Water

EPA Allocates $9.5M for Grants to Increase Cybersecurity at Drinking Water Systems

The deadline to apply for funding under this program is Oct. 6, 2025

By J.J. Smith
Cybersecurity
August 11, 2025

Midsize and large public water systems across the U.S. are now eligible for a share of $9.5 million in federal grants aimed at protecting drinking water from cybersecurity threats and improving resilience to natural hazards.

On Aug. 5, 2025, the Environmental Protection Agency (EPA) announced it is accepting applications from public water systems that serve 10,000 or more people. The funding comes through the Midsize and Large Drinking Water System Infrastructure Resilience and Sustainability program, with applications open until Oct. 6, 2025, according to the EPA.

This round of funding arrives amid growing concern over cyber threats targeting U.S. water and wastewater systems—part of broader efforts to disrupt critical infrastructure during geopolitical tensions or military conflict. The Water Information Sharing and Analysis Center (WaterISAC), a nonprofit that tracks security incidents in the water sector, says such threats are becoming increasingly common.

In 2024, WaterISAC received roughly 100 reports of cyber incidents from its members. But Jennifer Lyn Walker, the group’s Director of Infrastructure Cyber Defense, says the actual number of events is likely higher. “It’s not a matter of volume of attacks—it’s about what gets reported, disclosed, or even detected,” she explains.

Walker warns that utility size doesn’t matter to attackers. Threat groups range from individual criminals to state-sponsored actors such as China’s “Volt Typhoon”, which is expected to target U.S. critical infrastructure, including water systems, as early as 2027. “Known targeted sectors can’t be complacent, regardless of the volume of known attacks,” she said.

What the Grants Can Fund

EPA’s grant program supports a wide range of projects. For cybersecurity, eligible investments include:

  • Multifactor authentication for staff and systems.
  • Cybersecurity awareness training for employees.
  • Protecting unsecured assets from internet exposure.
  • Implementing threat monitoring and detection systems.
  • Developing incident response plans.

If a utility already has these essentials in place, Walker suggests funds could go toward more advanced capabilities, such as proactive threat hunting or specialized monitoring tools.

The program also covers resilience projects beyond cybersecurity, such as:

  • Improving water conservation and efficiency.
  • Relocating or upgrading infrastructure damaged by natural hazards.
  • Designing or building desalination facilities.
  • Enhancing water supplies through watershed management and source water protection.
  • Increasing energy efficiency or using renewable energy in water treatment and delivery.
  • Forming regional partnerships to address documented water shortages.

To apply, utilities can visit Grants.gov and search for the program name.

In addition to funding, the EPA released Securing the Future of Water, Addressing Cyber Threats Today, a new guide produced by the Water Sector Cybersecurity Task Force. It offers 10 recommendations to strengthen cybersecurity in the sector, each with practical “priority actions” for utilities.

The recommendations and priority actions are:

  • Enhanced collaboration and clear ownership – Assign clear responsibility, align plans and resources, and create a standing forum for coordination.

  • Targeted communication for utility leaders – Develop a communication strategy, offer leadership-focused cybersecurity training, expand executive engagement, and integrate cybersecurity into leadership programs.

  • Highlight basic, actionable practices – Promote a core set of practices: leadership commitment, staff training, blocking unauthorized access, and having incident response plans.

  • Embed cybersecurity in utility culture – Provide ongoing webinars and resources, integrate cybersecurity into operator certification, and use consistent sector-wide messaging.

  • Expand technical assistance – Offer more cybersecurity support, host virtual office hours, add CISA advisors, and start peer-to-peer mentoring.

  • Secure dedicated financial resources – Include cybersecurity in budgets, ensure WaterISAC access, expand grant/loan eligibility, and fund state resilience coordinators.

  • Address information gaps – Share attack summaries, maintain a best-practices hub, promote model policies, and provide real-world implementation examples.

  • Engage vendors and consultants – Use model contracts, set clear cybersecurity principles, raise vendor awareness, and clarify expectations in agreements.

  • Support state agency capacity – Partner with states on training, share successful program models, and equip field staff with cyber messaging.

  • Increase partner resourcing and engagement – Leverage trusted partners for training and technical aid, engage major organizations, and grow the sector’s cybersecurity workforce.

The EPA says the combination of targeted funding and these recommendations can help utilities not just react to threats, but build lasting resilience against cyber and environmental challenges.

KEYWORDS: government policy water industry water system

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

J.J. Smith is a contributing editor and DC Correspondent for The Driller. He can be reached at josephjsmith749@gmail.com.

You must login or register in order to post a comment.

Related Articles

Related Products

See More ProductsSee More Products

Related Directories

  • Geoprobe Systems

    Launched in 1987, Geoprobe Systems® manufactures innovative drilling rigs and tooling - engineered to simplify fieldwork - empowering drilling companies around the globe to succeed as productive and profitable industry leaders. We incorporate customer feedback to continuously develop solutions to make drillers' jobs faster, easier, and safer, across water well, geothermal, cathodic protection, geotechnical, environmental, exploration and construction drilling industries. Recognized for providing superior service support, Geoprobe® keeps you in the field via live phone support by our expert service technicians and a network of service centers around the country.

  • Headwater Wholesale

    Headwater Wholesale is a distributor to the groundwater industry focused on providing contractors with unparalleled quality, service, and support. With locations throughout the central United States, contractors trust Headwater Wholesale to have the supplies they need in-stock and ready for the job site. At Headwater Wholesale our goal is to be your first choice for all your water well, irrigation, water well drilling, water treatment and wastewater needs.

  • Milan Supply Co.

    Milan Supply Company has served the pump industry and water resource markets since 1962. Their trusted reputation has been established by providing quality solutions at competitive prices, and their customer service has truly set them apart in the industry. Strategically located and well-stocked branches throughout the state of Michigan make it convenient for customers to get the parts and service their jobs demand.

Dig deeper into the drilling and water supply industry!

Build your knowledge with The Driller, covering the people, equipment and technologies across drilling markets.

SIGN UP NOW