Connecting Waterpeople

You are here

Cybersecurity, a must for European water utilities

  • Cybersecurity, must for European water utilities
  • Cybersecurity has become a major issue for companies in the water sector. In recent years, there have been multiple attacks on utilities, given the importance of this sector as an essential service.

About the entity

Experts in digital transformation for the water industry. We provide services and Xylem Vue Powered by GoAigua’s technological solution for the water cycle management.


Concern about cyberattacks has been on the rise in the last 20 years. The first attack was on a utility in Queensland (Australia) in 2000, whilst more recent attacks hit Israel’s water supply in 2020 and a water treatment plant in Florida in 2021. We only have to input the term “cybersecurity” in Google to see the importance of this phenomenon.

New technological trends in the water cycle, such as automation, early warning systems and smart metering, bring significant advantages and innovations to the water sector, but also open up new attack vectors for cybercriminals. Therefore, as Idrica's Water Technology Trends 2024 report pointed out, utilities are spending more time and effort on strengthening and increasing their cybersecurity initiatives.

Measures to improve cybersecurity in Europe

There were 107,777 registered cyberattacks in Spain in 2023, up 94% on the previous year. This data comes from the Annual National Security Report 2023, drawn up by the Department of National Security.

According to the report, the fact that attackers possess “greater technical and operational capabilities” has led to cyberattacks increasing in frequency, sophistication and severity. This situation is getting worse due to society's “high dependence on information and communications technologies”, as the report points out. Indeed, Spain’s second biggest threat today is the vulnerability of cyberspace, second only to disinformation campaigns, though it has a potentially greater impact.

For this reason, according to Begoña González, head of Information Security at Idrica, "water operators must establish a series of strategies aimed at strengthening their cybersecurity". The expert identifies six:

  • Risk assessments: regular risk assessments must be carried out to identify vulnerabilities and potential threats.
  • Continuous monitoring: continuous monitoring systems must be implemented to detect suspicious activity in real time.
  • Training and awareness: employees must receive training on cybersecurity best practices to create a culture of security.
  • Redundancy and resilience: redundant systems and disaster recovery plans need to be established to ensure operational continuity.
  • Upgrades and patching: systems must be kept up to date with the latest security patches.
  • Encryption and authentication: data encryption and strong authentication must be rolled out to protect sensitive information.

In this scenario, “governments and other stakeholders are strengthening legislation to mitigate the situation” Gonzalez stresses.. Regulations such as ACN in Italy, on cloud services; ENS in Spain, on information security; ANSSI in France, focused on product certification; and BIO in the Netherlands, on information system management, are just a few examples.

In this regard, Idrica's expert says: European countries must implement the NIS2 directive which provides legal measures to promote cybersecurity in the European Union, ensuring:

  • Member States are well equipped to respond to any incidents that may occur.
  • The creation of a Cooperation Group to safeguard cooperation between Member States, as well as the exchange of information between them.
  • The promotion of a culture of security in all essential sectors (European Union).

Idrica, a company founded by Fomento Urbano de Castellón, S.A., is aware of the importance of implementing appropriate organizational, technical and operational measures to manage security risks. Therefore, it has certified the information system that runs its design, development, implementation, support and maintenance services for the GoAigua platform according to ISO 27001 and the Spanish National Security Scheme.

Subscribe to our newsletter

Topics of interest

The data provided will be treated by iAgua Conocimiento, SL for the purpose of sending emails with updated information and occasionally on products and / or services of interest. For this we need you to check the following box to grant your consent. Remember that at any time you can exercise your rights of access, rectification and elimination of this data. You can consult all the additional and detailed information about Data Protection.