The U.S. Environmental Protection Agency (EPA) issued an enforcement alert on May 20, 2024, outlining the urgent cybersecurity threats and vulnerabilities to community drinking water systems and the steps these systems need to take to comply with the Safe Drinking Water Act.
The alert is part of a government-wide effort, led by the National Security Council and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency, to reduce the nation’s infrastructure and cybersecurity vulnerabilities.
According to a press release, the EPA is issuing this alert because threats to, and attacks on, the nation’s water system have increased in frequency and severity to a point where additional action is critical.
Recent EPA inspections have revealed that the majority of water systems inspected—over 70%—do not fully comply with the requirements in the Safe Drinking Water Act and that some of those systems have critical cybersecurity vulnerabilities.
The alert highlights the importance of the EPA’s ongoing inspection and enforcement activities under Safe Drinking Water Act section 1433. The EPA will increase the number of planned inspections and will take civil and criminal enforcement actions when necessary. This includes response to a situation that may present an imminent and substantial endangerment.
Inspections will ensure that water systems are meeting their requirements to regularly assess resilience vulnerabilities, including cybersecurity, and to develop emergency response plans.
