EPA should develop a comprehensive plan of action to tackle the increasingly common and sophisticated cybersecurity threats facing the water sector, according to a new watchdog report.
Water treatment plants, sewage plants and other infrastructure have fallen victim to a growing number of cyberattacks in recent years. The sector at large has struggled to address the problem through voluntary security initiatives and pushed back on new mandates previously issued by EPA, according to the report from the Government Accountability Office.
EPA needs to do more to determine the full extent of cyber risks facing both the water and wastewater sectors, including through an assessment and national strategy, GAO said.
“Without a risk assessment and strategy to guide its efforts, EPA has limited assurance its efforts address the highest risks,” the independent agency concluded in its report.
