Tusk blamed Russia and urged Parliament to swiftly pass new cybersecurity legislation to strengthen protection against foreign interference.
Poland's Prime Minister Donald Tusk praised the country's intelligence services on Thursday for foiling an attempted cyberattack on energy infrastructure that could have left up to half a million consumers without heating during Poland's bitter winter.
Speaking after meeting with energy officials and security agencies in Warsaw, Tusk said Poland had successfully defended itself and that critical infrastructure was not compromised.
The attempted attack targeted two combined heat and power plants and wind farms and happened in December 2025.
Tusk blamed Russia and urged the Polish parliament to swiftly pass new cybersecurity legislation to strengthen protection against foreign interference.
Poland's Deputy Prime Minister and Digital Affairs Minister Krzysztof Gawkowski said Poland came very close to a blackout and called the cyberattack one of the most serious in recent years.
"Digital tanks are already here," he said on RMF FM radio, emphasising that modern warfare is being waged in cyberspace.
Who was behind the cyberattacks?
Tusk said that so far there is no definitive evidence to identify the perpetrators, but he did say that much of what has been gathered points to the involvement of groups connected to the Russian security services.
He said that as in earlier attempted cyberattacks on Polish infrastructure, the key was early detection and robust response mechanisms.
European allies of Ukraine said in December that Russia is waging a campaign of "hybrid warfare" through sabotage, assassinations, cyberattacks and disinformation to sow division in Western societies and undermine support for Ukraine.
That comes after a series of incidents in countries such as France, Denmark and Sweden, in which critical infrastructure has been targeted.
European intelligence agencies say investigations into Russian interference now consume as much time as terrorist threats.
A coordinated international operation has hit the infrastructure of a pro-Russian cybercrime network linked to a string of denial of service attacks targeting Ukraine and its allies, the European Union's police agency Europol said in July.
Codenamed Eastwood, the operation targeted the so-called NoName057(16) group, which Dutch authorities identified last month as behind a series of denial-of-service attacks on several municipalities and organisations linked to a NATO summit in the Netherlands.
Europol said that the cybercrime network was also involved in attacks in Germany and Switzerland.
Poland's readiness for similar threats
In recent years, attacks on critical infrastructure have become increasingly sophisticated and dangerous, making cybersecurity in the energy sector crucial to Poland's security.
As Dorota Kwaśniewska, an editor at the Defence24 portal told Euronews, effective protection requires not only technology but also cooperation between the public and private sectors.
"In response to growing threats, we need to prioritise the development of safeguards. Attacks are taking ever-new forms so we too must move with the times and strengthen our defences," she said.
Kwaśniewska pointed out that Poland's cyberdefence systems functioned correctly during December's attempted attack on power plants.
"The cybersecurity system for energy infrastructure worked effectively during the December attacks," she said.
"At the same time, as far as is known, the government has announced measures to strengthen resilience to further attacks, including investments in safeguards, system modernisation and improved legislation."
Kwaśniewska noted that in such cyberattacks much depends on how they are conducted and on the resilience of defence systems.
"In December 2015, Ukraine became the first country in the world in which a cyberattack led to a physical blackout. Hacker groups linked to Russia carried out a coordinated attack on energy system operators, using the BlackEnergy and KillDisk malware," Kwaśniewska explained.
"The attackers took remote control of SCADA systems, switched off electrical substations and simultaneously paralysed customer service centres. As a result, around 230,000 consumers were left without power for up to several hours."