This bill establishes an EPA program to fund and support water systems in joining and utilizing the Water Information Sharing and Analysis Center to enhance security against cyber threats and natural hazards.
Janice "Jan" Schakowsky
Representative
IL-9
The Water Intelligence, Security, and Cyber Threat Protection Act establishes a new EPA program to enhance the security of community water systems and treatment works. This program will actively support participation in the Water Information Sharing and Analysis Center by helping cover membership costs and improving threat analysis resources. Ultimately, the goal is to better equip water utilities to defend against and recover from cyber threats and natural hazards.
Water Security Bill Funds $20 Million to Protect Utilities from Cyberattacks and Natural Disasters
The new Water Intelligence, Security, and Cyber Threat Protection Act is essentially a federal security upgrade for the pipes and pumps that deliver clean water to your tap. This legislation establishes a new program within the Environmental Protection Agency (EPA) focused entirely on protecting community water systems and treatment works—the folks who manage your drinking water and wastewater—from deliberate attacks and natural hazards.
The EPA Becomes the Water Security Wingman
Within one year of this bill becoming law, the EPA Administrator must launch a program designed to get local water utilities plugged into the national security grid. Specifically, the EPA must actively encourage these utilities to join and participate in the Water Information Sharing and Analysis Center (ISAC). Think of the ISAC as the central intelligence hub for the water sector, where threats—like a new type of ransomware targeting water controls or intelligence about a major flood—are analyzed and shared immediately with members.
Crucially, the bill recognizes that many smaller utilities can’t afford the security and intelligence resources of bigger cities. To solve this, the EPA is required to help cover the costs for community water systems and treatment works to join or maintain their membership in the ISAC (Sec. 2). This means that a small town’s water utility, which might otherwise skip the ISAC membership fee to save money, can now access top-tier threat intelligence, making their system safer and more resilient. This is a direct benefit for anyone who relies on a smaller utility.
Securing the System and Paying the Bill
This isn't just about sharing emails; the EPA is also mandated to step up its own coordination with the ISAC and beef up the tools and resources the Center provides. The goal is to improve how utilities can spot, defend against, find, react to, and bounce back from attacks or disasters. In the real world, this means better training and better early warning systems. If a utility can quickly detect a cyber breach, they can prevent a system shutdown or contamination issue, which is a big win for public health and continuity of service.
To fund this effort, the bill authorizes $10 million for fiscal year 2026 and another $10 million for fiscal year 2027. That $20 million is earmarked to make sure the ISAC has the resources it needs to be effective and that the EPA can assist utilities with those membership costs. While this is a federal expenditure that taxpayers fund, it's aimed at protecting essential infrastructure—the water you drink, cook with, and bathe in. Given that water systems are increasingly targets for cyberattacks, this proactive investment in defense and intelligence sharing looks like a necessary insurance policy.