ASSESSING YOUR FACILITY'S RISK
Although efforts to assess the vulnerability of water and wastewater facilities were under way before Sept. 11, this effort took on new urgency afterward. The Bioterrorism Act of 2002 required every water utility serving more than 3,300 people to submit a vulnerability assessment and emergency response plan by the end of 2004. Although not required, the act encourages water suppliers to update both the assessment and the emergency plan regularly.
Training programs and a vulnerability assessment tool (the Risk Assessment Methodology for Water Utilities, RAM-W) were developed by Sandia National Laboratories, working with AWWA. The Vulnerability Self-Assessment Tool (VSAT) was developed by AMSA, and an assessment tool for small water systems was developed by the Association of State Drinking Water Administrators and the National Rural Water Association.
The most comprehensive effort to improve security is the Water Infrastructure Security Enhancements (WISE) program, a joint effort funded by the EPA and coordinated by ASCE, AWWA, and WEF, that came about in three phases.
“The whole purpose of the WISE documents is to educate people and provide some rational starting and stopping points for design and operation and management of these facilities,” says Janesville's Lynch, who is a member of the WISE working group. “The documents are reasonable and usable by all sizes of cities.
“That was one of the hurdles we had: how to design a one-size-fits-all security system. We quickly came to the realization that you can't. Philadelphia or New York City will have security experts on staff, but most cities won't. These manuals may serve as references for the big cities, but that's not the target audience and neither are tiny cities.
“Another focus was to look at what are your risks? What are you trying to protect against? We realized that if you are the target of a bunch of experts, you're not going to stop them. The goal is to make it harder for them to succeed.”
In WISE Phase I, the working groups developed Interim Voluntary Guidance Documents, one for securing water utilities and another for securing wastewater/stormwater utilities. Issued late in 2004, these extremely detailed documents cover all managerial and operational aspects of plant operations, from worker background checks to storage tank security to cyber threats. Their purpose is to “provide water systems with an initial guide to the design of new facilities or the redesign or retrofit of existing facilities to create better physical security and reduce risk.”
Also part of Phase I is Guidelines for Designing an Online Contaminant Monitoring System. This is a bit difficult to do, as the authors admit, since “much of the basic scientific and engineering knowledge needed is not yet available ... [and] ... the instrumentation needed to accomplish the job directly, particularly for water supply systems, is not available in the marketplace.” So why bother? The guidelines' goal is to help guide the research, and to make residents feel they're being protected.
“I don't think the public is always comfortable with our security because it's not easily communicated,” says Thousand Oaks'Watts. “It's simply not a priority for most water utilities. I understand that they like to stay under the radar, but there's also the need to assure people that we aren't asleep at the wheel.”
Phase II is a training program for educating everyone involved with security for water or wastewater systems. This includes a PowerPoint presentation, a trainers' guide, and exams. The program is available on a CD-ROM provided free to qualified utility personnel.
Under Phase III, two Draft American National Standards for Trial Use were developed for the physical security of water utilities and wastewater/stormwater utilities. These detailed documents provide recommendations for various levels of security and help a utility establish a benchmark from which to measure progress.