Critical infrastructure
security
EPA Eyes Stronger Cybersecurity Oversight of Water Sector
The Environmental Protection Agency is seeking to improve its cybersecurity oversight of the water and wastewater sector after experts said water and wastewater cybersecurity is the weakest link in critical infrastructure.
According to Mark Montgomery, executive director of the Cyberspace Solarium Commission, the EPA only has around $7 million in its annual budget dedicated to its Office of Water. The commission said in a report that the agency needs at least $45 million in its annual budget to improve water cybersecurity standards.
The EPA is seeking $4 billion in its fiscal year 2023 budget to improve national water sector security. EPA Administrator Michael Regan told Congress in May that the budget will include $50 million to support resiliency and sustainability initiatives, $25 million to support water systems and $35 million for technical assistance across the sector, FCW reported.
In 2021, the Foundation for Defense of Democracies released a report that suggested that the EPA should partner with industry stakeholders and water operators to implement cybersecurity standards. Speaking at an FDD event, Montgomery said the organization that will result from this partnership would be sector-led and would support the understaffed EPA water cybersecurity team.
Kevin Morley, manager of federal relations for the American Water Works Association, said during the same event that the co-regulatory model proposal will help the EPA in handling water security. He added that the lessons learned from the electricity sector would be applied to the proposed organization, making it easier to establish baseline cybersecurity best practices.
Water sector cybersecurity has been an ongoing problem for the U.S. An AWWA report found that only 20 percent of surveyed infrastructure operators fully implemented a cybersecurity plan.
Category: Cybersecurity