The U.S. Environmental Protection Agency has released new and updated planning tools that water systems across the country can use to help prevent and respond to cybersecurity incidents. These tools aim to help all public water systems protect access to safe water and aid systems conducting risk and emergency planning for cybersecurity.
“Strengthening cybersecurity for the U.S. water sector is critically important because cyber resilience and water security are key to national security. Water systems across the country are facing cyberattacks that threaten the ability to provide safe water,” says EPA Assistant Administrator for Water Jess Kramer.
To better address potential vulnerabilities, the EPA has developed the following resources:
- Emergency Response Plan Guide for Wastewater Utilities: This updated plan describes strategies, resources, plans and procedures utilities can use to prepare for and respond to an incident, natural or man-made, that threatens life, property or the environment.
- Template for Developing an Incident Response Plan: This new template assists drinking water and wastewater systems with developing a Cybersecurity Incident Response Plan.
- Incident Action Checklists: EPA is publishing two new checklists, as requested by the water sector, to help drinking water utilities prepare for, respond to, and recover from specific emergencies such as wildfires, power outages, floods and cybersecurity incidents.
- Cybersecurity Procurement Checklist: This checklist will help water and wastewater utilities incorporate cybersecurity into the procurement process. It will help utilities generally assess the cybersecurity practices of suppliers, including vendors and manufacturers, and their products during procurement.
Cybersecurity for critical infrastructure is a human health and a national security priority, according to the agency. The EPA says it will continue to work with the Cybersecurity and Infrastructure Security Agency, state programs and water associations to help reduce cyber risks at water systems. The agency also says it will continue to collaborate with water systems to implement best management practices to swiftly address any cybersecurity concerns as they arise.
Background
In August, President Donald Trump's EPA announced over $9 million in grant funding for midsize and large water systems to help protect drinking water from cybersecurity threats and improve resiliency for extreme weather events. The agency also published a report highlighting 10 recommendations to strengthen resiliency to cyberattacks in the water sector.
Cyberattacks against water systems have increased several-fold in recent years and can disrupt or contaminate drinking water and compromise the treatment of wastewater. The EPA, federal partners and utilities have a collective responsibility to ensure that cyber threats do not imperil the critical lifeline of clean and safe water, says the agency.
Learn more about EPA’s water cybersecurity efforts.