Technical Cybersecurity Support Plan for Public Water Systems: U.S. Environmental Protection Agency Issues Report to U.S. Congress

Walter Wright Jr.
Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.
Contact
LinkedIn
Facebook
X
Send
Embed

Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.

Download PDF

The United States Environmental Protection Agency (“EPA”) issued a document related to the drinking water sector titled:

Technical Cybersecurity Support Plan for Public Water Systems – Report to Congress (“Report”)

See Office of Water – EPA 817-R-22-002 (August 2022).

EPA was required pursuant to the Infrastructure Investment and Jobs Act (Bipartisan Infrastructure Law [“BIL”]) to develop in coordination with the Cybersecurity and infrastructure Security Agency a Technical Cybersecurity Support Plan (“Plan”). See Public Law No. 117-58).

The BIL required that the Plan address the following:

  1. . . . the methodology [as established by the Prioritization Framework] for identifying specific PWSs for which cybersecurity support should be prioritized,
  2. . . . timelines for making voluntary technical support for cybersecurity available to specific PWSs,
  3. . . . PWSs identified by [EPA], in coordination with [CISA], as needing technical support for cybersecurity, and
  4. . . .specific capabilities of [EPA] and [CISA] that may be utilized to provide support to PWSs…including:
    1. site vulnerability and risk assessments,
    2. penetrations tests; and
    3. any additional support determined to be appropriate by [EPA].” All support to PWSs under the Support Plan is voluntary.

In commenting on the Report, the Association of Clean Water Administrators cited EPA’s indication that two categories of public water systems potentially have an elevated need for additional technical support. The two groups cited include:

  • Public water systems serving 3,300 people or fewer and all non-community water systems not required to conduct risk and resilience assessments or develop emergency response plans under America’s Water Infrastructure Act of 2018
  • Public water systems that undergo a cybersecurity risk assessment, which could be conducted by a Federal or SLTT entity under a regulatory program or voluntarily by the public water system or an outside technical assistance provider

The four sections of the Report include:

  • Section 1: Methodology, as Established by the Prioritization Framework, for Identifying Specific PWSs for which Cybersecurity Support Should Be Prioritized
  • Section 2: Timelines for Making Voluntary technical Support for Cybersecurity Available to Specific PWSs
  • Section 3: Public Water Systems Identified by EPA, in Coordination with CISA, as Needing Technical Support for Cybersecurity
  • Section 4: Specific Capabilities of EPA and CISA That May be Utilized to Provide Support to Public Water Systems

A copy of the Report can be downloaded here.

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C. | Attorney Advertising

Written by:

Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.
Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C.
Contact
more
less

Mitchell, Williams, Selig, Gates & Woodyard, P.L.L.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide