At a glance.
- The EPA’s cybersecurity plans for the water sector.
- NHTSA updates its guidance on defending motor vehicles.
The EPA’s cybersecurity plans for the water sector.
As required by the recently passed Infrastructure Investment and Jobs Act, the US Environmental Protection Agency (EPA) yesterday issued a report to Congress titled the Technical Cybersecurity Support Plan for Public Water Systems (PWSs). The document details the methodology that will be used to identify which PWSs will be prioritized to receive cybersecurity support from the EPA, timelines for rolling out that support, and the various types of support the EPA and Cybersecurity and Infrastructure Security Agency (CISA) will be able to provide. This assistance includes conducting site vulnerability and risk assessments, penetrations tests; and any other activities deemed necessary by the EPA. As JDSupra notes, the EPA indicates two categories of PWSs with an elevated need for support: systems serving 3,300 people or fewer (or non-community water systems not covered by America’s Water Infrastructure Act of 2018), and systems that undergo a cybersecurity risk assessment.
NHTSA updates its guidance on defending motor vehicles.
The US National Highway Traffic Safety Administration (NHTSA) has released an update to its Cyber Security Best Practices for the Safety of Modern Vehicles, originally issued in 2016, and the document takes into account new industry standards and research. As well, the recommendations incorporate knowledge gained from real-world incidents and comments submitted about the 2016 draft. While the guidelines are non-binding, the intent is to provide car manufacturers with advice for strengthening vehicle cybersecurity and mitigate risks for consumers while assessing how motor vehicles and related equipment change over time. GM Authority explains that the guidelines include recommendations for protecting a vehicle’s electronic architecture from cyberattacks, as well as responding to and recovering from a successful attack. The NHTSA encourages car makers to implement a layered approach to cybersecurity protections and share information with other members of the vehicle manufacturing industry.