A U.S. federal watchdog has emphasized the need for better synchronization and collaboration in water and wastewater sector cybersecurity efforts, pointing out a lack of communication between the Cybersecurity and Infrastructure Security Agency (CISA) and the Environmental Protection Agency (EPA). The Department of Homeland Security Office of Inspector General’s report highlights the challenges faced by the water sector, mainly operated by municipal and county governments, with funding shortfalls leading to aging IT infrastructure and poor cybersecurity. The Biden administration’s attempt to make cybersecurity a part of federally mandated safety assessments for water systems faced obstacles, and concerns about hackers tampering with drinking water have grown in urgency. The watchdog recommends CISA to develop a memorandum of understanding with the EPA and establish better policies for collaboration with the water sector coordinating council.
Water and wastewater, classified as critical infrastructure sectors, often operate with outdated IT systems, posing cybersecurity risks. The report underscores that municipal and county governments, responsible for operating these systems, face challenges in handling cybersecurity risks associated with newer equipment. The watchdog suggests that CISA and EPA need clearer roles and mechanisms for collaboration to address these challenges effectively. With approximately 50,000 community water systems and over 16,000 publicly owned wastewater treatment systems in the U.S., a lack of coordination and communication could lead to inadequate cybersecurity measures, potentially risking the safety of water supplies.
The report also points out that CISA needs to improve communication and collaboration with the water sector coordinating council, a public-private body acting as an intermediary between critical infrastructure sectors and government counterparts. Water officials have expressed concerns about the effectiveness of CISA’s products and services, citing a lack of understanding and consultation in the development process. The watchdog’s recommendations aim to enhance collaboration, information sharing, and cybersecurity measures in the water and wastewater sector, addressing vulnerabilities and ensuring the safety and reliability of water systems.
