Administration Official Says EPA to Require Better Cybersecurity From Water Facilities

Anne Neuberger, deputy national security adviser for cyber and emerging technology, announced that the Environmental Protection Agency is poised to include cybersecurity assessments in sanitation reviews conducted on U.S. critical water facilities. The White House previously said that such cybersecurity reviews would be done on concerned companies only voluntarily because of limitations in the EPA’s powers, Nextgov reported Thursday.

However, Neuberger said the Biden administration has been working with lawmakers to craft legislation that would empower sector-specific risk management agencies to impose stricter cybersecurity rules on critical infrastructure providers. She stressed that while public-private partnerships have proven effective, they usually cannot get the same level of compliance as congressionally-mandated rules.

Neuberger added that lawmakers have met her office’s requests with great interest and have provided excellent feedback.

The White House official explained that the administration has requested lawmakers to pass “a minimum set of mandates” that would give concerned agencies the power to compel infrastructure providers to adopt a certain level of cybersecurity and require them to be more transparent. She hopes to give agencies like the EPA powers and resources akin to those given to the Cybersecurity and Infrastructure Security Agency, a non-regulatory agency.

Neuberger noted that the United States is lagging behind other countries in establishing cybersecurity requirements for the critical elements of infrastructure. She mentioned Australian legislation currently being enacted as a good model to emulate domestically.