Dorota Roman: Who is attacking us?
Major General Karol Molenda, Commander of the Cyberspace Defense Forces Component (DKWOC): Advanced Persistent Threat (APT) groups linked to the Russian Federation remain particularly active. These are teams of highly skilled specialists operating on behalf of the Russian government, with ties to military and intelligence structures.
According to a Microsoft report, Poland ranks among the top three most targeted countries in cyberspace worldwide. Since the outbreak of the full-scale war in Ukraine, the number of APT attacks on our systems has increased more than fivefold.
We face attacks from both "ordinary" cybercriminals and specialists executing specific assignments for state agencies.
– Cybercriminals typically go for the "low-hanging fruit", using large-scale, unsophisticated attacks. In contrast, APT groups are highly specialized units with precise objectives – such as acquiring sensitive information related to security, defense, or communication. Over the past few years, our teams have learned to identify these groups, understand their tactics and procedures, and effectively counteract them.
Are we at war in cyberspace?
– As a soldier, I wouldn’t call it a war, but it’s certainly not peace either. Cyberspace is a battleground of constant competition. Since the full-scale war in Ukraine began, we have been dealing with a permanent conflict. Our adversaries continuously probe Poland’s cyberspace, test our defenses, and attempt to gather intelligence.
What would a cyber war actually mean?
– Hostile actions in cyberspace could potentially trigger NATO’s Article 5, which outlines collective defense. The key issue is defining the threshold – what level of cyber aggression would justify invoking this article?
What would need to happen for a cyberattack to be classified as an act of war?
– It would cross that line if cyber operations led to loss of life or significant infrastructure destruction. For example, if a hostile cyberattack on hospital systems disrupted medical equipment, resulting in patient deaths. Or if an attack on critical infrastructure triggered an explosion or a transportation disaster, causing fatalities.
There have been moments when our adversaries could have achieved such effects, but so far, the line has not been crossed.
NATO recognized cyberspace as an operational military domain in 2016. Was this a formal acknowledgment of the importance of cybersecurity in national defense?
– Military operations are traditionally divided into operational domains, which have evolved alongside technological and strategic advancements. The first domain was land, where early battles were fought with primitive weapons like bows and swords. The expansion of navigation
brought warfare to seas and oceans. The rise of aviation made airspace another critical battlefield.
A major milestone in defining modern military operations came in 2016, when NATO formally recognized cyberspace as a full-fledged operational domain. Member states committed to developing both defensive and offensive capabilities in this environment.
Unlike traditional domains, cyberspace is entirely man-made. It evolves daily, expanding and modernizing. It has become the backbone of modern warfare, with military operations heavily reliant on digital systems. From F-35 fighter jets to the latest tanks, modern weapons depend on cyberspace for communication, coordination, and reconnaissance. Today’s soldier is no longer just a weapons operator but a manager of complex systems – systems that require a secure and uninterrupted digital infrastructure to function effectively.
Just before the invasion of Ukraine, Russia attacked an American Viasat Satellite. The Russians knew that a cyberattack would disrupt frontline communications and create chaos within Ukrainian military units.
– This is a prime example of how conventional military operations can be synchronized with cyber warfare. The Russians prepared in advance, conducted reconnaissance on Ukraine’s military communication systems, and knew exactly how to disable them to disrupt battlefield coordination.
We have learned our lesson: satellite communication must be built on multiple levels and should not rely on a single communication system. This methodology has been adopted in Poland and across NATO.
How is Ukraine faring in cyberspace now?
– Ukraine’s cyber teams are now among the elite and highly effective. The scale of cyberattacks they face is massive. They have used their time since 2024 wisely and have also received support from major tech giants such as Microsoft, Amazon, and Google.
Poland remains a key hub for transporting arms shipments across the eastern border.
– That’s why we are in Moscow’s cyber crosshairs. This extends beyond military networks – attacks on critical infrastructure, particularly the energy sector, are especially dangerous. We’ve seen how Ukraine has suffered repeated blackouts due to cyberattacks.
We have changed our strategy from the "need to know" principle – where each entity builds its own information resources – to the "need to share" principle, which emphasizes sharing knowledge and experiences. If we come across information that could help our allies strengthen their cybersecurity, we inform them immediately.
Cybersecurity is a shared responsibility between the military and civilian sectors. We have signed cooperation agreements with key security institutions, including Gaz-System, PKP PLK (Polish Railways), the e-Health Center, PGNiG (Polish Oil and Gas Company), and the Railway Transport Office.
Every day, we analyze threats and review attempted attacks on our infrastructure. The military is increasingly working with the private sector, including major global tech firms, making Poland a leader in Europe.
We exchange intelligence on adversaries and their tactics with companies like Cisco. In cloud security and cybersecurity, we collaborate with Google experts. Our partners already include Microsoft, Amazon Web Services, and Palo Alto Networks, Inc., which develops security solutions for application control, content scanning, and data leak prevention.
We receive early warnings about vulnerabilities in their products. Before the world even knows about certain cyber threats, our engineers are already working on countermeasures.
Who benefits more from this cooperation?
– If a company wants to be just a beneficiary without contributing, we end the relationship. We don’t have time to waste.
DKWOC (Cyberspace Defense Forces Component) has a vast team of engineers, many of whom are world-class specialists. For major tech firms, we are equal partners. They grant us access to their security mechanisms, source codes, and even closed systems. This allows us to verify whether their security measures are sufficient – particularly crucial for classified military systems.
We are also building our own solutions. I lead a team of nearly 1,000 programmers whose technological innovations are implemented in our armed forces. Few NATO institutions have reached this level of advancement.
What attacks have you prevented?
– We have detected incidents and reported them to military commanders, the Minister of National Defense, the Minister of Digital Affairs, and the owners of the targeted cyber services. One notable case was in 2023, when DKWOC experts analyzed a cyberattack on Microsoft Exchange email servers. As a rare gesture, Microsoft publicly thanked us for our work.
We developed a specialized set of tools and scripts and shared them with engineers from other institutions, enabling them to check whether they had been targeted and to take appropriate action. There have been many similar cases, though most remain classified.
DKWOC currently comprises 6,500 soldiers and civilian employees across 13 units nationwide. Within our cyber forces, we have established three specialized units dedicated to defensive, reconnaissance, and offensive cyber operations. Our engineers work 24/7.
Is there a shortage of recruits for cyber forces?
– In 2019, when I was entrusted with the mission of creating the Cyberspace Defense Forces in the Polish army, I knew that the most critical element of this new structure would be people. We had to focus on equipment and regulations, but above all, passion and talent matter the most.
There is a global shortage of around 3 million cybersecurity experts. To address this, we tripled the number of cybersecurity students at the Military University of Technology. Graduates become officers and strengthen our armed forces. We also established the Military General High School of Computer Science, and each Polish province now has a high school class with a cybersecurity profile, with the Ministry of National Defense covering the costs.
We successfully convinced decision-makers that investing in cybersecurity is a necessity and that talent and highly specialized knowledge should be well compensated in the military.
Do you wait for attacks or try to stay ahead?
– You could be the victim of a cyberattack and not even know it. Sometimes, the owner of critical infrastructure remains unaware for months that someone has taken control of their system.
The Cyberspace Defense Forces respond to attacks, but our priority is prevention. Sometimes, we even engage in cyber deception, baiting adversaries to learn their tactics and conduct reconnaissance. We test whether infrastructures are secure and whether users are aware of threats. The hardware is usually not the problem…
And people?
– They are the weakest link – and always will be. Attackers can manipulate individuals into bypassing security protocols. Often, users themselves weaken cybersecurity through bad practices. Basic cyber hygiene should be a daily routine, including using multi-factor authentication and regularly updating software.
What if a soldier sends data from a military email to a private one?
– We would detect it immediately. We do not analyze message content but monitor the mechanism. In certain cases, we are required to inform Military Counterintelligence, which then investigates. We cannot rule out cybercrime, meaning even within the military, someone could act against its interests.
Is the military ready to integrate artificial intelligence into warfare?
– There are still many concerns about AI within the military. However, artificial intelligence will undoubtedly reshape the armed forces. For the military, this will also mean a cultural and mental shift.
Is a scenario where a commander makes decisions based on AI analysis the future?
– We are developing solutions that will use AI to assist military personnel in decision-making. Ultimately, commanders will still have the final say, but AI will provide them with vast amounts of analyzed data. This presents enormous opportunities, but also great responsibility.
In my opinion, the countries and their armies that embrace AI will have an advantage over those that do not.
Do you foresee a situation where AI makes military decisions independently?
– That brings us into the realm of ethics – whether we will allow AI to make life-and-death decisions on the battlefield.
Can autonomous systems conduct military operations with all the human consequences that come with them? For instance, should drones, if cut off from their operator for some reason, be designed to independently decide on offensive actions to complete a defined mission and achieve a specific objective? These dilemmas will only become more frequent in the future.
On an engineering level, this is already possible today. Ethically, however, we are not ready for it.
Will our adversaries be ready for it?
– That is an open question because our weaknesses, doubts, and dilemmas can be used against us.
Does artificial intelligence have a nationality?
– In a way, it can. If AI models are trained based on specific experiences, knowledge, and datasets, then in a sense, we can talk about the "nationality" of AI.
Will AI always serve the interests of its creator?
– It should also operate within the legal constraints of a given country. However, I am concerned that solutions used by our adversaries from non-democratic states may not have such limitations. This is a topic of much discussion within both NATO and the EU.
In Poland, we are building a team of experts to implement AI-based solutions. This will be a new organizational unit within DKWOC – the AI Implementation Center.
They need not only technical expertise but also the right sensitivity and ethical awareness.
– That is crucial, especially when developing military systems. I am convinced that our adversaries are doing everything they can to use AI for their own purposes. Inaction would mean falling behind.
How much does Poland’s cybersecurity depend on current politics? Don’t military personnel worry about what the next administration might change?
– Fortunately, cybersecurity is one of the few areas that unite rather than divide. And it has been this way for many years – I have been involved in this field for over 20 years. Decision-makers understand the scale of the challenge facing the military.
That is a rare situation.
– What worries me more is that the Russians – experts in disinformation, including psychological warfare – are doing even more to divide Polish society. They are masters of using cyberspace to sow discord and weaken our country. And unfortunately, as a society, we are vulnerable to this.
Even the military?
– Of course. There have been multiple instances where rumors about stripping soldiers of certain privileges led to an immediate increase in resignations from service.
I thought soldiers were more aware of fake news?
– At one point, fabricated documents surfaced online, supposedly signed by the director of the Personnel Department, claiming that the Ministry of National Defense was working on a bill to change certain aspects of military service. The goal was to undermine soldiers’ trust in the state. The only way to counter this was through an official denial. Together with the Operations Center of the Ministry of National Defense we created the "Żołnierz RP" (Polish Soldier) app, which immediately corrects any fake news regarding the military.
The main role of the Cyber Defense Forces (WOC) is to protect military systems.
– Yes, but in the event of war, our authority could expand; that decision would then be made by the supreme commander responsible for national defense.
Is there a cybersecurity-related question you would not answer?
– A question about our greatest successes. Those will likely remain classified for decades.
Translation: Patrycja Eiduka