EPA Increases Enforcement Activities to Ensure Drinking Water Systems Address Cybersecurity Threats

378c5b1f 6c3d 43bb aea7 d4f0f2f03b45

The U.S. Environmental Protection Agency (EPA) has intensified its enforcement activities to safeguard community water systems (CWSs) from escalating cybersecurity threats. This proactive measure aligns with the Safe Drinking Water Act (SDWA) Section 1433, emphasizing the importance of robust cybersecurity protocols to protect public health and ensure the continuous provision of safe drinking water.

Rising Cybersecurity Threats to Water Systems

Cyberattacks on CWSs are becoming more frequent and severe, posing significant risks to the operation and safety of water utilities. These attacks can manipulate operational technology, leading to disastrous consequences such as disrupted water treatment, distribution, and storage, as well as damage to critical infrastructure like pumps and valves. More alarmingly, cyberattacks can alter chemical levels in water to hazardous amounts, endangering public health.

READ MORE: State of Texas Enhances Border Security with New Fencing and Anti-Climb Barriers in Maverick County

Essential Cyber Hygiene Practices

To mitigate these threats, the EPA recommends implementing fundamental cyber hygiene practices. These include:

  • Reducing Exposure to Public-Facing Internet: Limiting online access to essential functions minimizes vulnerabilities.
  • Conducting Regular Cybersecurity Assessments: Regular evaluations help identify and rectify potential security weaknesses.
  • Changing Default Passwords: Immediate replacement of factory-set passwords prevents unauthorized access.
  • Inventorying OT/IT Assets: Maintaining a comprehensive list of all operational and information technology assets ensures better control and protection.
  • Developing Incident Response Plans: Preparedness plans for cybersecurity incidents enable swift and effective responses.
  • Backing Up Systems: Regular backups of operational and IT systems ensure data recovery in case of an attack.
  • Reducing Exposure to Vulnerabilities: Continuous monitoring and updating of systems to eliminate weaknesses.
  • Cybersecurity Awareness Training: Educating staff on cybersecurity best practices to prevent accidental breaches.

Compliance with SDWA Section 1433

Section 1433 mandates that all CWSs serving over 3,300 people conduct Risk and Resilience Assessments (RRAs) and develop Emergency Response Plans (ERPs), certifying their completion to the EPA. These assessments and plans must be reviewed and updated every five years to remain effective against emerging threats.

READ MORE: Opinion: Maverick County Needs a Full-Time Tax Assessor Collector

Federal Support and Resources

The EPA collaborates with the Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) to provide resources and guidance for CWSs. Water utilities can access free cybersecurity assistance by contacting the EPA through its Cybersecurity Technical Assistance Form or emailing CISA Cyber Hygiene Services at vulnerability@cisa.dhs.gov.

Alarming Findings and Increased Inspections

Recent EPA inspections have uncovered that over 70% of water systems inspected since September 2023 are not compliant with basic SDWA 1433 requirements. Common issues include failure to change default passwords, inadequate RRAs and ERPs, and poor access control. In response, the EPA is increasing its inspections and enforcement actions to address these vulnerabilities swiftly.

READ ABOUT: Maverick Barber School and Eagle Pass Housing Authority Offer Free Haircuts to Residents

Enforcement Actions

Since 2020, the EPA has taken over 100 enforcement actions against CWSs for violations of Section 1433. These actions aim to ensure that water systems comply with statutory requirements, including proper cybersecurity measures. The EPA has various enforcement tools at its disposal, such as emergency powers under SDWA Section 1431 and criminal sanctions for false certifications.

Final Thoughts

The EPA’s heightened focus on cybersecurity for drinking water systems underscores the critical importance of protecting these essential services from cyber threats. By adhering to recommended practices and complying with regulatory requirements, CWSs can significantly enhance their resilience against cyberattacks, ensuring the safety and reliability of the nation’s drinking water supply.

READ: Favoritism Allegations Surround Maverick County Tax Assessor Collector’s Office

About The Author

Leave a Reply

Your email address will not be published. Required fields are marked *