Cyber Threats Rising: Protecting Britain's Drinking Water

Britain's vital drinking water supply is facing an escalating wave of cyberattacks, with five incidents targeting suppliers since early last year. While thankfully none of these attacks have disrupted the actual flow of safe drinking water, they serve as a stark warning of the growing threat to the nation's critical infrastructure. These incidents, a record number for any two-year period, underscore concerns raised by British intelligence about the increasing malicious cyber activity aimed at the country's essential services.

The Drinking Water Inspectorate (DWI) revealed that between January 1, 2024, and October 20, 2025, it received 15 reports from water suppliers under the NIS Regulations, which govern the security of drinking water systems. Five of these reports were specifically related to cybersecurity incidents affecting "out-of-NIS-scope systems," with the remaining ten concerning non-cyber operational issues. The fact that these five cyber incidents were reported, despite not being legally mandated by the current NIS Regulations (which only require reporting if an essential service is disrupted), is a positive sign of a developing culture of information sharing. As Don Smith, vice president of threat research at Sophos, noted, this willingness to share information is crucial for critical infrastructure operators to understand the nature of attacks and improve collective defenses.

One of the significant threats highlighted is the potential for attacks that, while not immediately impacting supply, could be part of a "pre-positioning campaign" like Volt Typhoon, where adversaries gain access to systems for future disruption. Under current regulations, such intrusions wouldn't necessitate reporting, a loophole the government aims to close with the upcoming Cyber Security and Resilience Bill. This legislation, expected to be introduced to Parliament later this year, seeks to strengthen cyber defenses and better protect the services the public relies on.

Beyond these five reported incidents, the broader landscape of cyber threats to critical infrastructure is concerning. While direct disruptions to water supplies are rare, ransomware attacks on the IT office systems of water companies, such as the one experienced by South Staffs Water in the U.K., demonstrate the potential for significant operational impact. Furthermore, the incident in Ireland where a pro-Iran hacking group disrupted water supply by targeting an operational technology (OT) component, specifically a Unitronics programmable logic controller (PLC), highlights the vulnerability of industrial control systems. PLCs are core to many industrial operations, and their exploitation is a major concern for critical infrastructure defenders globally.

In response to these threats, Britain's National Cyber Security Centre (NCSC) advocates for robust segmentation of business IT systems and OT systems. This separation helps to contain the impact of any cyber intrusion. The NCSC also released a new Cyber Assessments Framework to guide organisations in enhancing their resilience. Experts like Don Smith emphasise that "commodity rather than targeted attacks remain the most likely threat to impact critical infrastructure providers." He advises focusing on defending against everyday threats, such as ransomware, as these pose a much greater risk of knocking critical national infrastructure offline than more exotic, highly targeted attacks. Vigilance and investment in fundamental cyber hygiene are paramount to safeguarding Britain's drinking water from the ever-evolving threat landscape.