Imagine a scenario where, with the click of a button, from a computer in Tehran, Damascus, or Istanbul, someone opens the Degania Dam to full flow for hours, without anyone in Israel noticing.
Sounds like a fictional script? A real incident that took place this past April in Norway proves that not only is it possible, it has already happened elsewhere, in a remarkably simple way.
According to a new report by Israeli cybersecurity firm Claroty, a foreign hacking group managed to infiltrate the control system of the Lake Risevatnet dam in Norway, not through a complex technical malfunction, but simply thanks to a weak password and the absence of advanced authentication measures. For four hours, the valves were opened, increasing the water flow by 497 liters per second above the minimum level—without any alert or response from the maintenance team.
What made the Norwegian dam particularly vulnerable was a basic control panel that was exposed to the internet without adequate protection. Once inside, the attackers easily bypassed the authentication setup and gained full control over the dam's pumps.
“This wasn’t the work of masterminds,” Claroty emphasized. “This is a critical system left completely exposed due to a simple failure: an easy password and lack of basic monitoring.”
A Realistic Scenario for Israel
If it happened there, it could certainly happen here. Israel operates dozens of dams and water reservoirs, including the Degania Dam, which regulates the flow of water from the Kinneret (Sea of Galilee) to the Jordan River. These facilities are now controlled by automated, computerized systems—many of which are connected to networks, directly or indirectly—and face ongoing cyber threats.
According to data from the search engine Shodan, which detects exposed systems (not websites), over 23,000 automation systems worldwide are vulnerable to attackers at the press of a button. These include not only dams, but also air conditioning, lighting, drainage, and security systems. “Imagine someone shutting off the air conditioning in a hospital in July, or changing water pressure in the supply line to a power station,” experts warn.
At the end of the day, the question is not if someone will try to hack in—but when. The real question is: will we be ready?