The Environmental Protection Agency (EPA) is stressing the need to improve the cybersecurity of drinking water systems. According to the EPA, a recent survey shows that many public water systems (PWSs) have not adopted basic cybersecurity best practices and are at risk of cyberattacks — whether from an individual, criminal collective or a sophisticated state or state-sponsored actor. The memorandum would require states to survey cybersecurity best practices at PWSs.

The memorandum conveys the EPA’s interpretation that states must include cybersecurity when they conduct periodic audits of water systems and highlights different approaches for states to fulfill this responsibility. 

The EPA will provide technical assistance and resources to assist states and water systems as they work towards implementation of a robust cybersecurity program. The EPA will also offer additional training on how to implement best practices for cybersecurity and use the available resources.