Skip to content

EPA issues cybersecurity memo for water systems.

Posted by:
2 min read

March 6, 2023 – Published on The Cyberwire

The US Environmental Protection Agency (EPA) on Friday issued a memorandum “stressing the need for states to assess cybersecurity risk at drinking water systems to protect our public drinking water.”

The memorandum requires that states include cybersecurity when they conduct audits of water systems. The agency said in a statement, “While some public water systems (PWSs) have taken important steps to improve their cybersecurity, a recent survey and reports of cyber-attacks show that many have not adopted basic cybersecurity best practices and are at risk of cyber-attacks — whether from an individual, criminal collective, or a sophisticated state or state-sponsored actor. This memorandum requires states to survey cyber security best practices at PWSs.”

CyberScoop notes criticism from industry experts and insiders who stated that the memorandum wasn’t developed with input from industry groups, and that sanitation surveyors lack the proficiency to evaluate cybersecurity threats.

Chris Warner, Senior OT Cyber Security Consultant at GuidePoint Security, commented:

“Securing water delivery systems is a challenge due to the use of OT called SCADA systems. Many are connected to IT systems to provide data used to efficiently manage the safety and reliability of drinking water, water treatment facilities and flood control. SCADA systems are designed to function in all environments and are built to last decades, with little focus on cybersecurity. The more OT and IT connect, the attack surface becomes larger for bad actors to make their way in and ransom, manipulate data or cause other destructive operations. 

“Water utilities have numerous physical sites diverse in architecture and challenging nationwide. These organizations work diligently to ensure integrity and security for water treatment management for clean and safe drinking water distribution networks and real-time flood control system monitoring. These organizations have limited resources to protect from cyber-attacks.” 

Read More HERE.

Categories: Cybersecurity Network & Infrastructure Security
Tags:ICS

GuidePoint Security

The Brick House – Why OT/ICS Cybersecurity Matters
Operational Technology (OT) environments have continued to converge with traditional IT environments. As previously siloed OT environments have been connected to larger corporate networks, new attack surfaces have been created that must be identified, secured, and monitored.
Watch Now

Related Articles

View All

  • Governance, Risk & Compliance
The Brick House – Why OT/ICS Cybersecurity Matters
Read More < 1 min read
  • Cybersecurity
ICS Security Services
Read More < 1 min read
  • Blog
The Importance of OT Cybersecurity
Posted by: Pascal Ackerman
Read More 10 min read