The Computer Security Incident Response Team CSIRT GOV, led by the Head of the Internal Security Agency, operates as a CSIRT Team at the national level in Poland.
The CSIRT GOV constituency includes constitutional, governmental entities as well as the entities from the civil critical infrastructure area.
The CSIRT GOV is officially responsible for coordinating the process of responding to computer incidents occurring in the constituency referred to in Article 26 of the Act of 5 July 2018 on the National Cyber Security System.
The main task of the CSIRT GOV is to identify, prevent, and detect threats against the security of the ICT systems of both governmental and public administration bodies and the ICT/OT critical infrastructure systems in the civil sector.
To enhance the overview of the incident response model at the national level in Poland, the incident reporting follows the principle of notification of a cyber incident to the relevant, depending on the field of an incident, national CSIRT team, i. e. CSIRT GOV under the Internal Security Agency), CSIRT NASK (under NASK – NATIONAL RESEARCH INSTITUTE) or CSIRT MON (under the Ministry of Defence). Additionally, each and every CSIRT cooperates with the relevant cybersecurity authorities established within the cybersecurity system of Poland.