An important piece of legislation designed to protect New Jersey’s water supply from contaminants due to negligence, mismanagement, and cyberattacks has been signed into law by Governor Christie. Sponsored by Senate President Stephen Sweeney, Senator Linda Greenstein, and Senator Christopher “Kip” Bateman, the Water Quality Accountability Act (S-2834) requires all public water systems to meet new standards for asset management, inspections, maintenance, repairs, and security.
According to recent reports, as many 4.5 million people in New Jersey rely on suppliers that have broken federal rules meant to keep contaminants out of their drinking water…S-2834 would give all public water systems one year to implement a plan designed to ensure its infrastructure consistent with industry standard best practices.
This plan must include a water supply and treatment program designed to inspect, maintain, repair, renew, and upgrade wells, intakes, pumps, and treatment facilities in accordance with all federal and State regulations, industry standards, and any mitigation plan that may be required pursuant to the bill.
Under the bill, a public water system would have 120 days following enactment to develop a cybersecurity program in accordance with requirements established by BPU. As part of the program, the public water system must conduct regular risk assessments, maintain situational awareness of cyber threats and vulnerabilities to the public water system, and create and exercise incident response and recovery plans.
Key aspects of the bill are highlighted below.
This bill, to be known as the “Water Quality Accountability Act,” is intended to enhance the reliability and safety of the State’s drinking water. The bill would apply to all water purveyors.
The bill would establish specific standards for the testing of fire hydrants. The standards are modeled on requirements currently established in regulations by the Board of Public Utilities (BPU) applicable to those water purveyors regulated by the BPU. Under this bill, the requirements would apply to all water purveyors.
The bill, within 120 days after its enactment into law, would require each water purveyor to develop a cybersecurity program, in accordance with requirements established by the BPU, that defines and implements organization accountabilities and responsibilities for cyber risk management activities, and establishes policies, plans, processes, and procedures for identifying and mitigating cyber risk to the public water system. In March 2016, the BPU adopted cybersecurity requirements applicable to the electric, natural gas, water, and wastewater utilities that it regulates. This bill would apply those requirements to all water purveyors. As part of the program, a water purveyor would be required to conduct risk assessments and implement appropriate controls to mitigate identified risks to the public water system, maintain situational awareness of cyber threats and vulnerabilities to the public water system, and create and exercise incident response and recovery plans. In addition, within 60 days after developing the required program, each water purveyor would be required to join the New Jersey Cybersecurity and Communications Integration Cell (NJCCIC), established pursuant to Executive Order No. 178 (2015), and create a cybersecurity incident reporting process. The NJCCIC serves as the State’s Information Sharing and Analysis Organization (ISAO), and serves governments, businesses, and citizens across New Jersey by promoting better awareness of cyber threats and the adoption of best practices. It is part of the Office of Homeland Security and Preparedness.
In addition to any other requirements in law, or rule or regulation adopted pursuant thereto, whenever a water purveyor is issued pursuant to the “Safe Drinking Water Act,” three notices of violation for any reason or two notices of violation related to an exceedance of a maximum contaminant level within any 12-month period, the bill would require the water purveyor, within 60 days after receipt of the third or second notice, as applicable, to submit to the Department of Environmental Protection (DEP) a mitigation plan specifying whether the notice of violation will be addressed through operational changes or require a capital expenditure and providing a schedule for implementation of the mitigation plan. The mitigation plan would include a report prepared by a licensed professional engineer that includes a technical analysis of the notices of violation and an explanation of how the mitigation plan is intended to prevent a recurrence of the issue that resulted in the notice of violation.
The bill would also require, as applicable, the responsible corporate officer of the public water system (if privately held), executive director (if an authority), or mayor or chief executive officer of the municipality (if municipally owned) to certify in writing each year that certain requirements set forth in the bill are met.
Lastly, this bill would require, beginning no later than one year after the bill is enacted into law, every water purveyor to implement an asset management plan designed to inspect, maintain, repair, and renew its infrastructure consistent with industry standard best practices, such as those used by the BPU and recommended by the American Water Works Association. The asset management plan would include: a water main renewal program designed to achieve a 150-year replacement cycle, or other appropriate replacement cycle as determined by a detailed engineering analysis of the asset condition and estimated service lives of the water mains serving the public water system; and a water supply and treatment program designed to inspect, maintain, repair, renew, and upgrade wells, intakes, pumps, and treatment facilities in accordance with all federal and State regulations, industry standards, and any mitigation plan that may be required pursuant to the bill. Each water purveyor would be required to dedicate funds on an annual basis to address and remediate the highest priority projects as determined by its asset management plan. The asset management plans and system condition reports would be certified to by the public water system’s licensed operator or professional engineer and the responsible corporate officer of the public water system (if privately held), executive director (if an authority), or mayor or chief executive officer of the municipality (if municipally owned), as applicable. Each water purveyor would be required to annually submit a report to the DEP and the BPU, if applicable, identifying the infrastructure improvements to be undertaken in the coming year and the cost of those improvements, as well as identifying the infrastructure improvements completed in the past year and the cost of those improvements. A municipal water department or municipal water authority would also be required to submit this report to the Division of Local Government Services in the Department of Community Affairs.
This bill would establish a proactive policy concerning certain testing, reporting, management, and infrastructure investment requirements for water purveyors in order to enhance the reliability and safety of the State’s drinking water systems.
ELEC sent a letter of support of this bill to legislators and are happy to see it passed by both the Senate and Assembly.