Poland's internal security agency announced that hackers breached five water treatment plants in the country. The attackers were able to take control of industrial equipment inside, "including manipulation of the safety of the water supply" - in the agency's formulation. What that means for an ordinary citizen: someone could have poisoned the water you drink.

The Polish report links part of the sabotage activity to Russian intelligence services, although it doesn't name the water plants directly as the target of a specific Russian group. The context is nonetheless clear: since the start of the Russian invasion of Ukraine, infrastructure attacks across Eastern Europe have tripled, and Poland is one of the most-attacked points.

The US is no different. The FBI and CISA already report that water infrastructure is "soft terrain" for foreign hackers. In 2021, in Oldsmar, Florida, an attacker tried to raise the level of sodium hydroxide in the city water - a substance that in high concentrations is deadly. In the past year, Iranian groups have targeted programmable logic controllers at American water plants - the same technology running in Poland.

For the Balkans this isn't science fiction. The Skopje water network, the Belgrade one, the Zagreb one - all of them sit on industrial systems from the 1980s and 1990s, in large part undocumented, networked through IT infrastructure that nobody can swear is safe. The question isn't whether someone will try to attack these systems. The question is who. And whether we'd even find out in time.