Public Water Systems Cybersecurity in Sanitary Surveys or an Alternate Process: U.S. Environmental Protection Agency Guidance Memorandum

Walter Wright Jr.
Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.
Contact
LinkedIn
Facebook
X
Send
Embed

Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.

Download PDF

The United States Environmental Protection Agency (“EPA”) issued a March 3rd memorandum titled:

Addressing PWS Cybersecurity in Sanitary Surveys or an Alternate Process (“Memorandum”)

The Memorandum was transmitted from EPA Assistant Administrator for Water, Radhika Fox, to both the State Drinking Water Administrators and EPA Water Division Directors, Regions I-X.

EPA expresses concern in the Memorandum that some public water systems (PWSs) have failed to adopt basic cybersecurity best practices.

The federal agency states in the Memorandum that it is providing clarification that states must:

. . . evaluate the cybersecurity of operational technology used by a PWS when conducting PWS sanitary surveys or through other state programs.

The Memorandum provides what EPA characterizes as “various approaches” to include cybersecurity in PWS sanitary surveys or other state programs.

Sections of the Memorandum address:

  • Approaches to Include Cybersecurity in PWS Sanitary Surveys
    • Option 1: Self-assessment or third-party assessment of cybersecurity practices
    • Option 2: State evaluation of cybersecurity practices during the sanitary survey
    • Option 3: Alternative State Program for Water System Cybersecurity
    • Changes to State Recordkeeping and Reporting
  • EPA Technical Assistance for Cybersecurity in PWS Sanitary Surveys
    • Guidance Documents
    • Training
    • Technical Assistance

An addendum provides supplementary information on addressing PWS cybersecurity or an alternate process. Questions addressed include:

  • Does EPA’s interpretation regarding cybersecurity and sanitary surveys apply to me?
  • What action is the EPA taking?
  • Why is EPA communicating this interpretation now?
  • How does this interpretation relate to America’s Water Infrastructure Act of 2018?
  • What additional cybersecurity resources are available to states and PWSs?
    • Technical resources
    • Financial resources
  • Can sensitive information about cybersecurity practices be protected from disclosure?
  • What are the additional requirements for PWS sanitary surveys?
  • Did EPA engage stakeholders on this topic before issuing the memorandum?

A copy of the Memorandum can be downloaded here.

Written by:

Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.
Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.
Contact
more
less

Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide