Yesterday, the EPA updated their website to include a page on “Enforcement Alert: Drinking Water Systems to Address Cybersecurity Vulnerabilities”. The page notes that:
“As part of EPA’s multi-year drinking water National Enforcement and Compliance Initiative, Increasing Compliance with Drinking Water Standards, inspectors are assessing CWS compliance with SDWA Section 1433. Given the vulnerabilities and attacks on systems, EPA also will increase the number of CWS inspections that focus on cybersecurity. Where vulnerabilities are identified and may present an imminent and substantial endangerment to public health, enforcement actions may be appropriate [emphasis added] under SDWA Section 1431 to mitigate those risks.”
Commentary
The EPA typically relies on state water authorities to enforce
SDWA related regulations. It simply does not have the number of inspectors
necessary to periodically visit each of the 52,000+ community water systems.
The number of EPA inspectors with sufficient cybersecurity training to conduct
a meaningful review of the cybersecurity assessments and response plans makes
it extremely unlikely that any given community water system will be visited in
this enforcement effort. This is an awfully small ‘big stick’ being wielded by
the EPA.
Posts
No comments:
Post a Comment