(TLP:CLEAR) GAO Report: Actions Needed to Address Persistent Cybersecurity Threats to the Water and Wastewater Sector

Summary: A Government Accountability Office (GAO) representative recently testified before Congress regarding persistent cybersecurity threats facing the water and wastewater sector. In its report, “Critical Infrastructure Protection: Actions Needed to Address Persistent Cybersecurity Threats to the Water and Wastewater Sector,” GAO highlighted increased risk posed by the convergence of OT and internet-connected devices, which can expose critical systems to cyber intrusion. GAO also noted ongoing sector challenges, including aging infrastructure, workforce shortages, limited cybersecurity resources, and legal limitations affecting EPA’s ability to enforce cybersecurity requirements across portions of the sector.

Analyst Note: The testimony reinforces longstanding concerns regarding internet-exposed OT, remote access security, and inconsistent cybersecurity maturity across the water sector. WaterISAC encourages members to review the GAO testimony and associated EPA risk management efforts as part of ongoing resilience and risk reduction activities.

Original Source: https://www.gao.gov/products/gao-26-109159

Additional Reading:

• EPA’s 2024 Roadmap to a Secure and Resilient Water and Wastewater Sector

Related WaterISAC PIRs: 6, 7, 7.1, 8, 9, 10, 11, 12