Vulnerability Assessment and Emergency Response Planning for Water Systems - PowerPoint PPT Presentation

1 / 127
About This Presentation
Title:

Vulnerability Assessment and Emergency Response Planning for Water Systems

Description:

Title: PowerPoint Presentation Author: ken Last modified by: ken Created Date: 5/6/2003 5:56:39 PM Document presentation format: On-screen Show Company – PowerPoint PPT presentation

Number of Views:6366
Avg rating:3.0/5.0
Slides: 128
Provided by: Ken1228
Category:

less

Transcript and Presenter's Notes

Title: Vulnerability Assessment and Emergency Response Planning for Water Systems


1
  • WELCOME!
  • Vulnerability Assessment and Emergency Response
    Planning for Water Systems
  • Serving less than 50,000 People

Presented by the Florida Rural Water
Association And made possible by a grant from
the Department of Environmental Protection And
the Environmental Protection Agency
2
INTRODUCTIONS
  • FRWA SECURITY STAFF
  • Coy Donaldson
  • Ken Klos
  • SPEAKER
  • Ken Klos
  • ATTENDEES

3
ADMINISTRATIVE INFORMATION
  • Restroom locations
  • Emergency exits
  • Sign attendance sheet
  • Security
  • Breaks
  • Lunch

4
VULNERABLE ?????
5
Background Information
  • PDD-63
  • PL 107-188
  • EPA Overview
  • FRWA Training Booklet

6
PDD-63 Protecting Americas Critical
Infrastructure
  • Signed by President Clinton in 1998
  • An attack on any of these (8) infrastructures
    (water wastewater included) may significantly
    harm the health and economic well being of the
    United States.

7
PL 107 188BIOTERRORISM ACT
  • Signed by President Bush in June, 2002
  • Amended the Federal Safe Drinking Water Act
  • Conduct formal Vulnerability Assessments
  • Develop/revise Emergency Response Plans

8
US EPA
  • PDD-63 assigned responsibility to EPA (AMWA
    AWWA) for developing plans to improve water
    infrastructure security.
  • EPA formed Water Protection Task Force with the
    mission to
  • Conduct Security Training for utilities
  • Provide Technical Financial assistance
  • Establish an Information Sharing System
  • Improve Security Technology thru research

9
(EPA Contd)
  • PL 107 188 appointed EPA as lead federal agency
    for Water Sector
  • EPA 810-R-02-001 Guidance for Water Utility
    ... April 2002 (p. 77)
  • EPA 810-B-02-001 Instructions to assist CWS.
    January 2003 (p. 53)

10
FRWA TRAINING BOOK
  • Central Reference Document
  • Table of Contents

11
INTRODUCTION TOVULNERABILITY ASSESSMENT
What is the Purpose of Vulnerability Assessment?
Vulnerability assessments help water systems
evaluate susceptibility to potential threats and
identify corrective actions that can reduce or
mitigate the risk of serious consequences from
adversarial actions. EPA fact sheet
www.epa.gov/ogwdw/security/index.html
12
INTRODUCTION TOVULNERABILITY ASSESSMENTDefiniti
on
  • Vulnerability is the risk that a water utility
    will be damaged to some extent by a specific
    threat.
  • For example The City's water utility is highly
    vulnerable to vandals painting graffiti on the
    ground storage tank because it is located in a
    secluded area of the community, and doesn't have
    a fence.

13
INTRODUCTION TOVULNERABILITY ASSESSMENTCritical
Assets, Vulnerable?
Pumps
Storage
WTP
SCADA
Distribution System
Well Field Pumps
14
INTRODUCTION TOVULNERABILITY ASSESSMENT
  • Are Threats to Water Utilities Real?
  • The history of terrorism has been to attack
    innocents where there is no security and trained
    assistance is distant.
  • Water/wastewater assets are easy targets and are
    not well protected, yet
  • Hazardous chemicals delivered,
    stored, used on site

15
INTRODUCTION TOVULNERABILITY ASSESSMENT
  • Distribution System provides
    access to EVERYONE
  • Water plants are upstream
    of significant
    economic activities
  • Our lives depend on
  • a reliable supply of
  • safe water

16
VULNERABILITY ASSESSMENT METHODS
  • SIX METHODS discussed briefly

17
VULNERABILITY ASSESSMENT METHODS
  • NONE OF THE METHODS PROVIDE
  • A utility-specific blueprint for a VA.
  • Specific threats for water utilities to protect
    against.
  • Specific security solutions for identified
    vulnerabilities.
  • THE RESULTS ARE CONTROLLED BY YOU, THE VA TEAM!
  • NO CERTIFICATION IS REQUIRED!

18
VULNERABILITY ASSESSMENT METHODS
  • Risk Assessment Methodology for Water Utilities
    RAM-W. 3 days tuition
  • Complex methodology, good for large utilities.
  • Labor intensive decision-making process.
  • Extensive terminology to be learned and applied
    correctly.

19
VULNERABILITY ASSESSMENT METHODS
  • Vulnerability Self-Assessment Tool VSAT
  • 1 or 2 days optional training TREEO offers 1
    day training
  • Software limited only method that requires
    use of a computer
  • Very flexible to fit needs of large or small
    utility

20
VULNERABILITY ASSESSMENT METHODS
  • NRWA/ASDWA TEMPLATE
  • Security Vulnerability Self-Assessment Guide for
    Small Drinking Water Systems Serving Populations
    Between 3,300 and 10,000
  • www.vulnerabilityassessment.org

21
VULNERABILITY ASSESSMENT METHODS
  • NETCSC National Environmental Training Center
    for Small Water Systems
  • Preparing for the Unexpected Security for
    Small Water Systems
  • www.netc.wvu.edu
  • Addresses the unique security needs of small
    water systems (those serving fewer than 10,000
    people).

22
VULNERABILITY ASSESSMENT METHODS
  • KDHE Kansas Department of Health and
    Environment method
  • Available at http//www.ruralwater.org/ksva.pdf
  • Uses a simple matrix to evaluate vulnerability.
  • User friendly with or without a computer
  • Not fully stand-alone

23
VULNERABILITY ASSESSMENT METHODS
  • FRWA METHOD
  • Focuses on accomplishing PL 107-188s 6
    required elements of a vulnerability
    assessment.
  • Uses best of RAM-W, NRWA/ASDWA, and KDHE
    methods.
  • Intended for use by water utilities serving
    less than 50,000 people.

24
VULNERABILITY ASSESSMENT METHODS
  • FRWA METHOD relies on your teams ability to
    agree on (a consultant will also)
  • Your utilitys mission and to prioritize its
    objectives.
  • The threats that should be protected against.
  • The methods to be used to protect your utility.

25
SECURE

 
26
INSECURE
27
SECURITY ISSUES
  • Culture of Security
  • All employees aware that Security is an important
    part of THEIR job
  • Include in Performance Review
  • Operational security practices
  • Facility physical security
  • Increase Community Awareness of Security
  • Community Watchdogs in Rural/Isolated areas
  • Work with Sheriff/Police and Fire Dept.

28
SECURITY ISSUES contd
CONFIDENTIAL FOR OFFICIAL USE ONLY
  • Classification of Vulnerability Assessment
    Documents
  • CONFIDENTIAL FOR OFFICIAL USE ONLY
  • BOLD, RED LETTERS
  • Upper Left Lower Right of each page
  • Pages numbered 1 of 1, 1 of 2, etc.

CONFIDENTIAL FOR OFFICIAL USE ONLY
29
SECURITY ISSUES contd
  • Control Accountability of VA Documents
  • Should Be Serialized (Copy 1 of 2, etc.)
  • Issue Sheet (Record recipients of document)
  • Record of Changes
  • Safekeeping (safe or vault)

30
SIX ELEMENTS OF VULNERABILITY ASSESSMENTS
REQUIRED BY PL 107-188
  • Characterize the water system, including its
    mission and objectives
  • Determine malevolent acts
  • Assess likelihood of malevolent acts
  • Identify and prioritize adverse consequences
  • Evaluate existing countermeasures
  • Develop prioritized plan for risk reduction

31
SIX ELEMENTS OF VULNERABILITY ASSESSMENTS
REQUIRED BY PL 107-188
  • Characterize the water system, including its
    mission and objectives
  • Determine malevolent acts
  • Assess likelihood of malevolent acts
  • Identify and prioritize adverse consequences
  • Evaluate existing countermeasures
  • Develop prioritized plan for risk reduction

32
CHARACTERIZE THE UTILITYTHE VA TEAM
  • Performs the VA
  • Involves/uses senior management for some
    decisions
  • Has a variety of education and experience
  • Is trusted with sensitive information
  • Communicates effectively
  • Documents decisions and entire VA process.

33
CHARACTERIZE THE UTILITY
  • POTENTIAL TEAM MEMBERS (5-8 is ideal)
  • Utilities Director/Superintendent
  • Chief/Lead Water Plant Operator
  • Distribution System Manager
  • Law Enforcement Representative
  • City/County Engineer
  • Maintenance Manager
  • Emergency Management Representative
  • Human Resources Manager
  • Secretary

34
CHARACTERIZE THE UTILITY
  • ADDITIONAL SPECIALIZED TEAM RESOURCES
  • (provide specific information as needed)
  • Mayor or City/County Manager
  • OIT staff and/or a SCADA expert
  • City/County budget/accounting staff
  • Security Equipment Suppliers
  • Human Resources Manager
  • City/County Attorney

35
CHARACTERIZE THE UTILITY PRODUCE A MISSION
STATEMENT PRIORITIZED OBJECTIVES
OVERALL MISSION
  • MISSION OBJECTIVES

FOCUS ON CRITICAL ASSETS
36
CHARACTERIZE THE UTILITY PRODUCE A MISSION
STATEMENT PRIORITIZED OBJECTIVES
  • Mission Statement is CRUCIAL for good VA
  • Whats most critical function of the water
    utility?
  • Which assets must be protected first?
  • Which assets can be lost and still achieve the
    mission?
  • What do we do in a time of crisis?

37
CHARACTERIZE THE UTILITY PRODUCE A MISSION
STATEMENT PRIORITIZED OBJECTIVES
  • Mission Statement Brief and Clear
  • Example water utilitys mission is to
    provide an ample supply of safe drinking water
    with good pressure to all customers.

38
CHARACTERIZE THE UTILITY PRODUCE A MISSION
STATEMENT PRIORITIZED OBJECTIVES
  • We will accomplish our mission by achieving the
    following prioritized objectives
  • 1. Protect public health by distributing safe,
    potable water to all customers.
  • 2. Maintain adequate pressure and volume to meet
    fire protection requirements.
  • 3. Keep utility system costs as low as possible
    while complying with all applicable regulations.
  • (use p. 14 to draft mission stmts)

39
CHARACTERIZE THE UTILITY DESCRIBE YOUR EXISTING
ASSETS
  • VA REPORT should include a listing of all of the
    following
  • All physical facilities (see pages 65 66)
  • Computer equipment and software
  • Position descriptions and responsibilities
  • Existing security equipment
  • Customers, some more critical than others
  • Plans, record drawings, files, etc.

40
CHARACTERIZE THE UTILITY DESCRIBE YOUR EXISTING
ASSETS
  • INCLUDE INTERDEPENDENCIES
  • Electrical Power
  • Natural Gas
  • Fuels, diesel and gasoline
  • SCADA
  • Communications
  • Transportation

41
CHARACTERIZE THE UTILITY DESCRIBE YOUR EXISTING
ASSETS
  • Evaluate CRITICAL assets for vulnerability
  • Describe, list location, note where shown on
    drawings and process diagram, as appropriate.
  • List each assets vulnerability to attack.
    Examples
  • ASSETS CAPACITIES LOCATION VULNERABLTS
  • Pump/motor 800 gpm 229 Palm Ave electrical power
  • make/model 25 hp Sheet B3 physical
    damage
  • SCADA control
  • Chlorine gas 2000 lbs 229 Palm Ave physical
    damage
  • tanks Sheet C7
  • Well 1 1000 gpm 416 River Way electrical power
  • Sheet B1 physical damage
  • SCADA control

42
SIX ELEMENTS OF VULNERABILITY ASSESSMENTS
REQUIRED BY PL 107-188
  • Characterize the water system, including its
    mission and objectives
  • Determine malevolent acts (threats)
  • Assess likelihood of malevolent acts
  • ID and prioritize adverse consequences
  • Evaluate existing countermeasures
  • Develop prioritized plan for risk reduction

43
THREAT ASSESSMENT
  • Is a JUDGMENT, based on available intelligence,
    law enforcement, and open source information, of
    the actual or potential threats to your utility.
  • Local law enforcement is your best resource for
    outsider information.
  • See Security Information Websites, p. 50, item
    9, for additional outsider information.

44
THREAT ASSESSMENT
  • Identify potential adversaries
  • Insiders employees, present, former and future
    anyone with approved access.
  • Outsiders everyone else from vandals to
    criminals and terrorists (see p. 17-20).
  • Document assessment of both insiders and
    outsiders in VA report.

45
THREAT ASSESSMENT
  • INSIDERS ARE SPECIAL AND COMMON THREATS
  • Potential for active or passive roles in planning
    and/or carrying out an attack.
  • Trusted access to critical assets, as well as the
    SCADA and security systems.
  • They know whats critical how to disable it.

46
THREAT ASSESSMENT
  • SOURCES OF INFORMATION REGARDING INSIDERS
  • Personnel policies and practices
  • Staff morale/personal knowledge
  • Human resources staff
  • Employee background checks, prior to employment

47
THREAT ASSESSMENT
  • Prepare List of POTENTIAL Threats

THREAT NO. CRITICAL ASSET SOURCE OF THREAT THREAT TYPE
1 _at_ well vandals Contamination
2 _at_ well vandals Power loss
3 _at_ well vandals Physicl damge
4 _at_ wells emply sabtge Contamination
5 _at_ wells emply sabtge Power loss
6 _at_ wells emply sabtge Physicl damge
7 _at_ wells terror Contamination
8 _at_ wells terror Power loss
9 _at_ wells terror Physicl damge
48
THREAT ASSESSMENT
  • Threat list continued

THREAT NO. CRITICAL ASSET SOURCE OF THREAT THREAT TYPE
10 _at_ WTP vandals Contamination
11 _at_ WTP vandals Power loss
12 _at_ WTP vandals Physicl damge
13 _at_ WTP vandals Chlorine release
14 _at_ WTP emply sabotage Contamination
15 _at_ WTP emply sabotage Power loss
16 _at_ WTP emply sabotage Physicl damge
17 _at_ WTP emply sabotage Chlorine release
18 _at_ WTP terror Contamination


49
SIX ELEMENTS OF VULNERABILITY ASSESSMENTS
REQUIRED BY PL 107-188
  • Characterize the water system, including its
    mission and objectives
  • Determine malevolent acts (threats)
  • Assess likelihood of malevolent acts (Probability
    of occurrence)
  • ID and prioritize adverse consequences
  • Evaluate existing countermeasures
  • Develop prioritized plan for risk reduction

50
Risk Equation
The following equation determines relative risk
of each threat actually being carried out Risk
Probability of occurrence, P times
Consequence severity, C times
Effectiveness of deterrents, E
51
PROBABILITY OF OCCURENCE
  • Risk is a function of
  • Probability (P) of a threat being carried out
  • Probability of occurrence
  • Consequences (C) if threat is carried out
  • Loss of supply how long
  • Loss of pressure how much
  • Loss of capital how expensive
  • Loss of public confidence how to regain
  • Effectiveness of Deterrents (E)
  • Deterrents are those things done to prevent
  • threats from occurring (fences, locks, etc.)

52
PROBABILITY of OCCURRENCE
Threat Multiplier
Threat exists, but very improbable Saboteur, terrorist could threaten 1
Threat exists, but improbable 2
Threat exists, somewhat probable Authorities know of threat, no target 3
Threat exists, probable 4
Threat exists, highly probable Authorities know of threat of vandalism, and typical targets 5
53
PROBABILITY of OCCURRENCE
THREAT NO. CRIT. AST. SOURCE OF THREAT THREAT TYPE PROBABILITY OF OCCURRENCE, P
1 _at_ well vandals Contmntn 1
2 _at_ well vandals Powr loss 3
3 _at_ well vandals Phys dmg 5
4 _at_ wells empl. sab. Contmntn 2
5 _at_ wells empl. sab. Powr loss 2
6 _at_ wells empl. sab. Phys dmg 2
7 _at_ wells terror Contmntn 1
8 _at_ wells terror Powr loss 1
9 _at_ wells terror Phys dmg 1
54
PROBABILITY of OCCURRENCE
THREAT NO. CRIT. AST. SOURCE OF THREAT THREAT TYPE PROBABILITY OF OCCURRENCE, P
10 _at_ WTP vandals Contamntn 1
11 _at_ WTP vandals Power loss 1
12 _at_ WTP vandals Physcl dmg 1
13 _at_ WTP vandals CL release 1
14 _at_ WTP emply sabtg Contamntn 1
15 _at_ WTP emply sabtg Power loss 3
16 _at_ WTP emply sabtg Physcl dmg 1
17 _at_ WTP emply sabtg CL release 2
18 _at_ WTP terror Contamntn 2

55
SIX ELEMENTS OF VULNERABILITY ASSESSMENTS
REQUIRED BY PL 107-188
  • Characterize the water system, including its
    mission and objectives
  • Determine malevolent acts (threats)
  • Assess likelihood of malevolent acts (Probability
    of occurrence)
  • ID and prioritize adverse consequences
  • Evaluate existing countermeasures
  • Develop prioritized plan for risk reduction

56
CONSEQUENCE PRIORITIZATION CONSEQUENCE PRIORITIZATION
Consequence Multiplier
Normal supply of potable water available All demands met 1
Minimum supply of potable water available Emergency demands met 2
Inadequate supply of potable water available Parts of system may be without water 3
No potable water available Contaminated fire and sanitary wtr available 4
No water available 5
One or more people killed 7
57
CONSEQUENCE PRIORITIZATION
THREAT NUMBER CHARACTER THREAT TYPE CONSEQUENCE PRIORTZTN, C
1 _at_ well, vandals Contamination 2
2 _at_ well, vandals Power loss 2
3 _at_ well, vandals Physical damage 1
4 _at_ wells, emply sabotage Contamination 7
5 _at_ wells, emply sabotage Power loss 5
6 _at_ wells, emply sabotage Physical damage 5
7 _at_ wells, terror Contamination 7
58
CONSEQUENCE PRIORITIZATION
THREAT NO. CRIT. AST. SOURCE OF THREAT THREAT TYPE CONSEQUENCE PRIORTZTN, C
1 _at_ well vandals Contmntn 2
2 _at_ well vandals Powr loss 2
3 _at_ well vandals Phys dmg 1
4 _at_ wells empl. sab. Contmntn 7
5 _at_ wells empl. sab. Powr loss 5
6 _at_ wells empl. sab. Phys dmg 5
7 _at_ wells terror Contmntn 7
8 _at_ wells terror Powr loss 5
9 _at_ wells terror Phys dmg 5
59
CONSEQUENCE PRIORITIZATION
THREAT NO. CRIT. AST. SOURCE OF THREAT THREAT TYPE CONSEQUENCE PRIORTZTN, C
10 _at_ WTP vandals Contamntn 2
11 _at_ WTP vandals Power loss 3
12 _at_ WTP vandals Physcl dmg 1
13 _at_ WTP vandals CL release 7
14 _at_ WTP emply sabtg Contamntn 7
15 _at_ WTP emply sabtg Power loss 5
16 _at_ WTP emply sabtg Physcl dmg 5
17 _at_ WTP emply sabtg CL release 7
18 _at_ WTP terror Contamntn 7

60
SIX ELEMENTS OF VULNERABILITY ASSESSMENTS
REQUIRED BY PL 107-188
  • Characterize the water system, including its
    mission and objectives
  • Determine malevolent acts (threats)
  • Assess likelihood of malevolent acts (Probability
    of occurrence)
  • ID and prioritize adverse consequences
  • Evaluate existing countermeasures (deterrents)
  • Develop prioritized plan for risk reduction

61
DETERRENT EFFECTIVENESS

Effectiveness Factor
Highly effective Means to detect, delay, respond stop attack in place. Addtnl supply redundant units available emply vendor backgrd chks and key cards used. 1
Generally effective Means to detect delay attack spare parts spare units avail emply vendor backgrd chks. 2
Moderately effective Vandals substntlly deterred partl alt suply key spare parts available emply backgrd chks 3
Slightly effective Means to delay vandals no alt. supply but some spare parts avail no emply backgrnd chks. 4
Ineffective No physical means to detect or delay vandals. No alternate source of supply, or spare parts available. 5
62
DETERRENT EFFECTIVENESS
assessment
Time of Intrusion
Time
Attack Completed
63
DETERRENT EFFECTIVENESSList Existing Deterrents
Asset Protected Type of Deterrent Deterrent
Wells Detection Emply bckgrd chks
Wells Delay Chain link fence
Wells Delay Locked doors
Wells Response Emplymnt practcs
Wells Redundancy Spare parts motrs, extra wells
Treatment Plant Detection Motion detectors Emply bckgrd chks
Treatment Plant Delay Chain link fence
Treatment Plant Delay Locked doors
64
DETERRENTS EFFECTIVENESS
THREAT NO. CRIT. AST. SOURCE OF THREAT THREAT TYPE DETERRENTS EFFECTVNESS, E
1 _at_ well vandals Contmntn 3
2 _at_ well vandals Powr loss 3
3 _at_ well vandals Phys dmg 4
4 _at_ well empl. sab. Contmntn 3
5 _at_ well empl. sab. Powr loss 3
6 _at_ well empl. sab. Phys dmg 3
7 _at_ well terror Contmntn 5
8 _at_ well terror Powr loss 5
9 _at_ well terror Phys dmg 5
65
DETERRENTS EFFECTIVENESS
THREAT NO. CRIT. AST. SOURCE OF THREAT THREAT TYPE DETERRENTS EFFECTVNESS, E
10 _at_ WTP vandals Contmntn 4
11 _at_ WTP vandals Powr loss 4
12 _at_ WTP vandals Phys dmg 4
13 _at_ WTP vandals CL release 4
14 _at_ WTP empl. sab. Contmntn 3
15 _at_ WTP empl. sab. Powr loss 3
16 _at_ WTP empl. sab. Phys dmg 3
17 _at_ WTP empl. sab. CL release 3
18 _at_ WTP terror Contmntn 2
66
SIX ELEMENTS OF VULNERABILITY ASSESSMENTS
REQUIRED BY PL 107-188
  • Characterize the water system, including its
    mission and objectives
  • Determine malevolent acts (threats)
  • Assess likelihood of malevolent acts (Probability
    of occurrence)
  • ID and prioritize adverse consequences
  • Evaluate existing countermeasures (deterrents)
  • Develop prioritized plan for risk reduction

67
DEVELOP PRIORITIZED PLANFOR RISK REDUCTION
  • Risk, R Probability of occurrence, P
  • times
  • Consequence severity, C
  • times
  • Effectiveness of deterrents, E
  • R P x C x E

68
DEVELOP PRIORITIZED PLANFOR RISK REDUCTION
Threat P C E Relative Risk Priority
1 1 2 3 6
2 3 2 3 18
3 5 1 4 20
4 2 7 3 42
5 2 5 3 30
6 2 5 3 30
7 1 7 5 35
8 1 5 5 25
9 1 5 5 25
69
DEVELOP PRIORITIZED PLANFOR RISK REDUCTION
Threat P C E Relative Risk Priority
10 1 2 2 4
11 1 3 2 6
12 3 1 2 6
13 1 7 2 14
14 2 7 3 42
15 2 5 3 30
16 2 5 3 30
17 2 7 3 42
18 1 7 2 14

70
DEVELOP PRIORITIZED PLANFOR RISK REDUCTION
Threat P C E Relative Risk Priority
1 1 2 3 6 8
2 3 2 3 18 6
3 5 1 4 20 5
4 2 7 3 42 1
5 2 5 3 30 3
6 2 5 3 30 3
7 1 7 5 35 2
8 1 5 5 25 4
9 1 5 5 25 4
71
DEVELOP PRIORITIZED PLANFOR RISK REDUCTION
Threat P C E Relative Risk Priority
10 1 2 2 4 9
11 1 3 2 6 8
12 3 1 2 6 8
13 1 7 2 14 7
14 2 7 3 42 1
15 2 5 3 30 3
16 2 5 3 30 3
17 2 7 3 42 1
18 1 7 2 14 7

72
DEVELOP PRIORITIZED PLANFOR RISK REDUCTION
Threat P C E Relative Risk Priority
4 2 7 3 42 1
14 2 7 3 42 1
17 2 7 3 42 1
7 1 7 5 35 2
5 2 5 3 30 3
6 2 5 3 30 3
15 2 5 3 30 3
16 2 5 3 30 3
8 1 5 5 25 4
73
DEVELOP PRIORITIZED PLANFOR RISK REDUCTION
Threat P C E Relative Risk Priority
9 1 5 5 25 4
3 5 1 4 20 5
2 3 2 3 18 6
13 1 7 2 14 7
18 1 7 2 14 7
1 1 2 3 6 8
11 1 3 2 6 8
12 3 1 2 6 8
10 1 2 2 4 9

74
DEVELOP PRIORITIZED PLANFOR RISK REDUCTION
THREAT NO. CRIT. AST. SOURCE OF THREAT THREAT TYPE DESCRIPTION OF ACTIONS, YEAR 1
4 _at_ well empl. sab. Contamntn Install card key ID system.
14 _at_ WTP emply sabtg Contamntn Install card key ID system.
17 _at_ WTP emply sabtg CL release Install card key ID system.
75
DEVELOP PRIORITIZED PLANFOR RISK REDUCTION
THREAT NO. CRIT. AST. SOURCE OF THREAT THREAT TYPE DESCRIPTION OF ACTIONS, YEAR 2
7 _at_ wells terror Contamntn Join WaterISAC harden locks doors.
5 _at_ wells empl. sab. Powr loss Installed card key ID system last year.
6 _at_ wells empl. sab. Phys dmg Installed card key ID system last year.
76
DEVELOP PRIORITIZED PLANFOR RISK
REDUCTIONSimple Security Measures
  • Employee background checks
  • Talk to police
  • Tour all PWS facilities
  • Explain importance of PWS to community
  • Ask for security suggestions
  • Ask to include PWS facilities on routine patrols
  • Place bars or grates on windows
  • Use tamperproof padlocks

77
DEVELOP PRIORITIZED PLANFOR RISK
REDUCTIONSimple Security Measures
  • Talk to residents near facilities
  • Explain who should/should not be at the
    facilities
  • Provide a 24-hour telephone number to call if
    suspicious activity is observed
  • Post signs
  • No Trespassing/Violators Will Be Prosecuted
    and NRWA Warning sign
  • Follow through and prosecute
  • Limit remote SCADA system access
  • Unplug modem on SCADA system when not in use
  • Require person to give remote access to system

78
DEVELOP PRIORITIZED PLANFOR RISK
REDUCTIONSimple Security Measures
  • Work with chemical suppliers/other vendors
  • Get photo copies of DLs of drivers/salesmen
    before they arrive
  • Check photo copy against the DL

79
DEVELOP PRIORITIZED PLANFOR RISK REDUCTION
  • Use your staffs own ingenuity
  • Contact security equipment professionals
    suggested guidelines
  • Offer equipment from a variety of manufacturers.
  • Offer an integrated approach which includes
    design, installation and monitoring.
  • Consider procurement options that
  • maintain security of your system information
  • are not based on low bids.

80
DEVELOP PRIORITIZED PLANFOR RISK REDUCTIONUSE
INGENUITY
Water Treatment Facility
Entrance Gate
Perimeter Fence
Install Cattle Gate And 1 SS Cable
Protect Sides from Drive Around
Public road
81
DEVELOP PRIORITIZED PLANFOR RISK REDUCTIONUSE
INGENUITY
1 SS Cable, ends looped over poles, middle wired
to gate, slack at opening.
Telephone poles set in concrete
Std. cattle gate
Gate latched with SS chain secure padlock
Entrance Road
82
DEVELOP PRIORITIZED PLANFOR RISK REDUCTIONUSE
INGENUITY
  • INEXPENSIVE OPTIONS
  • Hardened door hinges, spot weld or purchase.
  • Replace cylindrical locks with MORTISED locks,
    purchase locks hinges 1,000/dr.
  • New doors with mortised locks 3 to 4,000.
  • Install guard plates above below striker
    plates.
  • Harden gates Spot weld hinge bolts, or use SS
    cable around gate posts use hardened latches.
  • Add lighting/motion sensing lighting.
  • Install warning signs.

83
SIX ELEMENTS OF VULNERABILITY ASSESSMENTS
REQUIRED BY PL 107-188
  • Characterize the water system, including its
    mission and objectives
  • Determine malevolent acts (threats)
  • Assess likelihood of malevolent acts (Probability
    of occurrence)
  • ID and prioritize adverse consequences
  • Evaluate existing countermeasures (deterrents)
  • Develop prioritized plan for risk reduction

84
VULNERABILITY ASSESSMENT REPORT
  • INTRODUCTION
  • Should contain background information, including
    why a vulnerability assessment was performed.
  • Should include the scope of the report and its
    organization.
  • USE PL 107-188S 6 ELEMENTS OF A VA AS CHAPTER
    HEADINGS

85
VULNERABILITY ASSESSMENT REPORT
  • SUGGESTIONS FOR REPORT
  • Report each step/decision of the process.
  • List EACH ASSUMPTION.
  • Include EVERY threat and system response
    considered, and if some threats were not
    evaluated, why they werent.
  • List as many steps to be taken to reduce
    vulnerability as possible (not just upgrades).
  • Follow EPAs instructions for VA submission.

86
(No Transcript)
87
WHOS IN CHARGE HERE, ANYWAY?
88
EMERGENCY PLANS
  • What is an Emergency ?
  • Unanticipated event that calls for an immediate
    response
  • Natural Flood, Hurricane, Tornado
  • Manmade Vandalism, Sabotage, Terrorism

89
EMERGENCY PLANS
  • Emergency Management Community
  • Fire, Police, Medical (First Responders)
  • Disaster Response, Civil Defense
  • EOC Emergency Operations Center
  • ICS Incident Command System
  • Water Utility
  • Component of the EM Community
  • Partner train with other components

90
Response
Recovery
Mitigation
4 Phasesof EmergencyManagement
Preparedness
  • Priority concerns Life safety issues
    protection of property
  • One simple rule Meet the needs of the victims

91
EMERGENCY MANAGEMENT PHASES
  • Preparedness
  • Research, Plan Exercise
  • Response
  • Actions taken to address the emergency
  • Recovery
  • Return system to normal operations
  • Mitigation Always on-going thru Preparedness,
    Response, Recovery
  • Reduce impact of emergency

92
ERP ACTIVATION LEVELS
  • EMCON I - Warning Condition review
    requirements of ERP check inventory
  • EMCON II - Alert Condition check EM
    communications work assignments
  • EMCON III - Imminent Threat Condition
  • activate ERP
  • EMCON IV - Declared State of Emergency follow
    guidance of ERP
  • EMCON V - Recovery Condition restore system
    complete reports update ERP

93
HOMELAND SECURITY ADVISORY SYSTEM
  • Threat Condition LOW GREEN
  • Threat Condition GUARDED BLUE
  • Threat Condition ELEVATED YELLOW
  • Threat Condition HIGH ORANGE
  • Threat Condition SEVERE RED

94
Condition GREENLow Threat
  • Refine/exercise as appropriate Preplanned
    Protective Measures
  • Ensure personnel trained on HSAS specific
    dept/agency Protective Measures
  • Institutionalize process for regular VA to
    terrorist attacks mitigation implemented

95
Condition BLUEGuarded
  • Check communications as identified in Emergency
    Response Plan
  • Review/update Emergency Response Procedures
  • Communicate to public any info. that will
    strengthen its ability to act appropriately

96
Condition YELLOWElevated-Significant risk of
terrorist attack
  • Increase surveillance of critical locations
  • Coordinate with nearby jurisdictions
  • Assess precise characteristics of the threat
  • Further refine Preplanned Protective Measures
  • Implement, as appropriate, contingency and
    Emergency Response Plans

97
Condition ORANGEHigh Risk of terrorist attacks
  • Coordinate security with local, State Federal
    law enforcement
  • Additional precautions at public events
  • Prepare to execute contingency procedures-move to
    alternate site disperse workforce
  • Restrict facility access to essential personnel
    only

98
Condition REDSEVERE risk of terrorist
attacksNot intended to be sustained for ext.
period
  • Increase/redirect personnel to address emergency
    needs
  • Pre-position mobilize specially trained teams
    or resources
  • Monitor, redirect, or constrain transportation
    systems
  • Close public government facilities

99
EMERGENCY RESPONSE PLANS (ERP) WHY ???
  • Required by PL 108-188 Bio-terrorism Act
  • DEP rule 62-555 being amended to require ERPs
  • Makes Good Sense to have a guide ready to use
    when an emergency arises

100
DEP 62-555 RULE CHANGESProbably effective this
summer
  • CWS serving 350 or more persons
  • ERP in accordance with AWWAs M19
  • Due by December 31, 2004
  • Minimum Components
  • Communications Chart
  • Written agreements with other agencies (Mutual
    Aid)

101
RULE CHANGES, contd
  • Minimum Components, contd
  • Disaster-Specific ERPs for
  • Vandalism/Sabotage
  • Drought
  • Hurricane
  • Structure Fire
  • And if applicable, for
  • Flood
  • Wildfire
  • Hazardous Material Release

102
RULE CHANGES, contd(see p. 39)
  • Minimum Components, contd
  • Standby Power Requirements
  • Details of how system meets
  • Fuel to maintain requirements
  • Drinking Water Treatment Chemicals
  • Inventory requirements

103
ERP PLANNING
  • Invest in the first 12 hours
  • Maximum chaos, minimum info
  • Something will happen without a plan
  • Make sure you have a script

104
  • Planning
  • When preparing for battle I have
  • always found that plans are
  • useless, but planning is
  • indispensable.
  • Dwight D.
    Eisenhower

105
EMERGENCY RESPONSE PLANS(ERP) Whats In Them?
  • Details of notification procedures
  • Assign responsibilities to individuals/groups
  • Guidance for appropriate response actions
  • Control the negative effect of a critical
    incident, prevent incident from escalating,
    enhance recovery process

106
IMPORTANT POINTS of ERP
  • Working document that should be used before,
    during after a disaster
  • Plan is an outgrowth of and should be developed
    from the completed VA and actions taken to
    mitigate risks

107
IMPORTANT POINTS contd
  • Identifies Resources, Responsibilities and
    Contingencies
  • Must comply with applicable state local
    ordinances requirements
  • Key personnel must know the plan
  • All personnel must know their individual roles

108
IMPORTANT POINTS contd
  • KISS (as simple as possible)
  • Living Document review revise regularly
  • Living Document Exercise the plan
  • Coordinate with Emergency Management Community,
    Regulatory authorities local government
    officials

109
ESSENTIAL COMPONENTSof Emergency Response Plan
  • Describes all anticipated emergencies
  • Provides detailed corrective actions for all
    defined emergencies
  • Prescribes specific performance actions
  • Defines Chain of Command
  • Describes coordination with other agencies
  • Lists Emergency Equipment Spare Parts
    Inventories

110
COMPONENTS contd(see p. 44)
  • List points of contact phone numbers
  • State Warning Point 800-329-0519
  • Members of Emergency Mgmt Community
  • System personnel
  • Customer Notification Protocol
  • Service, Supply equipment vendors
  • Laboratories
  • Media

111
COMPONENTS contd
  • Provides system information
  • Source water supply
  • Treatment information
  • Finished water storage information
  • Location of maps, manuals and plans
  • Areas of potential collaboration with other
    utilities and government agencies

112
EPA GUIDANCE(April 2002) (Incident Types)
  • Threat of or Actual Intentional Contamination of
    the Water System
  • Threat of Contamination at a Major Event
  • Notification from Health Officials of Potential
    Water Contamination
  • Intrusion through the SCADA system
  • Significant Structural Damage Resulting from an
    Intentional Act
  • (see
    pages 87-95)

113
OTHER CONSIDERATIONS
  • Mutual aid agreements
  • Emergency Procurement Procedures
  • Training
  • Table Top Exercises
  • Functional Field Drills
  • Full Scale Drills (Hurricane ZEKE
  • New employee orientation ERP training

114
  • General Steps for Emergency Response
  • Immediate notification
  • Conduct Preliminary Assessment
  • Establish Command Control Structure
  • A. Define Emergency Status
  • B. Activate Communications Plan
  • C. Conduct Full Assessment
  • Implement Countermeasures
  • Activate Recovery Plan

115
  • General Steps, contd
  • 1. Immediate Notification
  • Call 911
  • Call Utility Management
  • Communications Tree
  • Call State Warning Point
  • 2. Conduct Preliminary Assessment
  • Nature
  • Extent
  • Severity

116
  • General Steps, contd
  • 3. Establish Command Control Structure
  • Establish Chain of Command
  • Identify Tech Specialists
  • A. Define ERP Activation
  • EMCON I
  • to
  • EMCON V

117
  • General Steps, contd
  • 3. Establish Command Control Structure
  • B. Establish Communications with
    Appropriate Groups
  • Emergency Management Cmty
  • Critical or Priority Customers
  • Media
  • C. Conduct Full Assessment (use Technical
    Specialist Team)
  • Nature
  • Extent
  • Severity

118
  • General Steps, contd
  • 4. Implement Countermeasures
  • Isolate affected portion of system
  • Emergency repairs based on priority
  • Continue to provide non-potable water
  • Customer notifications
  • Boil Water Notices
  • Emergency water supplies
  • Tank trucks
  • Interconnection
  • Bottled water

119
  • General Steps, contd
  • 5. Recovery Phase
  • Restore service fully
  • Prepare reports
  • Mitigation requirements rate review
  • Lessons learned
  • Review update ERP

120
SUGGESTED FORMS
  • (see p. 122) excerpts from www.asdwa.org
  • AWWA Water System Security A Field Guide
    Appendixes (on disk)
  • www.calwarn.org/warn/warn_news.htm
  • (sample ERP from Calif.)
  • Google search for emergency response for water
    utilities

121
  • Emergency Response a self-assessment
  • Of the phases of emergency management, emergency
    response receives the most attention because it
    deals with events as they occur, in real time.
    For water utilities, the important issue is how
    well they respond to, and recover from, disasters
    so that the water supply remains available, safe,
    and reliable. The basic nature of the water
    utility emergency plan and process is described
    in AWWA Manual M19. Preparation for emergencies
    is the key to success and survival.

122
  • Self-assessment checklist
  • Managers are committed to readiness improvement
  • An established Emergency Response Program
  • EOC/ICS authority identified authorized for all
    emergencies
  • Roles of Elected Officials have been identified
  • Management admin systems in place for emergency
    ops
  • Admin Operations .functions clearly assigned
    for emergencies
  • Organizational structures are similar for routine
    disaster operations
  • Emergency procedures similar to normal procedures
  • Able to maintain records during a disaster
  • Crew assignments have been preplanned

123
  • Self-assessment checklist
  • Emergency management planning is an ongoing
    activity
  • Vulnerability Assessment has been conducted
  • Agreements for mutual aid, authority
    organization, incident management
    communications completed
  • Alternate transport for supplies, repair crews,
    equipment available
  • Standard Operating Procedures decision
    protocols have been prepared
  • Water conservation plans are ready
  • Comprehensive security/safety programs in place
  • Methods are implemented to monitor for
    contaminants on an ongoing basis to identify
    confirm contamination

124
  • Self-assessment Check list
  • Protocol in place to treat or contain water, or
    to warn the public not to use it
  • Operators are trained to monitor for physical
    threats
  • A comprehensive HAZMAT program in place
  • Access to critical facilities is controlled
  • Law enforcement personnel have toured the
    facilities to assist in identifying threats
    vulnerabilities
  • Only appropriate info is available on the Web
    site or via the Freedom of Information Act (FOIA)
  • Potential threats, including from employees and
    vendors, are monitored

125
  • Self-assessment Check list
  • Funding strategies for disaster preparedness are
    addressed
  • The financial strategy includes a 5 to 20 year
    Capital Program for emergency preparedness
  • Secure Communication systems have been
    established
  • Internal alerting procedures are established
  • The public information function for emergencies
    is clearly defined
  • Stakeholders to notify are listed, and the
    ability to alert the public is maximized
  • The utility has joined InfraGard and participates
    in national security networking activities

126
  • Self-assessment Check list
  • Active intergovernmental coordination is
    practiced
  • Partners in emergencies know one another before
    a disaster strikes
  • Training programs on threats, security, safety
    emergencies for all staff in place periodically
    assessed
  • Twice per year training/exercises are conducted
    for all levels of the response organization
  • Motivation is provided for employee involvement
    in emergency management programs
  • Performance audits for preparedness conducted

127
(No Transcript)
Write a Comment
User Comments (0)
About PowerShow.com