Water & Wastewater Security Its Still Important

Mark Wetzel P.E., Stantec ISA Water & Wastewater Conference August 2007

Standards Certification Education & Training Publishing Conferences & Exhibits

Presenter Mark Wetzel, PE

Principal and New England Practice Area Leader Environmental Infrastructure 29 years of municipal water and wastewater engineering experience Member of AWWA, NEWWA, WEF

Water System Security Background Public Health and Security and Bioterrorism Preparedness and Response Act of 2002 required community water systems to complete vulnerability assessments (VA) Funding was provided for large systems to complete the VA Implementation of security improvements was the responsibility of individual utilities

Water System Security Whos in Charge?

Federal & State Agencies
FBI INFRAGARD
CDC

HSRC, ETV, ETC

PROGRAM ELEMENTS NDWAC WSWG PRACTICES & PRINCIPLES

EPA

DHS

WSCC

AMWA

ASDWA

NRWA

AWWA WATER ISAC SECURITY COMMITTEE WS SUBCOMMITTEE

ASCE/ EWRI WISE

OTHER INVOLVED GROUPS SANDIA LABS ARGONNE LABS CONSULTANTS MILITARY LABS TISP WEF AMSA

WATER UTILITY COUNCIL

TECHNICAL ADVISORY GROUP

M&C (ASCE) SUBCOMMITTEE

MONITORING USERS GROUP

WW (WEF) SUBCOMMITTEE
7

Associations & Committees

STATE PUBLIC WATER AGENCIES

Security Needs Water Systems

160,000 water systems in the US; 466 serve more than 100,000 people VAs were completed in 2004 to identify system vulnerabilities and mitigation Issues Lack of redundancy Cyber-security Water quality monitoring Surveillance & facility hardening

Key Vulnerabilities Identified As Compromising Drinking Water System Security

Num ber of experts

35 30 25 20 15 10 5 0
sy st em ur c sy n a ch Tr ea tm en t am ic al s s at er e st em ot he rd at A an d w s

ut io

ist

iri b

So SC AD

Identified as highest vulnerability Identified as highest vulnerability

Wastewater Needs
16,000 PO wastewater systems in US 500 systems serve 62% of the population No regulatory requirements to assess security / mitigate vulnerability Wastewater / stormwater facilities can provide point of entry to potential targets Failure causes chemical releases, health threats, environmental impacts and economic impacts Potential for large scale explosions
10

Water Infrastructure Security Enhancements

AWWA, ASCE and WEF worked together to develop and implement security standards for water & wastewater systems USEPA funded the effort known as Water Infrastructure Security Enhancements (WISE) AWWA led the water utility effort WEF led the wastewater utility effort ASCE led the contaminant detection and monitoring effort for both water & wastewater Three phase approach

11

Water Infrastructure Security Enhancement (WISE)

Phase I - Guidance Documents: Water Supply, Wastewater/Stormwater, Online Contaminant Monitoring Phase II - WISE Training Materials Phase III - Voluntary Physical Security Guidelines - for Water Supply and Wastewater/Stormwater Utilities

12

13

Purpose of Security Guidance

Provide a centralized starting point for utilities as they integrate modern security practices into the management, operation, construction, or retrofit of their water, wastewater and stormwater systems Guidance available on line at:

www.awwa.org/science/wise www.asce.org/static/1/wise.cfm
14

Overview of Guidance

15

Security Needs and Strategies

Identify reasons for security measures Determine vulnerabilities and risks Develop security strategy based on threats Risk reduction Cost-Benefit analysis Cost to risk reduction analysis Develop a balanced plan Prioritize investments

16

Risk Assessment Methodology for Water Utilities (RAM-W)

17

Design Basis Threat

Identify threats and threat levels Vandal Criminal Saboteur Terrorist Threat Level Characteristics Planning Access Weapons Contaminants Asset damage Theft Injuries Fatalities

18

19

Other Considerations
Issues related to vulnerability / risk assessment Natural disasters Unanticipated failures Emergency preparedness Loss of key staff Mitigation Emergency Response Recovery

20

Management Considerations
Financial planning / CIP program to support security needs Policies and procedures
Background checks on employees and contractors Training Records management Operations policies Information access Emergency procurement Communications
21

Operational Considerations for Enhancing Physical Security Operational changes can provide the most cost effective security enhancements Approaches will depend upon the threat levels (vandals, criminals, saboteurs, terrorists) Deter Detect - Delay Operational approaches should be developed on a layered approach
Perimeter Site Buildings and structures Building systems (internal features)
22

General Operational Practices Visitor control /delivery control Alarm points and response Access control / key control Scheduling of maintenance / general maintenance practices Clear zone areas / site access Fencing Cyber security

23

Operational Policies should be developed for each facility including: Source water Intakes and impoundments Wells and pumping stations Treatment facilities Storage facilities Distribution systems Administration facilities

24

25

Hacker jailed for revenge sewage attacks

By Tony Smith
Published Wednesday 31st October 2001 15:55 GMT

An Australian man was today sent to prison for two years after he was found guilty of hacking into the Maroochy Shire, Queensland computerized waste management system and caused millions of litres of raw sewage to spill out into local parks, rivers and even the grounds of a Hyatt Regency hotel. "Marine life died, the creek water turned black and the stench was unbearable for residents," said Janelle Bryant of the Australian Environmental Protection Agency.

26

SCADA Cyber Security

Under restructuring, the grid
is now being operated in a way for which it was never designed... More access to control systems is being granted to more users, the demand for real-time control has increased system complexity, and business and control systems are interconnected.
Samuel Varnado, director of the Information Operations Center, Sandia National Labs
27

Cyber Security
Cyber security is the protection of enterprise information systems from inside or outside attack Systems include Financial and enterprise resource programs LIMS Customer Information systems Preventative maintenance / work order system GIS, records, models SCADA and controls Threats Outside hackers Outside attackers Inside attackers
28

Integrations Issues
Network system reliability Exposure to viruses, worms, Trojan horses Increased traffic on system Controlling / managing access Expertise of staff
29

Control System Security Program

United States Computer Emergency Readiness Team (USCERT) Catalog of Control Systems Security Requirements Developed to facilitate the development of cyber security standards for control systems Includes:
Organizational, personnel, physical security Systems & services acquisition Planning System & communications protection Information / document management Awareness & training Incident response System integrity Access Control Risk management
30

http://www.us-cert.gov/control_systems/

Cyber Security Policies and Procedures

Process for granting / revoking access to system Password policies Maintenance of anti-virus and firewall systems Restricted flow of information between systems and networks Comprehensive system documentation Prohibition of unauthorized wireless or modem connections Disaster recovery plan Incident response plan Cyber security training
31

Cyber Security Design

Physical security Back-up of all systems every day with off-site storage of back-up data Lockable PLC cabinets, computer / server rooms Protective, lockable cabinets for outdoor RTUs Managed entry system (coded of cards) for server rooms Best design practices Identify & characterize all network connections and implements secure connections Provide UPS for all critical components Contract for periodic evaluation of firewalls and intrusion detection systems

32

SCADA Security

Use intelligent RTUs with manual operation overrides Grid topology to eliminate single points of failure Design intrusion detection tools into system Test system for intrusion and vulnerability

33

Purpose of Physical Security Guidance

Provide direction to water utilities on how to design or retrofit their infrastructure, with respect to their unique circumstances or threats Establish physical and procedural controls to restrict access to utility infrastructure.and to detect unauthorized physical intrusions Incorporate security considerations into decisions about acquisition, repair, major maintenance and replacement of infrastructure

34

Physical Design Considerations

Based on threat type and layered approach Crime Prevention through Environmental Design (CPTED) Access control Territorial reinforcement Surveillance Image and maintenance Specific design considerations /criteria 10 State Standards USEPA Water Security Web site / tools & guidance WISE Phase III Guidelines for Physical Security of Water Utilities

35

Overview
Guidance addresses: Raw Water Facilities Wells & pumping stations Water Treatment plants Finished Water Storage Facilities Distribution systems Water system support facilities For each facility the guidance includes: Scope Facility mission Philosophy of security approach Benchmark security measures
36

Elements of Physical Security Systems

Deterrence, detection, delay, response Design base threat Layered approach

37

Physical Security Methodology

Step 1 Vulnerability Assessment Step 2 - Characterize design base threat (DBT) Step 3 Identify security measures Step 4 Consider Consequence Mitigation

38

39

40

Benchmark Security Measures Guideline establishes benchmark measures to deter, detect and/or delay threats Based on each type of facility and DBT Decisions are site and utility specific and benchmarks are considerations not rules Special considerations may be required depending upon public safety, redundancy, public access etc Based on layered approach Appendix A provides design guidelines for specific security elements
41

42

43

44

45

46

Choosing Optimal Physical Security Equipment

Guidance provides an overview of issues that should be considered when selecting and implementing electronic security systems Issues Threat type (anticipated adversary, motivation, tactics) Vulnerabilities of critical assets Areas of coverage Levels of resolution Power, wiring and transmission methods Viewing and assessment
47

Security Equipment
Access control access cards, PIN, biometrics Interior intrusion devices volumetric sensors, penetration sensors Exterior intrusion detection free-standing sensors, buried line sensors, fence mounted sensors Camera systems

48

49

EPA Security Products Guide

Searchable guide of products for water/wastewater security systems Physical security (walls, gates, and manhole locks) Electronic or cyber security (computer firewalls and remote monitoring systems) Monitoring tools that can be used to identify anomalies in process streams or finished water that may represent potential threats Not sure how up-to date- it is in the fast changing security technology business

50

51

52

Online Contaminant Monitoring Objective is to reduce risk due to contamination of water / wastewater Early warning system to allow for proper response Technology is still relatively new no knowledge base Design to characterize contamination and location Source intake monitoring Distribution / collection system monitoring
53

54

OCMS Design Considerations

Contaminants monitored Monitoring locations Data analysis & models Communications Operation and maintenance

55

56

Fully Integrated Security Planning & Design Do what is best for your utility Integrated plan of management, operations and design strategies Simple solutions Solutions with multiple benefits Use a cross functional utility team to develop and implement the solutions Supplement with external resources
57

Acknowledgement
Tables and figures presented in this presentation are from: Interim Voluntary Security Guidance for Water Utilities, ASCE/AWWA/WEF, Dec.9,2004 Guidelines for the Physical Security of Water Utilities Draft American Nation Standard for Trial Use, ASCE/AWWA, Dec. 2006

58

Questions??

59