top of page


July 4, 2024

Nicholas Novak, Jennifer Radlinsky, Victoire Tissinié EUCOM and Emergency Management, Health, and Hazards Team

Cameron Muniz, Editor; Elena Alice Rossetti, Senior Editor

Tap Water[1]

Event: Finnish water facilities have experienced increasing break-ins, leading to concerns about the perpetrators and their purpose. Attackers targeted complexes in Pirkanmaa, Uusimaa, and Varsinais-Suomi beginning in May. The Internal Finland Police Department transferred the cases to the National Bureau of Investigation (NBI), which is focusing on common patterns among the crimes. The sporadic nature and widespread area of the crimes have yielded little consistent evidence. The Finnish Intelligence and Security Service (Supo) has not discounted potential Russian involvement as they have linked Kremlin interference in other sectors since the beginning of the summer, such as aviation.[2]

Significance: Water facilities with substandard security, like a lack of physical security, will almost certainly be an attractive target for continued break-ins. These smaller crimes very likely represent a wider scheme, very likely providing criminals with needed target surveillance to plan large-scale attacks. The perpetrators will likely continue to commit minor, unlawful acts, such as trespassing and burglary, very likely to develop skills and a deeper understanding of civilian critical infrastructure. Assessing infrastructure security measures and potential vulnerabilities will very likely allow perpetrators to undertake more sophisticated crimes. There is a roughly even chance that recruitment is the attackers’ goal, likely assembling a larger group to commit widespread crimes. Geographically diffused incidents will likely culminate in coordinated attacks on critical infrastructure in highly populated locations, very likely creating major impacts on critical infrastructure operations.

Continued breaches at infrastructure sites will very likely erode public trust in companies’ management and the government’s ability to keep citizens safe. Public distrust will very likely lead to calls for accountability and transparency of security upgrades. Scrutiny of management personnel will very likely increase and result in regulatory changes. More oversight will likely identify vulnerabilities and a need to develop an overall critical infrastructure security review. The implementation of costly upgrades very likely takes time, likely leaving sites vulnerable in the short term. Cybersecurity improvements will almost certainly boost public confidence, very likely easing investigations into future breaches and leading to quicker criminal apprehensions thanks to enhanced cyber protection and surveillance footage.

There is a roughly even chance that the break-ins are part of a broader Russian strategy to destabilize Finland, likely exploiting the vulnerabilities posed by its geographical proximity. As Finland joined NATO recently, sabotage plans likely aim to signal the Kremlin’s discontent with the alliance’s expansion towards the East. There is a roughly even chance that recent attacks on critical infrastructure are linked to Russia’s retaliatory threat in response to Finland’s decision to give the US access to its military bases. Russian threats against neighboring countries, such as Sweden, likely contribute to undermining the transatlantic alliance’s presence and actions in its northern flank. Incidents in water facilities likely constitute diversion tactics, likely leading Finland to shift its attention and resources away from other security concerns, such as cyber-attacks or political interference.  


  • The Counter Terrorism Group (CTG) recommends the Supo and private security companies develop updated threat and risk assessments of Finland's critical infrastructure and surrounding areas to mitigate emerging regional threats.

  • Finland should increase security measures at critical infrastructure sites such as energy, drinking water, wastewater, health, and food. It should upgrade technological security, including surveillance and testing systems.

  • To combat foreign interference, the physical security teams should have direct communication with the Supo.

  • Finland should regularly provide updates to raise public awareness on the issue, informing citizens about the risks and measures adopted to prevent and/or counter threats of sabotage and encouraging them to report suspicious activities.

  • CTG recommends that Finnish investigative agencies implement a secure, centralized information-sharing system to improve coordination and effectiveness. The system should be readily accessible and comply with EU data protection rules, offering training for investigators at regular intervals.

  • Finland should heighten its vigilance to avoid diverting its focus away from higher security threats, including cyber-attacks. It should allocate the resources and personnel necessary to safeguard critical infrastructure without removing them from other areas of importance.

  • If there is any additional and or critical information please contact us at The Counterterrorism Group (CTG) by Telephone at 202-643-2848 or email at


[1] Water Tower, generated by a third party database

[2] Critical infrastructure water facilities are now being broken into all over Finland: we compiled the attacks on a map, Helsingin Sanomat, July 2024, (Translated by Google)


Les commentaires ont été désactivés.
bottom of page