EPA Withdraws Water Sector Cybersecurity Rules Due to Lawsuits

The US Environmental Protection Agency (EPA) has withdrawn cybersecurity rules for public water systems due to lawsuits filed by states and non-profit water associations. The rules would have required states to report on cybersecurity threats in their water system audits. However, the attorney generals of Missouri, Arkansas, and Iowa argued that meeting the requirements would be a financial burden on small towns. The American Water Works Association (AWWA) and the National Rural Water Association (NRWA) joined the lawsuits, questioning the legality of the rules. The EPA withdrew the rules, but organizations in the water sector acknowledge the growing cyber threats and call for a collaborative approach to cybersecurity measures. The US government is taking steps to improve cybersecurity in the water sector, including increased funding for rural water systems and offering vulnerability scanning services to water utilities.