The Environmental Protection Agency's effort to secure the country's water supply from cyberattack faces giant hurdles.

They include: The water system's low government funding and staffing levels, a heavy reliance on legacy IT, and the patchwork nature of the tens of thousands of local U.S. water authorities.

Driving the news: The EPA submitted its initial plan for tackling water security to Congress last month, laying out which systems it would slot for technical assistance first during a cyberattack.

• The agency is expected to roll out new rules this fall requiring state officials to include cybersecurity concerns in their existing water inspections, an official told E&E News.

Between the lines: The EPA faces different challenges than other agencies writing cybersecurity rules for the utilities they regulate because the U.S.'s water systems are so widely distributed and isolated.