The participants of the water services cyber exercise were able to strengthen their expertise in an exercise environment tailored for the use of the sector. The RGCE (Realistic Global Cyber Environment) cyber range at the cyber security focused research, development and training center JYVSECTEC (Jyväskylä Security Technology) authentically simulates real-world water supply systems. This environment allows participants to practice responding to and recovering from cyber attacks in realistic scenarios.
"The exercise simulates attacks that feel genuine, making the learning experience exceptionally concrete", says Ossi Heino, Preparedness Specialist at the National Emergency Supply Agency.
The digital world implemented for the cyber exercises of operators in the field covers surface water plants, water towers, booster stations, wastewater pumping stations, wastewater treatment plants and related meters and other auxiliary systems. During the exercise, the normal operation of water services was disrupted through targeted interventions.
"Within the exercise framework, the situation was presented as if critical resources—such as water for citizens—were under threat. The effects of different attacks were directed at different parts of the water supply processes. Solving situations and recovering from them was at the heart of the exercise. In addition, the focus was on notifications to the authorities and national cooperation", says Marko Vatanen, Chief Specialist at Jamk.
Water services are among the operators involved in critical infrastructure cyber exercises
The cyber exercise organised for operators in the water services sector continues the cooperation between Jamk and the National Emergency Supply Agency, which has previously carried out similar joint cyber exercises for other critical infrastructure sectors, such as logistics and financial sector operators.
"In order to improve preparedness related to security of supply, we have engaged in long-term cooperation between Jamk and the National Emergency Supply Agency, particularly with a view to developing cybersecurity exercises for operators critical to security of supply", says Tero Kokkonen, Director of Jamk's Institute of Information Technology.
More than 120 people from different parts of Finland participated in the cyber exercise that was now being organised, and they were able to develop not only competence but also cooperation between organisations.
"Security of supply is formed in networks where information, expertise and resources are linked to each other. A serious disruption in water supply, for example as a result of a cyber attack, can undermine the organisation of everyday life and the fabric of society's critical functions. Cyber has become a kind of cross-cutting dimension of critical industries, the security of which requires systematic development of expertise also in the field of water services", Heino says.
"The lessons learned from the war in Ukraine have shown that the cyber defence of critical systems is not limited to technical issues, but also requires the ability to mobilise expert resources across organisational boundaries”, Heino continues.
The Cyber Security Exercise for Water Services 2025 is part of the Developing Cyber Security Exercises for the Critical Actors of Emergency Supply entity, which is based on the Developing Cyber Security Exercises for the Critical Actors of Emergency Supply (HTKK) project. The HTKK development project and the cyber security exercise for water services have been funded by the National Emergency Supply Agency's of Finland (NESA) Digital Security 2030 programme.
