The importance of security in water infrastructures and the water sector

A thwarted attack against a water treatment plant in Florida in 2021, a failed attempt against pumping facilities in Israel in 2020, or a massive attack against the water supply of the Swiss city of Ebikon in 2018 through thousands of malware requests increased concerns within the water sector. While water infrastructures are not attacked as much as other utilities, they are vulnerable due to their importance in any region’s economic and social development.

Therefore, the sector’s concern is more than justified. According to European Directive 2008/114/EC of 8 December 2008, Critical Infrastructure is defined as “an element, system or part thereof located in the Member States which is essential for the maintenance of vital societal functions, health, safety, security, the social and economic well-being of the population, the disruption or destruction of which would seriously affect a Member State’s ability to maintain those functions.” Unfortunately, every year, water sector facilities are increasingly under attack, often without repercussions and putting the health and development of society at risk. In addition, they are increasingly exposed to cyber-attacks due to the need to digitize the sector.

Climate change and the global water challenge call for more intelligent use of water resources. Hence, the importance of being able to respond to the challenges we face through new technologies to reduce the water and energy footprint.

In this sense, digitalization in managing water infrastructures is a reality. Processes are monitored by intelligent consumption management systems that make it possible, for example, to adapt the flow of the network to the demand being produced, thus avoiding oversizing the infrastructure. Today processes such as water supply, water treatment, or quality control are unthinkable without IT (Information Technologies) and OT (Operational Technology).

The biggest cyber threats in the water sector are software vulnerability, ransomware (information hijacking), and pishing (theft of user access data).

But what would such an attack entail? Even though cyber-incidents managed in the water sector correspond to 0.1% of the total incidents in strategic sectors, according to the Cybersecurity Coordination Office (OCC) of the Spanish Ministry of the Interior, the consequences of the impact of a digital attack on water infrastructures will depend on the downtime, with significant repercussions for the public, and the domino effect it has on other infrastructures, due to the interdependencies between them.

At Almar Water Solutions, aware of the importance of water management and the role that innovation and digitalization play in this, we have prioritized the cybersecurity of our facilities. Through our participation in the digital transformation company Datakorum, we work to provide cutting-edge technology to achieve optimal and reliable service in the management of water infrastructures. Creating the universal end-to-end IoT solution based on the CaaS (Connectivity as-a-Service) model allows us to digitally transform the entire infrastructure without changing any existing devices, achieving full integration between sensors and platforms. Upgrading, modernization, and digital security are the main focus of the company’s activities.

Sources:
Directiva europea 2008/114/CE del 8 de diciembre de 2008
“Intentan hackear el sistema de tratamiento de agua de una población de Florida”, El Confidencial (09-02-21)
“Attempted cyberattack highlights the vulnerability of global water infrastructure,” CSO (07-05-20).
“Suiza también sufre ataques: los productores de agua potable invierten en seguridad”. Zero Water Loss (24-03-21)