The Environmental Protection Agency will be issuing a rule to extend its sanitary reviews of critical water systems to include cybersecurity, according to Anne Neuberger, the White House’s deputy national security advisor for cybersecurity and emerging technology.
During a Center for New American Security event on July 28, Neuberger explained it’s important to have the authority to mandate cybersecurity as many water systems remain manual. As these systems are modernized to “ensure sensors are added in, to ensure cybersecurity is baked in,” Neuberger said clear authority will be crucial.
“One of the things we’ve learned is that public-private partnerships are effective, and I mentioned the president launched one early in his administration focused on industrial control systems,” Neuberger said. “They’re never going to give us the same level of standards or the same level of confidence as we have when there’s a mandate.”
The White House extended the Industrial Control Systems (ICS) Cybersecurity Initiative to the water sector in January, as part of a larger effort to set cybersecurity baselines for critical infrastructure and protect it from cyber threats.
The administration also has ICS initiatives for the electric and natural gas pipeline subsectors.
“Now is the moment to improve the security of critical infrastructure,” Neuberger said. “Where the Hill is a major partner is on looking at those sectors, which lack authorities or where there’s hesitancy by agencies to move without real Hill backing to do so.”
She added that the White House has started engaging with the Hill and gathering input on “what the right path is to do that.”