Lakhasly

Security is an area of considerable concern to the state. Ensuring freedom from
threats, or rendering such threats harmless to the normal functioning of public in
stitutions, private entities, or society (ensuring security), is the primary objective of
each state. There are multiple levels at which this objective should be met. Effective
protection against threats allows the state to fulfil its public mission of meeting
the needs of society (including its security needs) and supporting its development.
One of the actors in the national cybersecurity system is local government.1
Local governments are separate decentralised authorities which perform public
tasks, have their own governing bodies and the attribute of independence, and act
on local or regional scales to exercise their competences in their own name and at
their own responsibility. It should be noted, however, that the legislators have not
provided local governments with the instruments they need to properly perform
their cybersecurity tasks, as these are largely managed by State institutions.
Cybersecurity is one of the domains of any country’s security. It is all the
more important today, and the repercussions of cybersecurity breaches affect not
only public spaces but also the social sphere. Therefore, the State must respond
quickly and decisively to cyberattacks, while seeking more and more advanced
protection mechanisms. In their efforts to react to the increasingly frequent threats
to cyberspace, the Polish legislators decided to introduce an appropriate regulation
which would allow an accurate diagnosis and a sufficient response in the event of
a cyberattack.
The aim of the national cybersecurity system is to ensure cybersecurity at the
national level, entailing the uninterrupted provision of both essential and digital
services, which is to be achieved by guaranteeing a proper level of security within
information systems used to provide such services, as well as by providing smooth
incident-management procedures.2 The lawmakers have not provided any exact
definition of the system, and have specified it only through certain statutory deter
minants (including the purpose), which makes it difficult to define its overall status.
The system of cybersecurity should indeed work as a system, i.e. as a group of
synchronised institutional and functional components which deploy their relevant
skills and know-how to perform specific tasks. This system should be composed of
various cybersecurity-related entities, organised into one interconnected whole, and
equipped with the appropriate tools. The current solution undoubtedly lacks coh