The U.S. Environmental Protection Agency on Friday released a memorandum to help direct water systems in assessing cybersecurity risks to promote safe drinking water for the public.
The memo titled “Evaluating Cybersecurity During Public Water Sanitary Surveys” emphasizes the importance of deploying cybersecurity best practices when conducting periodic sanitary audits of public water systems.
EPA Assistant Administrator for Water Radhika Fox cited the increasing cyber-attacks targeting critical infrastructure facilities like water systems, which could possibly lead to drinking water contamination.
Anne Neuberger, deputy national security adviser for cyber and emerging technologies and a previous Wash100 winner, said “EPA used a flexible approach to enable water systems to craft the most effective ways to protect water services” for the guidance memo.
Neuberger added, “EPA’s action is another step in the [Biden] Administration’s relentless focus on improving the cybersecurity of critical infrastructure by setting minimum cybersecurity measures for owners and operators of the water, pipelines rail other critical services Americans rely on.”
EPA is soliciting public comments on Sections 4 to 8 of the guidance and all appendices until May 31. Interested entities should email their comments to wicrd-outreach@epa.gov.
In addition to the announcement, the agency will provide technical assistance and resources to help water systems create robust cybersecurity programs.
