On Friday, the Biden administration announced that states must report on cybersecurity threats in their audits of public water systems. This follows a broader plan unveiled the previous day to safeguard critical infrastructure from cyberattacks.
According to the Environmental Protection Agency (EPA), cyberattacks are increasingly posing a threat to public health by targeting public water systems. EPA Assistant Administrator Radhika Fox stated that “cyberattacks against critical infrastructure facilities, including drinking water systems, are increasing, and public water systems are vulnerable.” She also emphasized that these attacks could contaminate drinking water.
The EPA plans to help states and water systems establish cybersecurity programs and will provide technical assistance. States can start using EPA guidance in their audits right away, but no deadlines for enforcement have been specified. There was no mention of new financial assistance in the announcement.
According to officials from the Biden administration, recent surveys have revealed that states are not consistent in their efforts to safeguard public water systems from cyberattacks, especially on the operational technology utilized for safe drinking water. The Environmental Protection Agency (EPA) has indicated that many water systems lack cybersecurity practices, and voluntary measures have yielded limited progress. The EPA will support states and water systems in developing cybersecurity programs, and states can utilize the agency’s guidance in their audits. However, the EPA’s announcement did not mention any new financial assistance.
The vulnerability of the nation’s 151,000 public water systems was brought to light in 2021 when a hacker unsuccessfully attempted to contaminate the water supply of a small Florida city near Tampa. Experts have expressed doubts about the effectiveness of the EPA’s approach. Former chief security officer for the city of Seattle, Mike Hamilton, stated that conducting such assessments would be difficult to accomplish on a large scale across water utilities of varying sizes and resources. Tracy Mehan, executive director of government affairs at the American Water Works Association, stated that the plan places states in a difficult position by calling for immediate reporting.
The EPA’s memo was released a day after the White House revealed a comprehensive cybersecurity plan to counter escalating threats to government agencies, private industry, schools, hospitals, and other critical infrastructure that are frequently breached. The plan also included measures to hold software companies accountable when their products do not meet certain criteria. The EPA’s memo for states, according to Anne Neuberger, the deputy national security advisor for Cyber and Emerging Technologies, would establish minimal cybersecurity standards for municipal water systems following the administration’s previous implementation for pipelines and the rail sector. “Americans deserve to have confidence in their water systems’ resilience to cyberattackers,” Neuberger said.
Go to Source
Author: Associated Press
