Poland's National Centre for Nuclear Research (NCBJ) has successfully defended against a cyberattack targeting its IT infrastructure. According to an official statement, the organization's security systems and internal threat detection protocols identified and blocked the intrusion before any damage could occur. The NCBJ emphasized that the rapid response from its security teams prevented any compromise to system integrity, ensuring that no operational impact was sustained. This incident highlights the increasing focus of threat actors on critical national research and energy infrastructure.
The NCBJ is Poland's premier government institute for nuclear research, with expertise spanning nuclear physics, reactor technology, particle physics, and radiation applications. It plays a vital role in providing technical and scientific support for the nation's nuclear power program. A key asset under its management is the MARIA research reactor, Poland's sole nuclear reactor, which is dedicated to scientific experiments, neutron research, and the production of medical isotopes. Crucially, the MARIA reactor is not used for power generation.
Professor Jakub Kupecki, Director of the NCBJ, confirmed that the cybersecurity incident had no effect on the safe operation of the MARIA reactor, which continues to function at full capacity. The isolation of critical operational technology (OT) systems, like reactor controls, from general IT networks is a standard and essential security practice in such facilities, which likely contributed to containing the threat. The institute has notified relevant national authorities, and a full investigation into the attack's origin and methodology is underway.
This thwarted attack on a nuclear research facility occurs within a global context of heightened cyber threats against critical infrastructure. While the NCBJ's defenses proved effective, the attempt underscores a persistent targeting campaign by state-sponsored or sophisticated criminal groups seeking intelligence, disruption, or establishing a foothold in sensitive sectors. The incident serves as a critical reminder for all organizations in the energy and research sectors to continuously audit and reinforce their cybersecurity postures, ensuring robust segmentation between corporate IT and industrial control systems.
