The US Environmental Protection Agency has released new guidelines that require state governments to audit the cybersecurity practices of public water systems and enforce security measures.
This comes in response to the Biden administration’s full-court press to improve US critical infrastructure’s cyber defenses. The EPA’s action was prompted by a cyberattack on a Florida water treatment plant in February 2021, which highlighted the need for greater security measures in the sector.
The Water Information Sharing and Analysis Center (WaterISAC) has reported an increase in its membership, which now includes facilities that provide water to most of the US.
However, the US water sector, which has over 148,000 public water systems, has struggled with funding and personnel to protect its systems. Despite a greater public awareness of cybersecurity in the water sector, authorization for major cybersecurity projects usually only happens after an incident.
The new guidelines come a day after the White House released a national cybersecurity strategy that seeks to hold software makers liable when their products are vulnerable to exploitation by hackers.
The FBI and US Cybersecurity and Infrastructure Security Agency have warned about multiple ransomware attacks on the computer networks of water and wastewater facilities across the US.
The EPA’s memo aims to address this issue by enforcing cybersecurity regulations and standards for public water systems across the country.
