"White House Official: EPA to Issue Cybersecurity Rule for Water Facilities"

According to a key White House official, the Environmental Protection Agency (EPA) will soon include cybersecurity in sanitation reviews of the nation's critical water facilities under a new rule. Because of EPA's "limited" authorities, White House officials previously stated that a voluntary approach, similar to a collaboration to secure Industrial Control Systems (ICS) with the private sector, was required to secure water systems. They stated that they would work with Congress to increase the agency's authority to impose binding cybersecurity rules, similar to those issued by the Transportation Security Administration (TSA) for the pipeline sector. Not everyone agreed with that assessment of the EPA's current remit. However, Deputy National Security Advisor for Cyber and Emerging Tech Anne Neuberger said the White House is still pursuing legislation to strengthen the authority of the EPA and others. Over the next few months, the White House will continue to work with lawmakers, from whom Neuberger said there was a lot of interest and excellent feedbac, to craft legislation that would empower sector-specific risk management agencies to impose cybersecurity mandates on critical infrastructure providers. According to a member of Neuberger's National Security Council staff, who contrasted current appropriation levels for sector-specific agencies with those enjoyed by the more central, but non-regulatory Cybersecurity and Infrastructure Security Agency (CISA), Neuberger feels strongly about Congress providing commensurate resources. This article continues to discuss the EPA including cybersecurity in its sanitation reviews of the nation's critical water facilities. 

NextGov reports "White House Official: EPA to Issue Cybersecurity Rule for Water Facilities"