Cyber Hygiene Now Part of Public Water System “Sanitary Survey” Check-Ups
Public Water Systems (PWS) are now required to conduct cyber defense check-ups at the same time they conduct their routine “sanitary surveys,” according to a new requirement issued by the Environmental Protection Agency on March 3, 2023. Driven by the attack on the Oldmar, Florida water system in February of 2021, and the increasing number of threats from sophisticated criminal and state-sponsored hackers, the EPA issued guidance.
Understanding that many public water systems may not have staff dedicated to monitoring their cybersecurity, the EPA also is providing technical assistance to PWS as they modernize their cyber systems. EPA’s guidance entitled “Evaluating Cybersecurity During Public Water Sanitary Surveys” is intended to assist PWS with building cybersecurity into sanitary surveys. The guidance includes critical information for assessing and improving the cybersecurity of operational control systems used for safe drinking water. EPA also plans to offer additional training on implementation of best practices for cybersecurity and use the available resources and consultations with subject matter experts and direct technical assistance to water systems to conduct assessments of their cybersecurity practices and plans for closing identified security gaps.
The EPA acknowledges that many PWS do not implement cybersecurity practices, and efforts to improve cybersecurity through voluntary measures have yielded minimal progress in protecting this component of the nation’s critical infrastructure.