EPA abandons regulation requiring cybersecurity review in water system inspections following a court dispute.
The Environmental Protection Agency (EPA) has announced the rescission of a March memorandum that required public water systems to include cybersecurity in their periodic system audits. This decision comes after a legal challenge from Missouri, Arkansas, and Iowa, and the subsequent stay by the 8th U.S. Circuit Court of Appeals in July.
The senior administration official stated that the Biden administration will continue to use all the tools and resources needed to secure the water sector and all sectors to ensure the continuity of services. The EPA's focus on securing critical infrastructure, including actions on rail, aviation, and pipelines, will also extend to the protection of water.
The EPA's memo was one of the earliest sector-specific actions taken by the Biden administration in the rollout of its national cybersecurity strategy. The agency stated that cybersecurity represents a serious and increasing threat to drinking water and wastewater utilities.
The rescission of the memorandum has been met with approval from the American Water Works Association and the National Rural Water Association. However, the specific reasons behind the EPA's decision to rescind the memorandum are not publicly available as of August 2025. Sources consulted for this article did not provide detailed explanations regarding the EPA's reasoning.
Despite the rescission, the EPA remains committed to using available tools and resources to help protect communities from the increasing number and severity of cyberthreats facing water systems. Corporate stakeholders, particularly those in the water industry, may be interested in understanding the risk calculus of their technology stacks, addressing the question of whether they are a potential target.
As the EPA continues to work on securing critical infrastructure, it is essential for all parties involved to stay informed about the agency's policies and actions. Consulting official EPA announcements or regulatory archives directly or reviewing specialized news sources focused on EPA policies and water system cybersecurity may be necessary for those seeking more detailed information.
[1] [Source 1] [2] [Source 2] [3] [Source 3] [4] [Source 4] [5] [Source 5]
- The Biden administration recognizes the significance of cybersecurity in both water sector and other critical infrastructures, proposing to use Science and Technology to fortify its defenses, ensuring the continuity of services.
- Climate-change and environmental-science have been increasingly pertinent in determining the vulnerabilities of water systems to cyberthreats, necessitating collaboration between the water industry and these disciplines to mitigate risks.
- As the EPA rescinded its memo on water system cybersecurity, it reaffirmed its dedication to combating cyberthreats and has urged all parties to familiarize themselves with relevant updates on EPA policies through official announcements, regulatory archives, and specialized news sources focused on water system cybersecurity.
