Tuesday, May 21, 2024

Review – EPA Publishes Water System Cybersecurity Enforcement Alert – 5-20-24

Yesterday, the EPA updated their website to include a page on “Enforcement Alert: Drinking Water Systems to Address Cybersecurity Vulnerabilities”. The page notes that:

“As part of EPA’s multi-year drinking water National Enforcement and Compliance Initiative, Increasing Compliance with Drinking Water Standards, inspectors are assessing CWS compliance with SDWA Section 1433. Given the vulnerabilities and attacks on systems, EPA also will increase the number of CWS inspections that focus on cybersecurity. Where vulnerabilities are identified and may present an imminent and substantial endangerment to public health, enforcement actions may be appropriate [emphasis added] under SDWA Section 1431 to mitigate those risks.”

Commentary

The EPA typically relies on state water authorities to enforce SDWA related regulations. It simply does not have the number of inspectors necessary to periodically visit each of the 52,000+ community water systems. The number of EPA inspectors with sufficient cybersecurity training to conduct a meaningful review of the cybersecurity assessments and response plans makes it extremely unlikely that any given community water system will be visited in this enforcement effort. This is an awfully small ‘big stick’ being wielded by the EPA.

No comments:

 
/* Use this with templates/template-twocol.html */