Search This Blog

Powered by Blogger.

Blog Archive

Labels

Federal Watchdog Calls on EPA to Formulate Comprehensive Cybersecurity Plan for Water Systems

Recently, the water utility sector has faced a surge in threats from both state-linked and criminal hackers.


The U.S. Government Accountability Office (GAO) has called on the Environmental Protection Agency (EPA) to urgently formulate a strategy to combat the increasing risk of cyber attacks targeting the country's drinking and wastewater systems. This recommendation was outlined in a report released last week. 

Recently, the water utility sector has faced a surge in threats from both state-linked and criminal hackers. These malicious actors are employing custom malware, ransomware, and other tools to disable, sabotage, or steal data from vulnerable water utilities.

The GAO emphasized the need for a comprehensive sector-wide risk assessment, noting that the water utility sector lacks adequate protection against these threats without additional government support.

The Biden administration has made securing the drinking and wastewater treatment industries a priority, especially after several high-profile hacking incidents have raised concerns about the sector's cybersecurity. 

In March, the White House and EPA urged state officials to report on the preparedness of water utilities to combat increasing cyber threats. Despite this, EPA officials remain concerned that the information provided is not being consolidated into a comprehensive national strategy.

Alfredo Gomez, director of natural resources and the environment at GAO, highlighted via email that a state-by-state information collection would not address national-level risks. He stressed the importance of integrating risk information into a thorough risk assessment.

National Cyber Director Harry Coker Jr. discussed measures to support the water industry during a speech in Washington, D.C., in May. He outlined plans for the EPA to enhance technical assistance for public water systems and for the Department of Agriculture to invest in rural water utility programs.

In response to the GAO report, EPA officials announced they are developing plans to bolster federal assistance to the water industry. Although the EPA had initiated plans in 2023 to enhance cyber resilience through audits, these were rescinded following a state legal challenge.

The EPA reiterated its commitment to providing cybersecurity technical assistance to the water sector and collaborating with federal partners to minimize risks to the nation’s drinking water and wastewater systems.
Share it:

cyber resilience

Cyber Security

drinking water security

EPA cybersecurity strategy

federal watchdog

GAO report

protect water systems

wastewater cyber threats