Adrian Johnson
TLDR:
- The Government Accountability Office (GAO) released a report calling for improved cybersecurity in water and wastewater systems.
- The EPA needs to develop a comprehensive strategy to lead the sector in defense against cyber attacks.
A new report from the Government Accountability Office highlights the need for the Environmental Protection Agency (EPA) to enhance cybersecurity measures in the water and wastewater systems across the nation. The report points out several challenges faced by the sector, including outdated technologies, prioritization of regulatory goals over cybersecurity improvements, and recent cyber attacks by nation-state-linked actors. These threats underscore the importance of a more comprehensive approach to cybersecurity in the water sector.
The EPA has been urged to identify the legal authorities required to enhance cybersecurity in the sector and make a formal request to Congress and the White House for those authorities. The agency has conducted evaluations of cyber risks but needs to integrate these efforts into a sector-wide risk assessment. A risk-informed strategy is necessary to guide cybersecurity programs effectively and ensure proper prioritization of resources and investments.
While some efforts are already underway, such as the development of a Vulnerability Self-Assessment Tool for drinking water systems, the EPA still needs to undergo peer-review to ensure the tool provides accurate and credible information. The agency is expected to release a risk assessment, strategy, and evaluation of its authorities in 2025. Overall, enhancing cybersecurity in the water sector is crucial to safeguard critical infrastructure and prevent potential disruptions to essential services.
