EPA Issues Enforcement Alert for Drinking Water Systems’ Cybersecurity Compliance

The Environmental Protection Agency (EPA) has issued an enforcement alert urging vulnerable community drinking water systems to ramp up their cybersecurity efforts in order to comply with federal standards. A recent investigation revealed that over 70% of inspected water systems have failed to meet the cybersecurity requirements outlined in the Safe Drinking Water Act.

Security experts have voiced concerns over the alarming lack of compliance within these critical infrastructures. Tom Kellermann, SVP of Cyber Strategy at Contrast Security, warns that the U.S. water supply is facing grave dangers from cyber threats and emphasizes the urgent need for increased funding to bolster their cybersecurity defenses.

Meanwhile, Roger Grimes, Data-Driven Defense Evangelist at KnowBe4, criticizes the lack of action and accountability in the face of repeated warnings from the government. He points out that the focus on cybersecurity is often misaligned, with organizations neglecting to address key vulnerabilities such as social engineering and unpatched software.

Eric Knapp, CTO of OT at OPSWAT, highlights the recent threats targeting critical infrastructure and emphasizes the importance of improving cyber resilience in water utilities. He recommends immediate steps such as changing default passwords, adopting industry standards, and implementing incident response plans to reduce vulnerabilities.

As the U.S. grapples with growing cybersecurity threats to its water supply, it is crucial for vulnerable community drinking water systems to prioritize cybersecurity measures to safeguard against potential cyber incidents. Failure to comply with the cybersecurity standards outlined by the EPA could have serious consequences for the safety and security of the country’s critical infrastructure.