Federal watchdog urges EPA to develop comprehensive cyber strategy to protect water systems


This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • The congressional watchdog is calling on the Environmental Protection Agency to urgently develop a strategy to address the rising risk of malicious cyber activity targeting the nation’s drinking and wastewater, according to a report from the U.S. Government Accountability Office released last week. 
  • In recent months, the sector has been up against heightened threat activity from state-linked and criminal hackers targeting vulnerable water utilities using custom malware, ransomware and other tools designed to either disable, sabotage or exfiltrate data. 
  • The EPA needs to conduct a sector-wide risk assessment, the GAO said, because the water utility sector is unprepared to protect itself against these existing threats without additional government support.

Dive Insight:

The Biden administration has prioritized the drinking and wastewater treatment industries as a number of high-profile hacking incidents have raised concerns about the ability to secure the nation’s drinking water and water treatment sectors. 

The White House and EPA in March urged state officials to provide information on how well prepared water utilities were to combat heightened cyber risks. EPA officials said they are still concerned the information is not being integrated into a comprehensive strategy. 

“This ask would provide information on a state-by-state basis, but would not integrate the risks across states at the national level,” Alfredo Gomez, director, natural resources and the environment at GAO, said via email. “Our past work has emphasized integration of risk information in a comprehensive risk assessment.”

National Cyber Director Harry Coker Jr. outlined steps to address the water industry in a May speech in Washington, D.C. Coker detailed plans for the EPA to increase technical assistance for public water systems and for the Department of Agriculture to invest in programs for rural water utilities. 

Following the GAO report last week, EPA officials said they are working on plans to strengthen federal assistance to the water industry. The EPA in 2023 launched plans to get water utilities to tighten cyber resilience through audits, but that plan was rescinded after a state legal challenge. 

“EPA remains committed to providing cybersecurity technical assistance to the water sector and will continue with our federal partners to seek every opportunity to lower risk for the nation’s drinking water and wastewater systems,” the agency said in a statement.



Source link

About The Author

Scroll to Top