Cybersecurity strategy

EPA Requires Water Filtration Systems to Undergo Cyber Assessments

The Environmental Protection Agency will provide drinking water filtration operators with resources to assess the cyber posture of the water purification systems and better protect underlying hardware and software from cyberattacks.

According to a new EPA memorandum, the agency is requiring states to periodically evaluate the digital networks of the systems as part of an existing sanitary survey. Various evaluation methods are offered to states, including third-party reviews and self-assessments. The agency issued the memo following the release of the White House National Cybersecurity Strategy, Nextgov reported.

Water treatment plants recently became prime targets of cyberattacks. The Center on Cyber and Technology Innovation and the Cyberspace Solarium Commission released policy statements in 2022 raising concerns about the vulnerability of U.S. water systems. According to Samantha Ravich, chair of CCTI, the systems have been operating with limited cybersecurity personnel to respond to threats.

Anne Neuberger, the deputy national security adviser for cyber and emerging technologies, said the EPA’s action will help ensure that the public will be provided with safe drinking water.

The agency is conducting other initiatives to deliver clean water to people. Recently, the EPA awarded ICF a five-year, $31 million indefinite-delivery/indefinite/quantity contract to support a study on the effects of water contaminants in U.S. drinking and recreational waters on human health.

According to a 2021 Centers for Disease Control and Prevention report, waterborne diseases caused 118,000 hospitalizations and 6,630 deaths between 2000 and 2015.