CSIRT NASK

The NASK CSIRT (Computer Security Incident Response Team) operates in accordance with the Act on the national security system, which implements into the Polish legal system the EU Directive on the security of network and information systems (NIS Directive). The act appoints three institutions to serve as response teams – the Internal Security Agency (GOV CSIRT), NASK – National Research Institute (NASK CSIRT) and the Ministry of National Defence (MON CSIRT), which work with one another and with other organs responsible for cybersecurity. Together, they constitute a coherent and complete national risk management system, combating cybersecurity threats, both sector-specific and cross-border, as well as coordinating the handling of all reported incidents. The institutions making up the national cybersecurity system form a cohesive whole which renders it possible to take a wide range of effective actions to counteract threats and successfully respond to hazards.

Appointing a contact person

Every public institution performing public obligations specified in the Act on the national cybersecurity system, depending on the information system utilised, as well as key service operators, must appoint a person responsible for staying in contact with national cybersecurity system institutions. The NASK CSIRT must be informed about appointing or changing a contact person within 14 days. In order to register a contact person responsible for staying in touch with the national cybersecurity system institutions, please fill out the form available at: https://incydent.cert.pl/osoba-kontaktowa or message us:

1. via email at: ksc@cert.pl or

2. via traditional mail at:

NASK – Państwowy Instytut Badawczy ul. Kolska 12 01-045 Warsaw

Please include the following information:

• subject/organisation name

• your sector (public administration, financial, energy etc.)

• full name  of the contact person, including their mobile phone number and business email address.

A paper version must be signed by a person authorised to make cybersecurity-related decisions in your institution.