Members of Congress this week introduced legislation aimed at strengthening cybersecurity protections for water and wastewater systems by creating a new non-federal agency to update and manage cybersecurity requirements for critical infrastructure sectors.
The bill, introduced Thursday by Reps. Rick Crawford, R-Ariz., and John Duarte, R-Calif., would create a governing body of cyber and water systems experts to develop and enforce cybersecurity. The aim is to establish the Water Risk and Resilience Agency. Drinking water and wastewater system requirements.
The group will work with the U.S. Environmental Protection Agency to ensure that the proposed cybersecurity measures are practical and beneficial.
“Foreign adversaries such as Russia and China are using cyberattacks to target critical infrastructure such as water systems,” Crawford said in a press release. “This bill is a more proactive approach to protecting drinking water and wastewater from these types of attacks.”
The bill comes after EPA and National Security Agency officials sent a letter to governors in March urging them to address cybersecurity vulnerabilities in water systems.
“Water and wastewater systems across the United States are suffering as a result of counteracting cyber attacks,” the letter said. “These attacks can disrupt the critical lifeline of clean, safe drinking water and impose significant costs on affected communities.”
FBI Director Christopher Wray said in January that Chinese hackers were targeting critical U.S. infrastructure, including water treatment plants, ports, power grids and pipelines, and may have been present in many critical infrastructure systems, including water supplies. He testified before Congress that there was. For 5 years.
In November, a small water utility in Aliquippa, Pennsylvania was breached by pro-Iranian hackers. Hackers breached a water treatment facility in Florida in 2021, attempting to increase chemicals in the water to dangerous levels.
The proposed bill adopts a strategy similar to that implemented in the U.S. power sector, where North American Electric Power Corporation and the Federal Electric Power Regulatory Commission manage cybersecurity efforts across the nation's power grid. .
The recommendation for a more collaborative approach to cybersecurity in the water and wastewater sector is consistent with President Joe Biden's call for stronger public-private partnerships in his National Cyber Strategy last year.
