When polders flood: a cyberattack on pumping stations

A breach below sea level

In the Netherlands, dry feet are not a given. They are engineered. Maintained. Pumped. Our polders stay dry thanks to a network of pumping stations operating day and night, often silently, often unseen. Until they stop.

Now imagine this:A sudden failure across multiple stations in the IJssel Valley. Water levels begin to rise. Local authorities receive fragmented alarms. Control systems go silent. Is it a malfunction? Or something worse?

Hours later, the truth emerges: the OT network was breached. Pump instructions were remotely overridden. And what began as a local anomaly has become a national wake-up call.

From cyberattack to water crisis

When operational technology (OT) fails in the water domain, the consequences aren’t abstract. They’re visible. Physical. Measurable in rising centimeters.

But that’s not where the crisis ends. A pump failure caused by cyber sabotage doesn’t just test infrastructure, it tests leadership.

It raises urgent questions: who takes control when SCADA (Supervisory Control and Data Acquisition, the monitoring and control system behind pumps and other infrastructure) dashboards go dark?How does coordination unfold between water boards, municipalities, and emergency services?And can public trust be maintained when the cause is unclear, but the water keeps rising?

Why pumping stations are a quiet target

Most Dutch pumping stations still run on legacy industrial systems: reliable, but rarely resilient. Designed for uptime, not intrusion. Protected physically, but often exposed digitally through remote access tools or poorly segmented networks.

Attackers know this. And they know that a breach here doesn’t just cause disruption, it causes confusion. That’s the real threat: not just flooded fields, but fractured coordination.

Leadership in lowlands: what resilience really means

In a crisis like this, readiness is defined by what happens before certainty.Because by the time you know what has happened, it’s already too late to figure out how to respond.

True resilience starts with practicing offline fallback procedures that don’t rely on OT interfaces.It includes establishing clear escalation paths that align technical, operational, and governmental teams.It means ensuring that crisis coordination can continue — even when systems collapse.And it requires public messaging playbooks that communicate what is known, even when much remains uncertain.

Because in the Netherlands, water doesn’t wait.And neither should we.

Turning awareness into action

If a coordinated cyberattack shut down your region’s pumping stations tomorrow, how would you respond?

Would your teams know who leads?Could you coordinate across jurisdictions?Could you communicate to the public, clearly, confidently, while the ground beneath you becomes saturated?

In a country built on reclaimed land, cyber resilience isn’t just digital. It’s hydraulic. It’s operational. And ultimately, it’s political.

Is your organization truly prepared — and does it have a ready-to-go playbook when the water starts rising?

Is your organization truly prepared — and does it have a ready-to-go playbook when the water starts rising?

Let’s talk about what it takes to stay dry when systems fail.