Smart water management in a housing cooperative and cyber threats

blog woda 8

Safeguarding water supplies in housing cooperatives is no longer just a matter of physical infrastructure and billing efficiency. The rapid development of smart control systems opens up new possibilities for remote monitoring and optimisation of consumption, but at the same time exposes installations to cyber attacks. In this article, we analyse the most significant threats to water supply systems, explain why even small networks in housing cooperatives are targeted by hackers, and present recommendations for secure solutions and practical guidance for managers.

Threats of cyberattacks on water supply systems in Europe and Poland

Since 2024, Europe’s largest water utilities have come under fire from cyberattacks. A group linked to Russia’s GRU, known as APT44 or Sandworm, has hacked into control systems at several European and American water utilities. In one instance, manipulation of remote management software led to a reservoir overflow, as confirmed by analyses from Mandiant specialists.

Meanwhile, in County Mayo, Ireland, a rural water system fell victim to an attack, leaving many households without water for up to two days. Diagnostics carried out by the authorities revealed interference with the controllers, which required a full system restart and the manual draining and refilling of the system before supplies could be resumed.

In the UK, a record number of cyber incidents in the water sector were recorded in 2024. Data compiled by Recorded Future indicates that by October alone, at least six serious security breaches had been reported in systems supplying millions of residents. Many of these incidents were not officially disclosed, which may indicate the growing scale of the threats and the caution being exercised by infrastructure operators.

In Poland, too, there have recently been cases of attacks on water treatment plants. In May 2025, the SCADA system at the Szczytno Water Treatment Plant was manipulated by pro-Russian hackers, who gained access to the operational interface and altered the operating parameters of the equipment. The incident sparked controversy due to the delayed response from the authorities and difficulties in determining the actual extent of the interference and the entity responsible for securing the facility.

Why does this affect housing cooperatives and residents’ associations?

It is not necessarily only large urban areas and extensive water supply networks that are natural targets for cybercriminals. Small installations, such as the rural system in Mayo, Ireland, can become targets of attacks, primarily due to their simple configuration and lower security standards. In practice, this occurs due to common errors in smaller facilities, such as: weak or default passwords, a lack of network segmentation, and controllers being directly exposed to the internet. Furthermore, insufficient awareness of the risks among managers results in the use of outdated software and a lack of encryption for communication between devices.

European infrastructure security agencies, including the UK’s NCSC, have long warned that an attack on the water sector is only a matter of time before a serious incident occurs with far-reaching consequences for residents. Communities and cooperatives, whilst investing in smart water meters and telemetry systems, must simultaneously develop security procedures and monitor the network continuously.

Secure solutions from Apator

Apator’s modern solutions combine advanced measurement methods with network security. Ultrasonic water meters with telemetry enable:

  • Real-time remote reading and data archiving without the need for on-site visits;

  • Rapid detection of even the smallest leaks through flow anomaly analyses;

  • Elimination of manual meter reading, which reduces the risk of errors and minimises physical interference with the equipment;

  • Transmission encryption and certificate-based access via built-in security mechanisms.

To provide even better protection for housing cooperatives and residents’ associations, we recommend:

  • Isolating the meter and controller system from the internet, e.g. via a dedicated VPN or private connection;

  • Encrypting all connections – both at the network and application layers;

  • Implementation of strong password policies and multi-factor authentication (MFA) for all service accounts;

  • Regularly backing up device configurations and testing contingency procedures, e.g. rapid switchover to analogue mode;

  • Continuous network monitoring and log analyses to detect unusual behaviour.

Practical advice and conclusions for network administrators

The key to increasing resilience to cyber threats in smaller installations is to work systematically on procedures and infrastructure. To be resilient to cyber attacks:

  • Carry out a security audit: check current passwords, access permissions and how users log in to the system.

  • Invest in modern technologies: implementing smart water meters not only saves money but also improves operational security.

  • Develop and enforce procedures: data backups, regular software updates, staff training and emergency scenario drills.

  • Monitor and report incidents: collaborate with NASK, your local CERT or other CSIRT teams, and report any unusual events.

  • Be proactive: prevention in security is always better than reacting to breaches of availability or water quality.

Summary

Smart water management in housing cooperatives offers unprecedented opportunities for effective control and savings. However, the development of remote metering and control systems carries with it the risk of cyberattacks, which could paralyse water supplies or lead to serious failures.

In light of recurring incidents across Europe and in Poland, the conscious design of networks with a focus on security is becoming increasingly important. This requires the implementation of robust authentication mechanisms and the encryption of data transmitted within the water supply infrastructure. It is also crucial to organise regular security tests, create backups and maintain constant monitoring of systems. At the same time, close cooperation with CERT team experts and relevant government agencies must be ensured, which allows not only for responding to incidents but also for effectively preventing them.

Only a holistic approach – combining Apator’s modern technological solutions with mature security procedures – will provide housing cooperatives and communities with maximum protection against cyber threats and a guarantee of uninterrupted water supply.