STOP-IT has come to an end, a European Water ISAC is born?

The „Water ISAC information sharing & STOP-IT final event“ took place online last week to present the project achievements, discuss cybersecurity in the water sector and plan the creation of a European Water ISAC (Information Sharing and Analysis Centre).

The first knowledge sharing session started with a brief introduction on how a Water ISAC to share knowledge and competence could be of added value to the European Water sector. This was followed by a brief presentation from the European Commission about the NIS-2 Directive, which aims to enhance the resilience of critical entities, and about the water security plan, by ERNCIP, and how to implement it. In the next part, different water utilities/operators shared their experiences on the topic of water security, how they are currently implementing the NIS Directive and how they prepare for the implementation of the NIS-2 Directive. At the following roundtable discussion on challenges and lessons learnt, the benefits of sharing experiences like this became clear and once again highlighted the benefit an EU Water ISAC could bring.

The second day was about STOP-IT achievements first. The project partners presented their analyses, results and contributions to increase the cyber and physical protection of water critical infrastructure. In particular, cyber security integration and modelling at strategic and tactical level, cyber-physical solutions for real-time detection at operational level, applying machine learning algorithms to build anomaly-based cyber and physical detection systems, empowering informed decision making with an overarching solution for the security of water critical infrastructures and highlights from the demonstration sites were presented.

During the following roundtable discussion, another major success of STOP-IT was pointed out. The project managed to raise awareness about the connection between cyber and physical security and the fact that these systems can’t be viewed as single systems any longer, but need to be viewed as interconnected. The Corona pandemic put a further focus on the vulnerability awareness of the water sector because remote working and the dependency on digital infrastructures opened the door for cyber-attacks and highlighted the need for better protection.

Awareness-raising is not just a technological but also a political and organizational issue and the more awareness and education is available, the more investments and support for cyber-physical protection solutions are going to be available to the water utilities. As one of the STOP-IT frontrunner water utilities pointed out: “Our department of cyber & physical security are now working together, which is a great success of STOP-IT.” Another frontrunner stated that their utility now had a much higher security maturity because of working with and for projects like STOP-IT.

Over the last four years, the STOP-IT project has done a lot in order to make critical water infrastructures safer and there is a great hope that the legacy, tools and materials of STOP-IT now will live on in a new European Water ISAC. First steps in this direction already have been taken.

Organizers of the event:

STOP-IT team, Empowering EU ISACs Project, ENISA and the JRC-ERNCIP Water group