2021 US Code
Title 42 - The Public Health and Welfare
Chapter 6A - Public Health Service
Subchapter XII - Safety of Public Water Systems
Part B - Public Water Systems
Sec. 300g-10 - Cybersecurity support for public water systems
42 U.S.C. § 300g-10 (2021) |
§300g–10. Cybersecurity support for public water systems |
(a) Definitions
In this section: (1) Appropriate Congressional committeesThe term "appropriate Congressional committees" means— (A) the Committee on Environment and Public Works of the Senate; (B) the Committee on Homeland Security and Governmental Affairs of the Senate; (C) the Committee on Energy and Commerce of the House of Representatives; and (D) the Committee on Homeland Security of the House of Representatives. The term "Director" means the Director of the Cybersecurity and Infrastructure Security Agency. The term "incident" has the meaning given the term in section 3552 of title 44. The term "Prioritization Framework" means the prioritization framework developed by the Administrator under subsection (b)(1)(A). The term "Support Plan" means the Technical Cybersecurity Support Plan developed by the Administrator under subsection (b)(2)(A). Not later than 180 days after November 15, 2021, the Administrator, in coordination with the Director, shall develop a prioritization framework to identify public water systems (including sources of water for those public water systems) that, if degraded or rendered inoperable due to an incident, would lead to significant impacts on the health and safety of the public. In developing the Prioritization Framework, to the extent practicable, the Administrator shall incorporate consideration of— (i) whether cybersecurity vulnerabilities for a public water system have been identified under section 300i–2 of this title; (ii) the capacity of a public water system to remediate a cybersecurity vulnerability without additional Federal support; (iii) whether a public water system serves a defense installation or critical national security asset; and (iv) whether a public water system, if degraded or rendered inoperable due to an incident, would cause a cascading failure of other critical infrastructure. Not later than 270 days after November 15, 2021, the Administrator, in coordination with the Director and using existing authorities of the Administrator and the Director for providing voluntary support to public water systems and the Prioritization Framework, shall develop a Technical Cybersecurity Support Plan for public water systems. The Support Plan— (i) shall establish a methodology for identifying specific public water systems for which cybersecurity support should be prioritized; (ii) shall establish timelines for making voluntary technical support for cybersecurity available to specific public water systems; (iii) may include public water systems identified by the Administrator, in coordination with the Director, as needing technical support for cybersecurity; (iv) shall include specific capabilities of the Administrator and the Director that may be utilized to provide support to public water systems under the Support Plan, including— (I) site vulnerability and risk assessments; (II) penetration tests; and (III) any additional support determined to be appropriate by the Administrator; and (v) shall only include plans for providing voluntary support to public water systems. In developing the Prioritization Framework pursuant to paragraph (1) and the Support Plan pursuant to paragraph (2), the Administrator shall consult with such Federal or non-Federal entities as determined to be appropriate by the Administrator. Not later than 190 days after November 15, 2021, the Administrator shall submit to the appropriate Congressional committees a report describing the Prioritization Framework. Not later than 280 days after November 15, 2021, the Administrator shall submit to the appropriate Congressional committees— (i) the Support Plan; and (ii) a list describing any public water systems identified by the Administrator, in coordination with the Director, as needing technical support for cybersecurity during the development of the Support Plan. Nothing in this section— (1) alters the existing authorities of the Administrator; or (2) compels a public water system to accept technical support offered by the Administrator. |
(July 1, 1944, ch. 373, title XIV, §1420A, as added Pub. L. 117–58, div. E, title I, §50113, Nov. 15, 2021, 135 Stat. 1155.) |
United States Code, 2018 Edition, Supplement 3, Title 42 - THE PUBLIC HEALTH AND WELFARE |
Bills and Statutes |
United States Code |
Y 1.2/5: |
Title 42 - THE PUBLIC HEALTH AND WELFARE CHAPTER 6A - PUBLIC HEALTH SERVICE SUBCHAPTER XII - SAFETY OF PUBLIC WATER SYSTEMS Part B - Public Water Systems Sec. 300g-10 - Cybersecurity support for public water systems |
section 300g-10 |
2021 |
January 3, 2022 |
No |
standard |
135 Stat. 1155 |
Public Law 117-58 |