The ‘Cyber-secure Waterworks’ programme was supposed to be a digital shield to protect Poland’s critical infrastructure. The scale of the sector’s needs turned out to be gigantic – nearly 900 applications were submitted for an amount exceeding PLN 730 million, and more than 550 entities have already signed grant agreements. However, as they moved into the implementation phase, the beneficiaries were confronted with the hard reality of the global technology market. Dynamically rising prices of hardware components forced managers to suddenly revise their purchasing plans.
The main source of cost pressure is the ongoing boom in artificial intelligence solutions and the massive expansion of data centres. According to TrendForce analytics, contract prices for conventional DRAM increased by 58-63 per cent quarter-on-quarter in the second quarter of 2026, while NAND Flash media became as much as 70-75 per cent more expensive. The huge demand from the server market is effectively draining component availability for other applications, directly hitting local strategic projects. Budgets calculated only a few months ago no longer correspond to current market realities.
For water and wastewater companies, which have to secure both classic office systems (IT) and sensitive industrial automation (OT), this means difficult compromises have to be made. Market experts from Stormshield and DAGMA IT Security point out that the key to breaking out of the impasse is flexibility and a focus on viable defence functions rather than specific hardware models. Rather than rigidly sticking to the original specifications, beneficiaries should consider optimising the architecture, for example by adapting existing infrastructure to run firewall management systems, SIEM or SOAR classes. However, any such change requires formal agreements with the NASK, which, in the face of increasing cyber threats, carries the risk of costly delays.
The current market crisis also exposes a deeper structural problem: cyber security budgets in smaller local authorities remain grossly inadequate, making them the weakest link in the national resilience system. The coming months will be a test of maturity for the public sector. The ultimate success of deployments will not depend on the purchase of a certain number of devices, but on the effective segmentation of networks and the protection of the physical processes on which the continuity of the water supply to residents depends.
