![Water Utilities in West Virginia Seek Enhanced Cybersecurity Measures Water Utilities in West Virginia Seek Enhanced Cybersecurity Measures](https://erepublic.brightspotcdn.com/dims4/default/c4f9bce/2147483647/strip/true/crop/882x429+0+101/resize/1440x700!/quality/90/?url=http%3A%2F%2Ferepublic-brightspot.s3.us-west-2.amazonaws.com%2Ffd%2F87%2F13574f9cb9d2c20242a3ab4db323%2Fshutterstock-501781486.jpg)
(TNS) — An association representing 28 water utilities statewide is concerned that the Public Service Commission’s recent cyber threat vulnerability assessment order may inadvertently pose threats to its cybersecurity.
The West Virginia Municipal Water Quality Association, in its recent letter to the PSC, said the PSC’s May 16 order is mistakenly based in part on federal EPA guidance that the EPA withdrew following a multistate court challenge. .
The association asks the PSC to modify its order. It then adds, “We also respectfully request that the PSC consider consulting with the state’s public water systems before issuing orders that have broad and potentially unintended implications on issues as important as cybersecurity.”
On May 16, the PSC ordered all water and sewer companies to conduct a cyber threat vulnerability assessment within 60 days. The order was issued as “a general investigation to examine the cybersecurity of the water and sewer system.”
In the order, the PSC said: “In accordance with the National Primary Drinking Water Regulations, states must conduct periodic sanitary surveys of water utilities.”
And, “The Federal Environmental Protection Agency (EPA) interprets regulations regarding health surveys to include an evaluation of the cybersecurity adequacy of any operational technology used in the production and distribution of drinking water.”
The association considers the PSC’s statement in the second sentence incorrect. Technically, the EPA’s interpretation came in a separate memo issued on the same day as the guidance, March 3, 2023.
Most importantly, the association said, a federal court suspended the EPA’s cybersecurity review requirement.
In addition to holding states accountable for whether water systems in those states had adequate security, the states said: “Public water systems expressed concern that EPA’s requirement to include cybersecurity reviews in health studies could have the unintended effect of compromising security and exposing sensitive data.” information.”
They agreed on the need for cybersecurity, the association said, but thought the EPA should take a more cautious approach.
EPA then rescinded the memorandum with the interpretation that the PSC referred to in its order. That is why the association asks the PSC to eliminate that sentence from its order.
On a more encouraging note, he added, “WVMWQA members would welcome the opportunity to share their practical experience with cybersecurity and other issues. Such collaboration would play a beneficial role in supporting and informing PSC decisions.”
The association told the PSC that a federal representative from the Cybersecurity and Infrastructure Security Agency will attend its June 13 meeting and invited the PSC to send someone to join the discussion as well.
Members of the association include the Morgantown Board of Public Utilities, the cities of Fairmont and Bridgeport and the Clarksburg Sanitary Board.
2024 The Dominion Post (Morgantown, West Virginia). Distributed by Tribune Content Agency, .
Keynote USA
For the Latest Local News, Follow Keynote USA Local on Twitter.