EPA \u2018urgently\u2019 needs to step up cybersecurity assistance for the water sector, GAO says | CyberScoop<\/title> <meta name=\"description\" content=\"The watchdog said the agency lacks "cybersecurity-related goals, objectives, activities, and performance measures."\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/epa-water-cyber-gao-report\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"EPA \u2018urgently\u2019 needs to step up cybersecurity assistance for the water sector, GAO says\"> <meta property=\"og:description\" content=\"The watchdog said the agency lacks "cybersecurity-related goals, objectives, activities, and performance measures."\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/epa-water-cyber-gao-report\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-08-01T21:06:17+00:00\"> <meta property=\"article:modified_time\" content=\"2024-08-01T21:06:18+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-5.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1303\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Christian Vasquez\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@chrismvasq\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1721926675g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1721767167g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1721764637g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/81274\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=81274\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fepa-water-cyber-gao-report%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fepa-water-cyber-gao-report%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-81274 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/epa-water-cyber-gao-report\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.952380952381\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2024 CyberScoop 50 awards! <\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/vote\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"27.026651216686\">\n<div class=\"single-article__header-content\" readability=\"31.79766536965\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/cybersecurity\/\"> <span>Cybersecurity<\/span> <\/a> <\/li>\n<\/ul>\n<p> The watchdog said the agency lacks “cybersecurity-related goals, objectives, activities, and performance measures.” <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"434\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says.jpg?resize=640%2C434&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-5.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-5.jpg?resize=300,204 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-5.jpg?resize=768,521 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-5.jpg?resize=1024,695 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-5.jpg?resize=1536,1042 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-5.jpg?resize=600,407 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-5.jpg?resize=248,168 248w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-5.jpg?resize=497,337 497w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-5.jpg?resize=995,675 995w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-5.jpg?resize=1242,843 1242w\" sizes=\"(max-width: 995px) 100vw, 995px\"><figcaption> OAKLAND, CALIFORNIA – MARCH 20: In an aerial view, pools of water are visible at the East Bay Municipal Utility District Wastewater Treatment Plant on March 20, 2024 in Oakland, California. The Biden administration and the Environmental Protection Agency (EPA) are warning states of possible cyberattacks on water systems after recents attacks including one by the Cyber Av3ngers, a group linked to the Iran’s Islamic Revolutionary Guard Corps, that targeted internet-facing programmable logic controllers at Pennsylvania\u2019s Municipal Water Authority of Aliquippa. (Photo by Justin Sullivan\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"59.503873824018\"><body readability=\"121.03037383178\"><\/p>\n<p>The Environmental Protection Agency is falling far behind on some of the basic duties that come with its responsibilities as the federal lead for helping the water and wastewater sector fight against hackers amid increasing state-backed hacks, a new government watchdog report found.<\/p>\n<p>The Government Accountability Office said in a <a href=\"https:\/\/www.gao.gov\/products\/gao-24-106744\">report<\/a> on the cybersecurity threats facing the sectors that the EPA \u201curgently\u201d needs to develop a national strategy in order to address myriad cyber risks. The water sector itself has difficulty \u201cdeveloping a cybersecurity culture,\u201d the GAO report noted, and that has seemingly led to a lack of basic cyber hygiene, which is further exacerbated by scarce resources for digital protections as the costs of maintaining the physical infrastructure increase.<\/p>\n<p>The water sector has significant challenges in the past few years: Iranian-linked hackers <a href=\"https:\/\/cyberscoop.com\/cyber-av3ngers-israel-iran\/\">defaced<\/a> Israeli-made industrial equipment at a Pennsylvania water facility, Chinese state hackers dubbed Volt Typhoon <a href=\"https:\/\/cyberscoop.com\/fbi-warns-china-preparing-for-disruptive-attacks\/\">burrowed<\/a> into U.S. water systems with malicious intent, and a Russian nationalist hacktivist group with ties to Moscow\u2019s Main Intelligence Directory military unit <a href=\"https:\/\/cyberscoop.com\/treasury-sanctions-russia-hacktivist-water\/\">hacked<\/a> into Texas water facilities. While the Biden administration has made protecting the water sector a <a href=\"https:\/\/cyberscoop.com\/epa-water-threats-governors\/\">key cybersecurity priority<\/a>, the sector has pushed back heavily against <a href=\"https:\/\/cyberscoop.com\/epa-calls-off-cyber-regulations-for-water-sector\/\">regulatory mandates<\/a> to improve cyber defenses.<\/p>\n<p>The GAO said the EPA has yet to conduct a sector-wide risk assessment and does not use a risk-informed strategy to guide its actions as the sectors\u2019 risk management agency. This means that when the agency is making decisions to help the water sector mitigate cyber risk, it\u2019s missing a \u201cbasic underpinning for managing federal programs,\u201d the GAO noted.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>\u201cEPA officials said they have assessed threats, vulnerabilities, and consequences, but have not integrated this work in a comprehensive assessment. Without a risk assessment and strategy to guide its efforts, EPA has limited assurance its efforts address the highest risks,\u201d the GAO report stated. \u201cA sector-wide risk assessment could help EPA identify the highest risks that its programs should address and prioritize actions to address those risks.\u201d<\/p>\n<p>EPA officials told the GAO that the agency does support risk and resilience assessments for community water systems, but the watchdog noted that those assessments only apply to water systems serving more than 3,300 people. Additionally, assessment results and reviews are anonymized before the EPA receives data, meaning the information is not \u201ccomprehensive enough\u201d to help the agency develop a nation-level assessment.<\/p>\n<p>The GAO also pointed out that the EPA has not formally identified \u201ccybersecurity-related goals, objectives, activities, and performance measures.\u201d For instance, EPA officials said that the agency wants 100% of systems with particular technologies like remote monitoring to have a cybersecurity program. Unfortunately, the report noted that the agency \u201chas not identified those systems, prioritized steps for achieving a 100% goal, or identified milestones it hopes to achieve to gauge progress towards that goal.\u201d Agency officials noted the <a href=\"https:\/\/www.epa.gov\/enforcement\/national-enforcement-and-compliance-initiatives\">compliance initiative<\/a> that looks to have a 100% rate with risk assessment and emergency response plans, but that\u2019s a general goal and lacks a specific cybersecurity-related focus, the report said.<\/p>\n<p>Additionally, the EPA has not formally defined basic roles, responsibilities, or even how to coordinate efforts across the sector, the report said. A senior official at the Cybersecurity and Infrastructure Security Agency told the watchdog that the EPA has yet to communicate priorities or how coordination works with a sector that has many different entities, like municipalities or trade associations. Conversely, the report also noted that a DHS Office of Inspector General report found that CISA has not \u201ccollaborated with EPA to integrate CISA\u2019s cybersecurity expertise with EPA\u2019s water expertise.\u201d<\/p>\n<p>EPA officials told the watchdog that the <a href=\"https:\/\/cyberscoop.com\/cisa-cyber-reporting-circia-2024\/\">cyber reporting law<\/a> is unlikely to require more than 80 percent of the water and wastewater systems from alerting the government as many come from state, local and municipal governments which are exempt.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Additionally, the GAO report said the EPA\u2019s tool to help drinking water systems assess vulnerabilities and resilience to cyberattacks has never been submitted for an external peer review. The report noted that EPA\u2019s own guidance states that scientific peer reviews help ensure decisions are based on a \u201csound, credible basis.\u201d A recent update to the tool in March was also not subjected to peer review, the report noted.<\/p>\n<p>\u201cOfficials did not elaborate on why the agency was not planning to have these changes peer reviewed,\u201d the GAO wrote.<\/p>\n<p>The GAO recommended that the agency assess the risk of the sector, develop and implement a national strategy, and evaluate the authorities to carry out any sector risk mitigation responsibilities. EPA concurred with all of the recommendations and said it plans to complete the risk assessment by January 2025, while a peer review of the risk tool will begin in November and the examination of legal authorities will be completed next year. Recently, the White House issued a <a href=\"https:\/\/cyberscoop.com\/biden-national-security-memorandum-critical-infrastructure\/\">critical infrastructure memorandum<\/a> that required all agencies with sector risk management responsibilities to go over their authorizations and budget and make a case for additional resources if needed.<\/p>\n<p>The EPA has had a hard time with the sector. In October 2023, the agency <a href=\"https:\/\/cyberscoop.com\/epa-calls-off-cyber-regulations-for-water-sector\/\">shelved<\/a> a memo that would require cybersecurity audits for water utilities through sanitation surveys, following pushback from states for what they saw as the administration stepping on their authority.<\/p>\n<p>The agency has also had trouble with voluntary approaches to implementing cybersecurity practices, the GAO said, citing one example where developing cybersecurity performance metrics was difficult because the sector resisted providing voluntary baseline information.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>EPA did not provide a response to a request for comment by the time of publication.<\/p>\n<p>The GAO is not the first organization to come to the EPA with a list of improvements. A report out of the Foundation for the Defense of Democracies in 2022 said that the EPA bore the <a href=\"https:\/\/cyberscoop.com\/water-sector-cyberspace-solarium-commission-epa\/\">brunt<\/a> of the blame for lax cybersecurity in the sector. <\/p>\n<p>Meanwhile, some cyber policy wonks and water trade associations have advocated for an industry-led regulatory model similar to the electric sector. In 2020, the Cyberspace Solarium Commission issued a <a href=\"https:\/\/www.solarium.gov\/report\">report<\/a> noting that the agency should be spending around $45 million for cybersecurity alone. But EPA officials reported that the agency appropriated $11.8 million in funding for fiscal year 2023 for its entire risk management responsibilities, including cybersecurity.<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"1.3298153034301\">\n<div class=\"author-card\" readability=\"9\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-1.jpg?w=640&ssl=1\" alt=\"Christian Vasquez\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Christian Vasquez<\/h4>\n<p> Christian covers industrial cybersecurity for CyberScoop News. He previously wrote for E&E News at POLITICO covering cybersecurity in the energy sector. Reach out: christian.vasquez at cyberscoop dot com <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"20.292022792023\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/bidens-cybersecurity-legacy-a-big-shift-to-private-sector-responsibility\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"506\" height=\"337\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-2.jpg?resize=506%2C337&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-6.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-6.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-6.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-6.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-6.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-6.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-6.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-6.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-6.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-6.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\"> <\/a><figcaption class=\"screen-reader-text\"> U.S. President Joe Biden speaks from the Oval Office of the White House on July 24. (Photo by Evan Vucci-Pool\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"2.9735682819383\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/bidens-cybersecurity-legacy-a-big-shift-to-private-sector-responsibility\/\"> Biden\u2019s cybersecurity legacy: \u2018a big shift\u2019 to private sector responsibility <\/a> <\/h3>\n<p> Over the course of his term, Joe Biden has presided over an ambitious agenda on regulation and more, to both praise and criticism. <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/tim-starkscyberscoop-com\/\"> Tim Starks <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/hearing-cyber-regulations-harmonization\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-3.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-7.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-7.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-7.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-7.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-7.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-7.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-7.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-7.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-7.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-7.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> The US Capitol in Washington, DC, on June 29, 2022. (Photo by MANDEL NGAN\/AFP via Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/hearing-cyber-regulations-harmonization\/\"> Banking, oil and IT industry reps call on Congress to harmonize cyber regulations \u2026 again <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/cvasquez\/\"> Christian Vasquez <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/cokers-top-priorities-federal-cohesion-cyber-workforce-other-hard-problems\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-4.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-8.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-8.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-8.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-8.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-8.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-8.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-8.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-8.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-8.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says-8.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> In this handout image provided by CYBERUK, Harry Coker, National Cyber Director speaks during the CYBERUK 2024 at Birmingham ICC Arena on May 14 in Birmingham, England. (Photo by Matthew Horwood for CYBERUK via Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/cokers-top-priorities-federal-cohesion-cyber-workforce-other-hard-problems\/\"> Coker\u2019s top priorities: Federal cohesion, cyber workforce, other \u2018hard problems\u2019 <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/tim-starkscyberscoop-com\/\"> Tim Starks <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/epa-water-cyber-gao-report\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>EPA \u2018urgently\u2019 needs to step up cybersecurity assistance for the<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[413,78,452,859,117,439,1066],"tags":[415,86,454,862,119,443,1067],"class_list":["post-4663","post","type-post","status-publish","format-standard","hentry","category-critical-infrastructure","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-environmental-protection-agency-epa","category-government","category-policy","category-water-sector","tag-critical-infrastructure","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-environmental-protection-agency-epa","tag-government","tag-policy","tag-water-sector"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/critical-infrastructure\/\" rel=\"category tag\">critical infrastructure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/environmental-protection-agency-epa\/\" rel=\"category tag\">Environmental Protection Agency (EPA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/government\/\" rel=\"category tag\">Government<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/policy\/\" rel=\"category tag\">Policy<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/water-sector\/\" rel=\"category tag\">water sector<\/a>","tag_info":"water sector","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4663","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=4663"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/4663\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=4663"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=4663"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=4663"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":4663,"date":"2024-08-01T16:06:17","date_gmt":"2024-08-01T21:06:17","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=81274"},"modified":"2024-08-01T16:06:17","modified_gmt":"2024-08-01T21:06:17","slug":"epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/08\/01\/epa-urgently-needs-to-step-up-cybersecurity-assistance-for-the-water-sector-gao-says\/","title":{"rendered":"EPA \u2018urgently\u2019 needs to step up cybersecurity assistance for the water sector, GAO says"},"content":{"rendered":"