(844) 627-8267
(844) 627-8267

Biden administration water cybersecurity plan temporarily blocked | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

By Clark Mindock

July 12 (Reuters) – A U.S. appeals court on Wednesday temporarily blocked a Biden administration plan to improve cybersecurity for public water systems, after Republican-led states complained it would thrust burdensome costs on small and rural water suppliers.

The 8th U.S. Circuit Court of Appeals in St. Louis issued a stay temporarily suspending the U.S. Environmental Protection Agency (EPA) cybersecurity plan while a legal challenge filed by the state attorneys general of Missouri, Arkansas and Iowa runs its course.

The EPA’s plan announced on March 3, which it called “guidance,” meaning it was non-binding, recommended a series of novel rules placing more responsibility for securing water facilities at the state level. The agency issued the plan following several high-profile hacking incidents in recent years.

Arkansas Attorney General Tim Griffin said in a statement on Wednesday that he is pleased with the court’s decision and that he believes the EPA doesn’t have the authority to impose the rules.

A spokesperson for the National Rural Water Association, which intervened in the lawsuit challenging the EPA plan alongside the American Water Works Association, said in a statement that it supports enhanced cybersecurity, but that the EPA plan would be too burdensome for small water systems.

The EPA did not immediately respond to a request for comment.

Security experts say the water sector has long been seen as vulnerable to cyberattacks, which could cause shortages or dangerously increase the concentration of chemicals normally used to treat drinking water.

In March 2019, a terminated employee at a Kansas-based water facility used his old computer credentials to remotely take systems offline, a Biden administration official said when the plan was announced.

The Republican-led states filed their lawsuit in April, saying the EPA does not have the authority to force cybersecurity assessment responsibilities onto states and local water suppliers.

The lawsuit said the memo creates costly legal obligations, even though the EPA has referred it as only guidance. (Reporting by Clark Mindock; Editing by Alexia Garamfalvi and Bill Berkrot)


Click Here For The Original Source.

National Cyber Security