Significant lapses by the Environmental Protection Agency in helping defend the U.S. water and wastewater sector against increasingly rampant cybersecurity threats have prompted the Government Accountability Office to urge the agency's immediate development of a national cyber strategy, CyberScoop reports.
Aside from failing to perform risk assessments for the water and wastewater sector, the EPA has not also determined cybersecurity-related objectives, goals, activities, and performance measurements, as well as key roles and efforts coordination measures for the industry, according to the GAO report. The EPA has also failed to submit its tool for evaluating drinking water system vulnerabilities to an external peer review, which was required in the agency's guidance.
"EPA officials said they have assessed threats, vulnerabilities, and consequences, but have not integrated this work in a comprehensive assessment. Without a risk assessment and strategy to guide its efforts, EPA has limited assurance its efforts address the highest risks," said the report, whose recommendations have been agreed upon by the agency that committed to conducting risk evaluations by January.
