Challenges to EPA’s Water Facility Cybersecurity Mandates Successful | Nossaman LLP | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

Despite efforts to stem increasing cyber threats to water systems around the nation, on October 13, 2023, the United States Environmental Protection Agency (EPA) withdrew cybersecurity mandates put in place by the Biden administration after the 8th U.S. Circuit Court of Appeals July decision to place the mandates on hold while court actions continued.

In an attempt to harden clean water and wastewater treatment facilities from cyberattacks, the administration issued an interpretive memorandum in March 2023, that mandated adding cybersecurity assessments as a regular part of sanitary surveys routinely conducted by water systems. The mandate required utilities to repair any cyber vulnerabilities revealed during the surveys. The EPA argued that under the Safe Drinking Water Act, it could use its authority to mandate water treatment facilities to mitigate cyber deficiencies.

However, Attorneys General from Arkansas, Iowa and Missouri challenged the mandate, arguing it was illegal because it was implemented under “interpretive guidance” that would have placed financial and technological pressures on water companies. Because of the months-long litigation, the EPA decided to drop the requirements which were part of a larger administration effort to protect the nation’s critical infrastructure from cyberattacks.


Click Here For The Original Source.

National Cyber Security