Tasks of the Minister of National Defence in the Field of Cybersecurity

This article is an attempt to analyse the legal position of the Minister of National Defence of the Republic of Poland in the sphere of the national cyberse-curity system. The author distinguishes a large number of types of functions of this public administration entity. On the other hand, the author conducts an analysis of cybersecurity competence of the independent bodies responsible for the cyberspace system security in Poland. The author demonstrates that the Minister of National Defence plays a crucial role in the Polish cybersecurity system in the context of the state ’ s external security.


The Notion of a Task Within the Domain of Public
Administration-The Responsibilities Associated with the Activities of a Public-Administration Authority The tasks involved in the activities carried out by a public administration authority are described by administrative law commentators as the notion of competence within which a given public administration authority should operate. In this sense, a "task" is often identified with the so-called material competence of a public administration authority. 1 However, the issue of the material responsibility of a public administration authority is worth analysing from a broader perspective. As Z. Cieślak suggests, According to the author, "competence" in its broader perspective may be characterised as "the sum, type, and content of affairs encompassed by the legally non-indifferent activities of an entity." 3 On the other hand, from a strictly procedural perspective, competence is interpreted as only a specific "range of matters" assigned by Acts, which a given entity (a public administration authority or judicial authority) should resolve within its statutory powers. 4 Therefore, legal procedure experts associate the powers and obligations (competence) of a specific authority with the notion of the "legal capacity of authorities", defining it as a "set of premises exerting a decisive impact on the capacity to take procedural steps in administrative proceedings", and these premises, in turn, are determined by the norms of procedural law. 5 Traditionally administrative law commentators generally linked the notion of the "scope of the activities" (competence, or powers and obligations) of a specific authority to the so-called "task norms" regulating the tasks which should be carried out by a specific administrative authority. This approach was linked to the normative system of a specific public administration authority. 6 Task norms show the subjective correlation between the activities carried out by public administration authorities and the legal forms of conduct attributed to such activities. Therefore, administrative law norms combine a significance for the state political system with the obligations of a substantive law nature. It should also be stressed that when the tasks in the domain of public administration are carried out in specific matters, they are based on "competence norms". 7 In the light of the constitutional principle of legality, concerning the activities of public administration authorities (defined in Article 7 of the Constitution of the Republic of Poland 8 ), the responsibility of a public administration authority must arise from the provisions of generally applicable law. Structural legal norms regulating competence-whether defined in a broader, political-system-related, or strictly procedural context-should encompass the four basic components: time, place, subjective features, and the subject of the activities. The essence of the time criterion in the reconstruction of competence (powers and obligations) of the activities of a public administration authority is the basis for the reconstruction of the "rules updating the capacity for action by an individualised entity. 9 " 2 The Position of the Minister of National Defence in the State System The Minister of National Defence is the central public administration authority, managing the activities carried out by the department of government administration called "national defence", 10 and a monocratic component of the central collective authority, namely, the Council of Ministers. 11 In the light of the Constitution, the Minister of National Defence acts as an intermediary in the authority of the President of the Republic of Poland over the Polish Armed Forces in peacetime. 12 In a hierarchical structure, the role of the Minister of National Defence is threefold. First of all, the Minister of National Defence is an independent authority of the government administration with independent responsibilities and tasks (arising from the Act on the Authority of the Minister of National Defence and the Act on the Tasks of Government Administration 13 ). Second, it acts as an entity, being part of a collective authority that is the Council of Ministers subject to the authority of the Prime Minister. 14 Third, the Minister of National Defence is subject to a certain form of command of the President of the Republic of Poland in terms of having power over the Polish Armed Forces in times of peace 15 and conferring the military ranks. 16 On the other hand, as regards the activities of an entity mentioned in the legal norms defining the responsibilities of the Minister of National Defence (apart from the task of "intermediation" in the authority of the President of the Republic of Poland over the Polish Armed Forces in peacetime), its role is limited only to managing the department of government administration called "National Defence". 17 According to the GAD Act, the National Defence Department (limited in time-which is quite unique in comparison to other departments of government administration-to the "time of peace") encompasses the following affairs: state defence, the Armed Forces of the Republic of Poland, the security of the cyberspace in the military dimension, the participation of the Republic of Poland in the military projects of international organisations, and fulfilling the military tasks arising from international agreements and offset agreements. 18 The task norm-defining the scope of activities-entrusts to the Minister of National Defence a wide scope of matters, from managing (in peacetime) the entire operations of the Armed Forces through the operational, executive, and personnel matters concerning the performance of state defence tasks, by implementing the commitments arising from the military obligations undertaken by the Council of Ministers, to the performance of tasks as statio fisci, a state or local government organisational unit acting for and on behalf of the State Treasury. 19

The National Cybersecurity System
Undoubtedly, globally noticeable technological advancements have taken place in the recent decades, especially in the field of telecommunications and information technologies, which have had an increasing (nearly decisive) impact, not only on the economic life of societies, but also on matters of the security of citizens, including national defence and security. Digital technologies provide not only huge opportunities but also pose significant risks, as reflected in the growing number of what is known as computer incidents. 20 The situation has been addressed at the supranational level. In particular, sectors of the national economy, defining the criteria for the identification of the operators of essential services, defining the minimum requirements for the information and communications security of the information systems belonging to operators of essential services and digital service providers, and stipulating the statutory requirements and responsibilities of the Computer Security Incident Response Teams in the field of cybersecurity. Undoubtedly, the test concerning the performance of control and supervisory functions of the responsible public administration authorities defined in the law, regardless of whether their status is of a systemic or just functional nature, will be of key importance for the reliable functioning of the system (administrative structure) from the praxeological point of view.
The systematics of the Act was established on the basis of a model entailing a link between a specific state system hierarchy of various categories and functions of public administration authorities and other administrative entities with tasks attributed to them, and correlated with the responsibilities of the administered entities, defined in the law and characteristic for regulatory legal acts. Customarily, the legislators have separated the control powers (slightly excessively combining them with control responsibilities) of the authorised staff of broadly defined administrative entities. The relatively modern penalty system in the form of financial administrative penalties was additionally implemented, and this will undoubtedly strengthen the importance and "effectiveness" of the control procedure. On the other hand, the "penal-administrative" procedure will definitely be the basic instrument for the implementation of the supervisory (ex-post) competences, and together with ex-ante supervision instruments (especially, involving decisions on permits) should result in a variety of regulating tools allowing the effective stimulation of the conduct of entities functioning on relevant markets.

The Task Norms of the Minister of National Defence Within the Framework of the National Cybersecurity System
In the National Cybersecurity System Act, the Minister of National Defence is mentioned in at least four basic state system dimensions. First of all, as the authority competent for these matters and a component of the National Cybersecurity System. 27 Second, as an independent coordination-control-management authority having the separate tasks entrusted to it by the legislators. 28 Third, as an authority supervising 29 the Computer Security Incident Response Team (the CSIRT MON) functioning at the national level. Fourth, as a member of the collegial body (the College for Cybersecurity), being an advisory and opinion-forming authority of the Council of Ministers on cybersecurity. 30 It should also be noted that the adoption of the law on the National Cybersecurity System modified the Act on the Departments of Government Administration 31 to some extent, dividing a subdivision component of "cyberspace security", into a unit functioning within the "civil dimension" (attributing this component to the department of "digitisation") 32 and one functioning in the "military dimension" (attributing this component to the department of "national defence"). 33 As mentioned earlier, the Minister of National Defence is a component of the national security system due to being named in the law as the authority responsible for the cybersecurity of the following sectors: (1).The health-protection sectorencompassing entities subordinate to or supervised by the Minister of National Defence, including entities whose information and communication systems and networks are included in a uniform list of facilities, installations, equipment, and services forming critical infrastructure, 34 and encompassing enterprises of special economic and defence importance and their performance of tasks in the field of the national defence, as organised and supervised by the Minister of National Defence; 35 (2) The digital infrastructure sector-for entities listed in the same way; 36 (3) digital service providers encompassing the same entities as defined above. 37 Within the named sectors and in respect of the said digital service providers, due to their status as "authorities competent for cybersecurity", the legislators entrust to the Minister of National Defence the authority of a superior ("imperial") nature, encompassing, in particular, (1) the competence to issue decisions on recognising a specific entity as an operator of essential services; 38 (2) the competence to issue decisions on the annulment of decisions recognising an entity as an operator of essential services; 39 (3) the establishment of a cybersecurity team for a given sector or subsector 40 (however, in discharging this duty, the authority competent for cybersecurity is obliged to provide information to the operators of essential services in a given sector and to the CSIRT MON, CSIRT NASK, and CSIRT GOV); 41 (4) the competence to impose administrative financial penalties 42 forming instruments of supervision exercised in respect of operators of essential services and digital service providers, and, under exceptional circumstances, also in respect of the head of an operator of an essential service. 43 In addition to the clearly defined tasks performed in the capacity of a superior authority, the legislators have entrusted to the Minister of National Defence, being the authority competent for cybersecurity, an entire set of tasks to be carried out in a non-superior, substantive, and technical or organisational capacity, arising from the control and information tasks. 44 The legislators have entrusted a separate group of tasks to the Minister of National Defence as a specialised, autonomous public administration authority distinguished in the National Cybersecurity System Act. 45 Within these tasks, the Minister of National Defence was entrusted with various competences, within the scope of the performance of these "superior", 46 legal forms of activity, and those of a "non-superior"-control 47 or strictly organisational 48  character. 49 The legislators entrusted the Minister of National Defence with responsibilities involving tasks in the field of cybersecurity in a specific manner.
The legislators have specified the performance of tasks entrusted to the Minister towards the newly established entity, namely, the CSIRT MON, in an extensive and open manner. Apart from the task of "operating" the CSIRT MON (specified in an extensive and open manner), the legislators do not regulate the mutual relations between these two entities, which are critical for the reliability of the cybersecurity system in the sphere of defence. The issue of the status of the CSIRT MON in the state system goes beyond the framework of this study. It may be even said that a specific kind of "discretion" by the Minister in the performance of this task has been sanctioned, to some extent.
On the other hand, the fact that no other powers have been entrusted to the Minister of National Defence as a member of the collegial body, namely, the College for Cybersecurity, recognised as an opinion-forming and advisory authority of the Council of Ministers, is not surprising, because this "gap" results from the essence of the activities of the collegial authority within the framework of which separate responsibilities are attributed only to the chairs of such authorities. 50

Summary
It is hard to resist the impression that the diversity and multiplicity of tasks attributed to the Minister of National Defence within the framework of the National Cybersecurity System can raise many doubts concerning interpretation within the activities of this supreme (constitutional) public administration authority, which can have unpredictable consequences, especially taking into account its undoubtedly highly responsible function within the public-administration system (directly involving state security). In the field of the cybersecurity of the state, special attention should be drawn to building such legal relations that will be an efficient instrument for the prompt making of correct key decisions. They should be characterised by the maximum elimination of any doubts over interpretation, and the avoiding of any overlapping individual tasks and responsibilities. In the field of cybersecurity, the legislators have expressed a precise definition of the tasks entrusted to the Minister of National Defence only in a limited scope, and have allocated to them a specific set 49 For instance, participation in achieving the objectives of the North Atlantic Treaty Organisation in the fields of cybersecurity and cryptology (see Article 52(5) of the NCSA) or submitting to the competent authorities proposals concerning defensive measures (see in fine, Article 51(7) of the NCSA). 50 The Chair of the National Broadcasting Council who is the Chair of a collegial body, namely, the National Broadcasting Council, and at the same time has separate, independent, and superior responsibilities to issue concession decisions within the framework of the procedures carried out in cooperation (under specific collaborations) with the National Council in corpore, is so far the most characteristic example of such "functioning" within the framework of a collegial body. of legal instruments in the form of appropriate legal actions. Clearly, numerous doubts concerning interpretation can be resolved and eliminated in the course of the authority's practical performance of activities. Open Access This chapter is licensed under the terms of the Creative Commons Attribution 4.0 International License (http://creativecommons.org/licenses/by/4.0/), which permits use, sharing, adaptation, distribution and reproduction in any medium or format, as long as you give appropriate credit to the original author(s) and the source, provide a link to the Creative Commons license and indicate if changes were made.

References
The images or other third party material in this chapter are included in the chapter's Creative Commons license, unless indicated otherwise in a credit line to the material. If material is not included in the chapter's Creative Commons license and your intended use is not permitted by statutory regulation or exceeds the permitted use, you will need to obtain permission directly from the copyright holder.