The Biden administration is preparing a plan to increase the cybersecurity of U.S. water supply systems, reports The Wall Street Journal. The Industrial Control Systems Cybersecurity Initiative, a collaborative effort between the White House and the critical infrastructure community to improve cybersecurity, started with the electricity sector, was later expanded to natural gas pipelines, and will be expanded to water utilities next.
Water-sector associations are now assessing the draft plan and technology needs, the type of data the government requests, and the support the government would provide, according to Kevin Morley of the American Water Works Association.
Last October federal agencies warned about ongoing cyber threats to the U.S. water and wastewater systems, citing ransomware attacks as well as threats from current or former employees who maintain improperly active credentials. Examples include an incident in the city of Oldsmar, Florida, which made the news last February when hackers tried to poison the water supply.
The EPA, responsible for the cybersecurity of water utilities, will work with the Cybersecurity and Infrastructure Security Agency (CISA) to help utilities upgrade technology to detect cyberattacks. The agency has cybersecurity best practices for the water sector, but no binding cybersecurity standards for water providers. “The draft plan lays out the roles and responsibilities that leverage the expertise and resources of EPA, CISA, and water sector partners,” an EPA spokesman told The Wall Street journal.
Michael Arceneaux, managing director of WaterISAC, a non-profit organization that shares information to support water sector security, said assuming water utilities are interested in the initiative, the sector associations will help members make informed choices about the sharing options available to them.