App provides innovative all-in-one tools to better manage groundwater contracting businesses.

The National Ground Water Association has launched NGWA Business PRO, an innovative app designed to provide water well contractors with an all-in-one
business management tool. This new app, accessible through a user-friendly website, aims to enhance a company’s enterprise resource planning (ERP) systems, streamline management strategies, and assist in resource management. The NGWA Business PRO offers a range of modules and capabilities specifically for
water well contractors. The various modules that are available within the app are:

Dashboard – A real-time overview of a business
Service Tickets – Swift issue resolution
Purchase Orders – Streamlined procurement
Invoices – Seamless and professional billing

To allow companies to experience the full potential of NGWA Business PRO, demo requests are available for a 30-day trial session. This trial allows companies to
experience the functionalities and benefits of the website. “Business PRO will be a valuable tool for companies to create a more-organized and successful environment,” says Terry S. Morse, CAC, CIC, NGWA chief executive officer. “The software included within the app works alongside QuickBooks Online to bring the most vital business resources into one package, which allows for increased efficiency and the ability to quickly develop projects bids, invoices, and budgets.”
Learn more about the power of NGWA Business PRO by visiting https://ngwabusinesspro.com.

The National Ground Water Association is a not-for-profit professional society and trade association for the global groundwater industry. Its members around the world include leading public- and private-sector groundwater scientists, engineers, water well system professionals, manufacturers, and suppliers of groundwater-related products and services. The association’s vision is to be the leading groundwater association advocating for responsible development, management, and use of water.

The Rural Community Assistance Partnership Inc. (RCAP) has recently been
awarded substantial grants totalling $16.4 million from the U.S. Environmental
Protection Agency (EPA). This funding aims to support private well owners and
small water systems in maintaining compliance with the Safe Drinking Water Act.

The RCAP received $13 million to provide training and technical assistance to
small public water systems, focusing on lead remediation and cybersecurity. An
additional $3.4 million has been allocated to assist private well owners in
improving water quality, with a particular emphasis on increased testing for per-
and polyfluoroalkyl substances (PFAS) contamination.

The organization has a strong track record of successfully completing
administrative and reporting requirements for EPA-funded projects. Over the past
three years, RCAP has been awarded eight assistance agreements totaling more
than $34 million.

This significant investment will enable RCAP to address critical issues, such as lead
service line inventories, PFAS testing, and mitigation. By ensuring compliance with
drinking water standards, RCAP aims to safeguard the health and well-being of
communities across the United States.

With its extensive experience and proven ability to deliver on previous EPA
agreements, these grants will make a lasting impact, given the importance of safe
drinking water and the potential vulnerabilities faced by small water systems.

The critical-infrastructure protection program assessment aligns with the recently released
National Institute of Standards and Technology cybersecurity framework 2.0

Cyber Florida, in partnership with Idaho National Laboratory (INL), has updated its critical
infrastructure protection program to align with the recently released National Institute of
Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, widely used to reduce
cybersecurity risk across public and private sectors and subsectors. Cyber Florida’s multi-
assessment platform leverages the Department of Homeland Security (DHS) cybersecurity
evaluation tool containing both the CSF 2.0 standard question set and ransomware readiness
assessment (RRA) modules. The tools and resources available through the program are state-
funded and provided at no charge for Florida’s private and public critical infrastructure
organizations.

The CSF 2.0 is designed for all audiences, businesses, critical infrastructure sectors, and
organizations, regardless of their degree of cybersecurity sophistication. The NIST has added
governance to the CSF’s core guidance to help organizations assess and achieve their
cybersecurity goals.

“Since October 2022, more than 655 Florida organizations, companies, businesses, and
government agencies have participated in the program,” said Bryan Langley, lead program
manager at Cyber Florida. “We continue to support, develop, and adopt greater cybersecurity
measures and services to support Florida’s public and private sector owners and operators.”

The Florida Legislature has funded the risk assessment effort to support the state’s public and
private sector entities with numerous, no-cost benefits for participating organizations,
companies, and businesses. The assessment covers the CSF 2.0 desired outcomes and provides
several reports detailing an organization’s strengths and weaknesses to determine and leverage
cyber risk reduction resources from Florida agencies, universities, and colleges. Measuring
success comes from both the improvements made by the participants based on their individual
reports and using the customized statewide dashboard (visualization tool) developed by INL to
analyze sector/subsector risk across the state.

The program is intended to assist small- and medium-sized enterprises and resource-constrained
county and municipal government entities in implementing basic cybersecurity protocols and
policies to achieve a fundamental cybersecurity posture. This comprehensive initiative is
designed to fortify the cybersecurity resilience of public and private critical infrastructure across
the state.

In an era of increasing cyber threats and incidents, safeguarding critical infrastructure is
paramount. The program aims to empower organizations by providing high-quality cybersecurity
resources, training, and support to defend against evolving cyber risks and recover from
incidents. The resources available on the platform include the following:

– A 20-question RRA based on the most reported cybersecurity gaps from the initial statewide
risk assessment period between October 2022 and June 2023.
– A cybersecurity incident response plan template to help organizations think through and plan
how to recover from a cyber incident.
– A 154-question assessment that covers key cybersecurity desired outcomes and practices
outlined in CSF 2.0 and the RRA.

To learn more about the program and how an organization can participate, please visit the
program’s official webpage at www.cyberflorida.org/cip or contact the program lead, Bryan
Langley, at bjlangley@cyberflorida.org.

The Florida Center for Cybersecurity at the University of South Florida, commonly referred to as
Cyber Florida at USF, was established by the Florida Legislature in 2014. Its mission is to
position Florida as a national leader in cybersecurity through comprehensive education, cutting-
edge research, and extensive outreach. Cyber Florida leads various initiatives aimed at inspiring
and educating both current and future cybersecurity professionals, advancing industry research,
and enhancing cybersecurity awareness and safety of individuals and organizations.

The U.S. Environmental Protection Agency (EPA) is urging municipalities across
the United States to take additional security precautions in the wake of recent
cybersecurity attacks.
The attacks were seemingly committed by hackers from foreign nations and
targeted small communities in Texas and Pennsylvania. This, in combination with
an EPA inspection of drinking water systems across the U.S., revealed
cybersecurity weaknesses and prompted their warning to utilities, including some
in Michigan.
Some of the actions EPA recommends drinking water systems take to strengthen
their security include:
 Reducing exposure to public-facing internet
 Conducting regular cybersecurity assessments
 Changing default passwords immediately
 Conducting an inventory of operational technology/information technology
(OT/IT) assets
 Developing and exercising cybersecurity incident response and recovery
plans.
 Backup OT/IT systems
 Reducing exposure to vulnerabilities
 Conducting cybersecurity awareness training
Along with steps laid out by EPA, there are many other critical questions that
community leaders need to ask themselves when it comes to evaluating how
vulnerable their water systems might be to a cyber attack.
Some security system failures identified by EPA in its inspections of utilities
included default passwords that had not been updated for some time, in addition
to single logins that could be easily compromised.
While attacks in some states were resolved quickly (despite one in Texas causing a
water system to overflow) a worst-case scenario could mean total contamination
of a water system, and EPA believes this is not the last time the U.S. will face this
kind of threat.

The EPA said it’s offering technical assistance, training, and educational resources
to any communities that might need them as they navigate potential security
system updates.
Along with discovering cybersecurity weaknesses, EPA inspections also revealed
that more than 70 percent of water systems studied do not meet the clean water
standards outlined in the Safe Drinking Water Act.
For that reason, it’s increasing planned inspections.

U.S. Environmental Protection Agency (EPA) announced that TPWR Developer, LLC, CBG Building Company LLC, and Bowman Consulting DC have settled alleged violations of regulations designed to protect America’s waterways from polluted stormwater runoff.

In an administrative consent agreement with EPA, the companies have agreed to pay a $27,000 penalty and implement a supplemental environmental project (SEP), to settle alleged Clean Water Act violations involving stormwater runoff from the Parks at Walter Reed construction site to Rock Creek and downstream waterways.

The Parks at Walter Reed is a multi-use development construction site in Washington, D.C., consisting of apartment and commercial spaces, located on the former Walter Reed Army Hospital grounds.

Uncontrolled stormwater runoff from construction and industrial sites often contains sediment, oil and grease, chemicals, nutrients, and other pollutants.  The Clean Water Act (CWA) requires owners of certain construction and industrial operations to obtain a permit before discharging stormwater runoff into waterways. These permits include pollution-reducing practices, such as runoff reduction measures, spill prevention safeguards, material storage and coverage requirements, and employee training.

In the consent agreement, EPA cited the companies for failing to have the required National Pollutant Discharge Elimination System (NPDES) permit coverage for stormwater discharges, in violation of the CWA. To correct these violations, the companies submitted notices of intent for coverage under EPA’s NPDES construction general permit, which were approved by EPA.

In addition to the penalty, the companies will also spend at least $40,000 to implement a SEP in Rock Creek Park that will help protect the Hay’s Spring amphipod, the only endangered species in the D.C. area.  The companies will help restore the amphipod’s spring habitats, revegetate social trail entrances, and plant trees and plants native to Rock Creek Park to provide stabilization and tree cover. This project will be performed with oversight from the National Park Service.

For more information about EPA’s stormwater program, visit www.epa.gov/npdes/npdes-stormwater-program.