The New Battlefield: Poland and Europe’s Struggle Against Hybrid Warfare

In November 2025, an explosion struck a railway link in eastern Poland—a route described as “crucially important for delivering aid to Ukraine.” Polish Prime Minister Donald Tusk referred to it as “an unprecedented act of sabotage,” while subsequent investigations identified two Ukrainian suspects believed to be hired by Russia, who escaped to Belarus immediately after the attack.

The railway event is one of multiple incidents involving suspected saboteurs and intelligence-linked plots on Polish soil. Konrad Zielinski, a former fellow at the Weatherhead Scholars Program, recalls that “hybrid attacks became especially evident after Russia’s full-scale invasion of Ukraine, but since the 2020 elections in neighboring Belarus, when the political proximity between Lukashenko and Putin started becoming more evident, the hybrid activity only intensified.” 

As a neighboring ally of Ukraine and a key hub for its military aid from around the world, Poland experiences one of the highest numbers of incidents of Russian sabotage in the European Union. However, as Zielinski noted, “the Polish eastern border is also the EU external border. As such, these incidents are not isolated disruptions but reflect a broader challenge to European security, raising important questions about preparedness, attribution, and response.”

For example, on September 9, 2025, over a dozen unarmed drones entered Poland’s airspace amid a large-scale Russian attack on Ukraine. Several were shot down, but a number traveled hundreds of miles, with some pointing toward Rzeszów-Jasionka Airport—a key NATO logistics hub situated in southeastern Poland. This wasn’t the only instance of Russia violating Polish airspace, prompting Poland to impose temporary airspace restrictions along its eastern border, reported to last until June 9.

Incidents like these illustrate how the nature of conflict in Europe is changing. Instead of tanks crossing borders, Russia increasingly relies on covert operations, aiming to test the European defense system and challenge public opinion on the continuing support of Ukraine.

Hybrid Warfare

Security experts describe these tactics as hybrid warfare—a strategy that combines military and nonmilitary tools, including disinformation, cyberattacks, economic pressure, and covert operations. This strategy allows states to weaken adversaries without escalating—unlike armed attacks, which have defined legal mechanisms of response.

As Konrad Zielinski observed, “hybrid warfare involves multiple layers that remain below the threshold of open war.” It can look like cyberattacks targeting energy grids; disinformation campaigns aimed at deepening political divisions; proxy websites that spread propaganda; or sabotage operations that disrupt critical infrastructure, including railways, pipelines, and undersea cables. Even seemingly minor incidents—such as foreign planes crossing the airspace for a few minutes—can test defenses and reactions, as well as gather intelligence.

Such instances have increased sharply since Russia’s full-scale invasion of Ukraine in 2022, as Russia began operating in a gray zone, challenging European defense and political unity. It is important to note that this type of aggression is especially effective against democratic societies, where open political systems depend on public trust, freedom of speech, and free information flows—components that can be manipulated through disinformation and political interference.

Sabotage and Border Pressure

As Zielinski referenced, hybrid attacks began to gain wider public attention in Poland after 2020, particularly following the use of migratory pressure along the Belarus-Poland border.  From mid-2021, Belarus began issuing visas to third-country nationals as part of an advertised route to the EU, drawing migrants from conflict-affected regions in Africa and the Middle East to the Polish border. According to reporting, Belarusian authorities facilitated their movement toward the border, with accounts describing soldiers cutting border fences at night and guiding groups toward crossing points in nearby forested areas. These events have been widely interpreted as state-directed pressure on Poland’s border security.

Hybrid pressure on Poland has also taken the form of suspected sabotage within the country. Since 2024, there have been a series of mysterious acts of sabotage, often targeting areas near critical or military infrastructure. Fires have been detected in major cities and in smaller but strategically important defense-industry locations. Incidents began with a massive fire destroying a large shopping center that housed over 1,400 shops and service points, which was later confirmed as Russian-sponsored arson. In 2025, fires broke out in multiple locations: at the Warsaw metro; in the wake of an explosion at electrical substations in Warsaw and Lagionowo; after a gas pipeline breach in Gdansk near the 23rd Tactical Air Base in Minsk Mazowiecki; and in a warehouse linked to defense contractor Rosomak S.A.1.

Cybersecurity

While many of these incidents occur in the physical domain, hybrid pressure on Poland has also increasingly extended into cyberspace. Polish authorities recognized this threat dimension early on. The 2017 strategic document, Defense Concept of the Republic of Poland, published by the Polish Ministry of National Defence, identified Russia as a primary source of instability on NATO’s eastern flank, reflecting early concern over cyber and hybrid risks. In the years that followed, cyber activity increased steadily. In 2019, authorities recorded 226,914 potential incidents, a figure that has risen each year. By 2021, before Russia’s full-scale invasion of Ukraine, there were over 760,000 notifications, including 26,899 confirmed attacks and 115 coordinated cyber campaigns. Among the most common targets were government institutions (federal agencies, military units, municipalities, etc.) as well as critical infrastructure (energy grids, water supply, healthcare, and transportation).

By 2025 and 2026, the situation had further escalated. Cyberattacks in Poland increased by 30 percent in 2025 compared with the previous year, with the country facing up to 4,000 politically motivated cyber incidents per day—the world’s most targeted country. Recent attacks have included attempts to breach servers at the National Center for Nuclear Research and operations targeting energy infrastructure. In December 2025, a coordinated cyberattack struck at least thirty renewable energy facilities across the country. The attackers had infiltrated networks months earlier, gained administrative access, and deployed data-wiping malware designed to disrupt energy systems, potentially impacting at least half a million people. However, alerts fired on time, stopping the attack before large-scale destruction could take hold, and engineers were able to restore the damage caused.

This resilience reflects a high level of preparedness across institutions. Zielinski noted that “alertness is significantly higher today than even five years ago.” He explained that “personnel are regularly trained to identify and avoid common cyber threats, including phishing attempts, malware infections, and other techniques designed to exploit human or technical vulnerabilities.” These training programs also focus on reducing exposure to surveillance and strengthening overall cybersecurity awareness in daily operations.

Airspace Violations and Signal Interference

Meanwhile, Poland has also faced a growing number of incidents in its airspace. Besides the incident in September 2025, when over a dozen suspected Russian drones entered Polish airspace, there have been multiple other reported violations of a similar nature. Since December 2022, multiple missiles or drones have been found on Polish soil or detected in its skies during the mass attacks on Ukraine—including “veered-off course” missiles that flew in for a few seconds and ones that flew relatively far into Polish territory, most crashing with no damage caused.

Russian ships have also exhibited suspicious activity along the seabed cables in the Baltic Sea. The Polish military had to intervene, potentially preventing what happened in the Gulf of Finland, when one of Russia’s “shadow fleet” ships dragged its anchor and cut the Estlink-2 cable, responsible for the connection between Finland and Estonia. 

Another type of interference in the Baltic Sea region was through the GPS signal. Navigation signals were reported to be spoofed, potentially allowing attackers to falsify location data and disrupt aircraft control. The interference has already affected civilian aviation, as one passenger flight scheduled to land in Bydgoszcz, Poland, was diverted to Poznań. Similar disruptions have been reported across the Baltic region, where Lithuanian officials say Russian electronic warfare systems are increasingly jamming GPS signals near Kaliningrad.

Moving Forward

Zielinski emphasized that “Poland has already increased its military budget,” reporting a record 200 billion zlotys ($55 billion) for 2026—which is 4.83 percent of the country’s GDP—“and advocat[ed] for this increase even before NATO updated its target goal to 5 percent”. He continued,  “this is in part caused by a different threat perception, as Poland, which borders a country at war, is well aware of the risks posed.”

Moreover, Poland has also allocated over four billion zlotys ($1.12 billion) to cybersecurity in 2025, and has implemented a new strategy to enhance national resilience, improve operational readiness, and secure public and private organizations. Meanwhile, to counter airspace violations, Poland was supplied with antidrone systems, such as the US-made Merops, a highly portable drone that can be launched from the back of a truck, and the recently introduced San, a Polish-made  antidrone system that will be deployed along its northern and eastern borders. 

Warsaw was also planning to build 700km (435 miles) of physical fortifications and high-tech defense networks near the eastern border, called East Shield, while also investing in a chatbot  where citizens can report potential acts of sabotage or hybrid warfare.

However, the largest army in Europe—and, arguably, one of the best-prepared—cost Poland a pretty penny, as this military expansion is largely being financed by debt. Poland’s 2026 budget deficit is projected at 6.3 percent of GDP, which is above the EU target of 3 percent. Additionally, some argue that Poland might be prepared for a conventional war, but not enough for the forms that threats take in the twenty-first century. The entire Polish security policy has been based on functioning transatlantic relations and very close security cooperation, so Poland cannot conduct large-scale deterrence on its own.

Europe and NATO, together with Poland, must translate their national investments into an operational, legal, and social architecture that reduces adversaries’ incentives to exploit the gray zone. 

Cybersecurity must remain a priority, as the number of incidents has recently risen. Although Poland is heavily investing in the sector, experts argue that enhancing information sharing between government agencies, private infrastructure operators, and European partners is just as important as increasing budgets. Joint cyber exercises such as Locked Shields, organized by the NATO Cooperative Cyber Defense Center of Excellence, demonstrate how coordinated responses can help governments detect intrusions earlier. Expanding such cooperation across Europe and into multi-domain simulations, as well as publishing after-action playbooks for member states and critical industries, would allow actors to respond to cyber incidents collectively rather than individually.

Another key step is protecting critical infrastructure and the networks that keep goods moving—from shipping ports and rail lines to delivery trucks and warehouses. While Poland began investing in stronger physical security, surveillance systems, and countermeasures, these efforts should be integrated into a wider European network. The European Union has already launched initiatives, such as the Critical Entities Resilience Directive and the NIS2 Directive, to protect critical infrastructure and improve crisis coordination, yet implementation remains uneven across member states. Developing shared monitoring systems for energy grids, transport routes, and undersea cables could significantly reduce vulnerabilities across the continent. 

European countries also need to be prepared for more airspace violations, given the continued intense attacks on Ukraine. Thus, European countries need to invest in measures that help mitigate the impact of foreign drones on civil aviation safety. A safer choice could be one that uses multiple detection methods and avoids signal disruption, so evidence can still be used in court. Moreover, authorities could allow police or helicopter teams to respond, supported by advanced military sensors, and use tools to safely take control of or physically stop the threat while maintaining proper evidence handling. Additionally, major maritime areas—such as the North Sea and Baltic Sea, key chokepoints like the Danish Straits and the English Channel, and waters surrounding major ports—need to be closely monitored with 24/7 surveillance and joint military patrols. Closer cooperation between military and civilian aviation authorities would further reduce the risks to passenger flights and critical infrastructure.

Of course, countering hybrid warfare is not only a technical challenge. 

As many analysts emphasize, the ultimate goal of hybrid campaigns is often to undermine public trust and create political divisions within democratic societies. Investing in initiatives that strengthen societal resilience is an essential element of defense strategy, as public trust in democratic institutions significantly reduces the effectiveness of disinformation and psychological operations.

Konrad Zielinski stated that “in Poland, there is currently a high level of unity in supporting the uniformed services working to secure the state.” He says that “across political divides, foreign policy, especially efforts to secure national defense and state security, remains one of the few areas of broad consensus, as reflected in both polling data and public discourse.”

Poland’s experience thus offers a broader lesson for Europe. As Zielinski noted, “Europe as a whole should be prepared to stand its ground against potential threats and to exercise its collective defense effectively if ever needed.” Hybrid warfare exploits the gaps between peace and war, and as long as responses remain fragmented, adversaries will continue to test these boundaries. Therefore, a coordinated European approach will be essential for ensuring that the continent can withstand the evolving threats of twenty-first-century conflict.

The views expressed in this essay do not reflect the policy or position of any governmental structure.

Contributor Bios

Oksana Trefanenko ’28 is deputy chair of the Global Affairs Program at the Institute of Politics, Harvard University. She is also a staff writer at the Harvard International Review, and was a research assistant at the Weatherhead Center in the fall of 2025. Originally from Ukraine, she was a student at Ellesmere College before joining Harvard.

Konrad Zielinski was a Spring 2023 Fellow in the Weatherhead Scholars Program.