CyberSecureWater shows in Barcelona that sharing information is vital for water cybersecurity


Systems are now increasingly digitalised and interconnected. This requires a greater focus on security to ensure that protection systems are implemented at the same pace as infrastructure digitalisation itself, while this would be a risk that could be avoided through appropriate awareness-raising. Recently over 30 professionals and public representatives from the water sector attended the CyberSecureWater seminar at Water City in Barcelona, to share know-how about water cybersecurity.

Cetaqua (Water Technology Centre) co-organised this event promoted by the European Water Supply and Sanitation Technology Platform WssTP and the European Alliance for Internet of Things Innovation AIOTI, in collaboration with SUEZ, the EURECAT technology centre and the FEUGA Enterprise-University of Galicia Foundation.

“Sharing information among water operators is essential in order to prevent cyberattacks and physical attacks on critical water infrastructure,” highlights Rafael Giménez, head of Water 4.0 at Cetaqua Water Technology Centre and coordinator of the WssTP Water and ICT working party. During the event he was joined by experts from EURECAT in simulating a cyberattack on water infrastructure. The attendees saw how software could be inserted in a PLC sensor to alter the readings at a water treatment plant, so as to falsify the actual physical-chemical condition of the water.

Sergi Carmona, CISO at the Security Department of SUEZ in Spain, who gave the delegates an overview of cybersecurity, warned that “there is a growing trend towards the use of cyberattacks against infrastructure that provides the general public with an essential service, and in order to address the 1000+ attacks typically encountered in a day, the need is for greater investment in comprehensive security to help minimise the risk of not being protected”.

Technological solutions and strategic plans such as those developed within the European STOP-IT project, involving Cetaqua together with Aigües de Barcelona, integrate the efforts of numerous bodies from water operators to public authorities and R&D centres in detecting and preventing this type of “Man In The Middle” intrusion into critical infrastructure. Companies and R&D centres are currently developing numerous technological solutions to protect water systems against physical and cybernetic attacks. Tecnalia/ECSO, Darco Tech, FMIC Facility Management for Critical Infrastructures presented a number of the latest technologies used to protect infrastructure, while CESICAT (the Information Security Centre of Catalonia) was also represented.

In any event, as the participants at the debate forum agreed, the exchange of information among water operators themselves is vital in protecting their critical infrastructure against cyberattacks. So much so that the relevant authorities will demand this through a legislative framework promoted by the European Commission (Cybersecurity Act, 2017) to strengthen cybersecurity capabilities, awareness and resilience at the European level.