In October 2018, the U.S. Environmental Protection Agency (EPA) announced that America’s Water Infrastructure Act (AWIA) was signed into law. The AWIA Section 2013 had already required community (drinking) water systems (CWSs) serving more than 3,300 people to develop or update risk and resilience assessments (RRAs) and emergency response plans (ERPs) and provide the first update in 2025-2026 (depending on CWS size). There is also an EPA rule that states during the sanitary survey of a Public Water System (PWS), a cybersecurity assessment be included. Utilities need to be aware that even though this requirement is currently under a “judicial stay”, it will be required in the near future. The form and guidance evaluators will use during the sanitary survey can be found at Cybersecurity Assessments | US EPA.
Cybersecurity Risk Assessment Experience
Public Water Supply Systems are under an ever-increasing threat of cyber-attack. Wright-Pierce performs control SCADA systems asset inventory programs using current standards for cybersecurity. Our dedicated Instrumentation and Controls (I&C) Department specializes in water and wastewater industrial control systems (ICS), including cybersecurity controls, and is ISA/IEC 62443 trained. Our I&C Department also includes a System Integration team that performs software programming using the safeguards required to secure control and SCADA systems from external threats, and satisfy EPA cybersecurity requirements, as needed. Our internal IT department also helps develop security policies for our System Integration team.
Assistance with EPA’s Cybersecurity Risk Self-Assessments
The EPA has provided a number of resources to help municipalities and utilities evaluate their cybersecurity risks and vulnerabilities, but it can be overwhelming. Wright-Pierce can provide technical assistance to support a utility’s cybersecurity evaluation and upgrade needs. Contact us today to learn more.