AWIA 2018 - America's Water Infrastructure Act Summary
What is AWIA 2018? America’s Water Infrastructure Act
America’s Water Infrastructure Act of 2018 (AWIA) was signed into law on October 23, 2018. It improves drinking water and water quality by requiring community (drinking) water systems serving more than 3,300 people to develop or update risk assessments and emergency response plans (ERPs). The AWIA 2018 provisions are some of the biggest changes to the Safe Drinking Water Act in decades.
Among other things, community water systems are required under the AWIA to conduct and report on a comprehensive water system AWIA risk and resilience assessment. They must also develop an emergency response plan that addresses both physical and cybersecurity threats.
These utilities must:
- Review AWIA 2018 Certification Deadlines
- Conduct a Risk and Resilience Assessment (RRA)
- Prepare or revise an Emergency Response Plan (ERP)
- Submit a certification letter upon completion to the U.S. Environmental Protection Agency (U.S. EPA) for each (RRA and ERP)
- Review, update, revise as necessary and submit a recertification for both at least every 5 years thereafter
- Maintain records (keep copies of RRA and ERP and any updates for 5 years after certification submittal)
AWIA Certification Deadlines
Risk and Resilience
Next 5-Year Cycle
|≥100,000||March 31, 2020||March 31, 2025|
|50,000-99,999||December 31, 2020||December 31, 2025|
|3,301-49,999||June 30, 2021||June 30, 2026|
Next 5-Year Cycle
|≥100,000||September 30, 2020||September 30, 2025|
|50,000-99,999||June 30, 2021||June 30, 2026|
|3,301-49,999||December 31, 2021||December 31, 2026|
*Emergency response plan certifications are due six months from the date of the risk assessment certification. The dates shown above are certification dates based on a utility submitting a risk assessment on the final due date.
AWIA Risk and Resilience Assessment
The AWIA 2018 requires all community water utilities serving more than 3,300 people to conduct an assessment of the risks and resilience for the system. This assessment must include an assessment of:
- The risk of the system from malevolent acts and natural hazards
- Resilience of the pipes and constructed conveyances, physical barriers, source water, water collection and intake, pretreatment, treatment, storage and distribution facilities, electronic, computer, or other automated systems (including the security of such systems) which are utilized by the system
- The monitoring practices of the system
- The financial infrastructure of the system
- The use, storage, or handling of various chemicals by the system
- The operation and maintenance of the system
What does a risk and resilience assessment include?
- Natural hazards and malevolent acts (i.e., all hazards)
- Resilience of water utility infrastructure (including pipes, physical barriers, water sources and collection, treatment, storage and distribution, and electronic, computer and other automated systems)
- Monitoring practices
- Financial and billing systems
- Chemical storage and handling
Emergency Response Plans Must Include Cybersecurity and Physical Security
The AWIA risk and resilience assessment requires community water systems to prepare or revise an emergency response plan with their local emergency planning committee. The assessment must include strategies and plans to improve and respond to hazards. This emergency response plan is due no later than six months after completion of the risk assessment.
While cybersecurity threats have been steadily increasing for the water utilities and wastewater industries, the AWIA will require community water systems to assess their cybersecurity vulnerabilities in a comprehensive fashion to protect against future attacks.
What does my AWIA emergency response plan include?
- Strategies and resources to improve resilience, including physical security and cybersecurity.
- Plans and procedures for responding to a natural hazard or malevolent act that threatens safe drinking water.
- Actions and equipment to lessen the impact of a malevolent act or natural hazard, including alternative water sources, relocating intakes and flood protection barriers.
- Strategies to detect malevolent acts or natural hazards that threaten the system.
Who should I work with when creating my emergency response plan?
Water utility companies must coordinate the risk and resilience assessments, and the emergency response plans with your local
emergency planning committee.
AWIA 2018 Certification Requirements
How do I submit my certification?
What must the certification letter contain?
The water utility must send a letter to the EPA certifying compliance with AWIA by the above-specified dates. The letter should contain:
- Water system name and Public Water System Identification (PWSID) Number
- Date the RRA/ERP was completed (certification date)
- Statement that the utility has conducted, reviewed, or revised, as applicable, their RRA and ERP
What happens if a certification letter is not submitted?
Still Have Questions About AWIA 2018?
We can help! We specialize in cyber security for water utilities. We know the guidelines and what you need to do to be secure and up to date with the EPA. Contact us today to discuss how we can help.
Learn More About Cyber Security For Water Utilities
Get In Touch
Cyber Security Company For Water Utilities
Latest Cybersecurity Posts
The NIST Cybersecurity Framework provides guidance on how organizations can assess and improve their ability to prevent, detect, and respond to cyber-attacks. A well-designed security stack consists of layers including systems, tools, and polices. These tools need...
Press Release For Immediate Release: April 14, 2020 Contact: Kindsey Haynes, Marketing Director 479.434.1400 firstname.lastname@example.orgIronTech SecurityOffers 30 Day Trial Cybersecurity Awareness Training for Water Utilities Coronavirus Creates New...
Cybersecurity is more important than you and most people think. The protection of computer systems and networks is known as computer security, cybersecurity or information technology security (IT security). Having the right computer security in place is critical to...