U.S Code last checked for updates: May 20, 2024
§ 300g–10.
Cybersecurity support for public water systems
(a)
Definitions
In this section:
(1)
Appropriate Congressional committees
The term “appropriate Congressional committees” means—
(A)
the Committee on Environment and Public Works of the Senate;
(B)
the Committee on Homeland Security and Governmental Affairs of the Senate;
(C)
the Committee on Energy and Commerce of the House of Representatives; and
(D)
the Committee on Homeland Security of the House of Representatives.
(2)
Director
(3)
Incident
(4)
Prioritization Framework
(5)
Support Plan
(b)
Identification of and support for public water systems
(1)
Prioritization Framework
(A)
In general
(B)
Considerations
In developing the Prioritization Framework, to the extent practicable, the Administrator shall incorporate consideration of—
(i)
whether cybersecurity vulnerabilities for a public water system have been identified under section 300i–2 of this title;
(ii)
the capacity of a public water system to remediate a cybersecurity vulnerability without additional Federal support;
(iii)
whether a public water system serves a defense installation or critical national security asset; and
(iv)
whether a public water system, if degraded or rendered inoperable due to an incident, would cause a cascading failure of other critical infrastructure.
(2)
Technical Cybersecurity Support Plan
(A)
In general
(B)
Requirements
The Support Plan—
(i)
shall establish a methodology for identifying specific public water systems for which cybersecurity support should be prioritized;
(ii)
shall establish timelines for making voluntary technical support for cybersecurity available to specific public water systems;
(iii)
may include public water systems identified by the Administrator, in coordination with the Director, as needing technical support for cybersecurity;
(iv)
shall include specific capabilities of the Administrator and the Director that may be utilized to provide support to public water systems under the Support Plan, including—
(I)
site vulnerability and risk assessments;
(II)
penetration tests; and
(III)
any additional support determined to be appropriate by the Administrator; and
(v)
shall only include plans for providing voluntary support to public water systems.
(3)
Consultation required
(4)
Reports required
(A)
Prioritization Framework
(B)
Technical Cybersecurity Support Plan
Not later than 280 days after November 15, 2021, the Administrator shall submit to the appropriate Congressional committees—
(i)
the Support Plan; and
(ii)
a list describing any public water systems identified by the Administrator, in coordination with the Director, as needing technical support for cybersecurity during the development of the Support Plan.
(c)
Rules of construction
Nothing in this section—
(1)
alters the existing authorities of the Administrator; or
(2)
compels a public water system to accept technical support offered by the Administrator.
(July 1, 1944, ch. 373, title XIV, § 1420A, as added Pub. L. 117–58, div. E, title I, § 50113, Nov. 15, 2021, 135 Stat. 1155.)
cite as: 42 USC 300g-10