February 2, 2024 — On Wednesday, the House Energy and Commerce Subcommittee on Environment, Manufacturing, and Critical Materials discussed the critical need for enhanced cybersecurity in America’s drinking water systems. This meeting was part of ongoing efforts to protect vital infrastructure from cyber threats, building on discussions that began on May 16, 2023.

Officials from leading water sector trade organizations stressed the necessity of additional federal funding to bolster cybersecurity training and resources. They highlighted the escalating cyber threats, particularly from groups like CyberAv3ngers, that target essential services such as water and wastewater systems. (See the Hearing Memorandum published by the subcommittee prior to the hearing.)

Key Insights from the Hearing.

The session underscored the vulnerability of interconnected infrastructure systems to cyberattacks, which pose risks to national security, the economy, and public health. Witnesses emphasized the importance of not only preventing attacks but also building resilience to recover from and adapt to potential cyber compromises.

The dialogue covered the crucial roles of the Environmental Protection Agency (EPA) and the Department of Homeland Security (DHS) in coordinating efforts to secure water systems against cyber threats. The need for more federal funding and the importance of sector-specific information sharing to enhance cybersecurity were also discussed.

Moving Forward: A Balanced Approach to Regulation and Support.

The subcommittee reviewed feedback suggesting that excessive cybersecurity regulations might be counterproductive. Instead, the focus was on the need for Congress to provide more funding for cybersecurity training within the water sector. This approach aims to develop a regulatory framework similar to that of the electric industry, where standards are set by leading organizations and audited by the EPA, ensuring both clean and secure water systems.

Photo 33359901 © Rvlsoft | Dreamstime.com