Why cybersecurity has become a strategic priority in the Sanitation sector

Driven by digital transformation, sanitation companies in Brazil increasingly incorporate smart technologies from remote sensors and telemetry systems to integrated automation platforms 'TO optimize their operations and reduce losses. The problem is that this advance amplifies the surface of cyberattack, and an industry that has been increasingly targeted by criminals may be exposed to hacking incursions.

The result is that cybersecurity is no longer seen as a purely technical IT issue, but as a strategic priority in water and sewage companies.Water utilities now deal with sophisticated cyber threats, often directed at tearing down or manipulating pumping, treatment or quality control systems.  

Critical infrastructure in sight: cyber attacks on the rise

Statistics confirm a global escalation of cyber attacks against essential services companies, including sanitation. According to Check Point research, in 2025 alone the energy and utilities sectors suffered an average of 1,872 attack attempts per week per organization in the world, an increase of 53% compared to the same period of the previous year.  

In Brazil, the utilities sector registered about 3,059 weekly attack attempts per organization between September 2024 and February 2025. One of the reasons is the strategic appeal of this type of infrastructure: criminals prefer targets that can cause disruption and massive losses because they know that society will require quick solutions & which often translates into ransom payment to restore services.

Many water utilities, especially those serving small or medium populations, operate with legacy control systems that were never designed to address the current cyber threat landscape.SCADA networks, programmable logic controllers (PLCs), and remote access gateways often lack basic security controls such as encrypted communication or robust authentication mechanisms.  

Security updates and fixes are infrequent or infeasible due to the need to keep systems up and running and for compatibility reasons.In light of this reality, industry-specific risk assessments and system audits become essential to understand and mitigate vulnerabilities.

Real impacts: service disruption, contamination and reputational damage

Far from being theoretical risks, cyberattacks against sanitation systems have already caused concrete effects.A flagship case occurred in February 2021 in the city of Oldsmar, Florida (USA), when an attacker gained remote access to the water treatment system and tried to dramatically increase the dosage of sodium hydroxide (caustic soda) in drinking water from 100 parts per million to 11,000 ppm.  

If not promptly detected by the team, this change would have poisoned the distributed water, causing severe irritation, damage to the lungs and even risk of blindness in the population. Authorities fortunately noticed the change in time and reversed the adjustment before the contaminated water reached the taps.  

Cyber attacks can also disrupt water service entirely or hinder its operation, even without causing contamination.In the UK, in August 2022, the company South Staffordshire Water, which supplies a network of more than 1.6 million people, suffered a ransomware attack that affected its IT systems. The criminals claimed to have also accessed the OT network, including monitoring systems of chemical levels of water.

Even if the attack did not cause immediate lack of water, the response time consumed and the uncertainty generated were extremely harmful. Situations thus entail extra operational expenses, mobilization of emergency teams and a shake in consumer confidence. The public perception that “hackers invaded the water” can tarnish the reputation of a utility for years.

Defense strategies

To protect their operations, companies have adopted advanced cybersecurity strategies. One of the most effective approaches is the Zero Trust architecture, which assumes that no access is from users, devices or applications & 'DE should be trusted by default, even if it is already within the network.

Another pillar is the segmentation between IT (information technology) and OT (operational technology) networks. Separating industrial environments from the rest of the corporate structure significantly hinders the spread of attacks.  

In many cases, however, companies need to do a deeper analysis of the infrastructure, which includes inventory and asset classification and review of the network architecture. From this, it is possible, in addition to opting for more advanced technologies, to perform threat modeling for OT environments, and the elaboration of incident response plans.External experts with specific experience in industrial systems can offer these services without compromising operational continuity.

The water and sewage sector plays a unique role in the national infrastructure: it is essential to public health, highly decentralized and operates with a technological ecosystem as diverse as it is complex. Faced with cyber threats in constant evolution, it is essential that this sector also matures its approach to digital security. Independent technical expertise, previously seen as a complementary support, today is consolidated as an indispensable element to ensure the continuity of services, preserve the confidence of the population and sustain operational resilience in the face of increasingly sophisticated risks.

By Eduardo Gomes, Cybersecurity Manager at TUV Rheinland