“Response to digital threats”. Minister on the new act

At the beginning of August, President Andrzej Duda signed the Act on Combating Abuse in Electronic Communications. The creators of the regulation emphasize that it significantly contributes to increasing the level of digital security in our country.

Cieszyński: “Response to digital threats”

– The new Act on Combating Abuse in Electronic Communications is a specific, strong response to the most common digital threats encountered by almost every Polish citizen using the Internet and mobile telephony. Telephone fraud, SMS fraud, fake e-mails or crafted websites – thanks to this act, it will be much more difficult for criminals to carry out each of these types of attacks or their effectiveness will be limited – emphasizes Janusz Cieszyński, Minister of Digital Affairs.

– Combating abuses in electronic communications is one of the tasks set before our Institute, both in the area of ​​development and use of the latest security technologies, as well as cooperation on projects in the legislative area. The new act is a very good example of this – it gives a higher priority to solutions that have already been implemented by NASK, such as the List of warnings against malicious websites, but also launches new, valuable tools that will improve cybersecurity in our country – says Wojciech Pawlak, director of the NASK National Research Institute.

The authors of the act emphasize that its entry into force involves four fundamental changes: safer text messages, safer telephone connections, safer e-mail and a safer Internet.

Safer SMS messages

• New, easy-to-remember number to report suspicious SMS messages: 8080.

• Blocking smishing (including SMS messages that do not contain links) by operators based on a list of patterns created by CSIRT NASK (from March 24, 2024).

• List of overrides* of SMS messages reserved for public institutions (from March 24, 2024).

* When we receive an SMS message, information about its sender is displayed. Until now, criminals could easily change this information so that the recipient had the impression of communicating with a specific institution, e.g. a specific bank. The list of overrides will make it impossible for criminals to use the name that is reserved in this list. Additionally, the user will be able to check in the search engine on the CSIRT NASK website whether the override from which he received the message actually belongs to an institution.

More secure email

The Act imposes obligations on e-mail providers who have more than 500,000 users or provide their services to a public entity:

• using SPF, DMARC and DKIM mechanisms to verify the sender of an e-mail message, ensuring the possibility of multi-factor authentication (MFA).

• A public entity is obliged to use email protected by SPF, DMARC and DKIM mechanisms.

A safer internet

• Raising the Malicious Website Warning List to a statutory level. 24 hours a day, 7 days a week, the CERT Polska team enters domains on this list that mislead users and extort data from them.

• Allowing telecommunications companies to block domains on the Warning List.

• Introduction of an additional appeal procedure for domains entered on the List to the President of the Office of Electronic Communications.

Safer phone calls

• List of public institution numbers to which you will be able to receive calls, but from which you will not be able to make them.

• Possibility to block a call or hide the number identification when spoofing is detected (from September 24, 2024).

– Reporting abuse by Internet users is a very important element of the system for combating this type of crime. As CERT Polska, we make every effort to respond to such notifications as quickly as possible. I am glad that what has already been achieved has been further strengthened by the systemic tools defined in this Act – explains Sebastian Kondraszuk, head of the CERT Polska team.