EPA Releases Guidance on Improving Cybersecurity at Drinking Water and Wastewater Systems

Yesterday, the EPA released guidance on “Improving Cybersecurity at Drinking Water and Wastewater Systems”, developed to assist owners and operators of drinking water and wastewater systems with assessing gaps in their current cybersecurity practices. As outlined in the guidance, the EPA recommends that all WWS owners and operators, regardless of system type and population served, evaluate the risks to and resilience of their IT and OT systems to cyber threats and develop risk mitigation plans to address cyber vulnerabilities in critical operations.

Yesterday, the EPA released guidance on “Improving Cybersecurity at Drinking Water and Wastewater Systems”, developed to assist owners and operators of drinking water and wastewater systems with assessing gaps in their current cybersecurity practices. As outlined in the guidance, the EPA recommends that all WWS owners and operators, regardless of system type and population served, evaluate the risks to and resilience of their IT and OT systems to cyber threats and develop risk mitigation plans to address cyber vulnerabilities in critical operations. Furthermore, owners and operators of community water systems (CWSs) that serve more than 3,300 people are subject to the Safe Drinking Water ACT (SDWA) section 1433 – these CWSs may use this guidance as one option to address cybersecurity in their risk and resilience assessments and emergency response plans and to meet the requirements under SDWA section 1433.