Today, the Foundation for Defense of Democracies (FDD), a think tank aligned with the congressional Cyberspace Solarium Commission, released a research memo recommending a wide range of federal cybersecurity policy changes to improve water and wastewater cybersecurity. The memo, “Poor Cybersecurity Makes Water a Weak Link in Critical Infrastructure,” is expected to be translated into legislation for Congress to consider next year.
The memo urges EPA to expand and enhance its cybersecurity program for the water sector and to dedicate funding to utilities to improve security. FDD also recommends EPA’s budget for these activities expand to $45 million, which is still one-quarter of the funding provided to the Department of Energy for the electricity sector.
FDD further urges funding for cyber-trained rural circuit riders and for other technical service providers. It also calls for EPA to provide $10 million per year to WaterISAC and sector associations to “provide advisory support regarding the development and implementation of policies, plans, and procedures for cybersecurity readiness and resilience; issue advisories pertaining to cybersecurity threats to the water sector; provide training and conduct exercises to improve cybersecurity readiness and resilience; and help the EPA document the overall state of the water sector’s cybersecurity readiness.”
Also called for in the memo is a NERC-like entity for the water sector, such as that proposed by AWWA, whereby EPA and the water sector would develop performance-based standards and enforcement mechanisms.
Finally, the FDD suggests changes to America’s Water Infrastructure Act, better known as AWIA, such as requiring wastewater systems to comply and having utilities provide copies of their risk and resilience assessment and emergency response plans to EPA.