In response to a probe from the Government Accountability Office (GAO), the Environmental Protection Agency (EPA) says it plans to release a national cybersecurity strategy for the water sector in January 2025.
GAO’s Aug. 1 report highlights that the EPA has worked to improve water sector cybersecurity, but that it has failed to identify and prioritize the greatest risks sector-wide – as required by President Biden’s April 30 National Security Memorandum (NSM) on Critical Infrastructure Security and Resilience.
“EPA officials said they have assessed threats, vulnerabilities, and consequences, but have not integrated this work in a comprehensive assessment,” the government watchdog’s 70-page report says. “Without a risk assessment and strategy to guide its efforts, EPA has limited assurance its efforts address the highest risks.”
In comments responding to Thursday’s GAO report, Acting Assistant Administrator for the Office of Water at EPA, Benita Best-Wong, said that the agency will develop a water sector risk assessment and risk management plan that addresses cybersecurity in accordance with President Biden’s April 2024 NSM.
“The water sector risk…
