Over the past three years, InprOTech has led, alongside TecdeSoft, the development of POSEIDON: an innovative cybersecurity platform designed to protect water cycle infrastructures.
In this interview, Óscar Iglesias, technical lead for the cybersecurity component of the project, explains how the integration of technologies such as Guardian and the use of artificial intelligence have made it possible to create a non-intrusive solution, capable of detecting and anticipating threats in OT environments without compromising operational continuity.
1. Could you briefly tell us what the POSEIDON project is and what your role was in its development?
POSEIDON is a comprehensive cybersecurity platform designed to protect water sector infrastructures, combining the analysis of operational processes with communications monitoring. It was developed over the past three years, within the framework of an INCIBE CPI project carried out jointly with our partner TecDeSoft. My role at InprOTech has broadly been to lead the technical definition and development of the cybersecurity component, particularly regarding the integration of Guardian and its technologies within the overall solution.
2. What were the main challenges you faced when designing a cybersecurity platform for the water sector?
The main challenge was adapting cybersecurity to highly heterogeneous OT environments — extensive networks with legacy systems and high operational criticality. There is also a common constraint of limited resources and specialised personnel in the sector. Designing a solution that would deliver value without interfering with operations, and that was also intuitive and usable by operators — whether in-house or from an MSSP (such as a SOC) — was one of the greatest challenges.
3. POSEIDON is characterised as a non-intrusive solution. What does this mean in practice and why is it important for critical infrastructures?
In practice, it means the platform does not alter or interfere with existing systems. It is based on observing traffic and operational data without the need to modify configurations or interrupt processes. This is essential in critical infrastructures, where any intervention can pose a risk to service continuity. In these environments, disruptions are simply not acceptable.
4. Artificial intelligence plays a key role in POSEIDON. How is this technology integrated into the platform and what benefits does it bring?
Artificial intelligence is integrated primarily through Guardian‘s anomaly detection models. These algorithms use Machine Learning to analyse network traffic at multiple levels — statistics, raw traffic, and process variables — in order to detect inconsistencies. Their main value lies in the ability to identify complex or unknown patterns, enabling proactive detection of both cybersecurity and physical security threats. In this way, we can identify everything from cyberattacks to incidents in chemical water treatment processes, to name just one example.
5. Could you explain how the key components such as CARMEN and GUARDIAN work within the system?
CARMEN enables operational monitoring: it centralises process data from the water cycle, providing visibility into trends, critical variables, shift and work management, and more. Guardian, for its part, handles the cybersecurity layer, analysing traffic, mapping the network, identifying segmentation issues and vulnerabilities, and detecting anomalies that could potentially constitute security incidents. It even incorporates decoy systems artificially embedded within the production network. The integration of these two platforms gives rise to POSEIDON, which enables security events to be correlated with operational context.
6. What impact has POSEIDON had on water cycle management during its implementation or testing phase?
During testing, particularly in real-world environments such as the MEDUSA platform at CITEEC (University of A Coruña), significant improvements were demonstrated in system visibility and early incident detection capability. This translates into more proactive management and a reduction in operational risks. Furthermore, we are talking about a critical sector subject to stringent regulations and increasingly aggressive external threats — such as the attack on a Norwegian dam in mid-2025.
7. How has collaboration with other teams or companies, such as TecDeSoft and InprOTech, worked during the project’s development?
The collaboration has been highly fluid and complementary. TecDeSoft has contributed its expertise in industrial process engineering and management through CARMEN, while InprOTech has provided the cybersecurity layer and knowledge of OT/ICS risk. This synergy has been essential in building a truly integrated solution at the management and user level.
8. In cybersecurity terms, what specific threats can POSEIDON detect and prevent that other solutions do not address as effectively?
POSEIDON excels at detecting threats that affect both the network and the process itself. For example, subtle manipulations of operational parameters that might go unnoticed in traditional solutions. By correlating process data and communications, it becomes feasible to identify advanced attacks or complex anomalies. It also detects new devices appearing on the network, port or protocol changes, spoofing or reconnaissance attempts ahead of subsequent attacks, as well as potentially malicious external connections — which can even be proactively blocked according to the policy defined by administrators.
9. What learnings or innovations emerged during development that could be applied to other industrial sectors?
One of the key learnings is the importance of integrating cybersecurity and operations into a single, unified vision. This approach can be transferred with relatively little friction to other industrial sectors — food and beverage, automotive, logistics, and so on — where IT/OT convergence is increasingly relevant. Two capabilities are particularly worth highlighting: the AI/ML models designed to analyse water cycle process variables, which enable detection of both cybersecurity and operational safety anomalies, and the active response capability, which analyses external connections, gathers threat intelligence, and allows the operator to decide in real time whether to block them or not.
10. Looking ahead, what evolution or improvements do you see for POSEIDON or for cybersecurity in the water sector?
We have built a holistic solution that unifies operations, regulatory compliance, identification, detection, and incident response in the water sector and other critical infrastructures. Looking forward, we will see greater incorporation of predictive models and automation capabilities in incident response, as well as the introduction of agentic AI approaches. This will enable efficient management of system complexity, correlation of signals from multiple sources, and faster decision-making.
11. Finally, what message would you like to convey to organisations considering implementing advanced cybersecurity solutions in their critical infrastructures?
We will never tire of repeating that cybersecurity is not a cost, but a business enabler and a strategic necessity. All the more so when we are talking about critical infrastructures, which are vital to a nation’s security and the well-being of its citizens. We must commit to solutions that adapt to operational reality and deliver value from day one, without compromising service continuity. Proactivity, anticipation, and visibility are key to ensuring security and resilience.