The Weekly Reflektion 06/2026
Our first Reflektion in 2026 was about cyber security and the attack on Jaguar Land Rover (JLR) in October 2025. The financial loss to both JLR and the UK was significant, and a reminder of the commercial risks associated with inadequate cyber security. Basicservices like power, clean water and transport are also at risk from cyber-attacks. The consequences here can be more than commercialand as always Reflekt are concerned that there may be a Major Accident just around the corner if we don’t get our act together.
How vulnerable are our basic services?
In late December 2025, Poland experienced a serious cyber-attack to its energy infrastructure. The incident targeted parts of the national power grid, including systems used to manage renewable energy sources such as wind and solar installations. While the attack ultimately failed to cause large-scale power outages, it exposed important vulnerabilities in Poland’s modern, digitally connected energy system.
According to Polish authorities and cybersecurity researchers, the attackers focused on distributed energy resources (DERs). These are small, geographically spread-out generation sites that are increasingly common in renewable dominant grids. Rather than attacking a single central control room, the operation attempted to disrupt communications and control equipment at roughly 30 locations simultaneously. Some industrial devices were damaged or rendered inoperable, temporarily limiting operators’ ability to monitor or remotely manage energy production. Despite the sophistication of the attack, Poland avoided major blackouts. Grid operators were able to fall back on manual controls and built-in redundancies, allowing electricity generation and distribution to continue. Officials described the incident as a serious warning, but the attack also demonstrated that defensive investments and emergency procedures can work when tested under the pressures of a concentrated cyber-attack.
The attack has been widely attributed to a Russian state-linked hacking group, often referred to as Sandworm, which has previously been associated with cyber operations against energy infrastructure in Eastern Europe. Investigators reported the use of destructive “wiper” malware, designed not to steal data but to erase systems and cause operational chaos. It is believed Sandworm is also behind the cyber-attacks on the Ukrainian electrical infrastructure that has led to millions of people without power for heating. This of course has a devastating effect on the population in the cold Ukrainian winters. Fortunately, the Ukrainian electrical infrastructure is older than in Western countries and is reliant on manual intervention for reestablishing connections. In Norway for example, resetting of breakers is done remotely through digital systems. While this avoids manual intervention it can escalate the consequences if the communication systems are also compromised in a cyber-attack.
As countries transition toward cleaner energy, renewable installations are becoming critical national infrastructure. Their reliance on digital communication and remote management makes them attractive targets for cyber-attacks. While decentralization can improve resilience, managing many small sites also increases the vulnerability of the system. Each wind farm or solar installation represents a potential entry point if cybersecurity standards are not adequate.
This incident reinforces how cyber operations are increasingly used alongside political and military pressure, especially during periods of heightened international tension. Protecting the power grid now requires close coordination between energy operators, cybersecurity experts, and government agencies. Just as energy systems become cleaner and smarter, they must also become far more secure. In any conflict, the parties that can discover and exploit the weaknesses of their adversaries are likely to win the war.