Threat to water supply from cyber attacks still underestimated

Water treatment plants and distribution systems rely on remote controls – if they are compromised, the consequences could be catastrophic

[datensicherheit.de, 03/29/2025] As the basis of all life, water is undisputedly one of the most valuable resources of all – and as such is increasingly at risk: „So it’s no wonder that the water supply is also increasingly becoming the target of criminal activity,“ warns Marco Eggerling, Global CISO at Check Point Software. Water treatment plants and distribution systems are dependent on remote control – if they are compromised, the results could be catastrophic: „The consequences are contamination, supply interruptions and risks to public health!“

Foto: Check Point Software

Marco Eggerling: Governments, water utilities and cyber security experts must work together to protect these vital systems!

Realise the economic impact of vulnerabilities in water supply IT systems

For example, an assessment by the US Environmental Protection Agency (EPA) from 2024 found „that 97 drinking water systems serving approximately 26.6 million people have critical or high-risk cyber security vulnerabilities“. Figures from Check Point Research speak a similar language: According to them, there has been an average of 1,872 weekly attack attempts per company in the energy and utilities sector (including water) in 2025. This corresponds to an increase of 53 per cent compared to the same period in the previous year, 2024.

„Europe recorded the second largest change with a huge 82 per cent increase in attacks compared to the same period last year, behind North America with 89 per cent.“ This makes it all the more important to bear in mind the economic impact of vulnerabilities in IT systems for water supply and to take a look at the most important security measures.

A compromised system can lead to contaminated drinking water, among other things

In addition to public health, cyber attacks on water infrastructure would also have a massive economic impact. However, the risks go beyond mere business interruptions: „A compromised system could lead to contaminated drinking water, which poses a serious threat to the public health and safety of potentially hundreds of thousands of people.“

In addition to private households, numerous industries are also dependent on a steady and safe water supply – „including manufacturing companies and data centres that need water for their cooling systems“. A cyber attack on these supply companies could lead to far-reaching disruptions with serious consequences. Eggerling points out: „Disruptions to the water supply can bring industry to a standstill, affect agriculture and destabilise the local economy.“

Even a one-day interruption to the water supply can jeopardise billions in economic activity

He reports: „In the USA, such a disaster has already been simulated: According to the US Water Alliance, a one-day interruption to the water supply could jeopardise economic activity to the tune of 43.5 billion US dollars. A simulated example of a cyber-attack on Charlotte Water in North Carolina resulted in daily revenue losses of at least 132 million USD with replacement costs of more than 5 billion USD, according to a review of the agency’s cybersecurity initiatives.“

Eggerling also makes it clear that Europe is also being targeted: „In Italy, Alto Calore Servizi SpA, an Italian company that supplies 125 municipalities in southern Italy with drinking water, was hit by a ransomware attack in 2023. The state-owned company also manages wastewater and sewage treatment services for both provinces.“ Although this cyber attack did not lead to an interruption in the water supply, the company’s database was compromised, „rendering all IT systems unusable“.

Water supply systems with often outdated infrastructures suddenly exposed to internet-based threats

Water supply systems in particular are highly vulnerable, as often outdated infrastructure is suddenly exposed to internet-based threats and the potential for disruption makes these facilities a prime target. In reality, a compromised facility goes beyond a mere cyber incident, as it affects the entire country, makes headlines and, more importantly, poses a direct threat to public safety.

The economic toll of a successful cyber-attack on water utilities is so great that this risk cannot be ignored. Critical infrastructure operators must therefore prioritise the digital resilience of their systems and consider investments in cyber security as investments in economic stability.

Tips for strengthening the cyber defence of water suppliers

Water utilities need to „take a proactive approach to cyber security“, according to Eggerling’s recommendation. Some notes on key steps to improve security:

• Invest in endpoint and network security
  Water utilities should utilise AI-powered threat detection systems to monitor network activity and fend off intruders.
• Gaps in legislation leave utilities unprotected
  Cyber regulations for water utilities are not as strict as those for the electricity or financial sectors, so more needs to be done in this area.
• Cyber security training
  Training should be a top priority for improving cyber readiness, as there is a severe lack of cyber security training among water utility operators and many organisations do not have dedicated cyber security staff.
• Enforcement of multi-factor authentication (MFA)
  Unsecured remote access to OT (Operational Technology) systems is often a major vulnerability because attackers usually exploit weak remote access protocols. „MFA can remedy this by requiring every access attempt to first be verified according to the zero trust principle and using biological characteristics such as fingerprint/face recognition or consent via other paired devices.“
• Development of incident response plans
  Water suppliers should have contingency plans in place to minimise the damage caused by potential attacks.

With cyber threats to water infrastructure on the rise, the need for proactive security measures has clearly never been greater. Eggerling concludes: „Governments, water utilities and cyber security experts must work together to protect these vital systems before further attacks seriously impact this important industry and put lives at risk.“

Further information on the topic:

The Record, Jonathan Greig, 11/19/2024
Many US water systems exposed to ‘high-risk’ vulnerabilities, watchdog finds

Industrial Cyber, 11/15/2024
US EPA report cites cybersecurity flaws in drinking water systems, flags disruption risks and lack of incident reporting

U.S. ENVIRONMENTAL PROTECTION AGENCY, 11/13/2024
Management Implication / Report: Cybersecurity Concerns Related to Drinking Water Systems

THE CYBER EXPRESS, Ashish Khaitan, 05/02/2023
Medusa Ransomware Group Claims Alto Calore Cyber Attack / Alto Calore Servizi SpA is a joint-stock company consisting of 126 shareholders, including 125 municipalities in the province of Avellino and Benevento

datensicherheit.de, 02/10/2021
Am 5. Februar 2021 griffen Hacker Wasseraufbereitungsanlage in Oldsmar an / Vermeidung von Fernzugriffen aber keine Lösung gegen Hacker-Attacken in der zunehmend digitalisierten Welt

datensicherheit.de, 02/10/2021
Nochmals Glück gehabt: Hacker-Attacke auf Wasseraufbereitungsanlage in Florida / Hacker-Angriffe zeigen, dass Cyber-Sicherheit für Kritische Infrastruktur wichtiger denn je ist

datensicherheit.de, 02/10/2021
Über Teamviewer-Fernzugriff: Hacker vergiften Wasser in Florida / Nächste Hacker-Opfer womöglich „Microsoft 365“- und „Azure“- sowie „SAP“-Module

datensicherheit.de, 04/28/2020
Wasserversorgung: Cyberangriff auf kritische Infrastruktur in Israel / Kombination aus Altsystemen, wachsender Konnektivität und föderalistischem Management erfordert hohe Priorität der Cybersicherheit

datensicherheit.de, 10/30/2018
Untersuchung zeigt Potential von Cyberangriffen auf Wasser- und Energieversorger / Viele Systeme in kritischen Infrastrukturen sind anfällig für digitale Bedrohungen

datensicherheit.de, 08/08/2018
Städtische Wasserversorgung bedroht: Botnetze aus intelligenten Rasensprengern / Wissenschaftler der Ben-Gurion-Universität haben Hersteller über kritische Anfälligkeiten in ihren Produkten informiert

datensicherheit.de, 07/21/2016
Kritische Infrastrukturen im Visier: Hacker könnten Wasserversorgung kappen / „BSI-KritisV“ sollte dringend umgesetzt werden, um Zugriffe zu überwachen und zu beschränken