House introduces bill to establish new cyber risk governing body

Legislation that supports a collaborative approach to to regulating cybersecurity in the water sector was introduced in the U.S. House of Representatives in April. Spearheaded by Reps. Rick Crawford (R-Ariz.) and John Duarte (R-Calif.), H.R. 7922 authorizes an independent, non-federal entity to lead the development of cybersecurity requirements in the sector.

The Water Risk and Resilience Organization (WRRO) Establishment Act would establish a new governing body, the WRRO, with cyber and water-system expertise to develop and enforce cybersecurity requirements for drinking and wastewater systems. The WRRO will work in partnership with the U.S. Environmental Protection Agency (EPA) to ensure cybersecurity measures are both practical and beneficial.

The collaborative approach to cybersecurity has been recommended and endorsed by the American Water Works Association (AWWA) and other water sector organizations.

“Foreign adversaries such as Russia and China have utilized cyber-attacks to target critical infrastructure such as water systems,” Rep. Crawford said. “This bill is a more proactive approach to safeguarding our drinking and wastewater from these types of attacks. These protections are vital at a time where cyber threats are constant and technology is evolving quickly.”

“With the constant threat of cyberattacks by our adversaries, the United States’ water infrastructure must be secured and defended properly,” Rep. Duarte added. “I am proud to help lead this crucial legislation with Rep. Crawford to ensure that our wastewater and drinking water systems are adequately prepared to deal with potential cybersecurity threats.”

This WRRO leverages the technical knowledge of utilities, cybersecurity experts and regulators to implement a comprehensive cybersecurity risk management strategy. Federal oversight and approval of requirements would be provided by the U.S. Environmental Protection Agency, which already regulates drinking water and wastewater utility operations.

“Strong and effective cybersecurity oversight is critical for the water sector,” said American Water Works Association CEO David LaFrance. “Reps. Crawford and Duarte’s vision for a collaborative model that leverages the knowledge of the sector is the right approach for protecting water utilities from cyber-attacks.”

The proposed collaborative approach builds on a similar model that has already been successfully applied in the electric sector. The recommendation also aligns with calls for greater public-private collaboration included in the National Cyber Strategy.

Leave a Reply

Your email address will not be published. Required fields are marked *