On March 3, 2023, the United States Environmental Protection Agency (“EPA”) published a memorandum requiring states to evaluate the cybersecurity of operational technology used by public water systems (“PWSs”) “when conducting PWS sanitary surveys or through other state programs.” EPA’s memorandum “interprets the regulatory requirements relating to the conduct of sanitary surveys to require that when a PWS uses operational technology (“OT”), such as an industrial control system (“ICS”), as part of the equipment or operation of any required component of a sanitary survey, then the sanitary survey of that PWS must include an evaluation of the adequacy of the cybersecurity of that operational technology for producing and distributing safe drinking water.” Specifically, “EPA’s interpretation clarifies that the regulatory requirement to review the ‘equipment’ and ‘operation’ of a PWS necessarily encompasses a review of the cybersecurity practices and controls needed to maintain the integrity and continued functioning of operational technology of the PWS that could impact the supply or safety of the water provided to customers.” Continue Reading EPA Requires States to Address the Cybersecurity of Public Water Systems
Matthew Harden
Matthew Harden is a cybersecurity and litigation associate in the firm’s New York office. He advises on a broad range of cybersecurity, data privacy, and national security matters, including cybersecurity incident response, cybersecurity and privacy compliance obligations, internal investigations, and regulatory inquiries. He works with clients across industries, including in the technology, financial services, defense, entertainment and media, life sciences, and healthcare industries.
As part of his cybersecurity practice, Matthew provides strategic advice on cybersecurity and data privacy issues, including cybersecurity investigations, cybersecurity incident response, artificial intelligence, and Internet of Things (IoT). He also assists clients with drafting, designing, and assessing enterprise cybersecurity and information security policies, procedures, and plans.
As part of his litigation and investigations practice, Matthew leverages his cybersecurity experience to advise clients on high-stakes litigation matters and investigations. He also maintains an active pro bono practice focused on veterans’ rights.
Matthew currently serves as a Judge Advocate in the U.S. Coast Guard Reserve.