The Environmental Protection Agency (EPA) is stressing the need to improve the cybersecurity of drinking water systems. According to the EPA, a recent survey shows that many public water systems (PWSs) have not adopted basic cybersecurity best practices and are at risk of cyberattacks — whether from an individual, criminal collective or a sophisticated state or state-sponsored actor. The memorandum would require states to survey cybersecurity best practices at PWSs.
The memorandum conveys the EPA’s interpretation that states must include cybersecurity when they conduct periodic audits of water systems and highlights different approaches for states to fulfill this responsibility.