Our website uses cookies to create a better user experience. To optimize the website we ask that you accept the cookies:

I agree I disagree
2021 2022 2023 2024

2024: ACTIVITY REPORT OF THE CYBER SECURITY COALITION

CISO of the Year

Johan Claessens was named by the jury as CISO of the Year, recognising his structured methodology and visionary leadership, which enabled water-link to become the first Belgian water company to achieve ISO 27001 certification. In addition, as Chair of the CISO Group, he actively promotes collaboration and knowledge-sharing among water companies, further advancing cyber security across the sector.

Read more
Close article

Johan Claessens

CISO water-link

Johan Claessens: I am an IT professional by training. When my wife, who is a freelance photographer, noticed that certain clients were trying to hack her photos, it triggered me to focus on cyber security. I started as a CISO at water-link in response to the NIS regulation that requires every organisation providing essential services to effectively manage its cyber security. Being a drinking water company, we wanted to go beyond ‘the minimum’ compliance with the NIS regulations, and to ensure that our drinking water production is completely secured. In my CISO role, I am dedicated to this goal. 
 
What are the biggest threats for a company like water-link? 
 
water-link produces drinking water for 40% of the Flemish population. All these people buy water from us, trusting that their tap water is of the highest quality and meets the strictest European guidelines. We cannot risk our production coming to a standstill due to a ransomware attack, or our water quality being compromised because purification processes are sabotaged. We protect ourselves against all risks that threaten the direct production and distribution of drinking water. 
 
What are your main tasks as a CISO? 
 
They are very diverse. At one moment, I may be discussing technical configurations with IT people, at another discussing the security strategy and new projects with the board. I also negotiate with suppliers and evaluate new products. Plus, I have to drop everything when an incident occurs. It’s a varied and often unpredictable job. 
 
Within the sector federation AquaFlanders, we have a working group of drinking water company CISOs. We meet monthly to share knowledge, discuss incidents, and look at potential problems encountered when implementing our strategic roadmaps for improving the security of our organisations. As we are not in competition with each other, we are very open in sharing our findings and experiences around security. 
 
What are the main challenges you see for CISOs today? 
 
The most obvious challenge and threat is artificial intelligence. AI is an asset for cyber criminals - one they can effectively use in their attacks. But AI can also be useful for us, the defenders. The difference is that attackers can unleash AI without knowing the result in advance. We, on the other hand, must first go through an entire test procedure to ensure that we do not create any bad side effects.  
 
Another challenge is the geopolitical landscape. In the past, the main goal of an attack was to make money. Now we see more and more attacks linked to geopolitics. For example, the week before the municipal elections, many websites were hit by Distributed Denial-of-Service (DDOS) attacks. These send excessive traffic to a website to shut it down so that visitors no longer have access to the services, which can harm the organisation’s image. It appears these specific attacks were initiated by pro-Russian groups. 
 
What does the CISO of the Year award mean to you? 
 
Quite a lot! I am the first CISO at water-link, and this is also my first experience taking on a CISO role. I did not really have a frame of reference. Am I doing well? Or am I simply a one-eyed person in the land of the blind? The award is a confirmation that we are doing well! 

Close article