When I think of security in the water industry, my mind turns to the hardware involved: water quality monitoring systems, fences, locks, etc. But establishing a comprehensive security system doesn’t begin with hardware - it begins with developing an understanding of the broader issues involved in water security.
A new report from the National Drinking Water Advisory Council is designed to help utilities implement security practices and measure their effectiveness. The report was developed by the Council’s Water Security Working Group (WSWG). The 16 members of the WSWG include representatives of small, medium, and large water and wastewater utilities, public health advocates and regulators, and environmental and public health interest organizations.
The WSWG report includes 18 findings dealing with security practices and programs, incentives, and measures. Findings address the basic scope and principles for active and effective security programs; establish significant system failures and key threats that security programs should consider; identify 14 features that all active and effective security programs should address; advise steps that government and others can take to support and encourage utility security efforts and create a better climate for security; and describe a framework for measuring utility security progress.
The report was unveiled during a press conference at the American Water Works Association annual convention in San Francisco in June. J. Alan Roberson, AWWA director of security and regulatory affairs, stressed that the report provides a “framework” for establishing a security program and was not designed to be “one size fits all.”
“This report is a significant step in our quest to assure a culture of security at water systems throughout North America,” Roberson said. “The recommendations establish a consistent expectation for what features constitute an ‘active and effective’ water security program, but it does so in a way that allows utilities flexibility based on their size and local circumstances.”
The report is written from a management perspective, and doesn’t address the nuts and bolts - the hardware and technologies that make up a security system. Roberson said AWWA and other groups are working to develop guidelines on equipment and technologies that would be used for security monitoring.
The report outlines the potential system failures and key threats that utilities should consider when developing a security program. They include loss of pressurized water for a significant part of the system; long-term loss of water supply, treatment, or distribution; catastrophic release or theft of on-site hazardous chemicals; adverse impacts to public health or confidence resulting from a contamination threat or incident; long-term loss of wastewater treatment or collection capacity; and use of the collection system as a means of attack on other targets.
The report stresses the need to begin by making an explicit commitment to security, and developing a “security culture” throughout the organization. The authors alsso stress the need for ongoing attention to security in annual planning and budgeting, and the need to update utility-specific security approaches and tactics to incorporate lessons learned from tabletop and field exercises, and from any actual responses.
Security program features and measures also emphasize the need for utilities to take advantage of opportunities to improve security through use of plant design and operating choices that are inherently more secure or that lower the likelihood or potential consequences of a successful attack.
The entire report is available on AWWA’s web site at www.awwa.org/Advocacy/govtaff/govnew.cfm.
James Laughlin, Editor
