The United States Environmental Protection Agency (EPA) has released new cybersecurity guidance for public utilities, the country’s public water sector. The guidance aims to improve the security posture of water systems across the nation in response to the growing threat of cyber attacks.
The EPA mandates that states consider cybersecurity in their hygienic inspections and routine examinations of public water systems.
According to the EPA, the new guidance will provide water utilities with a comprehensive approach to addressing cybersecurity risks. The guidance covers various topics, including risk management, governance, and incident response.
One of the key recommendations in the guidance is for water utilities to conduct a cybersecurity risk assessment. This will help utilities identify potential threats and vulnerabilities and develop strategies to mitigate them. The EPA also recommends that utilities establish a cybersecurity governance structure to ensure that cybersecurity risks are managed effectively.
The guidance also emphasizes the importance of employee training and awareness. Water utility employees must be trained to recognize and report cybersecurity incidents and to follow established incident response procedures. The EPA recommends that utilities conduct regular training and awareness activities to keep employees up-to-date on the latest cybersecurity threats.
It is becoming increasingly common for cyberattacks to target critical infrastructure, including drinking water systems. “Water contaminated by cyber-attacks poses a threat to public health,” says Assistant Administrator for the Environmental Protection Agency.
The release of the new guidance comes when the cybersecurity threat landscape is evolving rapidly. The water sector has been identified as a potential target for cyber attacks, as many water systems rely on outdated technology and have limited resources to invest in cybersecurity.
The EPA’s cybersecurity guidance is part of a broader effort to improve the cybersecurity posture of critical infrastructure across the country. Earlier this year, President Joe Biden issued an executive order aimed at strengthening the cybersecurity of federal networks and critical infrastructure.
Water utilities are encouraged to review the EPA’s new guidance and take steps to implement the recommended cybersecurity measures. By doing so, they can better protect their systems and ensure the safe and reliable delivery of clean water to their communities.