Poland’s Internal Security Agency (ISA) announced that it had detected cyber‑attacks on five water‑treatment plants, in which hackers potentially gained control of industrial equipment and could have compromised the safety of the water supply. The agency’s latest report, covering operations and threats over the past two years, says the incidents were part of a broader wave of sabotage directed at critical infrastructure in Poland.
The ISA report cites multiple sabotage attempts attributed to Russian intelligence services and affiliated hackers. While the document does not name the perpetrators of the water‑treatment attacks, it notes that recent Russian cyber activity has targeted Polish military facilities, power grids, transportation networks and other essential services. A failed effort to take down the national energy grid earlier this year was linked to inadequate security controls at the affected facilities, underscoring the vulnerability of critical systems.
Poland’s experience mirrors threats faced by water utilities elsewhere. In 2021, a hacker briefly accessed a treatment plant in Oldsmar, Florida, and tried to raise the dose of sodium hydroxide to dangerous levels. The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) subsequently warned that water infrastructure remains a soft target for foreign adversaries. More recently, a joint advisory from CISA, the FBI, the NSA and other federal agencies warned that Iranian‑backed groups are actively targeting programmable logic controllers—the computers that run water and energy facilities—at U.S. utilities. The same Iranian actor, known as CyberAv3ngers, breached digital control panels at several Pennsylvania water‑treatment plants in 2023, an intrusion linked to rising tensions in the Middle East.
The Polish report stresses that sabotage “inspired and organized by Russian intelligence services” is the most serious challenge facing the country’s security apparatus and requires full mobilisation of resources. Although the ISA did not confirm Russian involvement in the water‑plant attacks, the agency’s broader findings highlight a pattern of state‑sponsored cyber aggression aimed at destabilising Western infrastructure.
Experts say the growing frequency of attacks on water and energy systems reflects a strategic shift toward using cyber tools to undermine essential services in both conflict zones and peacetime adversaries. By targeting programmable logic controllers and other industrial control systems, hostile actors can cause physical disruption without deploying kinetic force.
Poland’s authorities have begun reviewing security protocols at affected facilities and are cooperating with allied intelligence services to improve defensive measures. The incidents reinforce warnings from international security agencies that water and energy infrastructure worldwide remains a high‑value target for state‑affiliated hackers. Strengthening cyber‑defence, updating legacy systems and sharing threat intelligence are now seen as urgent priorities to protect public health and economic stability.
