Prime Minister Donald Tusk said on Monday that an explosive device had been detonated on the Warsaw-Lublin line near the village of Mika, southeast of the capital. The blast destroyed a section of track.
No one was injured. A regional train driver first noticed the damage near Mika on Sunday at around 7:40 a.m. local time and alerted the authorities. Two rails were found broken over a stretch of about 1 meter.
In a separate incident on the same route, a train carrying 475 passengers was forced into an emergency stop because of a damaged track.
Poland’s interior minister, Marcin Kierwiński, said investigators had secured "very abundant" evidence that should allow quick identification of the perpetrators.
He added that footage from nearby surveillance cameras had been collected.
Reserve navy commander Artur Bilski, founder of the Nobilis Media think tank, said blowing up railway infrastructure marked "a very dangerous escalation of the sabotage threat" against both rail links and critical infrastructure.
In Poland, the term "critical infrastructure" refers to key systems such as energy facilities, transport hubs, waterworks, and communications that are essential for the functioning of the state.
Bilski argued that the attack showed Poland faced a growing risk of sabotage operations linked to Russia and its networks built inside the country.
He pointed to the scale of migration from beyond Poland's eastern border as a factor that hostile intelligence services could try to exploit.
Poland has become a major transit route for military and humanitarian aid to neighboring Ukraine.
Bilski warned that rail infrastructure was an "easy target" because of its length and the difficulty of monitoring every section.
At the same time, he said, other elements of critical infrastructure could be hit by drones launched from inside Poland, which would be harder for security services to track. Possible targets, he noted, ranged from railway stations and airports to power plants, gas pipelines and water systems.
In his view, the country needs intensive training for managers and staff responsible for security and civil defense in companies, public institutions, and local government.
He also called for a public awareness campaign to promote closer cooperation between citizens and uniformed services such as the police and border guards, arguing that without public involvement it would be difficult to reduce the risks.
Security analyst Aleksander Olech, editor-in-chief of the defense news portal Defence24.com, said the latest incidents fit into a broader "hybrid campaign" that has been directed against Poland for years.
Such activities include a mixture of tools, including sabotage, cyberattacks and disinformation, used below the threshold of open warfare.
Olech said past activity linked to this campaign included illegal use of the "radio-stop" signal, which can halt trains remotely, reconnaissance of rail routes, the installation of GPS transmitters on aid trains bound for Ukraine, and distributed denial-of-service (DDoS) attacks on the computer systems of transport operators.
A DDoS attack is a form of cyberattack in which servers are deliberately overloaded with artificially generated internet traffic.
“These events are part of a sequence of actions with psychological, operational, and intelligence dimensions,” Olech said.
He added that there had been many hybrid attacks on Polish territory and that, if the current intensity of the war against Ukraine continued, more could be expected.
Railways, he said, would remain a priority target because of their logistical importance for moving goods and military supplies eastwards.
According to Olech, the most serious cases involved critical infrastructure, large logistics centers, and railway routes linked to transit to Ukraine because of the potential scale of damage, the risk of casualties and the impact on cooperation within NATO.
Cybersecurity specialist Paweł Makowiec from the CyberDefence24 portal noted that, under Polish rail regulations, incidents are classified in categories ranging from vandalism to "criminal attack" and said the latest case would likely fall into the latter group, although that decision rested with the State Rail Accident Investigation Commission.
Makowiec recalled that previous major train accidents in Poland caused by broken rails were linked to material defects, not deliberate action.
By contrast, he said, the damage near Dęblin resulted from an explosive device that tore out a one-meter section of rail, a distance that still could have caused a derailment if circumstances had been slightly different.
He urged the public to remain alert, report suspicious activity to the authorities, and check information carefully, noting that in the most recent incident local residents had reported hearing explosions even before train drivers began filing reports.
Polish investigators are now working to identify those responsible for the two confirmed sabotage incidents on the Warsaw-Lublin line.
The cases are being viewed in Warsaw in the wider context of Russia's aggression against its neighbors and concerns that hybrid operations against Poland and other allies may intensify.
(rt/gs)
Source: PAP