Skip to main content

The latest version of a comprehensive cybersecurity bill moving through the U.S. Senate would extend the legislation’s information sharing incentives and liability protections to the owners and operators of public water systems – answering a request made by AMWA and other water utility organizations earlier this summer.  The bill could come up for a vote in the Senate in September, soon after lawmakers return from a month-long recess.

Originally introduced in March, S. 754, the “Cybersecurity Information Sharing Act (CISA),” would establish procedures for computer network operators to share cyber threat information with each other and with the federal government.  The bill would also provide liability protections for companies that carry out lawful activities associated with this sharing.

However, the first version of the bill limited these information sharing opportunities and liability protections only to private companies and public electric utilities; publicly owned and operated drinking water and wastewater systems would have been excluded.

In response, AMWA and other members of the water sector wrote to the leaders of the Senate Intelligence Committee in June asking senators to amend S. 754 to ensure water and wastewater systems have a place at the government’s cyber info-sharing table.  The letter noted that such a change would bring CISA in line with House-passed cybersecurity legislation that specifically includes all public utility services.

AMWA’s request was granted in the latest version of CISA circulated on Capitol Hill in early August.  The bill now defines entities eligible to participate in CISA’s programs to include “a State, tribal, or local government performing electric or other utility services” – a definition that would include water and wastewater utilities.

There had been some speculation that the Senate might vote on CISA before the August recess, but instead lawmakers departed Washington for the month after reaching a deal to consider a number of amendments to the legislation before a final vote is held.  The agreement specifies that the Senate, upon returning to Washington after Labor Day, will first vote on President Obama’s nuclear agreement with Iran before potentially moving on to CISA debate – meaning the cybersecurity legislation could reach the floor as early as mid-September.