The Environmental Protection Agency's (EPA) rush to push billions of dollars of grant assistance to recipients has created the potential for devastating cyberattacks and intellectual property theft on water/wastewater systems, according to a recent Bloomberg report.
EPA Assistant Inspector General Jason Abend has noted several factors contribute to this issue:
- many grant recipients, including municipalities, researchers and social justice groups are unfamiliar to the EPA;
- the lack of information sharing between EPA's investigative and cybersecurity branches is weak; and
- the EPA's own grant application process doesn't require relationships with foreign entities to be revealed.
According to Abend, "The exact size of the problem is "unquantifiable," because grant recipients aren't required to report the kind of information that would let the EPA assess the risk."
Further, despite recent efforts to improve their cybersecurity, most of the nation's water and wastewater facilities still lag far behind other sectors of the nation's critical infrastructure in terms of cybersecurity, recovery and resilience. According to David Travers, Director of the EPA's Water Infrastructure and Cyber Resilience Division, these vulnerabilities have encouraged state-sponsored and criminal actors who have "stolen valuable financial data and customer information, destroyed essential information networks and disabled communications systems."
The EPA's Office of Research and Development, which oversees and administers most of the agency's research grants, has acknowledged these difficulties and is now requiring recipients to disclose support from foreign entities, and grant investigators are required to certify recipient information is truthful and complete. Additionally, information sharing has become a focus of the agency, particularly between the EPA's Office of Cybersecurity and its Office of Inspector General.
Nonetheless, given the determination and aggressiveness of our nation's adversaries, are these measures too little, too late?
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.