Critical Infrastructure Security, Security Staff Acquisition & Development

Water cybersecurity regulations withdrawn

The U.S. Environmental Protection Agency has withdrawn its guidance requiring cybersecurity audits for water utilities across the country following a lawsuit filed by Arkansas, Iowa, and Missouri and supported by trade groups that challenged the viability of water utility cybersecurity regulation in the long term, according to CyberScoop. "While the memorandum is being withdrawn due to litigation, improving cybersecurity across the water sector remains one of EPA's highest priorities. Cybersecurity represents a serious and increasing threat to drinking water and wastewater utilities," said an EPA spokesperson, who also noted that statewide reviews of public water system cybersecurity programs are still being urged by the agency. Such a decision by the EPA was supported by the National Rural Water Association and the American Water Works Association, which have sought the EPA to manage cybersecurity standards co-developed with the industry as part of a co-regulatory model similar to what has been implemented in the electric industry.

Related

Third-party ransomware attack threatens Sweden’s liquor supply

Swedish government-owned liquor retailer Systembolaget, which is the country's lone vendor of alcoholic beverages, has warned of a shortage of some beers, wines, and spirits across the country following a ransomware attack against its distributor Skanlog, which its CEO Mona Zuko has attributed to a North Korean state-sponsored threat operation, according to The Record, a news site by cybersecurity firm Recorded Future.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.