Polish and British generals on breaking the Enigma cipher: “a shared success”

The head of the Polish cyber forces and the former Deputy Commander of the British CSOC demonstrated that breaking the Enigma cipher was the result of cooperation between our nations. The signing of a formal agreement was also announced.

Oskar Klimczuk, CyberDefence24.pl: Can we say that breaking the Enigma cipher was a joint Polish-British success?

Lieutenant General Sir Thomas Richardson Copinger-Symes KCB CBE, former Deputy Commander of the Cyber & Specialist Operations Command: Definitely yes. It was a really important success. Although one of the reasons we’re here tonight is that this story has not often been told. I think almost everybody in the UK would know about Enigma and would know about the breaking of the code, but very few people know about the important and critical role that Polish cryptographers played in that and the fact that you started that work in 1932, not in 1939. I think this is a really good opportunity to spread the word about that and express the partnership that happened then, nearly a hundred years ago now, but also the partnership that we have today.

OK: What role did Poland play in the breaking of the Enigma cipher? What did Polish mathematicians work on?

Major General Karol Molenda, Commander of Polish Cyber Command: The first team in Europe of specialists in cryptology and signals intelligence, subordinated to the chief of the General Staff, was established in May 1919 in Poland, and in Britain as well a few months later, in November 1919. You can see that even our vision at that time was similar. Both countries were like-minded because our chiefs of defence at that time already noticed the importance of having capabilities to break the codes of our adversaries.

With this vision we created the team that had successes during the Polish-Bolshevik war - you know the topic of the Battle of Warsaw and the miracle of the Vistula River. At that time we broke the Bolshevik codes. We were aware of how the attack would go, even if it was not obvious. We used this knowledge and, what is more, at that time we jammed signals to end their ability to communicate with each other.

That was the beginning of the 20th century. Then they noticed that there was great importance in these capabilities. When we think about the Rejewski, Różycki and Zygalski team, they created rules using permutations of the limited information that we obtained. Henryk Zygalski created these perforated sheets, known as „Zygalski sheets,” used to find daily keys even after the Germans changed procedures and those codes.

That was the idea of the „cryptologic bomb” (in Polish: „bomba kryptologiczna” – ed. note), which was the first complex device used to break Enigma’s code.

You can imagine nowadays how important the information was for both sides. Two countries were dealing with the same topic and we had our teams working on the same topic at the same time in different countries. This was very sensitive information, and when we noticed that, because of the start of the Second World War, there was no other possibility to continue research on the topic, the idea arose that we should share such sensitive information with our partners with the expectation that they would do something.

This story shows how essential cooperation is. Both in the past and today, we have examples of collaboration where someone only takes and gives nothing in return, or where information is passed on but the recipient has no intention of doing anything with it. In this case we were sure that the sensitive data that was being given would be used on behalf of the good - not only for good, but also to fight. So that was a good idea. I have to say that such sensitive information is not very often shared.

Polish mathematicians, the Battle of Britain and cybersecurity

OK: How did the work done by Polish mathematicians help British scientists?

Gen. Copinger-Symes: Clearly both countries have been working, creating codes and breaking codes for a couple of centuries. In the 1930s, you’ll remember there was this huge sort of upsurge in tension worldwide. A lot of people draw analogies and parallels to today.

In the UK we had started the shadow programme that was warning factories that might be making cars or pianos or furniture that if war came they had to be able to switch production to produce aircraft and so on. So there’s a lot of, you have to imagine that rising tension and preparedness, what we would now call building warfighting readiness.

I think the important thing is that in 1932, so seven years before the outbreak of the Second World War, your cryptographers and mathematicians had started to get stuck into the code. So that’s seven years ahead of anyone else. When the war then came in 1939 and that amazing partnership started, which General Molenda mentioned earlier, it’s quite hard to find a parallel for that level of secret to share. It’s quite hard to think in the modern day what the equivalent is. This point about a level of trust to share and hand over a secret of that magnitude is phenomenal, and not just the secret - we know the Zygalski sheets and so on.

Methods and techniques were really important to Alan Turing and Gordon Welchman to build the „bombe” at Bletchley Park. That was the best technology to scale the maths. So one way of thinking about it is that the Polish cryptographers did the pure maths and then the Brits, Turing and Welchman, applied physics to scale the brilliance that the Polish cryptographers had achieved, and that’s how then we had that magnitude effect.

I think one of the nice parts of this story is that of course everybody knows about the Polish pilots in the Battle of Britain, and most people know about 303 Squadron, which is the most famous Polish squadron. The combined work of our cryptographers helped us in the Battle of Britain. I think most people know about the Battle of the Atlantic and the U-boats and their role in breaking Enigma in the U-boat story. Far fewer people know about the Battle of Britain, and it’s rather nice that Brits and Poles were collaborating to break the code and then Brits and Poles were flying over Britain.

And of course, it’s called the Battle of Britain, but if we’d lost the Battle of Britain, the whole of Europe would have been lost, because we couldn’t have stood alone. So I think there’s just a really nice connection there between what mathematicians were doing and what pilots were doing.

I think that brings out another really nice bit about this story - often, when we think about defence, we think about people in uniform, yeah? But actually we know defence is far bigger than uniform. Of course it’s soldiers, sailors, aviators, cyber operators, but it’s also civil servants, it’s intelligence officers, academics, those mathematicians, our industry partners. It’s really important, particularly as we build readiness to deal with Russian aggression now, that we think of defence as a much broader team than just those of us in uniform. The role of those mathematicians, academics and researchers is a really good opportunity to celebrate that.

War in cyberspace

Gen. Molenda: We could fully agree on a sentence that was mentioned several times, that breaking the Enigma code changed the course of the war. And why is this important?

I’m still sometimes struggling not only with convincing, but with discussing with some senior officers or even generals, and some of them, even if they compare the situation to the war in Ukraine now, highlight that „cyber does not capture a bridge, so maybe we should not invest so heavily in cyber.” This is a very good example of a misunderstanding of how cyber capabilities are changing the way war is conducted and the nature of warfare itself.

Thinking about pilots, after the Battle of Britain Winston Churchill mentioned that „never in the field of human conflict was so much owed by so many to so few.”

We as generals from two countries should repeat the same sentence, thinking about Polish and British mathematicians and cryptologists who broke the Enigma code. Churchill’s sentence is unique and it could be addressed to our heroes of Enigma code-breaking as well.

Gen. Copinger-Symes: It’s a lovely point, and although we’re thinking about cryptology and cyber here, the story of the Battle of Britain was amazing aircraft like the Spitfire and Hurricane and very, very brave pilots who were literally risking everything. Also, the adoption of a new innovation, radar, to help find the enemy planes and then allow those pilots to react is very important. Of course, when we talk about „the few” we think about those brave pilots but also those mathematicians and scientists who worked on the radar that allowed those pilots to have the optimal effect.

And as General Molenda says, the unseen battlefield of cyber and electronic warfare, because it’s unseen, is not front of mind. But as we know in Ukraine, the front line is actually an invisible battlefield of electronics. Getting dominance through that invisible battlefield has to be the first step, not the second step. As we talk now, the first shots of any conflict will be fired in cyberspace and probably in outer space rather than on land, in the air or at sea. Educating and discussing this with our populations, about what’s going on in this unseen battlefield, is really important now. Sometimes it’s good to look back in history and tell people that some things have changed and some things haven’t changed, so we can increase the awareness.

We’re under attack every single day of every single year at the moment. In the UK we had about 90,000 attacks on our military systems last year by actors based in Russia. That level of attack, that level of aggression, if you had that in the air or on land or at sea, we would be in a very, very different position.

"Adapt or die"

Gen. Molenda: Yes, we agree. What I can add is the fact that it also highlights the importance of an innovative approach and the capability to adapt. We now see in Ukraine, like, „adapt or die.” So the speed of adaptation and the idea and the vision that we should put some effort into being innovative, to be one step or even two ahead of our adversaries, that’s something that should be implemented.

Nowadays we see it as well in the cyber domain in Poland, which is one of the most attacked countries in the world. In 2024 alone we had more than 7,000 incidents in our military systems, 200,000 incidents in Poland. So our teams have to engage every two hours. Our teams have to respond on average every hour, and currently even more frequently.

Recently, we summarized the performance of our systems in the context of countering phishing campaigns targeting Polish military personnel. Our devices blocked more than 3 million such attempts in the first three quarters of 2025. Three million.

OK: That’s really huge.

Gen. Molenda: So you have like 10,000 per day, 400 per hour. Those people haven’t reached their targets because the devices were fed with intel, because we „feed” them with information we also receive from our partners, and we likewise try to share our own so we can prepare one another, guided by the same idea and understanding that „sharing is caring.”

So when we see that there is a malicious infrastructure being used by an adversary, mostly APT, we can counter that to reveal the infrastructure, but also to inform our partners with TTPs, modus operandi and about the infrastructure being used by our adversary, to let them as well prepare yourself and feed your devices with data.

We have the same attitude, the same approach. Based on our good history, we see that we are not only like-minded; our future, our idea, is to strengthen those ties, those relations and even sign the MoU in the future, but also to let our teams work on a daily basis, even when it is necessary to let them share information which is sensitive on the one hand, but could help each other to fight the adversary. So that’s the attitude: we have this heritage of our heroes from the past and we would love to implement that now.

Past, today and future

OK: What lessons can we learn today from the past? What does breaking the Enigma code teach us today in terms of cryptology, cybersecurity and cooperation between Poland and the United Kingdom?

Gen. Copinger-Symes: I could literally talk all night about this, but let me give you two or three. Firstly, a lot of people think cyber and AI are all about technology. To be clear, the technology is really important, but it’s really about human beings being cunning and curious about how to use that technology to achieve a mission.

Certainly in the military and the security space, it’s about putting new technology in the hands of users and making it a whole capability - including the tradecraft or the doctrine. It was the same with radar and Bletchley: there’s a bunch of humans supported by technology. That magic mix of humans and technology can help us achieve our mission. That’s the thing that probably sounds quite obvious.

Thing two is the point that General Molenda just made about information sharing or intelligence sharing. You know, there’s always a tendency to think secrets are there to be stored and to be kept secret. Actually, you get the value from a secret when you share it with your friends - obviously, that has to be controlled and be thoughtful.

Threat actors are sharing information too. Vulnerabilities are published on the dark web and exploits are sold. Whether that’s APTs, ransomware actors or intelligence agencies, they work together on the dark web and we need to work together on the light side to be able to share that information. That means you have to build trust and that means you need to work together, exercise together, train together so that you have that trust and you can move that information around at speed. That’s why this is such a powerful story.

The third thing is about human beings. I mentioned earlier this is not just about people in uniform, but it’s a much wider team than that. We call it in the UK the „One Defence” team of industry, academia and intelligence software.

We talk a lot about diversity and inclusion and so on. It’s really, really important. If you look at the sorts of people we had at Bletchley, it was the most diverse group of people. You had very, very intelligent math PhDs working there. You will find that quite a lot of them were what we would now call neurally diverse. Their brains worked in different ways - what Churchill used to call „corkscrew minds” - people whose brains just moved in different ways to the average human being. That diversity of thought is really, really important.

We had people like Alan Turing. It’s a matter of sort of public knowledge and indeed shame how we treated Alan Turing after the war. The importance of neurodiversity, particularly in these areas where you meet really smart people to solve really difficult problemss is important. You’ll know from Bletchley Park the role that women played. When a lot of men were away fighting at the front, we recruited women.

I think information sharing is critical. Understanding the why and the breadth of the team involved in this is absolutely critical. Also, technology supporting human beings is an enduring lesson for today and is very important.

"Smart people should be able to do their work"

Gen.  Molenda: I couldn’t agree more. Definitely, that’s a good example of topics that we try to implement nowadays as well. You have to spend some time, some effort, and exercises to get to know each other, to let teams know each other, to create the trust, the understanding, the vision that we share the same goal.

I’ve noticed, and I’m sure we’ve all felt it here, that this is exactly why, as commanders and leaders who meet and trust each other, we try to demonstrate it so that others can also notice and see how it works. If leaders know, like and trust each other, we maybe should give that a chance This is also connected to the environment we operate in, which is unique because it requires creating a space that brings together many different kinds of people. I fully agree with that, but that’s exactly how I understood it from the very beginning, when we were establishing the Cyberspace Defense Forces in Poland. I wanted to create a place about which we could say that almost everyone is welcome, of course within the boundaries of security requirements, clearances, authorizations, and so on.

Remember that you hire and encourage smart people to do the job, not to tell them how they should do the job, which is not very much the military style in many different areas. Those senior leaders, officers, generals, colonels - they like the idea that they tell others how to do their job.

In our environment, we are the ones who create the environment and remove those obstacles on the way to let those smart people do their job, because in many cases they know better. The example of breaking the Enigma code in Poland by Rejewski, Różycki and Zygalski was a great example of creating the environment and saying: „Figure it out, guys. You know you have all the intel we have. Now that’s your time now.”

This is challenging, especially in a military unit, to create such an environment and kind of „force leaders” inside, to let those guys do the job.

In our Cyber Forces, I convince my senior leaders to go to courses with psychologists who will explain to them how to interact with smart guys, not to lock them in their understanding of the world, but to let them work. I see the results already, because still in Cyber Command in Poland we write code and break code, so we have this heritage of Rejewski, Zygalski and Różycki. Różycki is our hero; our Command is named after him.

I have a group of cryptologists there still dealing with the same topic, trying to figure out how things can be changed nowadays when we think about confidentiality of information being transmitted by our adversary.

To sum up - remember to create an environment that’s fully supportive.

Polish-British Partnership

Gen. Copinger-Symes: This idea of leadership in this realm - and it’s the same here - is that our cryptologists tend to live in GCHQ and the National Cyber Security Center as supposed to defence, but in Cyber Specialist Operations Command again you’ve got exactly the same thing. You’ve got very clever people. Sometimes they’re junior, sometimes they’re senior. I think it was Richard Branson who said to ask smart people the right question and unleash their genius on solving the problem that we’re faced with. That does require a different approach to leadership.

Coming back to some of the topics we discussed, and to what we are learning from them today in the context of trust and information exchange — this is precisely why we conclude such agreements. A new defence and security treaty is currently under negotiation, which will serve as a framework for deepening the partnership between the United Kingdom and Poland in the area of defense and security.

OK: It’s really important.

Gen. Copinger-Symes: Really important, because it builds trust, blesses the relationship and it eases information sharing. I believe that major political events and partnerships—like the aforementioned Defense and Security Treaty, which we plan to sign—are of tremendous importance.

Within that, we hope there will be a cyber memorandum of understanding to lock in this partnership. Karol and I have known each other now for years, we meet at conferences - that’s how you build trust and knowledge. Then your teams see that and work closely together. I think also the importance of these political events is that they send a message to the whole world as far as this partnership is concerned.

The significance of breaking the Enigma cipher

OK: What can we learn, not only as the military but also as civilians, about the importance of cooperation and the breaking of the Enigma cipher?

Gen. Copinger-Symes: So I suppose the most obvious thing is contested and always hard to know exactly, but at the very least we think breaking Enigma shortened the Second World War by two or three years. We’re talking, as a minimum, millions and millions of lives saved, of both military personnel and civilians. We’re talking millions and trillions of pounds, dollars, euros saved. The horror of a war that goes on for another two or three years was cut. Those are the most obvious measurables.

People know about the Battle of the Atlantic. Keeping the supply line between America and Europe safer so that we could get critical supplies through to Europe was really important. It was also important when the Warsaw Uprising happened in 1944, and people know about the Warsaw Airlift where we flew in supplies from Northern Italy to Warsaw.

I was reading the other day about the battle when the Romans got defeated, where generals in those days used to look at the entrails of chickens to predict whether it was a good day to fight a battle or not. Well, using Enigma to understand what your enemy was doing was a far better way to predict whether it was a good day to do battle than looking at the entrails of a chicken. So from the strategic to the tactical, it is hard to overstate how important breaking it is, because we could see their playbook and that saved countless lives.

The Russian-Ukrainian war and cybersecurity

OK: How did the outbreak of the Russian-Ukrainian war change how we see the importance of cybersecurity nowadays?

Gen. Copinger-Symes: We know that in 2008 Russia changed its view on how to achieve its strategic goals. In 2014 we saw the occupation of Crimea and at each time, I think it’s fair to say, we slightly hit the snooze button every time we woke up.

Now, I think in Poland you probably saw that differently. I won’t speak for you, but you know you’ve lived on this frontline for a long time. Nobody understands the Russian threat and behaviour better than Poland. The re-invasion, the full-scale invasion, was, I hope, the final wake-up call that nobody pressed the snooze button.

It is interesting, though, since we’re talking about Enigma, to consider the challenge of convincing people that Russia was about to invade, which I think is a matter of public knowledge now. We knew what they were going to do, but it was very hard convincing even our friends that that was about to happen. This is about that trust again and it’s one thing to be able to understand the enemy’s intentions and to do good intelligence work to know what they’re going to do. The critical piece of this is the relationships and the trust, that you can convince people to react to prevent that thing happening.

I think in the early days of the full-scale invasion, you know, you had the Viasat hack where not only Ukrainian command and control systems were affected, but also German alternative energy and agriculture systems were brought down by the Viasat hack. I think that was a big moment for industry, realizing that you didn’t have to be part of critical national infrastructure or military infrastructure to be affected by these attacks. At the same time, when clearly there was a threat that Kyiv would fall, you had amazing work by Ukrainians and, with a bit of help from their friends, to get Ukrainian government data out of physical Ukrainian geography into safe servers so they could maintain continuity of government in war.

This again has echoes of the Second World War. You had de Gaulle leaving Paris with state papers and gold. We had to send some very brave people in to go and get government data to safety so that the president could continue to govern Ukraine, even if Kyiv fell, and therefore you prevent the loss of government, and that amazing brave moment when President Zelensky said: „I don’t need a ride, I need more ammunition.”

I think that was important, because people stopped thinking of cyber just as somebody hacking into your systems or ransomware and started thinking of a much wider sense of data, sovereignty and the control of data and the importance of that in not just military affairs but political affairs.

The Viasat hack was the other aspect of cyber that has come out. Firstly, we’ve already spoken about electronic warfare and the sort of spectrum element of cyberspace being so critical to warfare. As General Molenda said, it’s no longer as a sort of enabler, but a main field of battle, even if you can’t see it. That’s one aspect. On the other hand, I think that what Ukraine has really highlighted is the sort of cognitive, constant psychological and information operations, misinformation and disinformation, where our adversaries are constantly twisting the truth. They’re trying to affect the activities of voters in the voting booth. They’re trying to affect the will to fight of soldiers, sailors and aviators.

I think of these as - you can call them information operations, you can call them cyber - but they are the use of data as a weapon. As General Molenda said earlier, it is still taking time for people to understand how important this is, because it’s unseen. Generals, admirals, air marshals grew up thinking of warfare as a very physical thing. They still struggle to understand just how critical cyber is and why you need to invest money and time and talent in cyber, because if you don’t, in the 21st century, you won’t just lose a war. You’ll lose before you even get to them, because they’ll beat you in cyberspace. I hope those are the lessons we’re starting to learn from Ukraine, but it takes constant effort to make sure those lessons are really implemented and that we get the right focus, the right loan investment - not just of money, but of time, of leadership time and talent - into cyber to make sure we can deal with the threats, not just in war, but also in peace.

Operating across the full spectrum

Major General Karol Molenda, Commander of Polish Cyber Command: War was an eye-opener for some people, even leaders. That was the reason we invested so heavily in the future as well. But one thing that you should definitely have in your portfolio is not only this defensive part, but the cyber domain as an operational domain - you should have the capability and capacity to be able to combat the operational prospect. So alongside defensive operations in cyberspace, one must also possess capabilities prepared in advance — not to wait for the day when we only begin to build them, but to be ready to use them immediately, and also ready to know the adversary: how they operate, their tactics, procedures, infrastructure, and modus operandi

In the Polish Armed Forces, we began building our capabilities in 2019; we prepared ourselves well enough that today when we are being attacked so intensively, we are able to withstand and repel those attacks. At the same time, when we think about the future, we still have room for improvement in terms of the capabilities we should possess and that should be continuously available.

One more point related to the war in Ukraine: I would like to say that wars are no longer fought on a state‑versus‑state basis. It is rather coalition against coalition. You need to have friends who will stand by your side even in times of crisis, because no single state can shoulder all of this alone. If there is a coalition of friends who are able and willing to stand shoulder to shoulder with us, then we have a chance to prevail. And coming back to the previous question, when you asked about history: I believe that our history shows that when we act together, we are capable of creating solutions ahead of their time. Today, we should replicate that success also in the cyber domain.

NATO - 32 friends

Gen. Copinger-Symes: I think we have total agreement with each other. One of the aspects is this idea of an alliance approach, no country standing alone. This is our real strength over our adversaries. We have friends. In NATO there are 32 countries now. NATO is bigger than it was when Russia invaded and Sweden and Finland, particularly in cyberspace, bring huge strength.

The other bit is about civil-military collaboration. Cyberspace is not just for soldiers or just for civilians. It’s an integrated area. I think that we’ve seen that really strongly through the Ukraine war. We can see the level of sophistication of their own digital skills, but also all the hard work they did between 2014 and the re-invasion, full-scale invasion, meant that, although the Russian attacks in cyberspace were very strong, some people even said: „Oh, cyber wasn’t such a big deal.” The truth is, cyber is a very big deal, but Ukrainians defended very well against it with friends.

I think the other point of this, which occupies Karol and myself a lot, is the importance of the supply chain and this idea that it’s not just military systems - it’s our suppliers, critical national infrastructure, undersea cables, energy supply - and the weakest link in the chain will be attacked. It’s not good enough just for us to think only about military systems that are „painted green” but to look through the whole supply chain and understand how we protect against that. That brings in really not just people in uniform or people in government but a whole society approach to cyber.

We need to be very clear that our adversaries are attacking not just people in government, but they’re looking to change the behaviours of children, voters, old people or young people. Therefore when we think about defending and deterring in this space, we need to think about the whole population of our alliance and make sure that they can detect misinformation and disinformation, that they understand how phishing attacks are launched.

Sadly, the attack on Jaguar Land Rover and some of the big ransomware attacks over the past few years have, whilst they’re very sad, raised awareness for the average people on the street. Now it’s up to us to help educate those people about what to do so they’re aware of the threat, but they now need to know how to live their lives in this level of threat. As Karol said, this isn’t just about defence, it’s also about deterrence and it’s been very clear and we don’t speak about our ability to project power through cyberspace very often, but we have been very clear that we will continue to develop with friends the ability to project power through cyberspace and to be able to deter as well as just defend.

Key takeaways

OK: So, how can we summarize this interview?

Gen.  Molenda: I believe we are on the same page, like it was in the past. I believe working together is the way. Probably one of the few things that matters to our adversary is the fact that we could work together. If we work together as we used to, we can do amazing things, being ahead of the times. So that’s the future, that’s the way we know they really worry about us working together.

Gen. Copinger-Symes: They spend an awful lot of time trying to split us apart and trying to find seams in our society. The best thing we can do, whether it’s the UK, Poland or Ukraine is stand together, strong and be united in our approach and support for each other.

I think about the partnership over Enigma, the time that story was told, and the amazing contribution that Poland made. I think it’s got so many echoes in the present that I’m really delighted we’ve had that chance to tell the story. I hope this is just the start of telling that story and that a lot of people pick this up and go on to tell it even more and maybe, as we look forward to this defence and security treaty, I hope that this starts a ripple effect of people researching this and understanding the partnership, because I think it’s got so many positive echoes for the modern day.

OK: Thank you very much.