In the wake of tragic terrorist events at the World Trade Center and the Pentagon, I had a couple of friends call me worried about their water supply and its accessibility to foul play. While nothing is really safe from terrorists, the water/wastewater industry has been studying these issues to prevent such actions.
In the May 2001 issue of the AWWA Journal, an article ("The Who, What, Why, and How of Counterterrorism Issues" by Gay Porter Denileon) details a signed threat from a terrorist group indicating that they intended to disrupt water operations in 28 US cities. Water utilities were warned by the FBI of this threat on Jan. 24, 2001, and told "to take precautions and to be on the lookout for anyone or anything out of the ordinary." While later this threat turned out to be a forgery, it sent an alarm to utilities and security across the United States.
In 1998, a Presidential Commission focusing on Critical Infrastructure Protection recommended that threat and risk assessments be performed to enhance and increase the security of those systems. Critical infrastructures are defined as those physical and cyber-based systems essential to the minimum operations of the U.S. economy and government. These infrastructures include telecommunications, energy, banking and finance, water systems and emergency services.
Steve Pappas, the director of Loss Control for Indiana-American Water Co., has outlined a plan for enhancing safety and security in his white paper "America?s Critical Infrastructures?How Vulnerable Are We?" According to Pappas, there are several factors to consider when making risk management decisions. Threat and risk assessments are recognized as decision support tools to establish and prioritize security program requirements. The risk assessment process consists of six steps.
* Develop a plan and select a team.
* Gather information.
* Identify asset vulnerabilities.
* Determine risk through scenarios.
* Identify actions that lead to risk reduction.
* Reporting and follow up.
Methods of destruction and therefore vulnerabilities mentioned by Denileon include physical, bioterrorism/chemical contamination and cyber attack. While bioterrorism gets the most headlines, many observers believe that the physical destruction or disruption of a plant is a more likely scenario.
At the recent AWWA Conference, a workshop titled Critical Infrastructure Terrorism and Security gave participants a view of a vulnerability assessment tool being developed and practical advice from FBI agents, researchers and utility professionals who already have a security program in place. AWWA is planning to develop a Seminar in a Box program in 2002 that would take an in-depth look at the issues presented at the 2001 conference workshop.
Terrorism transcends all geographic and demographic boundaries. An attack against a water utility is a possibility. Hopefully, current events will prompt utility officials to take another look at their processes and discuss security improvements with federal, state and local agencies.