Prioritization Framework for Technical Cybersecurity Support to Public Water Systems

In May 2022 EPA submitted a Report to Congress titled Prioritization Framework for Technical Cybersecurity Support to Public Water Systems. The Infrastructure Investment and Jobs Act required EPA, in coordination with the Cybersecurity and Infrastructure Security Agency (CISA), to develop a Prioritization Framework and Support plan for those public water systems (and their source water) that would lead to significant impacts on the health and safety of the public if detrimentally impacted by a cybersecurity attack.  The Prioritization Framework, EPA incorporated consideration of four criteria whether: (1) cybersecurity vulnerabilities for a public water system have been identified in the SDWA; (2) the capacity of a public water system to remediate a cybersecurity vulnerability without additional Federal support; (3) the public water system serves a defense installation or critical national security asset; and (4) the public water system would cause a cascading failure of other critical infrastructure.