Undersea pipelines, oil platforms, power plants, and... electronic banking – critical infrastructure is all of this. Without it, state functioning is difficult to imagine. Therefore, dozens of businesses and entities are involved in the complex system of its protection. The military also has a role to play here. Though formally speaking, military tasks are different.
On July 19, the world held its breath for a moment. Disruptions in access to some Microsoft services caused a gigantic confusion. The largest airports had problems with checking-in, in many places electronic banking was off, hospitals were forced to cancel scheduled procedures, and corporations one after another suspended work and sent employees home.
First thought: cyberattack. Soon after, however, it turned out that there are no hackers behind the events. As Microsoft representatives reported, there had been a global failure of the Windows operating system that day. It was caused by an error in updating the CrowdStrike antivirus program.
On this unfortunate day, Poland was also affected with these problems. Although their scale is hardly comparable with what the United States and Western Europe experienced, they still caused a considerable stir. “All state forces and services work to secure critical infrastructure. This is a continuous process,” emphasized Władysław Kosiniak-Kamysz, Polish Deputy Prime Minister and Minister of National Defense. This turmoil was simply a random accident, but this does not change much. Since the outbreak of war in Ukraine, the risk of attacking systems and facilities crucial to the functioning of the state is higher than ever before.
Moscow Bites in Silence
Russian propaganda does not even hide it. Although the fighting is taking place in Ukraine, the actual opponent is NATO. In the media subordinate to the Kremlin, reports of Western agents and mercenaries are multiplying, while paeans in honor of the Russian army are intertwined with threats of strikes on Warsaw, Berlin and London. Open confrontation with the North Atlantic Alliance is, obviously, a dream, at least as long as NATO maintains political cohesion and Russian troops are tied in Donbass, in the vicinity of Kharkov or in the Kherson region. Russia, however, is trying to bite the West in a different way. “A hybrid war with unprecedented intensity for years is on,” said Łukasz Tolak, PhD, an international security expert at Collegium Civitas. One of this war tools is the information warfare. The Russians through the media and social networks are trying to influence Western societies, fueling anxiety and deepening divisions. They also often hit in geographically distant regions, such as Sub-Saharan Africa. They support parties reluctant to the West, and sometimes quietly help to elevate them to power. In addition, they effectively heat up local conflicts, and thus activate successive waves of migrants who end up at the borders of Europe. That’s not the end of it. “The Russians do not shun away from classical kinetic activities, and they often target at critical infrastructure,” admits Łukasz Tolak. The list of activities is long – from observing military bases and transports with equipment heading to Ukraine to installing motion tracking security cameras by railway tracks to acts of sabotage. “Operations are usually carried out in such a way that it is difficult to clearly indicate whether there was an accident or a deliberate action. Recently, we have had a lot of such suspicious incidents in Europe,” says Łukasz Tolak. The expert mentions here the derailment of a freight train loaded with iron ore, which headed from Kiruna, Sweden to the port in Narvik, Norway, or the Ukrainian aid warehouse fire in London. In his opinion, the sabotage scenario should also be considered in the context of a series of recent arsons on Polish territory.
“Poland is attacked in various ways, also in cyberspace. So far, however, the acts of sabotage have not crossed the critical limit. There were no casualties in people, there was no attack on the institutions crucial for state functioning, such as airports, feeders, gas port. All the time, however, we have to remain alert,” emphasizes Łukasz Tolak. First of all, we must consistently build a coherent system that will not only protect people, but also critical infrastructure.
Changes in the System
To begin with, the basic question should be answered – how to define a critical infrastructure? “It seems that the answer is simple,” believes Witold Skomra, PhD in Eng., from the Government Security Center (RCB). “This term covers all the resources necessary for the functioning of the state and its citizens. This includes the infrastructure enabling elections, access to water and food, medical care and energy, and transportation,” says the expert. We are talking here about buildings, installations, pipelines, airports or roads. “However, according to the most recent definition, critical infrastructure should also include certain services, such as digital transmission, electronic banking or access to e-mail,” explains Witold Skomra. The list of such facilities was prepared by RCB as part of the National Critical Infrastructure Protection Program. “Last year, we reviewed it and introduced additions,” the expert notes. The list is classified.
Meanwhile, in May, the government published a draft amendment to the Crisis Management Act. Objective: to adapt the procedures for the protection of critical infrastructure to the dynamically changing requirements of modern times. Poland, like other European Economic Community countries, was obliged to implement two EU directives. The Critical Entities Resilience Directive (CER) regards the resilience of critical entities, while the Network and Information Systems (NIS2) – cybersecurity. “We are facing many challenges. We will not only have to once again identify services of key importance for the functioning of the state as a whole, but also to establish criteria for the entities that provide these services. Can critical infrastructure include, for example, the facilities of an operator that supplies electricity only to several villages,” explains Witold Skomra. In practice, the list of objects and services will be once again verified. In addition, all entities on the list will have to meet the high requirements for protection against cyber attacks. “According to our calculations, there will be from 30 to 100,000 such entities,” notes Witold Skomra.
Even if you skip the legal intricacies, one thing remains unchanged. For the protection of critical infrastructure responsible will be mostly the operators, who at the same time can count on state aid – such as the support from various services, including the army.
Front at Office Desk
The army can engage in this type of activity at different levels. Although, as experts make it clear, in the light of the law, the protection of critical infrastructure is not part of army duties. The army is to train, and in the event of war to fight to preserve the territorial integrity of the state. The engagement of military operational subdivisions to protect factories or feeders in certain circumstances can even be risky. “Such a mechanism could encourage a potential opponent to intensify hybrid operations, because they would distract the army from its primary tasks,” notes Witold Skomra.
If we consider changes ongoing on modern battlefield, it is impossible to completely exclude the army from such tasks. Currently, the line between war and peace is blurred. Many activities are carried out in half-light. In reality, wars begin way before tanks go to the battlefield and fighters take off. Often activities take place in cyberspace, where the opponent tries to hit not only military, but also civilian resources. This is perfectly portrayed in the example of Ukraine. In February 2022, shortly before the full-scale invasion, Russian hackers attacked, among others, banking systems and disrupted access to broadband Internet.
The participants of the INSECON Congress, which took place in Poznań in April, spoke about the importance of cooperation between the army and non-military institutions. The event devoted to broadly understood cybersecurity was organized by the Polish Ministry of National Defense. “The operating environment has a global reach. The frontline is scattered here, because it is marked by every computer, whether owned by a private person or a public institution,” emphasizes General Krzysztof Król, the General Staff of the Polish Armed Forces. As the representatives of the army assure, such words are also followed by specific actions. “In fact, on the basis of signed agreements, we support civilian operators of critical infrastructure. It is easier for the adversary to carry out a hacker attack on a power plant or transmission network than to organize stay-behind forces to shoot or set fire to such facilities. Online sabotage is often less expensive, and above all less risky, because the attack can be initiated from anywhere in the world,” emphasizes LtCol Przemysław Lipczyński, Spokesman for the Command of the Cyberspace Defense Forces. However, he says that he cannot talk about the details of cooperation.
TDF Bet on Warsaw Water Filters
Certainly more can be said about the activity of Territorial Defense Forces (TDF). Under the Homeland Defense Act, the commander of the TDF took over the responsibility for the non-military part of crisis management in MoND. The commanders of individual brigades perform a similar function at the level of voivodships, so they cooperate with non-military institutions. “We participate in numerous exercises. Some scenarios are about the protection of a broadly understood critical infrastructure. We are here to support and strengthen the activities of the entities responsible for this, and if necessary – for example, in the case of breaks in the supply of some utilities – to provide the residents of a given area with water or with power supply, to a some limited extent,” admits LtCol Robert Pękala, Spokesman for the Command of Territorial Defense Forces.
The list of such activities is long. In June, for example, the Exercise Socrates 2024 was carried out in Warsaw. Employees of municipal waterworks, policemen, firefighters, as well as the 18th Warsaw Territorial Defense Brigade participated in this exercise. Individual episodes took place in Warsaw Water Filters, waterworks located in Ochota District and at the Czajka Wastewater Treatment Plant in Białołęka District. The scenario assumed, among others, an attack of terrorists on key buildings and an attempt to poison water. “Our task was to cut off access to facilities, which was carried out by a light infantry company. At the same time, our marksmen observed the area,” explains Senior Corporal Przemysław Łuszczki, spokesman for the 18th Warsaw Territorial Defense Brigade. “Such skills are useful not only in the context of crisis activities in the city, but also during border service,” he adds.
In June, Exercise Amper 2024 was also conducted in the east of Poland. In turn, the soldiers of the 3rd Subcarpathian Territorial Defense Brigade participated in the exercise and they were to help prevent the effects of damage to the hydroelectric powerplant on Solina. “In cooperation with the police, we surrounded the object with a tight cordon, and the soldiers, with the help of powerplant workers, connected to the network the KEP-900 power generators from the equipment of our brigade. This solution allowed us to provide residents with electricity supply,” recalls Capt Artur Romanowski, crisis management officer from the 3rd Territorial Defense Brigade. In turn, during Exercise Amper 2024, the 2nd Lublin Territorial Defense Brigade used a horse team, which helped to localize damages to the transmission network in a hard-to-reach area.
This includes joint training of TDF soldiers and employees of the PERN company’s fuel base in Rejowiec or a whole series of Friendly Energy exercises with the participation of TDF units from various regions of Poland and employees of PGE Dystrybucja. Still, that does not close a long list of similar ventures.
“The Command of the Territorial Defense Forces has signed many cooperation agreements with transmission network operators, such as Gaz-System or Polskie Sieci Energetyczne (PSE), as well as with the Police Headquarters and the Fire Brigade. Similar agreements are later concluded at the local level. The commanders of individual brigades are responsible for them. We try to do our best to fulfill our role as a liaison between the military and civilian operators of critical infrastructure,” concludes LtCol Pękala. The representatives of individual companies say the same. “The purpose of the agreement with the Command of the Territorial Defense Forces is to work together on strengthening the security and defense of Poland [...]. Current geopolitical situation, including the aggression of the Russian Federation against Ukraine, shows how important the cooperation of the armed forces and entrepreneurs managing strategic infrastructure for our country is,” emphasizes the PERN company’s spokeswoman Katarzyna Krasińska in her e-mail answer to our questions.
Ships in Operation Bay
Meanwhile, the critical infrastructure facilities are not only in inland locations. In recent years, the role of installations located on the coast, directly at sea surface or down on the sea bottom has increased significantly. The Terminal LNG in Świnoujście and the Baltic Pipe are crucial in the process of energy independence from Russia. Soon, they will be joined by wind farms erected on Polish waters, as well as telecommunications cables or ports. These facilities are to be protected by their operators, who, like on land, can count on the support of state institutions. The armed forces have an even greater role to play in this puzzle, because no other institution operating at sea has similar capabilities. The Polish Navy owns ships that can conduct long-term patrols and monitor both on the surface and deep into the sea.
Shortly after the mysterious explosion of the Nord Stream gas pipeline, which occurred in September 2022, the Maritime Operations Center-Maritime Component Command (COM-DKM) in Gdynia began Operation Bay (Zatoka), which continues to this day. Ships belonging to both flotillas continuously set off to sea. “They monitor the areas where the key infrastructure for Poland is located. They follow the movement of other vessels, pay attention to any suspicious behavior,” enumerates Cdr Maciej Bukowski at Maritime Operations Center-Maritime Component Command. It is, for example, such situations as when a ship moves without an AIS transponder turned on, which allows for obtaining information about its origin and course. Or when for a long time, and without a clear purpose, a vessel remains in the vicinity of mining platforms or pipelines. In such cases, the crew of the patrol ship may attempt to establish contact with the vessel, approach it, and call for leaving the area. In other words, demonstrate its presence and capabilities. The examples of such situations on other water basins show that such a force projection usually reaches the desired effect. “We are in contact with the operators of individual networks and facilities at all times, we also exchange information with maritime offices or the maritime branch of the Polish Border Guard,” explains LtCdr Bukowski. COM-DKM also cooperates with NATO allies. For the past months, its officers have been in constant contact with the crews of Italian frigates, which strengthened the protection of these waters.
So far, there have been no major incidents in patrolled areas, although there have been moments of uncertainty. “One day, the representatives of Gaz-System, the Baltic Pipe operator, alerted us that a ship was drifting near the pipeline, which could not be contacted. We also made an attempt to contact it, but it was unsuccessful. The captain ordered to turn the engines on and sailed away,” explains LtCdr Bukowski. The duration of Operation Bay was initially planned for six months. It was however later extended for an indefinite period.
Operation Bay is not only patrols. As LtCdr Bukowski admits, the installations laid out at the bottom are regularly checked by underwater vehicles. The Polish Navy has many capabilities in this aspect. It is enough to mention the equipment with which the mine destroyers of Kormoran II class are equipped. “For example, Hugina, which is equipped with Pipe Tracking software, can be used to monitor underwater infrastructure. Within a day, it is able to lustrate a hundred-kilometer section of the pipeline, providing images in very high resolution. Similar tasks can be carried out by Gavia vehicles,” explains Rear-Admiral Piotr Sikora, Commander of the 8th Coastal Defense Flotilla, where Kormoran ships serve. The crews perform such tasks quite often. “For us, it is a form of training, but also the implementation of an important public interest,” admits Rear-Admiral Piotr Sikora.
Special Forces in Action
Special forces are also involved in the protection of critical infrastructure. “With a view to protecting critical infrastructure against hybrid attacks, another, third, Formoza combat team was created. It is stationed in Dziwnów,” explains LtCol Mariusz Łapeta, Spokesman for the Special Forces Component Command. The village is located a few dozen kilometers from Świnoujście, where Gazoport operates. Nearby, there is the aforementioned Baltic Pipe, which pumps gas from Norway to Poland.
Since the outbreak of the war in Ukraine, there have been no serious incidents in the Polish waters of the Baltic Sea, but they have occurred in its other parts. A few months ago, for example, the Balticconnector was broken – a pipeline connecting Finland with Estonia. The risk of sabotage is still high. This applies not only to this part of Europe. Some time ago, unidentified drones appeared in the vicinity of Norwegian oil rigs in the North Sea, and the media circulated information that the Russians under the guise of scientific research are mapping the sea bottom. To better deal with similar threats, NATO has even established a special cell that coordinates activities related to the protection of underwater infrastructure. It operates at MARCOM, the allied command of the naval forces.
The threats associated with critical infrastructure will probably not decrease in the near future. Not even any potential freezing of the war in Ukraine will change it. Russia, supported by China, wants to change the balance of power in Europe. It is in vain to expect that in the near future Russia will change its attitude towards NATO. Since an open confrontation with the Alliance would be too a breakneck challenge for it, Russia continues to fight in half-shadow. To win the fight, Western countries will have to build broadly understood immunity. This means new challenges also for the army.