*Page Updated May 23, 2024
EPA Enforcement Alert for Community Water Systems
On May 20th, 2024, the EPA issued an Enforcement Alert concerning Drinking Water Systems need to address Cybersecurity vulnerabilities. This Enforcement Alert provides community water systems (CWSs) with information on immediate steps the Water Systems can take to ensure compliance with SDWA Section 1433 and to reduce cybersecurity vulnerabilities. Section 1433 of Safe Drinking Water Act requires Community Water Systems serving more than 3,300 people to conduct Risk & Resilience Assessments, develop Emergency Response Plans, and certify their completion to the EPA. These assessments and plans must include Cybersecurity. The Enforcement Alert also outlines steps the EPA will take to increase enforcement activity to protect the nation’s drinking water.
The Enforcement alert can be reviewed at: Enforcement Alert: Drinking Water Systems to Address Cybersecurity Vulnerabilities | US EPA
To help water and wastewater utilities stay informed about recent cybersecurity threats, the below information and links provide resources and information from Environmental Protection Agency (EPA), Cybersecurity and Infrastructure Security Agency (CISA), Water Information Sharing and Analysis Center (WaterISAC), American Water Works Association (AWWA).
Please report any suspected criminal cyber activity to FBI and/or CISA as quickly as possible. The EPA/WaterISAC Joint Advisory on Potential Threat to Critical Infrastructure and CISA’s Shields Up Website contain the latest information and developments.
Resources
- AWWA: Resources on Cybersecurity
- EPA: Cybersecurity Best Practices for the Water Sector
- EPA: Incident Action Checklist - Cybersecurity
- EPA: Supporting Cybersecurity Measures with the Clean Water State Revolving Fund
- EPA: Supporting Cybersecurity Measures with the Drinking Water State Revolving Fund
- Hampton Roads Sanitation District - Roundtable on Cyber Incidents and the Public Sector Presentation
- Joint Cybersecurity Advisory - Compromise of U.S. Treatment Water Treatment Facility
- WaterISAC - 15 Cybersecurity Fundamentals
- WaterISAC - Advisory on Current Egregor Ransomware Incident at Large Metropolitan Water Utility
- White House - What We Urge You To Do To Protect Against the Threat of Ransomware
- White House - FACT SHEET: Act Now to Protect Against Potential Cyberattacks
- White House - Statement by President Biden on our Nation’s Cybersecurity
- White House - FACT SHEET: Competitive Infrastructure Funding Opportunities for Local Governments
- *FACT SHEET: Water Vulnerability Scanning