Attack from 17 countries. The Minister of Finance and Economy apologizes for KSeF

– From the point of view of data security, the KSeF system is actually safer than the systems that were in operation – assured Andrzej Domański in the “Rozmowa Piaseckiego” program on TVN24.

At the same time, the Minister of Finance and Economy admitted that KSeF users may have had problems with access to the platform in the first days of its operation. – I would like to apologize to people who had problems logging in using the Trusted Profile – he added.

An attack from 17 countries almost destroyed KSeF

According to the minister, there were several reasons for this state of affairs. First: too many people tried to log in in the first hours of KSeF operation. Second: a simultaneous cyber attack on the login system using DDoS (Distributed Denial of Service), which was also reported by the Ministry of Digitization. This type of attack involves generating mass queries that are intended to block servers. In the case of KSeF, from as many as 17 countries.

Third reason: overload of the Trusted Profile used to authenticate users. – Now traffic via the Trusted Profile is fluid. Definitely more people log in to KSEF using certificates and tokens than using a trusted profile, explained Minister Domański in a television interview.

Domański’s appeal to politicians

The minister also responded to the opposition’s allegations that the system was largely managed by foreign companies, including a French entity. This is an American company, Imperva, specializing in cybersecurity, which belongs to the French company Thales. This company offers WAF (Web Application Firewall) solutions, i.e. a firewall that protects applications and websites by filtering, monitoring and blocking malicious traffic and protecting against DDoS attacks.

Andrzej Domański explained that KSeF is operated by Polish servers and Polish IT specialists, which guarantees their legal sovereignty. – We use the most advanced cryptographic methods, thanks to which we have the so-called end-to-end and key encryption. The system does not allow anyone other than the Ministry of Finance or the National Tax Administration to have access to this data. They are very well secured using the most advanced techniques – he argued on TVN24. Domański appealed to politicians not to spread fake news on this matter.

The information transmission is encrypted using TLS protocols, and successfully completed penetration tests confirm that a direct hacker attack on the government system is an unlikely scenario. KSeF should be viewed not as just another accounting program, but as a government data cloud of strategic importance.