With national events and international affairs putting the world at a heightened state of alert, it can only be seen as prudent to conduct basic security audits and reviews to assure the public that companies, utilities and government facilities are vigilant and protected as much as possible from potential incidents. That, of course, covers physical and structural integrity, but it increasingly and, in many cases, equally as important, includes cybersecurity.
In the case of the water industry, cybersecurity remains a major blindspot with no immediate solution or resolution in sight.
According to a March 2024 story in The Record, the EPA sought to establish new national guidelines for cybersecurity by memorandum. A number of states, as well as the American Water Works Association and the National Rural Water Association, sued to block its implementation. The EPA withdrew the memo as a result.
All parties involved agreed that there is a need for standards in protection for waterworks facilities throughout the industry. AWWA Federal Relations Manager Kevin Morley told the House Committee on Homeland Security “The current threat situation illustrates both the necessity and strength of continuous two-way engagement and the value of partnership that is necessary to jointly manage cyber threats facing our nation,” according to an April press release.
The release and the story in The Record both speak to the industry’s interest in developing its own standards and regulations to monitor itself, citing another utility sector as an example: electric.
With this in mind, Arkansas Representative Rick Crawford authored H.R. 7922, which would establish federal oversight for “risk and resilience requirements for the water sector.” It was quickly referred to two committees upon submission and has been stuck there as Congress moved fully into campaign season.
In the meantime, there remains no consistent standard. AWWA provides resources and guidance to local water officials, but even within their content, adherence to these parameters is voluntary.
And the water industry remains particularly vulnerable to the threat of cyberattack: after Iranian hackers accessed utilities in 2023, awareness of this threat from places such as China, Russia and states hostile to American interests has only increased. The Record also notes a two-pronged institutional concern: an EPA ill-equipped to handle emerging digital threats to our natural resources, and water utilities that have not or cannot update their infrastructure to maintain robust protections against breaches.
As a member of AWWA, we stand with all reasonable efforts to make a fair and uniform standard to protect water systems against the growing threat of cyberattack. We’ve met with elected officials in Washington, advocating for the best interests of water jurisdictions and for sensible policy to protect sensitive natural resources. All of this is part of AWWA’s Water 2050 initiative, promoting advances in governance, technology and sustainability in the water sector for greater equity, viability and benefit to all.
In the same way that we advocate for water systems and their leaders to shift the paradigm when it comes to thinking outside the vault, we endorse strong cyber protections that won’t place undue burden on smaller utilities and entities. We hope that once election season ends, committees can move H.R. 7922 forward and have it enacted into law so that this critical blindspot is finally addressed.
For leading protection that won’t leave a blindspot for your pumps, backflow preventers, water meters or control valves, take a look at our U.S.-made inventory of durable, sustainable aluminum enclosures.