"The Pennsylvania and Florida hacks came after a lawsuit spurred EPA’s retreat from mandating cybersecurity protections for the water sector."
"Beset by rising costs and regulatory pressures, water utilities have been slow to embrace cybersecurity.
That hit home late last year when hackers with ties to Iran hit water providers in western Pennsylvania and South Florida.
The November attacks came a month after EPA withdrew cybersecurity requirements for the water sector after a lawsuit filed by utility trade groups and Republican state attorneys general.
Richard Mroz, senior adviser at the infrastructure security firm Protect Our Power, said the federal government could play a meaningful role in protecting water supplies from cybercriminals since few states have cybersecurity requirements for the water sector.
“Industry is going to have to work with EPA to have a meaningful cybersecurity regime in place,” said Mroz, a former New Jersey utility regulator. “There’s a need to have this across the country.”"