Water, Sewer Providers Must Assess Security Risks As Cyberattacks Rise – West Virginia Public Broadcasting

In late 2023, reports of foreign cyberattacks targeting local water systems across the United States spurred calls for providers to strengthen their cyber protections nationwide.

Now, the Public Service Commission of West Virginia (PSC) announced it will require all water and sewer utility providers across West Virginia to complete cybersecurity investigations.

The investigations require providers to assess their cyber risks, with financial support from federal agencies like the U.S. Department of Homeland Security.

Water and sewer systems will also be required to develop long-term cybersecurity plans, and appoint an employee to oversee plan compliance.

“This is a seriously developing problem across the nation and the Public Service Commission wants to be in the forefront of helping assure the safety of data concerning utilities and their customers,” PSC Chairman Charlotte Lane said in a press release Thursday. “These attacks are widespread and will become more common, we fear, as we rely more and more on computers in our daily lives and in running our businesses.”

The PSC-prompted investigations mark another step in a months-long effort to reinforce water system cybersecurity in West Virginia as cyberattacks have continued to rise nationally.

In January, the Office of Environmental Health Services (OEHS) — part of the West Virginia Department of Health Bureau of Public Health — began coordinating cyberattack prevention initiatives with water providers across the state.

OEHS also coordinated with the U.S. Environmental Protection Agency to spread awareness about free cybersecurity assessments offered by the federal agency.

Water and sewer providers in West Virginia will be required to complete their investigations by July 15 — 60 days after the PSC order was released.