EPA Increases Enforcement Activities to Ensure Drinking Water Systems Address Cybersecurity Threats

On Monday (5/20), EPA released an enforcement alert for water systems to address cybersecurity threats, given the increasing number and severity of these threats. This enforcement alert provides community water systems (CWSs) with information on immediate steps they can take to ensure compliance with SDWA Section 1433 and to reduce cybersecurity vulnerabilities. SDWA Section 1433 requires CWSs serving greater than 3,3000 people to conduct a risk and resiliency assessment (RRA), to update their emergency response plan (ERP) based on what was learned in the RRA process, to certify to EPA that both have been completed, and then update both the RRA and ERP every fine years. EPA is in the process of conducting inspections of systems across the country, and during these inspections, the Agency has found that over 70% of the systems inspected by EPA since September 2023 are in violation of basic SDWA 1433 requirements including missing specific sections of the RRA and ERP.