An official website of the United States government
The .gov means it's official.
The site is secure.
View Rule
| View EO 12866 Meetings | Printer-Friendly Version Download RIN Data in XML |
| EPA/OW | RIN: 2040-AG20 | Publication ID: Fall 2021 |
| Title: ●Cybersecurity in Public Water Systems | |
|
Abstract:
EPA is evaluating regulatory approaches to ensure improved cybersecurity at public water systems. EPA plans to offer separate guidance, training, and technical assistance to states and public water systems on cybersecurity. This action will provide regulatory clarity and certainty and promote the adoption of cybersecurity measures by public water systems. |
|
| Agency: Environmental Protection Agency(EPA) | Priority: Other Significant |
| RIN Status: First time published in the Unified Agenda | Agenda Stage of Rulemaking: Final Rule Stage |
| Major: No | Unfunded Mandates: No |
| CFR Citation: 40 CFR 142.16 40 CFR 142.2 | |
| Legal Authority: 5 U.S.C. 553(b)(3)(A) | |
|
Legal Deadline:
None |
||||||
|
Statement of Need: A cyber-attack can degrade the ability of a public water system to produce and distribute safe drinking water. The risk of a cyber-attack can be reduced through the adoption of cybersecurity best practices by public water systems. Sanitary surveys, which states, tribes, or the EPA typically conduct every 3 to 5 years on all public water systems, should include an evaluation of cybersecurity to identify significant deficiencies. EPA recognizes, however, that many states currently do not assess cybersecurity practices during public water system sanitary surveys. This action is necessary to convey to states that EPA interprets existing regulations for public water system sanitary surveys as including the possible identification of significant deficiencies in cybersecurity practices. |
||||||
|
Summary of the Legal Basis: The Administrative Procedure Act exempts interpretive rules from its notice and comment requirements. 5 U.S.C. section 553(b)(3)(A). The term is not defined in the APA, but the Attorney General’s Manual on the APA, often considered to be akin to legislative history, describes them as “rules or statements issued by an agency to advise the public of the agency’s construction of the statutes and rules which it administers.” |
||||||
|
Alternatives: Provide guidance to states, tribes, and EPA on evaluating cybersecurity practices during public water system sanitary surveys without issuing an interpretive rule. |
||||||
|
Anticipated Costs and Benefits: This action is an interpretation of existing responsibilities under current regulations. It establishes no new regulatory requirements and, hence, has no regulatory costs or benefits. |
||||||
|
Risks: The purpose of this action is to reduce the risks associated with cyber-attacks on public water systems. Because this action is not establishing new regulatory requirements, EPA has not quantified costs and benefits for it. Accordingly, EPA has not estimated the current level of risk or the possible reduction in risk due to this action. |
||||||
Timetable:
|
| Additional Information: . | |
| Regulatory Flexibility Analysis Required: No | Government Levels Affected: Undetermined |
| Federalism: No | |
| Included in the Regulatory Plan: Yes | |
| Sectors Affected: 924110 Administration of Air and Water Resource and Solid Waste Management Programs | |
| RIN Data Printed in the FR: No | |
|
Agency Contact: Stephanie Flaharty Environmental Protection Agency Office of Water 4601M, 1200 Pennsylvania Avenue NW, Washington, DC 20460 Phone:202 564-5072 Email: flaharty.stephanie@epa.gov |
|
|
Reginfo.gov
An official website of the U.S. General Services Administration and the Office of Management and Budget