WATER SECURITYEPA Cancels Certain Cyber Regulations for Water Utilities
Following growing concerns about the cybersecurity of the U.S. water infrastructure, the EPA announced this week it will no longer require cybersecurity audits of water utility facilities through sanitary surveys.
Following growing concerns about the cybersecurity of the United States’ water infrastructure, the Environmental Protection Agency announced this week it will no longer require cybersecurity audits of water utility facilities through sanitary surveys.
Pandora Report writes that
As explained in Cyberscoop, “In a letter to state drinking water administrators on Thursday, the EPA said litigation from Republican states and trade associations, which raised questions about the long-term legal viability of the initiative to regulate the cybersecurity of water utilities, drove the decision to rescind a March memorandum implementing the rule.”
“The announcement represents a major setback to the White House’s efforts to add more stringent cyber mandates to critical infrastructure sectors. The Biden administration’s National Cybersecurity Strategy described improving the digital defenses of critical infrastructure as a key priority.”
“Owners and operators of these systems are struggling to combat the deluge of ransomware and state-backed attacks and infiltration of the nation’s most sensitive networks. For critical infrastructure sectors, the consequences for a major cyberattack can be dire, and U.S. water utilities have been identified as particularly lacking in security.”
“EPA said it encourages “all states to voluntarily review public water system cybersecurity programs to ensure that any vulnerabilities are identified and corrected, and assistance is provided to systems that need help.”’
