Readout From State Convening To Discuss Cybersecurity And The Water Sector

As a follow up to the letter from National Security Advisor Jake Sullivan and U.S. Environmental Protection Agency Administrator Michael S. Regan to Governors, on March 21, 2024, Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies and Janet McCabe, EPA Deputy Administrator, met with state and local officials from across the United States to discuss cybersecurity of the water sector. The meeting highlighted the urgency of states’ acting to improve the cybersecurity of water systems to protect our nations’ water resources from potential cyberattacks by foreign governments and associated criminal entities.

“The nation’s water systems face cyber threats from criminals and countries alike,” said Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies. “We must lock our digital doors to meet the threat. The Biden-Harris Administration has issued cybersecurity best practices and made available free tools and services to help companies operating critical infrastructure act quickly.”

“Cybersecurity is not the sole responsibility of one single water system, one single state, or the federal government. Instead, cybersecurity is a collective responsibility,” said Janet McCabe, EPA Deputy Administrator. “EPA has an important role, and it’s critical that we work together with our state partners to help set a course toward cyber-resilience that will deliver essential protections across the country.”

During the meeting, officials from several states outlined actions that they are currently taking to protect their water systems. There was discussion of current state programs in place and lessons learned from these experiences. Many states relayed challenges associated with cyber vulnerability including barriers such as finding the appropriate technical expertise. EPA and the Cybersecurity and Infrastructure Security Agency (CISA) also shared information about existing state coordination and resources available to assist states in assessing and addressing vulnerabilities. States and federal partners will continue to work together to share best practices and facilitate connections to reduce barriers.

At the meeting, Deputy National Security Advisor Anne Neuberger requested that each state share a cybersecurity plan by May 20, 2024. The cybersecurity plans should include details for how states are working with both drinking water and wastewater systems to determine where they are vulnerable to cyberattacks and what actions they are taking to build in cybersecurity protections. DNSA Neuberger encouraged states to tap into EPA and CISA’s resources to support their work. For more information visit the Water and Wastewater Cybersecurity website.

Finally, EPA outlined actions being taken to establish a Water Sector Cybersecurity Task Force to identify near-term actions and strategies to reduce the risk of water systems nationwide to cyberattacks.

For information about EPA’s cybersecurity program, visit EPA’s Cybersecurity for the Water Sector website.