Bill on National Cybersecurity System Raises Concerns Among Entrepreneurs

SECURITYBill on National Cybersecurity System Raises Concerns Among Entrepreneurs
  • The bill on the national cybersecurity system is completely detached from the realities of cyber threats, and at the same time very dangerous for Polish entrepreneurs, who use devices made by manufacturers from Asia. If any EU country introduces measures pertaining to high-risk suppliers in telecommunications networks, they only pertain exclusively to 5G networks – notes Karol Skupień, the President of the National Chamber of Ethernet Communications (KIKE).
  • In the draft amendment to the bill on the national cybersecurity system, prepared by the Ministry of Digitalisation, there is a provision worth billions of zlotys. The Cybersecurity College is to receive powers to identify equipment providers used by operators of all telecommunications networks (including fixed) and all technologies as posing a cybersecurity risk, particularly if it’s a supplier outside the EU or NATO. The consequence of this extreme overregulation could be the forced withdrawal of a specific manufacturer’s equipment from the market, and for the user – the replacement of equipment at their own cost.
  • Research on the use in the telecommunications sector of equipment suppliers outside the European Union or North Atlantic Treaty Organisation, conducted in October 2024 by KIKE, finds that 100% of respondents indicated that small and medium-sized Polish telecommunications operators predominantly use devices from manufacturers from Asia. The estimated value of the telecommunications infrastructure using such equipment and/or software is around 3.3 million PLN per operator, with the total estimated cost of potentially replacing such devices declared by respondents amounting to 209 million PLN, although many stipulated this was the minimum cost they would be forced to bear.
  • The report we conducted shows that only in the segment of Polish local operators providing fixed services to about one third of Polish subscribers, the cost of removing Chinese equipment from their networks would be around 6 billion PLN. That means, for all Polish networks the cost would be nearly 20 billion PLN, and that doesn’t even include wireless networks – says Karol Skupień.
  • According to the expert, who has been actively working in the telecommunications industry for the past 25 years, telecommunications equipment is highly specialised and only engineers in telecommunications companies can recognise its nuances, including those related to its security. Granting politicians the power to decide which equipment to remove from Polish networks, is very costly as shown in KIKE’s report. The consequences of their decisions, strictly political not technical, could be the necessity to remove good equipment and to purchase more expensive or even inferior ones. To label a supplier as a high-risk supplier, it will not be necessary to detect significant vulnerabilities or a serious incident caused by the equipment or software, and at the same time, the economic effects of such decision will not be considered. Such decisions would have to be carried out immediately and without the possibility of appeal.
  • No EU country has such dangerous provisions regarding so-called high-risk suppliers. Initially, the regulations referred to 5G equipment, but currently, the draft is extending the scope of these regulations to include 2G, 3G, and 4G systems, which have been widely used in Poland for many years and are not considered dangerous. If the removal of Chinese equipment from all Polish networks were to take place, the costs could reach tens of billions of zloty. But no one in the Ministry of Digitalization has estimated this cost and no one is planning to ask Polish entrepreneurs how else the possible network security problems could be addressed – summarises Karol Skupień.

Source: https://managerplus.pl/projekt-ustawy-o-krajowym-systemie-cyberbezpieczenstwa-budzi-obawy-przedsiebiorcow-44925

Exit mobile version