ICT security
Aware of the importance of the PGE Group’s infrastructure for the country’s power system, PGE gives priority to ICT security issues. The company PGE Systemy is responsible for managing ICT infrastructure and ensuring ICT security within the PGE Group.
Infrastructure security issues are the responsibility of the Cybersecurity Department, whose structure also includes a specialised PGE-CERT team. It is responsible for handling ICT security incidents and minimising the consequences of their possible occurrence. Counteracting cyber attacks takes place on many levels.
PGE-CERT’s responsibilities include:
Monitoring of threats to system security
Responding to detected incidents and undertaking incident handling coordination activities,
Cooperation with similar teams in state institutions, the military and large private companies.
At PGE Systemy, the competencies and skills of the Cybersecurity Department’s employees are continuously improved through training, participation in workshops and cybersecurity competitions. The PGE-CERT team is internationally accredited by the Trusted Introducer organisation and is also a member of FIRST org, the leading organisation for incident response teams. It has held the status of a certified CERT team since 2020. It has also undergone independent certification for compliance with ISO 22301 and 27001.
To secure the infrastructure, technical safeguards are in place to protect the PGE Group against malware, targeted attacks and denial of service attacks. Thanks to the implemented software, computers functioning in the PGE Group network are monitored on a continuous basis.
Procedures regulating employees’ rights and obligations with respect to IT security have been implemented in the entire Group. Among other things, it is prohibited to use company IT devices for private purposes, to use social media except when it is necessary (PGE Group profiles), to log into private email accounts and to use unsecured Wi-Fi networks.
Employees are equipped with PKI (Public Key Infrastructure) certificates, which are used to secure email messages and to sign documents electronically.
Access to corporate resources from the Internet is based on encrypted VPN connections. In order to enable PGE Group employees to work remotely, the VPN infrastructure as well as the group communication and teleconferencing environment have been developed. The disk content encryption function is enabled in all computer equipment used for remote work. Instructions and advice for employees on IT security rules for remote work have been developed and published on the PGE Group intranet.
It is very important to build IT security awareness among the employees of the PGE Group through education and ongoing provision of information on possible and existing threats, as well as the principles of safe use of computers, the Internet and company mobile phones. Articles and information on this topic are regularly published in the PGE Group’s internal media.