Section 5-E.4 Cybersecurity personnel
Effective Date
Section 5-E.4 Cybersecurity personnel
(a) Each covered water system serving a combined wholesale and retail population of greater than 50,000 shall designate an individual who is deemed qualified by the covered water system’s owner with demonstrable knowledge of cybersecurity principles and practical experience in system protection or risk management who shall be the individual responsible for the covered water system’s cybersecurity program.
(1) The name and contact information for the individual responsible for the covered water system’s cybersecurity program identified in subdivision (a) of this section shall be included in the water supply emergency plan of the covered water system, in accordance with paragraph 5-1.33(b)(6) of this Subpart.
(2) The individual responsible for the covered water system’s cybersecurity program shall make a confidential report in writing at least annually to the system’s governing body on the system’s cybersecurity program and material cybersecurity risks. For the purposes of this Appendix, a covered water system’s governing body may be the board of supervisors, board of trustees or council of a municipality as defined in General Municipal Law; a board of directors of an investor-owned utility regulated under the Public Service Law; or a governing body of a utility authorized under Article 5 of Public Authorities Law.