Hearings to examine identifying and addressing cybersecurity challenges to protect America's water infrastructure.
Committee on Environment and Public Works
2026-02-04
Source: Congress.gov
Summary
No summary available.
Participants
Transcript
?
Unknown
Today we'll examine the change, excuse me, the challenges facing drinking water and wastewater systems to install, implement, and maintain adequate cybersecurity, as well as trying to identify opportunities to address these challenges through new legislation. First, I want to thank our excellent panel of witnesses for making the trip to DC and to share their perspectives on this important topic. Your work to enhance the resilience of our water and wastewater systems is incredibly important to Americans' health and daily lives. There are approximately, this number is stunning really, 170,000 water and wastewater utilities across the country. These utilities fill a vital role in ensuring that communities across the country have access to safe and reliable water and sanitation services. I know in the audience we have several of our water system utility folks here, so shout out to my fellow West Virginians. Accessible and reliable water and wastewater services are essential to protect public health and provide fundamental services to our constituents. These services can also be a foundational basis for a strong economy and a strong America. Because of the important role our water systems play in our country, they are unfortunately a target for bad actors. Over the last several years, we've seen a broad trend of entities linked to our geopolitical adversaries, such as Iran, China, Russia, using cyber attacks to target our critical water infrastructure. Cyber attacks on water utilities may take various forms. For example, ransomware attacks can compromise business or customer information. Attackers can also gain access and then manipulate a system's operational technology, disrupting the treatment or distribution of water or altering the levels of chemicals to potentially dangerous amounts. Either way, a successful attack that disrupts safe and reliable water or sanitation services or exposes sensitive customer data could be debilitating for impacting communities.
These threats must be acknowledged and challenged, particularly as technological advances such as AI increase the speed and efficiency of these attacks. The rise in cyber attacks is occurring at the same time as our water and wastewater systems deploy new digital control technologies. I've seen some of them myself. Systems that allow utilities to operate more efficiently and effectively. As we look to upgrade and modernize our water systems in the face of these threats, it is more urgent for our utilities, federal agencies, and water sector and cybersecurity experts to work together to increase that system resiliency. Increasing water system resiliency requires us to take a clear-eyed look at the many challenges and shortcomings that our utilities are facing. Legacy systems are difficult to maintain and update. Workforce shortages limit in-house expertise, and fulfilling basic cybersecurity hygiene practices requires consistent monitoring and communication. For instance, in 2024, the Environmental Protection Agency identified instances where some water systems utilized a single login for all their employees, failed to change default passwords, or did not curtail the ability of former employees to access the systems. While we work to improve the resiliency of our critical infrastructure from cyber attacks, solutions to address cybersecurity must be deliberate and tailored to reflect the challenges faced by utilities in different sizes and location. A one size fits all mandate from the federal government will likely be overly burdensome and unworkable, particularly for our smaller systems, and can hinder utilities' ability to take achievable steps towards meaningful progress. Water and wastewater systems across our nation are already grappling with how to prioritize limited resources while meeting federal and state requirements under the Clean Water Act and Safe Drinking Water Act.
Costly requirements can distract from the core mission of providing safe, reliable, and affordable services to the American people. In addressing these cyber challenges, we must strike the right balance between the role of the federal agencies and empowering local utilities to address their challenges and improve their cybersecurity at their own facilities. Due to the constantly evolving technological environment that we live in, Addressing this challenge will require innovative solutions that enable utilities to adapt and respond to quickly changing circumstances. Building and maintaining resilience among cyber threats is not a one and done event. It is ongoing and ever evolving. We should not rely on one specific technological advances as the silver bullet solution or have blinders on when it comes to envisioning or preparing to address potential threats. Look forward to the discussion today, learning how we can be better partners with our water utilities to identify cybersecurity threats and provide a flexible toolkit going forward. So I now recognize Ranking Member Whitehouse for his opening statement. Thank you, Chair Capito, for convening us on another important topic, and thank you to our witnesses for being here.
Sign up for free to see the full transcript
Accounts help us prevent bots from abusing our site. Accounts are free and will allow you to access the full transcript.