The Government Accountability Office has called on the Environmental Protection Agency to develop a national strategy to address the cybersecurity threats against U.S. water and wastewater systems.
In a report published on Thursday, GAO said the EPA, which heads the water cybersecurity efforts in the United States, must identify and prioritize the greatest risks that could disrupt the water sector’s operations.
The watchdog stressed that the EPA urgently needs a standard cyber strategy as the sector faces growing risks, specifically from external bad actors.
The office noted that foreign hackers targeted multiple water systems in 2023, adding that the incidents should remind the EPA and other relevant agencies that cyberattacks threaten critical infrastructure sectors.
To address the threats, the watchdog suggested that the EPA evaluate water sector risks and develop and execute a national cyber strategy.
GAO also urged the agency to review if its legal authorities to carry out cybersecurity responsibilities remain sufficient and seek additional powers if needed.
The accountability office stressed that a modern strategy and additional authority are necessary for the EPA to ensure that “the water sector is better prepared for any future cyberattacks.”
The GAO report came out after the EPA collaborated with the Cybersecurity and Infrastructure Security Agency and the FBI to release guidance in January that water sector owners and operators can use to better respond to cyber incidents.