EPA, White House launch cybersecurity plan for water sector

Jan. 28, 2022
In order to safeguard the nation's infrastructure, the action plan will build a task force of water sector leaders to help utilities be more prepared for possible cyberattacks.

Earlier this week, the U.S. Environmental Protection Agency (EPA) announced an action plan to protect the water and wastewater sector from cyberattacks.

The plan, titled the Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan, will try to improve cybersecurity across the water sector within only 100 days. With such a short timeline, EPA says that the plan will focus on high-impact activities to safeguard water resources.

The Action Plan is part of President Biden’s Industrial Control Systems (ICS) Initiative, established in accordance with National Security Memorandum 5, Improving Cybersecurity for Critical Infrastructure Control Systems. The ICS Initiative helps the federal government and critical infrastructure community collaborate to provide visibility, indicators, detections, and warnings for cyber-threats.

“Cyberattacks represent an increasing threat to water systems and thereby the safety and security of our communities,” said EPA Administrator Michael S. Regan. “As cyber-threats become more sophisticated, we need a more coordinated and modernized approach to protecting the water systems that support access to clean and safe water in America. EPA is committed to working with our federal partners and using our authorities to support the water sector in detecting, responding to, and recovering from cyber-incidents.”

The plan, specific to the water and wastewater sector, focuses on promoting and supporting strategies to detect cyber-threats early, and help share of cyber-threat data across the government. Actions include:

  • Establishing a task force of water sector leaders.
  • Implementing pilot projects to demonstrate and accelerate adoption of incident monitoring.
  • Improving information sharing and data analysis.
  • Providing technical support to water systems.

The Action Plan was developed collaboratively by the EPA, the National Security Council (NSC), the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and the Water Sector Coordinating Council and Water Government Coordinating Council (WSCC/GCC).

“Over the past year we’ve seen cyber threats affecting the critical infrastructure that underpins our communities and the services we all rely on, including safe and clean water,” said CISA Director Jen Easterly. “To reduce the likelihood and impact of damaging cybersecurity intrusions to the water sector, we’re teaming up with our EPA partners to provide guidance, technology, and direct support to the sector.”

EPA and its federal partners intend to work with water sector stakeholders to help deploy ICS cybersecurity monitoring technologies. By implementing this Action Plan, partners across the government will lay the foundation for supporting enhanced ICS cybersecurity across water systems of all sizes—ensuring improved cyber-preparedness.