The testimony from water and wastewater systems officials at the House Energy and Commerce subcommittee on environment, manufacturing, and critical materials on Wednesday highlighted the growing cybersecurity risks facing the sector. According to officials, small and rural water systems across the United States are lacking the necessary funding and technical expertise to adequately address and mitigate cyber threats, leaving the sector vulnerable to both domestic and foreign attacks.
Rick Jeffares, president of the Georgia Rural Water Association, emphasized that state employees and local agencies are not equipped with the resources and expertise to enforce cybersecurity measures while handling their existing workloads. This lack of financial resources and in-house expertise has left most rural utilities unable to defend themselves against cyberattacks, creating a significant disparity in the sector’s ability to combat these threats.
The Cybersecurity and Infrastructure Security Agency (CISA) recently described the water sector as a “target-rich, resource-poor” industry due to limited financial and technical resources available for many of the nation’s more than 150,000 public water systems, particularly those in small and rural communities.
Although the Infrastructure Investment and Jobs Act of 2021 authorized $250 million over five years for an Environmental Protection Agency initiative to provide grant assistance to public water systems serving communities of 10,000 or more people to support projects aimed at reducing cybersecurity risks, Congress has only appropriated $5 million for the program. this has significantly limited the number of water systems that are able to access these resources and enhance their cyber defenses.
Government watchdogs have urged the federal government to better synchronize its efforts in improving water and wastewater cybersecurity, particularly in light of recent cyberattacks targeting U.S. water facilities. A surge in cyberattacks, including an incident involving an Iranian hacking group known as “Cyber Av3ngers,” has raised concerns about the sector’s ability to withstand and recover from such attacks.
One of the key concerns highlighted during the testimony was the lack of dedicated funding to expedite technology upgrades and address the digital divide in water systems. Kevin Morley, manager of federal relations for the American Water Works Association, emphasized the need for support to expedite these technology upgrades and fulfill the sector’s commitment to the communities it serves.
The hearing shed light on the urgent need for increased funding, technical expertise, and comprehensive cybersecurity measures to better protect the water and wastewater sector from evolving cyber threats. As officials and experts continue to advocate for enhanced cybersecurity initiatives and funding, the sector remains at risk, making it essential to prioritize and address these challenges for the protection of critical infrastructure and public health.