The U.S. Environmental Protection Agency (EPA) issued a new memorandum last Friday calling for increased national cybersecurity efforts to protect the nation’s drinking water system.
In particular, this document shows that while some public water systems (PWS) are already improving their cybersecurity, EPA-confirmed data shows that some of them are adopting critical cybersecurity best practices. It clarifies that it does not exist and is at risk of being affected by attacker activity.
“Cyberattacks against critical infrastructure facilities, including drinking water systems, are on the rise, leaving public water systems vulnerable. [They] It can contaminate drinking water, which poses a public health threat,” said Radhika Fox, EPA’s Water Advisor.
“EPA is taking action to protect public water systems by issuing this memorandum requiring states to audit the cybersecurity practices of local water systems.”
In particular, the memorandum emphasizes the need for states to include cybersecurity when conducting regular audits of water systems (“sanitary surveys”). To this end, EPA provides guidance in the form of surveys designed to help states implement cybersecurity strategies into sanitary surveys.
“The EPA’s Cybersecurity Technical Assistance Program has provided an excellent starting point for working to improve the cybersecurity of our water and wastewater systems,” said Amy, Deputy Superintendent of Operations for the town of Amherst Public Works, Massachusetts. Rusiecki commented.
“This program has given us the tools to have the right conversations with our town’s IT and water and sewage staff to take small steps toward improvement. ‘s roadmap is still making decisions today.”
EPA clarified that while the guidelines can be used as is, EPA also has until May 31, 2023 to receive public comment on Sections 4-8 of the guidance and all document appendices.
The memorandum came a day after the Biden-Harris administration announced its National Cybersecurity Strategy.
