In February 2021, an operator at a small water plant in Oldsmar, Florida, USA, saw something strange on his computer screen. The cursor began moving on its own, opening a control panel and attempting to raise the level of sodium hydroxide — a chemical used in tiny doses to treat water — to dangerously high concentrations. He quickly stopped the intrusion, but the incident sent a chill through the industry. 

Until recently, cyberattacks on water and wastewater treatment facilities were virtually unheard of. Since 2020, however, more than 30 confirmed cases have been reported around the world. In some instances, hackers shut down wastewater plants with ransomware; in others, they tried to tamper with drinking water; and in one case, they triggered a water tank to overflow.  

These incidents are a wake-up call because if reasonably well-resourced utilities in North America or Europe are struggling to fend off digital intruders, what happens when cybercriminals turn their attention to the Global South, where utilities are often less protected? 

For decades, threats to water security have been straightforward to identify. They materialized through floods, droughts, pollution or crumbling infrastructure. Now, a different kind of risk is emerging that leaves no physical trace. In seconds, a cyber intrusion can stop pumps, disrupt treatment or paralyze distribution networks.  

And it all boils down to the way new and old systems now connect.  

The industrial control systems that keep water flowing — known as operational technology, or OT — were built decades ago with sturdiness, not security, in mind. In recent years, utilities have linked these older systems with modern information technology (IT), such as sensors, remote monitoring, and cloud platforms. The upgrades improved efficiency, but also opened new doors for cyberattacks: hackers can slip in through the digital side and reach the operational systems that control pumps, valves and treatment plants. 

So who is behind these attacks — and why? Analysts identify four main groups of actors with distinct motivations: state-backed groups may try to undermine public confidence or destabilize a rival country; cybercriminals see utilities as lucrative targets for ransomware; hacktivists attack water utilities to draw attention to political or environmental causes; and insiders — either through carelessness or grievance — can expose systems from within. 

“Water and wastewater utilities run vital, highly connected systems but often lack the staff, funding and technical expertise to defend them,” explains Max Smeets, co-director of Virtual Routes, a research and educational organization that studies the impact of digital and emerging technologies on global affairs and cybersecurity. 

In their recent report ‘Under Pressure: Securing Europe’s Resource-Constrained Critical Infrastructure,’ the researchers describe water utilities as “target-rich but resource-poor.” 

And while their analysis focuses on Europe, similar vulnerabilities — often even more acute — are playing out across the Global South. 

Why the Global South is especially at risk 

In regions such as Africa, South Asia and the Middle East, vulnerabilities to cyberattacks are heightened by the rapid modernization of many utilities. A lot of water and wastewater treatment plants have leapt from limited manual systems to highly digital ones in a very short time span. Remote monitoring, sensors and automated controls were put in place, but cybersecurity was often overlooked during this modernization, resulting in critical security gaps.  

“For too long, security has been pushed aside, with tight budgets channeled toward operations instead of protection,” says Paulo Rodrigues da Silva, senior IT advisor to CGIAR and the International Water Management Institute (IWMI), pointing to a common pattern in the Global South. “But for critical infrastructure like water, that attitude is no longer sustainable. The sooner utilities raise their cybersecurity maturity level — even with basic steps — the less likely they are to become easy targets.”  

The stakes in these regions are also higher. In places where backup systems are scarce, a single disruption can mean entire communities are cut off from safe drinking water or sanitation for days. In the Arab Gulf States, where 60% of the world’s desalinated water is produced and only a few days’ supply is stored at any given time, the consequences of a successful attack could be catastrophic.  

For IWMI, which has been building resilience to droughts, floods, water scarcity and pollution while also supporting sustainable farming and equitable water management for decades, the next frontier might very well be digital resilience. And the good news is that cyber hygiene does not always require massive budgets. 

“Making yourself a harder target doesn’t necessarily mean buying the most advanced and costly tools,” says Rodrigues da Silva. “Cybercriminals are opportunistic — if they encounter resistance, they usually move on.” 

Research by Virtual Routes also indicates that the most effective protections are often the simplest. Enforcing multi-factor authentication, storing offline backups, maintaining updated asset lists and giving staff basic awareness training can go a long way toward reducing risk. Equally important is governance, explains Max Smeets. “Even when solutions are known, governance gaps and thin staffing mean vulnerabilities persist.”  

The road ahead 

The scale of the threat is only increasing. In the Middle East and North Africa alone, security firm Dragos estimated that 80 ransomware groups were active in 2024, up from 50 the previous year, with many targeting critical infrastructure such as energy, transport and water.  

According to Virtual Routes, the next step is to embed cybersecurity into water resilience itself, with collaborative structures that enable smaller, resource-constrained utilities to share knowledge and coordinate responses. Paulo Rodrigues da Silva agrees, adding: “That’s where IWMI can help — by linking scientific research with the practical cybersecurity guidance smaller utilities need to keep water flowing.” 

Taken together, these perspectives point to a new frontier for water research: understanding how digital threats intersect with physical ones, and how affordable, context-appropriate protections can help safeguard communities in the Global South.