WASHINGTON – On March 19, U.S. Environmental Protection Agency Administrator Michael Regan and National Security Advisor Jake Sullivan sent a letter to all U.S. Governors inviting state environmental, health and homeland security Secretaries to a convening by their deputies to discuss the urgent need to safeguard water sector critical infrastructure against cyber threats. This meeting will highlight current federal and state efforts to promote cybersecurity practices in the water sector, discuss priority gaps in these efforts, and emphasize the need for states and water systems to take immediate action.
This virtual meeting will take place on Thursday, March 21, 2024, from 1:00pm – 2:30 pm EST. EPA will be sending meeting registration information to the states separately via email.
“Drinking water and wastewater systems are a lifeline for communities, but many systems have not adopted important cybersecurity practices to thwart potential cyberattacks,” said EPA Administrator Michael S. Regan. “EPA and NSC take these threats very seriously and will continue to partner with state environmental, health, and homeland security leaders to address the pervasive and challenging risk of cyberattacks on water systems.”
“The Biden Administration has built our national security approach on the foundational integration of foreign and domestic policy, which means elevating our focus on cross-cutting challenges like cybersecurity,” said National Security Advisory Jake Sullivan. “We’ve worked across government to implement significant cybersecurity standards in our nation’s critical infrastructure, including in the water sector, as we remain vigilant to the risks and costs of cyber threats. We look forward to continuing our partnership with the EPA to bolster the cybersecurity of America’s water and wastewater systems.”
The National Security Council (NSC) and EPA are encouraging all states to join this dialogue to drive rapid improvements to water cybersecurity and reinforce collaboration between state and federal entities and water systems.
Additionally, EPA will strive to collaborate with the Water Sector and Water Government Coordinating Councils in forming a Water Sector Cybersecurity Task Force to identify near-term actions and strategies to reduce the risk of water systems nationwide to cyberattacks. In addition to considering the prevalent vulnerabilities of water systems to cyberattacks and the challenges experienced by some systems in adopting best practices, this Task Force in its deliberations would seek to build upon existing collaborative products, such as the 2023 Roadmap to a Secure and Resilient Water and Wastewater Sector and recommendations stemming from the meeting with Environmental, Health and Homeland Security Secretaries.
These collaborative efforts will result in advances that will better protect the nation’s critical water infrastructure from cyberattacks. For information about EPA’s cybersecurity program or details about the upcoming meeting please visit EPA’s Cybersecurity for the Water Sector website.
Background
Disabling cyberattacks are striking water and wastewater systems throughout the United States. These attacks, carried out by countries and criminals, have the potential to disrupt the critical lifeline of clean and safe drinking water, as well as impose significant costs on affected communities. As the Sector Risk Management Agency identified in Presidential Policy Directive 21 for water and wastewater systems, EPA is the lead federal agency for ensuring the nation’s water sector is resilient to all threats and hazards.
EPA and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) offer guidance, tools, training, resources, and technical assistance to help water systems to execute these essential tasks. Further, cybersecurity support and technical assistance are available from state programs as well as private sector associations like the American Water Works Association, the National Rural Water Association, and the Water Information Sharing and Analysis Center. State leadership and messaging to connect water systems with these tools and resources is essential to ensure that utility leaders assess and mitigate critical cyber risks. Additionally, Homeland Security Advisors are also a resource to providing links to federal cybersecurity efforts and access to relevant information about these threats.
