- EPA released $9 million to improve drinking water security.
- Cyberattacks on water systems have grown in recent years.
- A new report outlines 10 steps to boost water-sector resilience.
Wednesday, August 27, 2025 –– The U.S. Environmental Protection Agency
(EPA) announced earlier this month the availability of more than $9 million in grant funding to help midsize and large public water systems safeguard drinking water. The funding will support utilities serving at least 10,000 people in strengthening defenses against cybersecurity threats and improving resilience to natural hazards such as flooding and hurricanes.
The program, authorized under the Safe Drinking Water Act, will remain open for 60 days on the federal grants portal. Eligible utilities are encouraged to apply for assistance designed to improve infrastructure and sustainability by the October 6, 2025, deadline.
Rising Cybersecurity Risks.
Alongside the funding announcement, EPA released a new report titled Securing the Future of Water: Addressing Cyber Threats Today. The report highlights that drinking water and wastewater utilities are increasingly vulnerable to cyberattacks, which can disrupt operations, compromise water quality, and cause significant economic losses.
EPA Administrator Lee Zeldin emphasized the need for action, stating that clean and safe water is a critical foundation for public health, local economies, and national security. In recent years, cyber incidents against water systems have multiplied, drawing attention to the sector’s dependence on both aging operational equipment and modern digital systems that are often difficult to secure.
Ten Key Recommendations.
The Water Sector Cybersecurity Task Force, co-chaired by EPA in 2024, developed ten recommendations to address the growing risk. These recommendations call for:
-
Expanding technical assistance for utilities, especially those with fewer resources.
-
Building stronger collaboration between federal, state, and local partners.
-
Providing executive-level leadership training focused on cybersecurity.
-
Embedding cybersecurity practices into utility culture through ongoing education.
-
Engaging vendors and consultants to ensure secure system design.
Other priorities include securing dedicated funding streams, improving state agency capacity, and creating a clearinghouse of best practices to help utilities adopt proven safeguards.
Moving from Plans to Action.
The EPA notes that implementing these recommendations will require cooperation from federal and state partners, utility leaders, vendors, and local governments. The agency is also promoting targeted training, technical support, and communication strategies to help utilities make progress, even with limited budgets.
The broader effort reflects growing recognition that safe and reliable drinking water depends not only on physical infrastructure but also on strong digital defenses. As cyber threats evolve, the sector is being urged to treat cybersecurity as an essential part of protecting public health and community resilience.
