The U.S. Environmental Protection Agency (USEPA) recently announced over $9 million in grant funding for midsize and large water systems to help protect drinking water from cybersecurity threats and improve resiliency for extreme weather events. USEPA also published a report highlighting 10 recommendations to strengthen resiliency to cyberattacks in the water sector.
The Midsize and Large Drinking Water System Infrastructure Resilience and Sustainability grant program is authorized by Congress through the Safe Drinking Water Act. USEPA is seeking grant applications from public water systems serving 10,000 people or more through October 6, 2025.
The USEPA grant announcement came shortly after Saint Paul, Minnesota, suffered a major cybersecurity attack in late July. The incident highlights the importance of proactive municipal and utility cybersecurity planning to protect infrastructure, customers’ personal data, websites, email, and supervisory control and data acquisition systems.
USEPA published a report titled, Securing the Future of Water: Addressing Cyber Threats Today (pdf). It includes recommendations to strengthen cybersecurity in the water sector by enhancing coordination and collaboration across government, associations, and water utilities. There are several priority actions that accompany the recommendations, including the development of water-sector focused cybersecurity leadership training, increasing direct cybersecurity technical assistance, providing webinars and curated resources for utilities, integration of cybersecurity into operator certification and continuing education, coordination with state Chief Information Officers (CIO) Offices for Cybersecurity Support, and more.