Security News > 2023 > March > EPA orders US states to check cyber security of public water supplies

The Environmental Protection Agency is outlining steps public water systems officials need to take to protect drinking water supplies, and mandating cybersecurity assessments in their 'sanitary surveys' of the water systems.

Security software maker Tripwire said in a September 2022 report that many of the water systems in the country "Are small, serving low-density communities and functioning on limited budgets. The fragmented nature of water utility coverage coupled with low budgets and limited technological expertise means many systems are outdated and under-protected."

Over the past two decades, public water administrators have increasingly relied on electronic tools to operate their water systems but those electronic systems now are vulnerable to cyberattacks, Fox wrote.

A 2021 report [PDF] from the Water Sector Coordinating Council, a strategy organization for the water and wastewater systems sector, cybersecurity is a top priority in the industry, from training and education to assessments and tools.

"Americans deserve to have confidence in their water systems' resilience to cyber attackers," Anne Neuberger, deputy national security advisor for cyber and emerging technologies, said in a statement, adding that the EPA's approach is purposely flexible so water system administrators can adapt it to their needs while maintaining safe supplies.

The EPA is giving some organizations more leeway depending on the programs they already have in place, ranging from enabling water system operators to self-assess their systems, letting third parties do the work, or having the states run the assessments.

News URL

https://go.theregister.com/feed/www.theregister.com/2023/03/06/epa_security_public_water/