Today the U.S. Environmental Protection Agency (EPA) and its federal partners announced the Industrial Control Systems Cybersecurity Initiative – Water and Wastewater Sector Action Plan to help protect water systems from cyberattacks. The Action Plan focuses on high-impact activities that can be surged within 100 days to safeguard water resources by improving cybersecurity across the water sector.
The Action Plan is part of President Biden’s Industrial Control Systems (ICS) Initiative, which he established pursuant to National Security Memorandum 5, Improving Cybersecurity for Critical Infrastructure Control Systems. The ICS Initiative is a collaborative effort between the federal government and critical infrastructure community to facilitate the deployment of technologies that provide cyber-related threat visibility, indicators, detections, and warnings.
“Cyberattacks represent an increasing threat to water systems and thereby the safety and security of our communities,” said EPA Administrator Michael S. Regan. “As cyber-threats become more sophisticated, we need a more coordinated and modernized approach to protecting the water systems that support access to clean and safe water in America. EPA is committed to working with our federal partners and using our authorities to support the water sector in detecting, responding to, and recovering from cyber-incidents.”
The Water and Wastewater Sector Action Plan focuses on promoting and supporting the water sector’s adoption of strategies for the early detection of cyber-threats and allow for the rapid sharing of cyber-threat data across the government in order to expedite analysis and action. Actions include:
- Establishing a task force of water sector leaders.
- Implementing pilot projects to demonstrate and accelerate adoption of incident monitoring.
- Improving information sharing and data analysis.
- Providing technical support to water systems.
The Initiative’s goals are outlined in the Action Plan which was developed by the EPA, the National Security Council (NSC), the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), and the Water Sector Coordinating Council and Water Government Coordinating Council (WSCC/GCC).
“American lives depend on protecting the Nation’s critical infrastructure from evolving cybersecurity threats,” said Secretary of Homeland Security Alejandro N. Mayorkas. “The Department’s Cybersecurity and Infrastructure Security Agency and the Environmental Protection Agency will continue to work with the water and wastewater sectors to provide guidance, technology, and direct support as they improve their cybersecurity resilience. Public-private sector collaboration like this initiative is central to protecting the American public and their ability to safely access critical services.”
“Securing our Nation’s critical infrastructure is a top priority for President Biden and his Administration. In the past year, the Administration has worked closely across the U.S. government and critical infrastructure partners to ensure they have our full support in shoring up their cyber defenses,” said Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger. “The action plans for the electric grid and pipelines have already resulted in over 150 electricity utilities serving over 90 million residential customers and multiple critical natural gas pipelines deploying additional cybersecurity technologies. This plan will build on this work and is another example of our focus and determination to use every tool at our disposal to modernize the nation’s cyber defenses, in partnership with private sector owners and operators of critical infrastructure”
“The expansion of the President’s ICS Cybersecurity Initiative to the Water Sector is an important step forward in securing our nation’s water utilities from malicious cyber activity. The water sector action plan will provide owners and operators of water utilities a roadmap for high-impact actions they can take to improve the cybersecurity of their operations,” said National Cyber Director Chris Inglis. “I commend the Water Sector Coordinating Council and their Federal partners for their continuing efforts to improve the present and future resilience of water utilities on which each American depends.”
“Over the past year we’ve seen cyber threats affecting the critical infrastructure that underpins our communities and the services we all rely on, including safe and clean water,” said CISA Director Jen Easterly. “To reduce the likelihood and impact of damaging cybersecurity intrusions to the water sector, we’re teaming up with our EPA partners to provide guidance, technology, and direct support to the sector. The action plan announced today will help us better understand and reduce the risks across the water and wastewater sector both in the near and long term, and keep the American people safe.”
“The Water Sector Coordinating Council appreciates the partnership with the Environmental Protection Agency and the National Security Council to advance and mature cybersecurity across the Water and Wastewater Systems Sector. This plan represents a key step towards achieving that goal, and we look forward to continued engagement to support the sector vision of secure and resilient drinking water and wastewater infrastructure,” said Nicholas Santillo Jr., Chair of the Water Sector Coordinating Council.
EPA and its federal partners intend to work with water sector stakeholders to encourage, incentivize, and assist in the rapid deployment of ICS cybersecurity monitoring technologies. By implementing this Action Plan, partners across the government will lay the foundation for supporting enhanced ICS cybersecurity across water systems of all sizes—ensuring improved cyber-preparedness.