The U.S. Environmental Protection Agency has withdrawn its guidance requiring cybersecurity audits for water utilities across the country following a lawsuit filed by Arkansas, Iowa, and Missouri and supported by trade groups that challenged the viability of water utility cybersecurity regulation in the long term, according to CyberScoop.
"While the memorandum is being withdrawn due to litigation, improving cybersecurity across the water sector remains one of EPA's highest priorities. Cybersecurity represents a serious and increasing threat to drinking water and wastewater utilities," said an EPA spokesperson, who also noted that statewide reviews of public water system cybersecurity programs are still being urged by the agency.
Such a decision by the EPA was supported by the National Rural Water Association and the American Water Works Association, which have sought the EPA to manage cybersecurity standards co-developed with the industry as part of a co-regulatory model similar to what has been implemented in the electric industry.
Critical Infrastructure Security, Security Staff Acquisition & Development
Water cybersecurity regulations withdrawn
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds