Widespread digitalization of water utilities and related infrastructure makes them increasingly vulnerable to cyberattacks, especially as information technology and operational technology become more integrated. For practicing civil engineers, that shift matters because cybersecurity is no longer separate from service reliability, water quality, environmental protection, or public health. Researchers Laura Arantegui, Steven Kemp, and Ignasi Rodriguez-Roda frame the water sector as more than a technical network alone: It is a system in which infrastructure, digital controls, institutions, and people all interact. Their work focuses on Spain and explores the perspectives of water cybersecurity professionals, exploring how they assess emerging threats and challenges in their field and how they manage threats in an increasingly exposed and regulated sector.
In their paper “Managing Cybersecurity in the Water Sector: When the Human Factor Does Matter,” the authors go beyond a purely theoretical discussion and examine how practitioners perceive risks, priorities, and barriers in real organizations. The authors connected with 15 cybersecurity professionals from diverse water-sector entities in Spain, asking what kinds of attacks are seen as most common, which threats are considered most consequential, how organizations are strengthening defenses, and where the most persistent weaknesses remain. The paper touches on issues such as growing risks in operational systems, the challenges of keeping up with regulations, the importance of training, and the role leadership and workplace culture play in improving security. Learn more about how water organizations are thinking about risk, where they are making progress, and where important gaps still remain in the Journal of Water Resources Planning and Management at https://doi.org/10.1061/JWRMD5.WRENG-7075. The abstract is below.
Abstract
The water sector is considered critical due to its essential role in human life and the severe consequences that may arise from supply disruptions or compromised water quality. The increasing digitalization and connectivity within the sector and its supply chain, along with the recent inclusion of the wastewater domain in cybersecurity regulations, present new challenges for addressing cyberattacks and their consequences. However, empirical research on these issues is scarce. Decisions regarding the management of water cybersecurity depend on professionals; thus, through interviews with 15 professionals in the sector, this study analyzes the perspectives of various Spanish water cybersecurity professionals regarding how cybersecurity management is conducted, how the sector responds to cyber threats, the significance of the regulatory framework, and potential future challenges. The importance of human factors in the management of water cybersecurity is the topic on which there is the greatest consensus among all participants.
Explore more about the experiences of water utility cybersecurity specialists and their perspectives on the challenges and how to address them in the ASCE Library: https://doi.org/10.1061/JWRMD5.WRENG-7075.
