Venice Hydraulic Pump System Hacked, Hackers Claim Power to Create Floods

Venice’s centuries‑old battle against high tide is now fought with a network of hydraulic pumps known as the MOSE system. Designed to lift flood barriers around the historic centre, the system integrates sensors, SCADA controllers and remote‑access links that allow operators to respond to rising sea levels. As climate‑driven flooding intensifies, the digital layer that orchestrates these physical defenses has become an attractive target for cyber adversaries seeking to disrupt a city whose identity and economy hinge on its dry streets.

The recent claim by a group calling itself the Infrastructure Destruction Squad illustrates the growing convergence of traditional sabotage and cyber‑espionage. While no forensic evidence has surfaced, the attackers allegedly harvested administrative credentials—a scenario that mirrors documented OT breaches in energy and water utilities. Experts such as Aaron Colclough point to common weaknesses: internet‑exposed maintenance portals, default or reused passwords, and legacy control hardware that runs on outdated firmware. Mitigating these risks requires network segmentation, strict remote‑access policies, and continuous logging of maintenance sessions.

Beyond the immediate threat to Venice, the incident underscores a broader market reality: critical‑infrastructure operators worldwide must treat cyber resilience as a core component of physical safety. Regulators are beginning to embed OT security standards into compliance frameworks, and insurers are pricing cyber‑physical risk more aggressively. For investors and policymakers, the message is clear—protecting legacy assets demands modern cybersecurity investments, or the economic fallout from a single successful intrusion could ripple through tourism, real‑estate, and global supply chains.