WASHINGTON – U.S. Senator John Boozman (R-AR) is advocating for improved cybersecurity education to strengthen core physical infrastructure systems and prevent attacks on critical industries.

In a Senate Environment and Public Works (EPW) Committee hearing examining potential cybersecurity dangers, Boozman pressed witnesses about the tools available to mitigate cybersecurity attacks on small and medium utility systems.

“Is this an issue of a lack of resources and tools for small and medium systems or is it a lack of awareness of the tools already available?” Boozman asked witnesses.

Boozman has been a reliable advocate for improvements to water and wastewater systems. In April, with Boozman’s support, the EPW Committee advanced the Drinking Water and Waste Water Infrastructure Act (DWWIA) of 2021 which contains a number of cybersecurity provisions including:

• Section 101 Technical Assistance and Grants for Emergencies Affecting Public Water Systems - Requires the U.S. Environmental Protection Agency (EPA) Administrator to evaluate the compliance of community water and wastewater systems with environmental, health and safety requirements. As part of this evaluation DWWIA requires the Administrator to consider emergency situations resulting from a cybersecurity event.

• Section 112 Advanced Drinking Water Technologies - Requires the EPA Administrator to carry out a study and issue a report to Congress examining the state of existing and potential future technology, including technology that could address cybersecurity vulnerabilities.

• Section 113 Cybersecurity Support for Public Water Systems - Requires the EPA to develop a prioritization framework to identify public water systems that, if degraded or rendered inoperable due to a cybersecurity incident, would lead to a significant impact on the health and safety of the public. This section also requires the EPA to establish a Technical Cybersecurity Support Plan for public water systems. This would allow the EPA to prioritize water systems most at-risk of a cyberattack and provide assistance to reduce vulnerabilities.