Last month, Sen Kelly (D,AZ) introduced S 3282, the Water Infrastructure Modernization Act of 2021. This bill provides for two new grant programs to support the modernization of wastewater and drinking water treatment facilities in the United States. HR 6068, with an identical short title, only addresses the drinking water treatment program with identical language to that found in Title II of this bill. This bill would authorize $25 million for each of the two grant programs.
Kelly is a member of the Senate Environment and Public Works Committee to which this bill was assigned for consideration. This means that there may be enough influence to see this bill considered in Committee. Beyond the cost of the two grant programs, I do not see anything in this bill that would engender any specific opposition. If this bill were considered in Committee, there would probably be bipartisan support for the bill.
Commentary
This bill has the same problem that I identified in HR 6088; it provides for the use of advanced controls technology without providing a requirement to protect those systems from cyberattacks. The same language that I proposed for adding to HR 6088 should be added to Title II of this bill. Similar language, see below, should be added to subsection (a) of the proposed §228.
(3) Any program for which a
grant is provided under this section will include a comprehensive cybersecurity
program to protect the operation of the smart wastewater infrastructure
technology funded by the grant. That cybersecurity program will include, as a
minimum:
(i) virtual and physical
network segmentation separating the smart water infrastructure technology from
the business networks of the agency being supported,
(ii) least privilege access
controls for the smart water infrastructure networks, including two-factor
authentication for remote access, and
(iii) an annual third-party audit of cybersecurity controls, software updates, internal system log reviews and incident response reports.
For more details about the provisions of this bill, see my
article at CFSN Detailed Analysis - https://patrickcoyle.substack.com/p/s-3282-introduced
- subscription required.
Posts
No comments:
Post a Comment