The Senate on Thursday approved a bipartisan water infrastructure bill that includes a provision aimed at strengthening the cyber security protections of public water systems in need.
The cyber security provision directs the Environmental Protection Agency (EPA) to work with the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) to develop a framework to determine which water utilities across the U.S. need federal help to mitigate cyber risks to their infrastructure.
The Drinking Water and Wastewater Infrastructure Act (S. 914) was approved by a vote of 89 to 2.
The cyber provision also calls for EPS and CISA on a cyber security support plan that establishes timelines for providing specific services such as penetration testing, vulnerability and risk assessments to local governments.
The provision was authored by Democrat Sen. Gary Peters (Mich.), chairman of the Homeland Security and Governmental Affairs Committee, and is meant to thwart the kind of attack that occurred last year where cyber intruders were able to manipulate chemicals at a local water plant in Florida to dangerous levels before being detected. Public safety was not jeopardized in the incident.
“Thousands of local water systems across the country continue to face cybersecurity risks that could compromise the safety of our drinking water,” Peters said in a statement. Last year’s incident in Florida shows that the federal government needs to step up our efforts to help local communities better protect themselves from these potentially catastrophic attacks.”
The water infrastructure protection measure follows another piece of cyber legislation introduced last week by Peters and Sen. Rob Portman (R-Ohio), the ranking member on the committee, that would establish a Cyber Response and Recovery Fund for CISA to use to support public and private entities in their response to significant cyberattacks and breaches.
The Biden administration earlier this month released a federal budget framework for fiscal year 2022 that shows it plans to request $20 million for a Cyber Response and Recovery Fund. Such a fund has received bipartisan support in Congress.
The Peters and Portman Cyber Response and Recovery Act would require DHS to work with the White House National Cyber Director to declare a significant cyber incident, triggering a response by CISA to coordinate a response by federal and non-federal authorities. The bill also would authorize $20 million over seven years for the fund.