The cyber threat against the Danish water sector

The water sector is critical, not only to the individual consumers but also to private companies and public authorities in other critical societal sectors that rely on the water sector for operational purposes. Critical infrastructure can come the attention of hackers in various ways. State-sponsored hacker groups conduct cyber espionage to obtain access to confidential information, and criminal hackers are using all available means to monetise cyber attacks. By conducting a simple internet search, hackers such as cyber activists, are able to locate internet-facing devices with no or limited security mechanisms, and an organization can thus be breached simply because it is vulnerable.

The purpose of this threat assessment is to outline the cyber threat against the Danish water sector. The assessment can help strengthen risk owners’ understanding of the cyber threat landscape and can form part of the basis for the sector’s cyber security risk assessment efforts.

The Centre for Cyber Security (CFCS) classifies cyber threats into five different categories: cyber crime, cyber espionage, cyber activism, destructive cyber attacks and cyber terrorism and describes the threat landscape based on the purpose of a particular attack. Often, this also provides an understanding of the type of actor behind an attack.

This threat assessment clarifies the most probable threat categories, but not the type of attack that the water sector is particularly vulnerable to, or the consequences of a specific attack. This type of expertise is available within the sector, which can use this threat assessment to qualify the collective risk analysis work.

The threat assessment is based on the CFCS’s overall domestic and foreign knowledge collection, and operates with a warning time frame of two years. The CFCS uses the threat levels and probability degrees, which are explained at the end of this threat assessment.