Water is fundamental to daily life. If the power goes out, you can light a candle. Or if you lose gas, you can start a fire and bundle up. However, there is no alternative for the benefits that water provides. Community water systems are responsible for uninterrupted delivery to homes every day.
From sabotage and coordinated assaults to earthquakes and fires, community water systems face a wide range of physical threats. The America's Water Infrastructure Act (AWIA) is designed to enhance the resiliency and continuity of community water utilities, as well as facilitate the framework necessary to help deter, detect, delay, devalue and respond to a variety of natural and malevolent threats.
No utility can afford to address how each one of its assets might be impacted by every possible malevolent act or natural disaster. However, utilities can do plenty to minimize and manage the threat of contamination and other untold harm, while achieving AWIA compliance in the process. Utilities can implement the following steps to help prepare for potential threats:
- Dust off past assessments. Locate and update any past security or vulnerability assessments — specifically those conducted in response to the Bioterrorism Act of 2002. Previous assessments, including asset identification, past threats and mitigation solutions, can provide a baseline when conducting new risk and resiliency assessments.
- Take an all-hazard approach. Rather than considering threats individually, an all-hazard approach encompasses any threat that poses a risk to a water system. With this approach, the primary focus is on protecting critical assets rather than honing in on the threat itself. Before security solutions can be designed, critical assets that need protecting must first be identified and prioritized. It can be cost prohibitive to secure everything at the same level.
- Secure executive sponsorship. A security culture and an all-hazard approach are easier to accomplish if supported by key stakeholders at the utility. For example, employees who balk at the idea of “badging in” to secure areas may view security procedures differently when they see leaders championing and following the same protocols. Achieving executive sponsorship may be one of the most important tasks to be accomplished first.
- Avoid one-size-fits-all solutions. Water infrastructure often passes through multiple subdivisions, municipalities, counties, even states — and each with its own respective codes and regulations. Gated communities, for example, may prohibit typical security fences. The challenge is to identify solutions that meet both local codes and the security objectives for your water system. Keep in mind that the same assets may be more or less secure, depending on location. For instance, a pump station in a rural area faces different risks than one in an urban environment. When conducting security assessments, it’s important to consider the unique characteristics of each site.
- Look beyond technical solutions. Sometimes a change in policy or procedure can address a risk faster and more cost-effectively than a technological solution. In other cases, environmental design can serve crime prevention purposes. For example, rather than increasing cameras or other security technology at a site, trees and shrubbery can be added or trimmed or lighting can be added or removed, depending on whether it’s intended to increase or decrease visibility at the site.
- Consider a layered approach. Security budgets are not foolproof, which means it’s a good idea to concentrate security around critical assets in layers. The more critical the asset, the greater the number of security layers needed to delay intruders from physically reaching it.
- Foster a security culture. One of the most effective ways to protect a water system is to raise internal awareness. Staff who understand security risks and best practices know what suspicious activities to watch for and report. They also take ownership of solutions. Quick action can prevent many incidents or speed response time should one occur.
- Proactively act on your emergency response plan (ERP). Technologies used in water systems today have evolved since many utilities developed their original ERPs. Risks related to sabotage and terrorism are also evolving. The AWIA requirement to update ERPs is intended to bring utilities up to date, while improving their ability to respond rapidly and recover quickly from security incidents. However, updating the plan is not enough. Now is the time to introduce or expand internal safety and security trainings that include ERP components. Tabletop/mock exercises within a training environment are a great way to prepare for if — and when — an emergency happens.
AWIA sets into motion a timeline for risk and resiliency compliance requirements for community water systems. A cohesive, comprehensive approach that incorporates best practices for infrastructure resiliency, physical security and cybersecurity can keep you ahead of fast-approaching compliance deadlines.