Last Thursday, the Foundation for Defense of Democracies (FDD), a think tank affiliated with the congressional Cyberspace Solarium Commission, released a research memo recommending a wide range of federal cybersecurity policy changes to improve water and wastewater cybersecurity. The memo, Poor Cybersecurity Makes Water a Weak Link in Critical Infrastructure, is expected to be translated into legislation for Congress to consider next year.
The memo urged EPA to expand and enhance its cybersecurity program for the water sector and to dedicate funding to utilities to improve security. FDD recommended EPA’s budget for these activities be increased to $45 million, which would still be just one-quarter of the funding provided to the Department of Energy for the electricity sector.
The foundation called for EPA to provide $10 million per year to WaterISAC and sector associations to “provide advisory support regarding the development and implementation of policies, plans, and procedures for cybersecurity readiness and resilience; issue advisories pertaining to cybersecurity threats to the water sector; provide training and conduct exercises to improve cybersecurity readiness and resilience; and help the EPA document the overall state of the water sector’s cybersecurity readiness.”
FDD also endorsed the creation of a NERC-like entity for the water sector, such as that proposed by AWWA, whereby EPA and the water sector would develop performance-based standards and enforcement mechanisms. The FDD also suggested changes to America’s Water Infrastructure Act, better known as AWIA, such as requiring wastewater systems to comply and having utilities provide copies of their risk and resilience assessment and emergency response plans to EPA.