Jeffares Testifies During Cybersecurity Hearing

This artice was originally published in the Rural Water Wire e-newsletter.

Rick Jeffares, President of Georgia Rural Water Association and National Director on the National Rural Water Association Board of Directors, represented small and rural water and wastewater systems across the country as a witness during the "Ensuring the Cybersecurity of America's Drinking Water Systems" hearing before the House of Representatives Committee on Energy and Commerce Subcommittee on Environment, Manufacturing, and Critical Materials on January 31.

Jeffares provided a compelling testimony on the unique characteristics of small and rural public water utilities and urged Congress to prioritize assistance-based initiatives as the best federal response for protecting the cyber infrastructure of U.S. public water supplies.

"Small and rural communities often have difficulty complying with complicated federal mandates and providing safe/affordable drinking water and sanitation due to limited economies of scale and lack of technical expertise," Jeffares said. "This difficulty is eased due to ongoing and continuing support offered through rural water training and technical assistance programs."

During his testimony, Jeffares shared three key suggestions for cybersecurity, the first one being collaboration between all parties."A path forward must include working with the water sector in good faith effort to achieve practical safeguards and solutions," Jeffares said. "With approximately 50,000 community water systems in the country, to adequately address an effort on this scale will require industry participation at all levels, both urban and rural water, with our federal partners."

Next, Jeffares suggested carefully drafted guidelines to ensure that it is attainable for utilities.

"Any additional or existing technical assistance provided by Congress through EPA to address this issue should be carefully drafted to ensure anticipated outcomes are feasible, including requiring third party non-profits that are selected for funding have qualified and experienced personnel that possesses cyber expertise, combined with practical knowledge of water systems operations."

In his final recommendation, Jeffares suggested cybersecurity in water infrastructure be a shared responsibility, rather than water systems alone.

"Vendors that have the benefit of receiving federal dollars that sell or install automated equipment, technology, and software to a utility, should be required to meet standard protocols, established by EPA and other agencies, to better protect water utilities from cyberattacks," Jeffares said.

To end his testimony, Jeffares shared his thoughts on the approach that should be taken when it comes to developing policies for water cybersecurity.

"The federal government must understand the unique nature of small and rural water systems when developing cybersecurity policy. Recognizing the fundamental differences of each system related to complexity, financial resources, and technical capability means any solution can't be one size fits all."

To listen to Jeffares's full testimony, click here. His testimony begins at 41:51.