Engineering | Architecture | Design-Build | Surveying | Planning | GeoSpatial Solutions November 16, 2015 THE AWWA J100 - WHAT IT IS, WHY IT IS BEING UPDATED, AND WHY IT MATTERS TO YOU NC AWWA-WEA 95 th Annual Conference Raleigh, North Carolina John W. McLaughlin, P.E. MERRICK & COMPANY

Introduction What is the J100? J100 and All Hazards Purpose Seven steps Why is it being updated? The “Why” Some potential updates Timeline Why does it matter to you? Why should it matter to you? Benefits?

All Hazards 1998 NE & Canada Ice Storm 1999 Hurricane Floyd 2011 Alabama Tornadoes

All Hazards San Diego Wildfires 2011 Virginia Earthquake 2010 NE Blizzards 2003 NE Blackout

Purpose of the Standard Purpose Guide analysis of risk and resilience of water and wastewater systems across multiple threats, including man-made, natural disasters, interdependencies and proximity Direct the design and evaluation of options to reduce risk and enhance resilience Support resource allocation decisions to risk-reduction and resilience- enhancement options Ultimately, reduce risk and enhance resilience of water and wastewater utilities

Seven Steps Seven Steps of the J100 Process and Risk Components We will cover each at a high level

Seven Steps 1. Asset Characterization What assets do I have that are critical to my operations? Utility Mission, Facility Screening, and Prioritize the critical assets using the estimated consequences Review, Analyze, Document, Record 2. Threat Characterization What worst reasonable case man-made threat, natural hazard & interdependency scenarios should I consider? Utilizes the most severe but reasonable and credible consequences for a specific hazard But does not combine unlikely coincidences Review, Analyze, Document, Record

Seven Steps 3. Consequence Analysis The immediate, short and long-term effects of a malevolent attack, natural hazard or dependency/proximity hazard They include human and property losses, environmental damages and lifeline interruptions Review, Analyze, Document, Record 4. Vulnerability Analysis Analyzes the ability of each critical asset and its protective systems to withstand each specified threat Review, Analyze, Document, Record

Seven Steps 5. Threat Likelihood Analysis Estimates the likelihood of malevolent event, dependency/location hazard, or natural hazard Malevolent, by one of three methods: Proxy measure, Best estimate, or Conditional probability assignment Review, Analyze, Document, Record 6. Risk/Resilience Analysis Combines the results from the previous five elements into estimates of: Risk = f (C, V, T) and Resilience = f (Service Denial, V, T) Review, Analyze, Document, Record

Seven Steps 7. Risk/Resilience Management Risk Management is the deliberate, cyclical process of: Understanding risk based on a risk analysis, and Deciding upon, implementing, and managing action, e.g., security countermeasures or consequence mitigation features, To achieve an acceptable level of risk at an acceptable cost Resilience Management is the deliberate process of understanding resilience both as: A function of loss of infrastructure components, and The ability of the community to cope with the loss and recover in the shortest practical time Review, Analyze, Document, Record

Why is the J100 Being Updated? (and what are the Updates?) Why is the J100 Being Updated? (and what are they?) Caveat – Nothing is final, only items being considered. Consider expanding upon and better clarifying the various Appendices where guidance on determining threat likelihood is described. Consider new threats being considered for incorporation into the standard, including Wildfires, Ice Storms and Condition Based threats. Consider addition of “Items Under Consideration” for: Climate change Cybersecurity New tendencies in terrorism Interdependencies Unknown contaminants Others?

Why is the J100 Being Updated? (and what are the Updates?) Elimination of the option to use “Conditional” risk. In Conditional risk, the likelihood of a threat occurring, such as a terrorist attack, e.g., is set at 1.0, meaning that you are presuming there will be an attack. Removal of the use of “Bins” for Consequence or Vulnerability value determination. With Bins, there is a range of values to be used versus defining a single, point value. Focus on overall utility and community resilience versus resilience at the threat-asset level. Use net benefits versus gross benefits when considering cost- benefit ratios for decisions on risk reduction measures.

Why Does it Matter to you? (Why should it Matter?) Why does it matter to you, or more to the point, why should it matter to you? J100 is the most current and comprehensive means to manage risk and resilience in the water sector (the water sector includes both water and wastewater systems). J100 analyzes “All Hazards” risk and resilience, i.e. sabotage, terrorists, earthquake, tornados, hurricanes, interdependencies, proximity, etc. with probabilities of occurrence. J100 is the only risk and resilience standard for the water sector.

Why Does it Matter to you? (Why should it Matter?) Do you really understand the greatest risk(s) your utility faces? Are you prepared to manage them properly? J100, used properly, allows comparison of risk values from any infrastructure in any part of the US to any other infrastructure in any other part of the US. J100 is an AWWA and ANSI recognized standard, i.e. it implies a standard of care, or best practice. J100 Has Been Awarded the Support Anti-terrorism by Fostering Effective Technologies Act of 2002 (SAFETY Act) Designation by DHS.

Questions? Question and Answer John W. McLaughlin, P.E. Merrick & Company