The US government is requiring states to assess the cyber security capabilities of their drinking water systems, part of the White House’s broader efforts to protect the nation’s critical infrastructure from attacks by nation-states and other cyber threats.
The Environmental Protection Agency (EPA) is outlining steps public water systems officials need to take to protect drinking water supplies, and mandating cyber security assessments in their ‘sanitary surveys’ of the water systems.
The requirements, released late last week, come after months of work by the EPA and a survey finding that while many public water systems (PWSs) have cyber security programs in place, too many others do not.
That’s not good enough at a time when the country’s critical infrastructure – including water systems – is under growing attack, Radhika Fox, assistant administrator for water for the EPA, wrote in a memorandum [PDF].
“Today, PWSs are frequent targets of malicious cyber activity, which has the same or even greater potential to compromise the treatment and distribution of safe drinking water as a physical attack,” Fox wrote.
“Clarifying that cyber security must be evaluated in reviewing operational technology that is part of a PWS’s equipment or operation during sanitary surveys or other state programs will help reduce the likelihood of a successful cyber attack on a PWS and improve recovery if a cyber incident occurs.”
A national patchwork of systems
The survey highlighted the patchwork nature of the drinking water supply environment in the US – one of
Read more