AWWA testifies on need for collaborative cybersecurity approach
February 22, 2024
AWWA Articles
AWWA testifies on need for collaborative cybersecurity approach
Voicing support for strong and collaborative cybersecurity oversight in the water sector, the American Water Works Association (AWWA) recently testified before two committees of the U.S. House of Representatives about the benefits of an innovative co-regulatory approach.
Following the testimony, AWWA leaders were optimistic that legislation to create a collaborative model would be introduced in the House in the very near future.
“Strong cybersecurity measures are essential to ensuring a cyber incident does not threaten public health,” said AWWA Federal Relations Manager Kevin Morley in his January 31 testimony before the Environment, Manufacturing, and Critical Materials Subcommittee of the House Energy and Commerce Committee. “Water systems need resources and regulatory oversight designed to mitigate the potential risks from cyberattacks around the clock, every day of the year. This means we need to act now.”
On Feb. 6, Morley also participated on a panel of cybersecurity experts who testified before the Cybersecurity and Infrastructure Protection Subcommittee of the House Homeland Security Committee.
“Drinking water and wastewater systems sustain our way of life and support public health, safety and economic vitality,” he testified. “These systems are robust and resilient but, like all critical infrastructure entities, are not immune to cyber threats. In recognition of this threat, AWWA has actively engaged our members, and the sector at large, in building cybersecurity awareness and providing resources to support the implementation of best practices.”
Morley referenced recent collaborations led by Cybersecurity and Infrastructure Security Agency (CISA), including a stakeholder engagement process facilitated by the Joint Cyber Defense Collaborative (JCDC), which published “Incident Response Guide: Water and Wastewater Systems (WWS) Sector.”
He also stressed the need for a coordinated outreach program supported by the U.S. Environmental Protection Agency, CISA and water sector partners to raise the visibility and awareness of CISA’s Vulnerability Scanning service.
AWWA is joined by several other water sector organizations supporting a governance framework that leverages the technical knowledge of utilities, cybersecurity experts and regulators. These include the National Rural Water Association, the Association of Metropolitan Water Agencies, and the National Association of Water Companies. The introduction of legislation would be an important step in the journey to advancing cybersecurity in the water sector.
AWWA resources help water utilities understand cybersecurity policies, comply with requirements, and implement best practices. They include:
- Water Sector Cybersecurity Risk Management Guidance, a step-by-step guide to protect process control systems from cyberattacks
- Water Sector Cybersecurity Risk Management Tool, which helps utilities develop a cybersecurity risk management strategy and facilitates compliance with cybersecurity provisions included in America’s Water Infrastructure Act of 2018
- Water Sector Risk Management Guidance for Small Systems, a guide to help small utilities serving fewer than 10,000 people improve cybersecurity practices