Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Water Infrastructure Security Enhancement (WISE) Workshop Presented by Mike ChrittonKen Thompson Gary Jacobson, PEYakir Hasit, PhD, PE Bill Desing, PERaja.

Similar presentations


Presentation on theme: "1 Water Infrastructure Security Enhancement (WISE) Workshop Presented by Mike ChrittonKen Thompson Gary Jacobson, PEYakir Hasit, PhD, PE Bill Desing, PERaja."— Presentation transcript:

1 1 Water Infrastructure Security Enhancement (WISE) Workshop Presented by Mike ChrittonKen Thompson Gary Jacobson, PEYakir Hasit, PhD, PE Bill Desing, PERaja Kadiyala, PhD Atlanta, GA Reston, VA Dallas, TX Los Angeles, CA Seattle, WA August 5 August 6 August 12 September 9 September 23

2 2 For everyone’s comfort, please… –Silence your cell phones, pagers, Blackberry devices –Restrooms are located… –Exits are located… Logistics

3 3 Acknowledgments Funding by EPA’s Water Infrastructure Security Enhancements (WISE) project WISE Project Managers –Mr. Chris Hanson (ASCE) –Mr. Muhammad Amer (ASCE) –Ms. Stacy Passaro (WEF) –Mr. Jim Wailes (AWWA) Technical oversight by ASCE/EWRI WISE Standards Committee

4 4 Agenda Introduction The Importance of Security Management and O&M Considerations to Enhance Security Design Considerations and Features to Improve Security Design and Implementation of Online Water Quality Monitoring Systems Closing

5 5 The Importance of Security at Water, Wastewater, and Stormwater Utilities

6 6 Past Incidents Show Cause for Concern Sewer Explosion – April 22, 1992 – 200+ dead – 1,500+ injured – 15,000+ homeless – 1,000+ buildings destroyed or damaged Guadalajara, Mexico

7 7 Former contract employee releases untreated sewage – Insider manipulated SCADA system – Caused pump station failure, resulting in overflow onto tourist resort and into storm sewers Resulting challenges – Crisis communication – Bio-hazards – Liability – Public relations – Damaged “trust” in the city’s system. Sabotage in Australia 2002

8 8 Wastewater security concerns include – Physical destruction – Illegal dumping of toxic chemicals or flammable substances in the collection system – Release of chlorine gas or other toxics Interruption in wastewater service can result in – Widespread public health impacts – Significant environmental damage Wastewater Security Concerns

9 9 Water Distribution System Contamination Scenarios Intentional contamination—injection of agents through –Assets under atmospheric pressure –Assets under system pressure –Chemical feed systems Easily accessed sites for contamination –Source water –Finished water storage facilities –Terminal appurtenances

10 10 Accidental contamination can occur through –Backflow from cross-connections –Infiltration of contaminated water through breaks in pipes –Inadvertent spills –Runoff –Effluent discharge Water Distribution System Contamination Scenarios

11 11 107TH CONGRESS 1ST SESSION P.L AN ACT To improve the ability of the United States to prevent, prepare for, and respond to bioterrorism and other public health emergencies. Drivers for Implementing System Security Public Health Security and Bio-terrorism Preparedness and Response Act of 2002 National Intelligence Reform Act of 2004

12 12 Drivers for Implementing System Security Homeland Security Presidential Directives – HSPD-5 – Management of Domestic Incidents – HSPD-7 – Critical Infrastructure Identification, Prioritization, and Protection – HSPD-8 – National Preparedness – HSPD-9 – Defense of United States Agriculture and Food

13 13 Drivers for Implementing System Security System security –Provides utilities with opportunities to protect public health and safety –Increases public confidence –Considers legal consequences and helps to define “standard of care”

14 14 Benefits of Implementing System Security Proactive planning, actions, and training –Can be applied during any emergency –Can prevent damage to systems and outage conditions –Reduce non-service consequences –May mitigate potentially adverse legal reactions

15 15 ASCE WISE SC Response to Need for Security Information Establishment of Water Infrastructure Security Enhancements Committee (WISE) Standards Committee (SC) ASCE enters into cooperative agreement with USEPA to develop, with WISE SC oversight, physical security standards for water and wastewater utilities AWWA prepares water guidance; WEF prepares wastewater/stormwater guidance; ASCE prepares methodology/characteristics

16 16 WISE Documents Developed to Aid Utility Security Planning Three phases of development for each guidance area –Phase 1: Development of interim voluntary security guidelines for water and wastewater/stormwater utilities and contaminant monitoring systems (December 2004) –Phase 2: Preparation of training and outreach materials for Phase 1 documents (August 2005) –Phase 3: Development, vetting, and acceptance of appropriate standards through accredited consensus process (December 2006)

17 17 WISE Security Guidance and Standards

18 18 Provide utility personnel, designers, educators, regulators and other water/wastewater/ stormwater industry professionals with –An overview of the contents of the WISE documents –Relevant management, operational, and design concepts to reduce security risks –Information to develop a balanced and optimized security strategy Objectives of this Workshop

19 19 Basic Assumptions when Developing a Security Strategy

20 20 Identifying the threats Assessing the threats Defining vulnerability and risk Evaluating risk Assessing vulnerability Developing a security strategy Determining efficient actions Balance and benefits Developing a Security Strategy Overview

21 21 A threat is defined as an event that may result in – Harm to the public – Damage or harm to a utility’s physical, cyber, or human assets – An upset or disruption to service or operations Threats can be divided into three categories – Malevolent threats – Natural threats – Unintentional threats Developing a Security Strategy Identifying the Threats

22 22 Developing a Security Strategy Identifying the Threats Utilities protect against –Vandals –Criminals –Saboteurs –Terrorists –Insiders –Outsiders

23 23 Vandal Thrill, dare Property damage Little or none Stealth None Minimal None Motivation Objective Planning Access Weapons Contaminants Asset damage Injuries Fatalities Characteristic Criminal Financial gain Theft Possible Stealth Knife, pistol, rifle None Minimal Possible Saboteur Political cause Disruption/destruction Definite Stealth Explosives Possible Significant Possible Terrorist Political cause Destruction and human casualties Extensive Stealth or overt Assault weapons, explosives, RPGs Probable Extensive Definite Threat Categories Developing a Security Strategy Identifying the Threats Threat Characteristics by Category

24 24 Developing a Security Strategy Assessing the Threats Understand the likelihood of a threat occurring at this utility based on the Design Basis Threat (DBT) –Capability of the threat (i.e., number of adversaries) –History of threats –Tactics and methods of attacks (including tools) –Access to critical equipment (internal) –Motivation of adversary

25 25 Identify the threat category that is appropriate for the utility based on – Existing information gathered from law enforcement – Experience Threat category becomes the Design Basis Threat – Improvements to reduce risk should target DBT –Improvements that reduce risk against one category will also reduce risk against lower-risk categories Developing a Security Strategy Assessing the Threats

26 26 Vulnerability is a characteristic of an infrastructure’s design, implementation, or operation that makes it susceptible to destruction or incapacitation by a threat Risk is the potential for realization of unwanted adverse consequences to human life, health, property, or the environment Developing a Security Strategy Defining Vulnerability and Risk

27 27 Risk = ƒ (probability x criticality) What is the severity of the occurrence? What is the likelihood of the occurrence? Countermeasures are procedures, operational tactics, or elements of physical infrastructure that decrease probability or criticality Developing a Security Strategy Evaluating Risk

28 28 Objectives of vulnerability assessments (VAs) – Identify threats – Identify specific assets that may be impacted – Determine the relative criticality of the utility’s assets – Determine the likelihood that a threat may materialize – Evaluate existing countermeasures – Analyze current risks – Identify additional countermeasures and prioritize Developing a Security Strategy Assessing Vulnerability

29 29 Vulnerability assessment tools Vulnerability Self-Assessment Tool (VSAT TM ) developed by NACWA Software is free at Risk Assessment Methodology for Water (RAM-W TM ) developed by Sandia National Laboratories Checklist-based tools developed by AMSA, National Environmental Training Center for Small Communities, USEPA Developing a Security Strategy Assessing Vulnerability

30 30 1.Assess the threats and conduct a vulnerability assessment 2.Apply the 3 approaches to the development of a balanced plan – Management of the utility – Operations and operational functions – Security design enhancements 3.Build support for the strategy – Consider all potential drivers 4.Evaluate cost vs. risk reduction Developing a Security Strategy

31 31 Developing a Security Strategy A Balanced Approach Management Vision Policies Funding Communications Security Strategy Operations Sustainability Design Implementation Emergency Response Plan The Integration of Management, Operations, and Design Standard Operating Procedures Redundancy Physical Protection Electronic Security

32 32 Developing a Security Strategy A Balanced Plan Apply the balanced approach to each of these areas –Mitigation - the ability to control the events offers a chance to mitigate the effects of a malevolent act –Response - the ability to respond requires proper detection and assessment –Recovery - the ability of the utility system to return to full operation. Mitigation ResponseRecovery

33 33 Developing a Security Strategy Determining Efficient Actions Reduction in Risk

34 34 Security focus complements utilities’ mission – Protect public health and safety – Improve protection of the environment – Increase public confidence – Demonstrate good stewardship Being proactive may – Prevent damage to systems and outage conditions – Mitigate potentially adverse legal reactions Developing a Security Strategy Multiple Benefits

35 35 Developing a Security Strategy The Best Solution There is no single solution - the only wrong approach is to do nothing Consider –Practicality –Financial ability to pay for security improvements, O&M –DBT and consequences –Community restrictions –Political considerations –System redundancy –Sophistication of utility staff

36 36 Management and O&M Considerations to Enhance Security for Water, Wastewater, and Stormwater Utilities

37 37 Effective Security Starts with Management Commitment Management Vision Policies Funding Communications Security Strategy Operations Sustainability The Integration of Management, Operations, and Design Design Implementation

38 38 Management Responsibilities and Best Practices Keep the Governing Board informed Involve all stakeholders Ensure effective communication Initiate interagency coordination Address human resources Address financial resources Plan for emergency procurement Manage sensitive records Update policies and procedures

39 39 Management Responsibilities/Best Practices Keep the Governing Body Informed Governing board has ultimate responsibility to customers and citizens May need to be convinced that the utility is indeed vulnerable Be cautious of revealing security details in public forums

40 40 Management Responsibilities/Best Practices Involve All Stakeholders Build awareness of utility security issues –Why it’s important –Security concepts and issues –Ways in which stakeholders can assist Gain the confidence & support of stakeholders –Customers –Community organizations –Environmental advocates –Regulatory agencies –Elected officials –Public health departments

41 41 Management Responsibilities/Best Practices Ensure Effective Communication Effective communication requires planning and use of appropriate tools and techniques –Communications tools –Practices and procedures –Public outreach preparation and coordination Different objectives for external and internal communication

42 42 Management Responsibilities/Best Practices Initiate Interagency Coordination Coordinate in advance with city or county emergency management agencies and other local and regional major utilities Conduct emergency response exercises with external agencies Set up mutual aid agreements with other utilities and agencies

43 43 Management Responsibilities/Best Practices Address Human Resources Create a culture of safety and security –Protect worker health and safety –Involve employees in security decisions –Provide security orientation and continuous training and cross-training for all employees –Include security as an agenda item at meetings –Ask security officers and employees to participate –Conduct background investigations –Provide photo identification badges –Use employee surveillance techniques –Consider security related to contractors and vendors

44 44 Management Responsibilities/Best Practices Address Financial Resources Develop a Capital Improvement Plan (CIP) that adequately supports security funding requirements Assess competition for funds between CIP programs and new requirements, growth, operational deficiencies, and infrastructure improvements Develop funding programs to support operating requirements Develop funding programs that governing boards and customers can support

45 45 Management Responsibilities/Best Practices Plan for Emergency Procurement Include information about emergency procurement of supplies, equipment, materials, and contract labor in the Emergency Response Plan Identify circumstances under which emergency procurement can be used Consider cooperative purchasing agreements with other utilities or agencies to provide flexibility Ensure the security of your procurement process

46 46 Management Responsibilities/Best Practices Manage Sensitive Records Develop levels of document security from non-sensitive to highly sensitive for management and storage Institute policies for securing sensitive documents –Limit documents to authorized staff only –Use locked metal file cabinets –Use a password-protected secure server –Add a confidentiality clause to sensitive documents –Do not transmit sensitive material electronically –Control bid documents and associated information

47 47 Management Responsibilities/Best Practices Update Policies and Procedures Basic –Track and retrieve keys; maintain locks –Conduct random but frequent perimeter inspections –Annually review and update security plans –Develop security protocols for visitors, vendors, and suppliers –Inventory and keep on hand redundant, spare, and emergency parts –Develop and implement a utility vehicle security and use policy –Develop an operators off-hours protocol for emergency response –Require security components in facility

48 48 Management Responsibilities/Best Practices Update Policies and Procedures Advanced –Limit employee access –Automatically reset alarmed facilities at preset time –Keep citizen crime watch and incident alarm logs –Institute a preventative maintenance program for all security equipment –Develop a distribution system response, isolation, and flushing plan –Practice a sampling protocol that uses off-site laboratories for non-routine samples –Routinely exercise generators and back-up equipment –Ensure emergency supplies are reviewed, rotated, and updated

49 49 Management Responsibilities/Best Practices Summary Management security practices –can increase security very cost effectively –can be applied immediately –used consistently can build a culture of security

50 50 Apply the Optimal Solutions to Improve Security Management Vision Security Strategy Operations Sustainability Design Implementation Emergency Response Plan A Balanced Approach to Security Integrates Management, Operations, and Design Standard Operating Procedures

51 51 Operational Responsibilities/Best Practices Operational Security Solutions Operational solutions are concerned with acts of nature and accidents, as well as security against malevolent events, and are integral to all aspects of utility operations

52 52 Operations Responsibilities and Best Practices General practices Facility-specific practices Cyber system Support operations

53 53 Operational Responsibilities/Best Practices General Operational Practices Implementation of policies –Visitor Control Policy –Key Control Policy –Access Control Policy Alarms and set-points Alarm response protocols

54 54 Vehicle Checkpoints Maintenance Activities –Fences –Clearzone areas –Locks –Doors and windows Spare part inventory Routine testing of equipment Random site inspections for remote locations Operational Responsibilities/Best Practices General Operational Practices

55 55 Operational Responsibilities/Best Practices Facility-specific Practices Water system facilities –Source water –Raw water conveyance –Treatment facilities –Finished water storage and conveyance

56 56 Operational Responsibilities/Best Practices Facility-specific Practices Wastewater/storm- water system facilities –Wastewater treatment plants –Collection systems –Pumping stations

57 57 Operational Responsibilities/Best Practices Cyber System: External Threats Cyber systems that need protection –Telephone –Internet –Wireless Defense strategies –Telephone: restrict modems, turn modems off when not in use, don’t divulge user information over the telephone –Internet: create and test firewall, restrict general access –Wireless: eliminate unauthorized wireless networking, apply highest encryption levels

58 58 Operational Responsibilities/Best Practices Cyber System: Internal Threats Insider Intrusion –Post security policies –Base access level on responsibility level –Create an audit trail for changes –Reset all passwords away from default –Back up information daily

59 59 Operational Responsibilities/Best Practices Support Operations Operational considerations for maintenance shops, warehouses, storage facilities, administrative offices, and garages –Control access –Track equipment –Ensure secure storage of high-value equipment and parts –Prevent theft of vehicles and equipment

60 60 Additional operational considerations for laboratories –Use a chemical receiving receipt log –Create and maintain an inventory of chemicals kept at the laboratory –Remove chemicals from laboratory inventory logs as necessary Operational Responsibilities/Best Practices Support Operations

61 61 Additional operational considerations for laboratories –Secure reagents and gas cylinders, and limit access to authorized personnel –Store highly toxic and hazardous materials in locked cabinets or refrigerators –Limit the staff authorized to purchase chemicals and other supplies Operational Responsibilities/Best Practices Support Operations

62 62 Operational Responsibilities/Best Practices Summary Operational security practices –can provide cost-effective opportunities to enhance security –can be applied to all utility components, from the perimeter to individual operational features –used consistently can build a culture of security

63 63 Break

64 64 Design Considerations and Features to Improve Security at Water & Wastewater Treatment Facilities

65 65 Apply a Balanced Approach to Improve Security Management Vision Security Strategy Operations Sustainability Design Implementation A Balanced Approach to Security Integrates Management, Operations, and Design Redundancy Physical Protection Electronic Security

66 66 Physical Protection Design Basics

67 67 Design Considerations Basis for Security Design Threat identification –Determines which threats are credible and likely Vulnerability assessment (VA) –Characterizes those assets that may be targeted –Evaluates how assets are currently protected and where vulnerabilities exist –Considers the consequences of those vulnerabilities Design basis threat (DBT) –Expert judgment based on the results of the above plus Adversary type Tactics Weapons Routes of attack

68 68 Design Considerations Physical Protection System Concepts Crime Prevention Through Environmental Design (CPTED) Elements of a Physical Protection System (PPS) Protection in depth Basic design elements DBT-specific countermeasures

69 69 Design Considerations CPTED Crime Prevention Through Environmental Design (CPTED) –Reduces the opportunity and the ability to commit a crime undetected –Should be used for all designs regardless of DBT CPTED strategies –Access control –Territorial reinforcement –Surveillance –Appearance and maintenance

70 70 Design Considerations CPTED Strategies Access control –Physical guidance for vehicles and people –Smart placement of entrances, exits, landscaping, lighting, and controlling devices (e.g., guard stations, turnstiles, etc.) Territorial reinforcement –Physical attributes that express ownership and designate a change from public to restricted spaces –Natural markers such as landscaping –Built markers such as signage and fences –Procedural barriers such as a receptionist or guard

71 71 Design Considerations CPTED Strategies Surveillance –Placement of physical features, activities, vehicles, and people in such a way as to maximize visibility by others during their normal activities –Natural or electronic –Formal or informal Appearance –Vigilant site and facility maintenance indicates that the space is being used, regularly attended to, and possibly occupied –Proper grounds maintenance –More closely related to O&M rather than design

72 72 Design Considerations Elements of a PPS Detection –Intrusion sensing –Alarm communication –Alarm assessment –Entry control Delay –Barriers –Distance Response –Communications to response force –Deployment and arrival of response force

73 73 Design Considerations Protection in Depth Provides multiple layers of protective measures Requires an adversary to defeat a system, travel to the next protective layer and then defeat that system –At site boundary (perimeter fencing system) –At building envelope (exterior walls, doors, windows, grilles, and roof system) –At target enclosure (the room in which the targeted asset is housed)

74 74 Design Considerations Protective Layers – Layer 1

75 75 Design Considerations Protective Layers – Layer 2

76 76 Design Considerations Protective Layers – Layer 3

77 77 Design Considerations Protective Layers – Layer 4

78 78 Design Considerations Basic Design Elements Perimeter –Access via no more than two designated and monitored entrances –Entrances defined by different paving materials and signage –All pedestrian entrances adjacent to vehicle entrances –Access controlled with fences, gates, and/or guards –Sufficient lighting at all entrances –Opaque fencing, landscaping, and walls that would not provide hiding places along the perimeter

79 79 Design Considerations Basic Design Elements Site –Illuminated clear zone –Adequate standoff distance to critical facilities

80 80 Design Considerations Basic Design Elements Site –Access to both the front and back of buildings to facilitate patrols –Restricted access to roofs from adjacent buildings, dumpsters, loading docks, poles, and ladders –Walls only where necessary; consider stretched aircraft cable as an alternative for maximum visibility –Good visibility of approach, entry, parking, storage areas –Plantings that prevent easy passage

81 81 Design Considerations Basic Design Elements Buildings and other structures –Well-lit, well-defined, and visible entrances –Stairways without solid walls –Employee entrances next to employee parking –Restrooms entrances visible from work areas –Interior windows and doors that provide visibility into hallways –Reinforced doors and windows with break-resistant glass

82 82 Design Considerations Basic Design Elements Target hardening –Physical protective measures that increase resistance to a threat, e.g., cages, bars, locks, separate rooms –Enhance delay and detection through physical improvements –Above and beyond CPTED and basic design considerations –Based on vulnerability and criticality of facility

83 83 Design Considerations DBT-Specific Countermeasures CPTED Strategies Countermeas ures Against Vandal Threats Countermeas ures Against Criminal Threats Countermeas ures Against Saboteur Threats Countermeas ures Against Terrorist Threats All Designs Designs for Vandal Threats Designs for Criminal Threats Designs for Saboteur Threats Designs for Terrorist Threats Progressive designs

84 84 Design Considerations Vandal Threat Vandal-resistant items –Composite plastics that resist graffiti, shattering, and scratches –Lights with low-profile lenses or recessed lenses –Security cameras and equipment –Switches and controls –Locks –Valves –Cages or other protective fittings

85 85 Design Considerations Vandal Threat Perimeter and site –Fence to provide an appropriate standoff distance –Provide fencing that resists climbing or is 7+ feet high topped with barbed wire, razor tape, or concertina wire –Securely anchor fence posts in concrete footings –Fence over smaller elements –Provide adequate lighting –Landscape to provide an appropriate clear zone

86 86 Design Considerations Vandal Threat Buildings and other structures –Vandal-resistant items Non-removable bolts, hinges, screws Glazed concrete masonry units or glazed ceramic tiles Non-stick, non-mark polyurethane-based paints and coatings Rough-textured bricks, blocks, or rough concrete surfaces Climb-resistant cages around exterior ladders Plastic materials rather than glass (e.g., polycarbonate) Non-flammable materials Tamper-resistant switches Low-profile lights –Pipes, valves, and other appurtenances behind sturdy fencing or panels with tamper-proof fastenings

87 87 Design Considerations Criminal Threat Stealth Burglary Theft Overt Robbery Assault Site –Provide emergency telephones or other communications devices throughout the site –Bury or otherwise conceal conduits and wires carrying electric supply, telecommunications, and alarm signals

88 88 Design Considerations Criminal Threat Building and other structures –Minimal signage –Warning signs to restrict access but without description of asset or reason for warning –Waiting area for visitors –Door locks a minimum of 40 inches from windows –Single-cylinder dead bolt locks with minimum 1-inch throw –Locksets with removable cores to ease replacement –Solid exterior doors with 180-degree door viewers –Two locking devices on all windows

89 89 Design Considerations Criminal Threat Building and other structures –For a DBT including handguns, provide bullet ‑ resistant construction assemblies (walls, windows, doors) in bullet- resistant guard shelters, control rooms, or bill-paying booths –Critical assets and functions located to the interior of facilities, away from lobby areas but within view of other occupied areas –Maximize layers of delay between access points and assets

90 90 Design Considerations Criminal Threat Facility access control system –Perimeter openings and locked interior doors monitored for door-ajar status –One primary entrance door with access control, a visitor intercom, and video surveillance equipment –Secure lobby area capable of “lock-down” –Exterior circulation doors accessible by employees only –Mechanical or electronic access control with increasing levels of security –Digitally recorded CCTV surveillance using two cameras

91 91 Design Considerations Saboteur Threat Perimeter –Locate entry control, perimeter detection, and barriers as far as possible from facilities and assets –Control access to sites by unauthorized vehicles through use of an entry control point for vehicular and pedestrian traffic –Design entry control points to ensure unimpeded access by emergency vehicles –Provide remote meter reading devices or locate meters outside of the perimeter

92 92 Design Considerations Saboteur Threat Effective entry control –Means to associate vehicle with driver, such as validation of the drivers’ identification prior to authorizing access –Mechanism to turn away unauthorized vehicles –Location for inspection of vehicles and their contents –Location to detain unauthorized persons and vehicles –Bullet-resistant guardhouse with toilet facilities –Turnstile for pedestrians that can entrap adversaries –Barriers to prevent a vehicle from penetrating the gate or crashing into the guardhouse –Ram-resistant gate –A telephone or intercom

93 93 Design Considerations Saboteur Threat Vehicle barriers –Design for the vehicle weight, including explosives carried, and the speed at which the vehicle may be traveling –Locate to allow time to activate and fully deploy the barrier before the vehicle reaches the barrier

94 94 Design Considerations Saboteur Threat Passive vehicle barriers –Aircraft cable anchored to concrete that may be integrated into the perimeter fence –Landforms and landscaping elements such as ditches, berms, and heavy vegetation –Boulders, bollards, and concrete “King Tut” blocks

95 95 Design Considerations Saboteur Threat Site –Control vehicle motion with curves, speed bumps, or other traffic-calming devices –Consider placing critical assets below grade –Provide redundant critical utility connections –Secure exposed exterior valves, hydrants, manholes, and other appurtenances –Enclose critical assets with expanded metal mesh enclosures, reinforced concrete walls/block with roof grilles –Locate fuel tanks, natural gas lines, or fueling stations as far from critical assets as possible

96 96 Design Considerations Saboteur Threat Buildings –Forced entry-resistant window and door assemblies and hardware –Critical assets kept within metal enclosures –Intrusion detection with camera verification

97 97 Design Considerations Terrorist Threat Perimeter and site –Vehicle sally port and video surveillance –Assets away from vantage points from where rocket propelled grenades (RPGs) may be fired –Pre-detonation screens far as possible from assets –Sufficient standoff distance –Non-employee parking areas as far from buildings as possible –Dumpsters as far away as practical

98 98 Design Considerations Terrorist Threat Buildings and other structures –Building systems that resist blast and contamination –Blast walls behind entrances and large windows –Isolated areas where delivered IEDs would cause minimal damage –Air intakes as high as possible –Air-tight structure or ensure positive pressure is maintained –Single control to shut down all HVAC systems –Safe rooms with separate HVAC systems –Minimal mixing between HVAC zones

99 99 Electric and Electronic Security Devices

100 100 Electric and Electronic Security Devices Rapidly expanding market Many innovations Wide variety of systems and components available Wide range of manufacturers Before specifying or purchasing –Understand the characteristics and requirements of the area to be protected –Thoroughly research capabilities –Specify exactly how the device should be implemented and how the device fits into the overall security system

101 101 Security Devices Steps in Choosing Devices Determine the type of equipment needed Identify the required equipment features Match needs with available security equipment Section 6.1

102 102 Security Devices Questions to Ask What areas need to be covered by alarms and cameras? What information will be needed about the intruder—detection, classification, or identification? As such, what system size and quantity of devices will be needed? Will an operator or a third party monitor and respond to alarms? Section 6.2

103 103 Security Devices Questions to Ask What are the requirements for radio, telephone modem, or wide bandwidth telemetry? What is the long-term cost of this security, including operations and maintenance? What is the availability of electricity at the facility? How much backup power will be needed? Is the solution long term and sustainable? Section 6.2

104 104 Security Devices Types of Devices Access control systems –Mechanical locks –Card readers –PIN access –Biometrics Interior and exterior intrusion detection CCTV surveillance

105 105 Security Devices Card Reader Systems Limits access to certain areas or times of day Event logging Two-Person Rule Software Anti-Passback Software

106 106 Security Devices PIN Access PIN should be long enough to prevent guessing PIN should not be meaningful (e.g., birth date) Alarm should be activated if multiple incorrect attempts are made in a short period of time

107 107 Security Devices Biometrics Hand and fingerprint readers are most common Fingerprint readers have higher false-rejection rates than hand geometry readers Training on use and limitations is recommended

108 108 Security Devices Interior Intrusion Detection Interior volumetric sensors –Microwave, ultrasonic, passive infrared (PIR), dual-technology (microwave and PIR) Interior boundary penetration sensors –Door switches, glass-break, linear beam sensors Common approach is to combine door contact alarms with interior dual-technology or motion detectors

109 109 Security Devices Exterior Intrusion Detection Freestanding sensors –Microwave, dual-technology Buried-line sensors –Pressure/seismic, magnetic field, buried-ported coaxial cable, buried fiber-optic cable sensor Fence-mounted cabling sensors –Coaxial strain-sensitive cable, fiber-optic strain- sensitive cable

110 110 Security Devices CCTV Surveillance Systems Key characteristics –Camera Resolution –Minimum Illumination –Lenses –Position (Fixed, Pan-Tilt-Zoom) Other elements –Matrix Switchers –Digital Video Recording –Video Motion Detection Systems

111 111 Security Devices CCTV Surveillance Systems Low-light cameras –Color to black/white switching cameras –Infrared illuminators –Thermal imaging cameras Camera assessment –Use cameras for alarm assessment –Use frame-grabber technology to simplify assessment

112 112 Security Devices CCTV Surveillance Systems Compression standards –Digital images and video are compressed to conserve hard disk space and decrease transmission times/increase transmission speed –Typical compression standards JPEG - 10:1 Motion JPEG - 20:1 MPEG :1 MPEG :1

113 113 Security Devices CCTV Surveillance Systems Equipment purchasing recommendations –Consider scalability and compatibility of system –Understand service plan –Consider how images will be viewed/recorded Implementation recommendations –Use ample light and avoid back-light –Select lens and field of view to obtain at least 4.5 pixels per 1-foot square target –Use wide-angle lenses with large depth of field –Use auto-iris lenses

114 114 Security Devices Sample Performance Criteria Power and wiring –Four-hour battery backup, at a minimum, should be provided for security equipment –All exposed security wiring should be installed in conduit –Security panels should be UL listed as meeting standard UL804

115 115 –RP-20-98, Lighting for Parking Facilities, published by the Illumination Engineering Society of North America (IESNA), provides recommended illumination levels for parking facilities Security Devices Sample Performance Criteria Visibility and lighting –Lighting at entry and exit points should be at least 1.5 to 2.0 foot-candles for safety and for adequate observation by employees or CCTV

116 116 CCTV cameras –To detect intruders, the area of interest should occupy a minimum of 10 percent of the field of view, with a maximum field of view of 300 feet in length or less –Exterior cameras should have minimum resolution of 470 horizontal lines and be rated for use at 0.05 foot-candles –All CCTV cameras should be listed in accordance with UL 3044, Surveillance Closed Circuit Television Equipment –The camera should provide adequate onsite digital recording capacity at 30 days of continuous storage at 1 frame per second Security Devices Sample Performance Criteria

117 117 Physical Security Design Standards

118 118 Design Standards Presented in WISE Phase 3 Documents Guidelines for the Physical Security of Wastewater/Stormwater Utilities Guidelines for the Physical Security of Water Utilities Documents released in December 2006

119 119 Phase 3 Standards Built on Previous WISE Documents Phase 1 documents present concepts for effective security systems Phase 3 documents present design aspects of physical security elements

120 120 Application of Phase 3 Standards (Section 1) Elements of physical protection systems (deterrence, detection, delay and response) Source: Adapted from Garcia, Mary Lynn The Design and Evaluation of Physical Protection Systems

121 121 Application of Phase 3 Standards (Section 1) Description and characteristics of Design Basis Threats (DBTs) –Vandals –Criminals –Saboteurs –Insiders – Terrorists not included Effective security approaches are focused on defeating the appropriate DBT

122 122 Understanding DBT’s Objective is Critical to Security Design Intentional contamination of potable water Release of chlorine gas or other toxics Theft or vandalism of critical equipment Physical harm to employees or the public

123 123 Interruption of service caused by –Physical destruction of system components –Illegal dumping of toxic chemicals or flammable substances in the collection system Interruption in service can result in –Increased fire risk –Potential public health impacts –Significant environmental damage –Loss of public confidence in utility or government Understanding DBT’s Objective is Critical to Security Design

124 124 Fatalities Injuries Asset damage Contaminants Tools and implements of destruction Weapons Planning/system knowledge EnhancedBaseEnhancedBaseEnhancedBaseEnhancedBase Motivation Objective InsiderSaboteurCriminalVandalCharacteristic Benchmark Capabilities of DBTs

125 125 A Step-wise Approach to Using the Phase 3 Standards Step 1 – Complete Vulnerability Assessment Step 2 – Characterize DBT Step 3 – Identify Appropriate Security Measures ( the primary focus of the Phase 3 standards ) Step 4 – Consider Consequence Mitigation

126 126 Focus on Physical Security for Specific Facilities (Sections 2-7) Facility mission Philosophy of security approach for specific facility Special considerations for critical assets Benchmark security measures tables listing relevant physical security measures against DBTs

127 127 Perimeter Site (area between perimeter and structures) Facility structures Water quality monitoring Closed circuit television (CCTV) Power and wiring systems SCADA – physical security Benchmark Security Measures Tables Comprise 7 Categories

128 128 Security Measures Tables are the Backbone of the Phase 3 Standards

129 129 Tables Comprise Several Components DBT Category Security Measures Design Guidelines in Appendix A Security Measure Objective Recommended Security Measure

130 130 First Step: Select the Appropriate DBT Base Level Vandals

131 131 Second Step: Identify the Recommended Security Measure Basic perimeter fencing or perimeter walls

132 132 Third Step: Review Details about Recommended Security Measure 1.0, 1.1, 8.1 Applicable Sections in Appendix A, Physical Security Elements

133 133 Relevant Information from Appendix A 1.0 Fencing and Perimeter Walls (1) The primary goals of fencing and perimeter walls are... (2) Secondary goals may include Chain-Link Fencing (1)For terms related to chain-link fencing systems, refer to ASTM F (2)Base-level fence guideline is galvanized steel chain-link fence post with a 6-foot (1.8 ‑ meter [m]) or greater fabric height.... (3)...

134 134 Relevant Information from Appendix A 8.1 Fence Signage (1)Post “No Trespassing” signs at 50-foot (15 m) intervals in multiple languages... (2)Include appropriate federal, state and local laws prohibiting trespassing....

135 135 Fence Examples Meeting Recommended Standards

136 136 Compare to Fence Recommended for Base Level Saboteur Base Level Saboteurs

137 137 Recommended Security Measures for Base Level Saboteur Enhanced climb/cut-resistant fencing or walls Foundation enhancements for fencing to prevent tunneling

138 138 Recommended Security Measures for Base Level Saboteur System Objective VandalsCriminalsSaboteursInsiders Applicable Sections in Security Measure Delay Detection Base Level Enhanced Level Base Level Enhanced Level Base Level Enhanced Level Base Level Enhanced Level Appendix A Physical Security Elements Site (area between perimeter and facilities) Perimeter minimum clear zone distance   3.0 Locate public or visitor parking as far away from the facility as practical, but at least 30 feet (9 meters away)  Second layer of basic fencing   1.0, 1.1 Enhanced second layer of fencing that is climb/cut resistant  1.2 Intrusion detection at second layer of fencing  3.0, 7.0, 9.1, 9.2, 11.0 Second layer of basic fencing Intrusion detection at second layer of fencing

139 139 Fence Examples Meeting Recommended Standards

140 140 Summary All designs should incorporate security features commensurate with the design basis threat Use layers to protect critical assets Focus on detection, delay, and response Incorporate CPTED and basic security concepts followed by specific progressive strategies

141 141 Summary Many elements of good engineering practices are inclusive of specific security design considerations Incorporate specific security design criteria if needed in addition to good engineering design Select proper security equipment based on the goals and environment

142 142 Break

143 143 Design and Implementation of Online Water Quality Monitoring Systems

144 144 Objectives of this Presentation Familiarize workshop participants with the contents of the WISE Online Contaminant Monitoring System (OCMS) guidance document (ASCE 2004) Update this information with related work currently being undertaken at –EPA Water Security Initiative –CH2M HILL work

145 145 EPA’s Water Security Initiative (WSi) Graphic Source: Steve Allgeier, Water Security Division, U.S. EPA Syndromic Surveillance 911 & EMS Syndromic Integrated Contamination Warning System Consumer complaint surveillance Enhanced security monitoring Water quality monitoring Sampling and analysis In EPA’s Water Security Initiative (WSi), Online Water Quality Monitoring is one of multiple detection strategies that makes detection more timely and reliable

146 146 WSi – Concept of Operations Source: USEPA

147 147 Outline of OCMS Guidance Document The OCMS guidance covers the following elements: 1.The Contamination Problem 2.Rationale for Online Monitoring and System Design Basics 3.Using Contaminant Lists and Determining Concentrations to be Detected 4.Selection and Siting of Instruments and Platforms

148 148 Outline of OCMS Guidance Document (con’t) 5.Data Analysis and the Use of Models 6.Communication System Requirements 7.Responses to Contamination Events 8.Interfacing with Existing Surveillance Systems 9.Operations, Maintenance, Upgrades, and Exercise of the System

149 149 Focus of this Presentation Will use the term “Online Water Quality Monitoring System” (OWQMS) instead of OCMS Limited to water distribution systems Topics covered will consist of: –Online WQ monitoring station design –OWQMS network design –Water quality data analysis and event detection –Operational benefits

150 150 Online Water Quality Monitoring Station Design

151 151 Types of Contamination Intentional (e.g. sabotage) Unintentional (e.g. operator error, accidents, natural disasters) Contaminants –chemical (including biotoxins) –biological –radiological

152 152 Consequences of Contamination Public health problems such as death and illness among consumers Economic problems from the use of contaminated water or the unavailability of potable water Loss of public confidence in the ability of the utility to provide safe water

153 153 An Ideal Early Warning System Rapid detection and notification for sufficient response time Alarm or report to set response in action Detection of a wide range of contaminants Identification of contaminant source Affordable Robust/reliable Minimal number of false positives and negatives Remote operation Low level of skill and training requirement Source: T. Brosnan, Early Warning Monitoring To Detect Hazardous Events In Water Supplies, International Life Sciences Institute Workshop Report

154 154 Objectives of a OWQMS Increased and/or earlier likelihood of contamination detection Enhanced distribution system operations and water quality maintenance Enhanced regulatory compliance

155 155 Approach to Monitoring Station Design 1.Select water quality parameters to monitor 2.Select specific monitoring equipment 3.Select communication architecture 4.Design monitoring station Source: Steve Allgeier, Water Security Division, U.S. EPA

156 156 Water Quality Parameters Surrogate parameters are physical or chemical properties that may be affected by potential contamination Chemical Surrogates Microbiological Surrogates Toxin SurrogatesRadiological Surrogates pHAlpha ORP Beta Cl residual Gamma Conductivity Turbidity TOC DO/BOD Nitrate, nitrite Phosphate UV Toxicity indicators

157 157 Water Quality Parameters Surrogates parameters are used because quick, reliable, and contaminant specific online tests do not currently exist for most potential contaminants Many common online instruments measure surrogate parameters with good reliability and accuracy Water utilities are already familiar with the O&M of many of these instruments

158 158 Water Quality Parameter Selection Parameter selection must relate to contaminants of concern –Of the general WQ parameters, TOC and free chlorine observed to be most responsive Distribution system residual disinfectant –Free chlorine is responsive to many contaminants –Combined chlorine is generally non-responsive Distribution system water quality –Baseline quality and variability –Alkalinity, pH, stability (corrosion), bio-stability, etc. Dual-use applications –Disinfectant residual maintenance –Monitoring for system events Source: Steve Allgeier, Water Security Division, U.S. EPA

159 159 Potential Contaminants of Concern and Detection Strategies ClassDescriptionWater Quality Consumer Calls 911 Calls/ EMS Hospital Data 1Petroleum products  2Pesticides (with odor or taste)  3Inorganic compounds  4Metals  5Pesticides (odorless)  6Chemical warfare agents  7Radionuclides  8Bacterial toxins  9Plant toxins  10Pathogens (unique symptoms)  11Pathogens (common symptoms)  12Persistent chlorinated organic compounds  Source: U.S. EPA Water Security Initiative Presentation, June 18, 2007

160 160 Effectiveness of Cl Residual, TOC, and Conductivity in Detecting Contaminants CONDUCTIVITY TOCCHLORINE 4, 7 1, , 10, 11 Source: U.S. EPA Water Sentinel System Architecture, Draft. Version 1.0

161 161 Instrument Selection Compatibility with distribution system water quality –Applicable instrument range –Reactivity with residual disinfectant –Formation of inorganic scale deposits O&M considerations –Technical complexity of equipment –Familiarity of technicians with equipment –Real-world O&M experience versus manufacturer claims –Quality of manufacture technical support Data quality –Completeness: data loss due to instrument downtime –Reasonableness: sensor values within expected range –Accuracy: agreement with reference measurements Source: Steve Allgeier, Water Security Division, U.S. EPA

162 162 Sample Instruments Hach Distribution Monitoring Panel (Turbidity, pH, Cl 2 Residual, Conductivity, Pressure) s::can spectro::lyser (UV Spectral Analysis, Turbidity, TOC, DOC, NO 3, DO, NO 2, Cl 2 Residual, THMs) YSI Drinking Water Sonde (Cl 2 Residual, Conductivity, Turbidity, pH/temperature)

163 163 GE/Sievers Series 900 S::CAN carbo::lyser TM Total Organic Carbon Sample Instruments

164 164 s::can spectrolyzer

165 165 GCWW WSi Monitoring Station TOC analyzer – GE/Sievers 900 Electrical and PLC cabinet Transmitter and local display Sample collection bottles Water supply manifold Chlorine analyzer Turbidity analyzer pH sensor Conductivity sensor ORP sensor Source: Steve Allgeier, Water Security Division, U.S. EPA

166 166 Glendale, AZ, Monitoring Stations

167 167 Online Water Quality Monitoring Station Network Design

168 168 Hydraulic Network Models – a key tool in OWQMS Network Design Optimal instrument placement Pre-event response scenarios and planning Design/upgrade water systems –Alter flow patterns –Methods to isolate and flush contaminants Identify contamination location and prediction of its fate and transport Confirm positive event via model prediction of downstream monitor reading(s)

169 169 Overview of Network Design 1.Validate distribution system model 2.Develop monitoring network design using model, contamination scenarios and optimization tools 3.Perform field verification of candidate monitoring locations 4.Revise monitoring network design 5.Select final monitoring locations Source: Steve Allgeier, Water Security Division, U.S. EPA

170 170 Selection of Candidate Monitoring Locations Numerous potential locations –source water, raw water conveyance, treatment plant, finished water reservoirs, distribution system, service lines Each has advantages and disadvantages Also need to consider critical infrastructure, risk, and local conditions when identifying usable locations

171 171 Finished water reservoirs Distribution system Strategic end user entry points –Allied end users Government buildings, fire stations, schools –High-visibility contamination targets Stadiums, arenas, shopping areas Prestige hotels and restaurants –Vulnerable populations Hospitals, nursing homes, day care centers Selection of Candidate Monitoring Locations

172 172 Site requirements –Easy access to the distribution system water –Available space for installation of instruments and auxiliary equipment –Availability of required utilities Electric power Sewer connection for sample flow disposal Phone or radio communication systems Selection of Candidate Monitoring Locations

173 173 Site requirements –Easy, 24-hour access by authorized personnel –Physical security against unauthorized personnel –Acceptable site hydraulic conditions, such as avoidance of Ts, pipe intersections, etc. Selection of Candidate Monitoring Locations

174 174 Network Model Tools The candidate locations for monitoring stations can then be reduced by using various contamination scenarios and hydraulic network tools such as: –The Threat Ensemble Vulnerability Assessment Sensor Placement Optimization Tool (TEVA-SPOT), an EPANET based model used to determine the best location for sensors in a distribution system. –PipelineNet, a GIS and EPANET based model that ranks locations primarily based on the vulnerability of the customers served.

175 175 TEVA-SPOT Methodology Priority Threat Scenario Selection Scenario Simulation Scenario Outcomes (Conc, Exposure) Scenario 1Scenario 2 … Scenario N Results Database Threat Ensemble Assessment of public health Impacts Source: Steve Allgeier, Water Security Division, U.S. EPA

176 176 TEVA-SPOT Requirements Extended period simulation water quality model –Model must run correctly for a duration sufficient for the contaminant to propagate through the system Sufficient model detail and accuracy Representative model demands Sufficient computing power, which depends on model size and complexity, as well as the number of contamination scenarios Source: Steve Allgeier, Water Security Division, U.S. EPA

177 177 Water Quality Data Analysis and Event Detection

178 178 Essential Objectives of Data Analysis Identify the presence and location of significant contamination in the system Determine time to tap Provide timely information to decision makers

179 179 Desirable Objectives of Data Analysis Assess public health risk Identify the contaminant or its class with sufficient specificity to allow appropriate responses Characterize the contaminant concentration profile (fate and transport through the distribution system) Eliminate false negatives and minimize false positives

180 180 Challenges in Data Analysis Noise and/or drift in monitoring instruments Variations in water characteristics –(e.g., water age, particulate concentrations) Changes in measured parameters due to operational variations –(e.g., amount of disinfectant, closing a valve) Educating decision makers in the interpretation of data These challenges are explainable and benign from a contaminant monitoring perspective

181 181 Event Detection Systems To address these challenges, significant effort is being undertaken to develop event detection systems (EDS) EDS is a set of algorithms to identify anomalous conditions within noisy background water quality data –Identify anomalies due to both contamination events and unexpected “normal” events, such as a sensor malfunction, pipe break, or cross-connections Source: Katie Umberg, Water Security Division, U.S. EPA

182 182 Event Detection Systems Operate in real-time Require no user intervention to monitor water quality data. For each time step, clearly indicate whether the water quality at a monitoring station is normal or abnormal Most have parameters that can be changed, such as alarming threshold or window size Among the EDS that EPA is testing are Canary and H2O Sentinel Source: Katie Umberg, Water Security Division, U.S. EPA

183 183 Benefits of Online Water Quality Monitoring Systems

184 184 Some Operational Benefits Optimizing Plant Performance Evaluating Significance, Effects, and Changes in Water Quality Determining Water Age

185 185 Optimizing Treatment Plant GAC Filter Performance

186 186 Evaluating Significance of Source Water Change (WTP)

187 187 Determining Short-Term Effects of Power Failure on Water Quality

188 188 Evaluating Water Quality Changes Between Two Locations

189 189 Using Spectral Fingerprinting to Determine Water Age

190 190 Key OWQMS References ASCE Interim Voluntary Guidelines for Designing an Online Contaminant Monitoring System EPA Interim Guidance on Planning for Contamination Warning System Deployment EPA WaterSentinel Online Water Quality Monitoring as an Indicator of Drinking Water Contamination (Draft) EPA Overview of Event Detection Systems for WaterSentinel (Draft)

191 191 Resources

192 192 Obtaining a Copy of the WISE Documents WISE Documents are available at ASCE, AWWA, and WEF websites

193 193 For More Information Department of Homeland Security - EPA Water Security - Water Environment Federation - Water Information Sharing & Analysis Center (ISAC) - Water Security Channel - National Association of Clean Water Agencies (NACWA) -

194 194 Questions?

195 195 Thank You for Attending Mike Chritton (720) Gary Jacobson (617) x261 Bill Desing (414) Ken Thompson (720) Yakir Hasit (215) Raja Kadiyala (510)

196 196 Water Infrastructure Security Enhancement (WISE) Workshop Presented by Mike ChrittonKen Thompson Gary Jacobson, PEYakir Hasit, PhD, PE Bill Desing, PERaja Kadiyala, PhD Atlanta, GA Reston, VA Dallas, TX Los Angeles, CA Seattle, WA August 5 August 6 August 12 September 9 September 23


Download ppt "1 Water Infrastructure Security Enhancement (WISE) Workshop Presented by Mike ChrittonKen Thompson Gary Jacobson, PEYakir Hasit, PhD, PE Bill Desing, PERaja."

Similar presentations


Ads by Google