Water Associations Send Letter on EPA’s Plan to Use Sanitary Surveys for Cybersecurity

On December 9th, several national water and wastewater associations sent a letter (see below) to EPA on the Agency’s plans to leverage sanitary surveys to create a cybersecurity regulatory program. This letter details several significant technical and legal concerns with this approach. For several years, the Cybersecurity and Infrstructure Security Agency (CISA), has worked with the water sector to provide tools, training, and resources to improve cybersecurity, using a voluntary approach. Given the current state of cybersecurity in the water sector, the Administration apprears to be moving forward with plans to improve cybersecurity in the water sector, possibly through regulatory approaches. The timing, as well as the details of the approach, is currently unknown.

In late September, ASDWA sent a similar letter to EPA (see below). ASDWA’s letter expressed concerns with potential liability for states and potential public access to the sanitary survey reports. Additionally, ASDWA’s letter emphasizes that the primacy agencies’ inspectors are trained to look at monitoring data and treatment & distribution facilities, and are not cybersecurity subject matter experts (SMEs). Cybersecurity inspections and recommended solutions should be developed by trained cybersecurity professionals.

Water Assoc. Sanitary Survey Letter to EPA 09 DEC 2021

ASDWA_EPA Cybersecurity Letter 09292021 Final