EPA Mandates Cybersecurity Reporting for the Water Sector March 24, 2023 By Katelyn McLaughlin Asset Management, Regulations, Security, Utility Management asset management, cybersecurity, regulations 0 Public water systems are increasingly at risk from cyberattacks that threaten public health. U.S. EPA has issued new guidance that states are required to evaluate and report on cybersecurity threats for systems that use industrial control systems or other operational technology. “Cyberattacks against critical infrastructure facilities, including drinking water systems, are increasing, and public water systems are vulnerable," said EPA Assistant Administrator Radhika Fox. “Cyberattacks have the potential to contaminate drinking water.” This expectation is outlined in a memo that interprets sanitary survey requirements, accompanied by a detailed guidance document aimed at state programs and technical assistance providers. It was released as part of the Biden administration's updated National Cybersecurity Strategy. U.S. EPA offers resources that can help water systems understand and address cyber vulnerabilities including this video on basic cybersecurity concepts that can be used by water systems as a part of an annual cybersecurity training program. Our database on WaterOperator.org also has resources on this topic, including this 56-page guide from WaterISAC on cybersecurity best practices to reduce exploitable weaknesses and attacks. Comments are closed.