Connecting Waterpeople

The EPA will not mandate cyber defense inspections for water utilities

  • The EPA will not mandate cyber defense inspections for water utilities
    De Moreau1 - https://commons.wikimedia.org/w/index.php?curid=74279301

About the entity

The EPA has retracted its proposal mandating states to evaluate the cybersecurity and integrity of public water system programs, reports Yahoo Finance.

Although the agency emphasizes the importance of cybersecurity measures for the public water industry, this decision follows legal action by GOP-led states challenging the rule.

In a memo accompanying the revised regulations released in March, the EPA highlighted the potential impact of cybersecurity attacks on water and wastewater systems, citing the risk of disrupting drinking water delivery to consumers and essential facilities like hospitals. Despite the EPA's offer to assist states and public water system organizations in implementing cybersecurity surveys through training and technical support, this proposal faced opposition from GOP state attorneys and trade groups.

Republican state attorneys opposing the proposed policies argued that the call for new inspections could overwhelm state regulators. Attorneys general from Arkansas, Iowa, and Missouri filed lawsuits against the EPA, contending that the agency lacked the authority to establish these requirements. Consequently, the EPA's proposal was temporarily halted in June.

While it's unclear if any cybersecurity regulations will be put in motion to protect the public moving forward, the EPA stated its intention to collaborate with the industry to reduce cybersecurity risks for clean and safe water. The agency encourages all states to voluntarily assess the cybersecurity of their water systems, emphasizing proactive measures to mitigate potential public health impacts in the event of a cyberattack.

In light of high-profile cyber incidents such as the SolarWinds hack in 2020 and the Colonial Pipeline ransomware attack in 2021, which underscored the vulnerability of government entities and public agencies, it is evident that these organizations are attractive targets for malicious actors. The Biden administration has initiated a national strategy that focuses on public-private partnerships, aiming to shift the responsibility for cybersecurity onto organizations best equipped to mitigate risks for the collective well-being.

Subscribe to our newsletter

Topics of interest

The data provided will be treated by iAgua Conocimiento, SL for the purpose of sending emails with updated information and occasionally on products and / or services of interest. For this we need you to check the following box to grant your consent. Remember that at any time you can exercise your rights of access, rectification and elimination of this data. You can consult all the additional and detailed information about Data Protection.

Featured news