digital sovereignty. The only way to keep and recover it is to adopt a national cryptological policy – based on national solutions, Polish production, own technologies and full jurisdiction over the IT systems of the Republic.
