Critical Infrastructure Security, Government Regulations

More stringent water cybersecurity standards mulled in New York

Aerial view of water treatment factory at city wastewater cleaning facility. Purification process of removing undesirable chemicals, suspended solids and gases from contaminated liquid.

StateScoop reports that mounting cybersecurity threats against water and wastewater utilities have prompted New York Gov. Kathy Hochul to unveil proposed cybersecurity requirements, as well as a $2.5 million grant program that would help achieve adherence to such regulations.

Under the proposed rules, water utilities across the state that provide services to over 3,300 individuals would be mandated to not only create formal cybersecurity programs and perform yearly cybersecurity vulnerability evaluations but also establish incident response plans and comply with incident reporting requirements. On the other hand, utilities with over 50,000 customers would be required to have a designated cybersecurity program and network monitoring and logging leader. Such a move was noted by New York Chief Cyber Officer Colin Ahern to be part of ongoing efforts to bolster statewide cybersecurity. "People would probably be surprised that no one is requiring these utilities yet to do things like have an incident response plan, put multifactor authentication on remote access, identify vulnerabilities in a timely manner according to the risk assessment," said Ahern, who also sought increased federal government intervention in cybersecurity initiatives.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds