What tools are available for conducting vulnerability assessments - PowerPoint PPT Presentation

1 / 28

About This Presentation

Title:

What tools are available for conducting vulnerability assessments

Description:

... and related events relatively new, so industry standard protocol in its infancy ... downstream of significant economic activities. So What Tools Are ... – PowerPoint PPT presentation

Number of Views:37

Avg rating:3.0/5.0

Slides: 29

Provided by: kenr8

Category:

more less

Transcript and Presenter's Notes

Title: What tools are available for conducting vulnerability assessments

1
What tools are available for conducting
vulnerability assessments?

Pacific Northwest Drinking Water and Wastewater
Security Workshop Seattle, WA March 11, 2003
James K. Sullivan, Water Environment Federation

2
Overview of Presentation

Congressional and EPA Goals and Objectives for
Vulnerability Assessment and Security Planning
VSAT The Wastewater Utility Response
WEF Security Training and Resources Available
Questions/Comments

3
Universe of Concern

168,000 Public Water Systems
54,000 community water
8,000 systems serve more than 3,300
Individuals
16,000 POTWs
Provide Wastewater Treatment to
73 of U.S. Population

4
Congress, EPA, and Water/Wastewater Security

2002 Bioterrorism Law Mandates Vulnerability
Assessments for Most Water Systems
No Current Mandates for Wastewater, However
S.6 Sec. 5001 Wastewater Infrastructure Security
and Safety Act Mandatory Assessments, with
funding
H.R. 866 Wastewater Treatment Works Security Act
of 2003 Voluntary Assessments, with funding

5
Drinking Water VAs ERPs

Under Bioterrorism Law Every Community Water
System Serving Greater Than 3,300 people must
1) Conduct a VA (See EPA Fact Sheet at
www.epa.gov)
2) Certify and Submit Vulnerability Assessment to
EPA
3) Prepare or Revise Emergency Response Plan
based on VA
4) Certify and Submit ERP to EPA within 6 mos. of
VA

6
Drinking Water Timeframe
7
S.6 Mandatory Vulnerability Assessments for
POTWs

POTW serving at least 25,000 people and
Others as Determined by Administrator
Shall Submit VA and Emergency Response Plan by
July 1, 2003
http//thomas.loc.gov

8
Security in the Wastewater Industry

Security threats from terrorist and related
events relatively new, so industry standard
protocol in its infancy
Serious security practices more evident
out-of-industry high-risk government buildings,
nuclear power plants
Wastewater utility physical assets typically
dispersed, so, standard approaches to security
developed for enterprises with highly centralized
assets not likely to fit perfectly
Managers facing a balancing act between external
demands for security and internal resources to
act and finance.

9
Are Threats to the Wastewater Sector Real?

If the objective of terrorism is disruption of
civil society, mass destruction, and the creation
of fear, then wastewater utilities could be easy
targets
Wastewater assets are easy targets and not
particularly protected, yet
Hazardous chemicals delivered, stored, used on
site
Infrastructure could provide access to others
Threats to the environmental and public health
are real
Treatment plants are downstream of significant
economic activities

10
So What Tools Are Available?
Physical Assets
Water and Wastewater Utilities Need to Protect
Their Five Major Assets Categories
IT Platform
Employees
Knowledge Base
Customers
11
Assets Are More than the Physical Plant
Physical Assets
Customers
IT Platform
and They All Need to Work Together Be Protected
Together
Knowledge Base
Employees
12
AMSA, in collaboration with PA Consulting and
SCIENTECH, Develop
13
Next, VSATwastewater Software Developed

Vulnerability Self-Assessment Tool (VSAT)
Customized risk- and cost-managed security
planning software for wastewater
Comes with complete data libraries but easy
to customize to any utility
Uses qualitative risk assessment,
but adapts to site-specific and
detailed costs and risks
Software learns and builds industry
benchmarks the more it is used, and it
is FREE!

14
VSATwater and VSATwater/wastewater Developed

Same Methodology Same User Interface as
wastewater tool but developed for small to medium
size water and joint water/wastewater utilities
Features Asset Templates Tailored for Water
Utilities and Updated Threat and Countermeasure
Libraries
Adaptable for any size utility and provides an
enduring method for managing the information
generated by security vulnerability assessments
All Three Tools Provide Same Vulnerability
Assessment Capabilities

15
VSAT Primary Interface Three Areas of
Operation
16
VSAT Cost / Risk Analysis
17
WEF and Water/Wastewater Security

WEF is Currently Training Wastewater Utilities of
All Sizes on Asset Checklist and VSATwastewater
Tool
Purpose of Training Sessions are to
Identify and Prioritize Security Concerns
Understand How to Use Available Tools
Conduct Vulnerability Assessments
Develop Security Plans
Training Coordinates Methodology of Asset
Checklist and VSAT Software

18
WEF Wastewater Security Training Phase
I (January June, 2002)

Six 1-day General Vulnerability Assessment
Sessions, reaching over 600 representatives of
POTWs, federal and state government, and other
security planning personnel
POTWs Trained to
1) Identify and prioritize
immediate security
concerns for utilities and
2) Implement low cost/high
benefit security measures

19
WEF Wastewater Security Training Phase II
(October, 2002-May, 2003)

Twelve 2-Day hands-on training sessions for large
POTWs
Teams of utility employees work with VSAT
wastewater software and data from their utility
Training is Free, but only open to
POTW Staff or his/her designee
VSAT Principle authors Ken Rubin
and Dan Rees Provide the Training

20
WEF Wastewater Security Training Phase II
Training (Continued)

Ten 1-Day Train the Trainer Sessions to train
assistance providers for small/medium size
utilities
Two 2-Hour Webcasts for small/rural Utilities
Region X VSAT Training in 2003 Seattle,
WA
Large Utility Training May 14-15
Train the Trainer Session May 16
WEBCAST on VSAT March 26 (300 Downlinks)

21
Questions/Comments?