An 18-month cybersecurity project to strengthen resilience, remediation capacity and operational readiness in two essential water utilities.
CyberOne has officially launched the project “Water Utilities Penetration Testing – ViK Plovdiv & ViK Varna”, focused on structured penetration testing of web applications, network infrastructure, and IoT/IIoT or SCADA-adjacent assets in two essential water utilities in Bulgaria.
CyberOne has started the implementation of the project “Water Utilities Penetration Testing – ViK Plovdiv & ViK Varna”, a targeted cybersecurity initiative designed to improve the resilience of two essential water utilities through a structured penetration-testing programme.
The project is implemented over 18 months and addresses operational cybersecurity risks in environments that combine legacy IT, web-accessible services, internal network segments, and SCADA-adjacent or IoT/IIoT-connected assets. Its purpose is to support vulnerability identification, remediation planning, attack-surface reduction and stronger operational readiness.
The technical execution is based on established methodologies, including NIST SP 800-115, PTES, OWASP WSTG and ATT&CK-aligned threat modelling. The assessment scope covers three main domains: web applications used by end-users and operators, network infrastructure including internal segmentation and wireless access, and IoT/IIoT or SCADA-adjacent systems such as sensors, telemetry units and legacy PLC-linked environments.
Funding acknowledgement and disclaimer
Funded by the European Union under the Digital Europe Programme, Grant Agreement No. 101158471.
Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Cybersecurity Competence Centre. Neither the European Union nor the granting authority can be held responsible for them.
