Академический Документы
Профессиональный Документы
Культура Документы
Mark Wetzel P.E., Stantec ISA Water & Wastewater Conference August 2007
Water System Security Background Public Health and Security and Bioterrorism Preparedness and Response Act of 2002 required community water systems to complete vulnerability assessments (VA) Funding was provided for large systems to complete the VA Implementation of security improvements was the responsibility of individual utilities
EPA
DHS
WSCC
AMWA
ASDWA
NRWA
OTHER INVOLVED GROUPS SANDIA LABS ARGONNE LABS CONSULTANTS MILITARY LABS TISP WEF AMSA
WW (WEF) SUBCOMMITTEE
7
35 30 25 20 15 10 5 0
sy st em ur c sy n a ch Tr ea tm en t am ic al s s at er e st em ot he rd at A an d w s
ut io
ist
iri b
So SC AD
Wastewater Needs
16,000 PO wastewater systems in US 500 systems serve 62% of the population No regulatory requirements to assess security / mitigate vulnerability Wastewater / stormwater facilities can provide point of entry to potential targets Failure causes chemical releases, health threats, environmental impacts and economic impacts Potential for large scale explosions
10
11
Phase I - Guidance Documents: Water Supply, Wastewater/Stormwater, Online Contaminant Monitoring Phase II - WISE Training Materials Phase III - Voluntary Physical Security Guidelines - for Water Supply and Wastewater/Stormwater Utilities
12
13
www.awwa.org/science/wise www.asce.org/static/1/wise.cfm
14
Overview of Guidance
15
16
17
18
19
Other Considerations
Issues related to vulnerability / risk assessment Natural disasters Unanticipated failures Emergency preparedness Loss of key staff Mitigation Emergency Response Recovery
20
Management Considerations
Financial planning / CIP program to support security needs Policies and procedures
Background checks on employees and contractors Training Records management Operations policies Information access Emergency procurement Communications
21
Operational Considerations for Enhancing Physical Security Operational changes can provide the most cost effective security enhancements Approaches will depend upon the threat levels (vandals, criminals, saboteurs, terrorists) Deter Detect - Delay Operational approaches should be developed on a layered approach
Perimeter Site Buildings and structures Building systems (internal features)
22
General Operational Practices Visitor control /delivery control Alarm points and response Access control / key control Scheduling of maintenance / general maintenance practices Clear zone areas / site access Fencing Cyber security
23
Operational Policies should be developed for each facility including: Source water Intakes and impoundments Wells and pumping stations Treatment facilities Storage facilities Distribution systems Administration facilities
24
25
An Australian man was today sent to prison for two years after he was found guilty of hacking into the Maroochy Shire, Queensland computerized waste management system and caused millions of litres of raw sewage to spill out into local parks, rivers and even the grounds of a Hyatt Regency hotel. "Marine life died, the creek water turned black and the stench was unbearable for residents," said Janelle Bryant of the Australian Environmental Protection Agency.
26
Cyber Security
Cyber security is the protection of enterprise information systems from inside or outside attack Systems include Financial and enterprise resource programs LIMS Customer Information systems Preventative maintenance / work order system GIS, records, models SCADA and controls Threats Outside hackers Outside attackers Inside attackers
28
Integrations Issues
Network system reliability Exposure to viruses, worms, Trojan horses Increased traffic on system Controlling / managing access Expertise of staff
29
http://www.us-cert.gov/control_systems/
32
SCADA Security
Use intelligent RTUs with manual operation overrides Grid topology to eliminate single points of failure Design intrusion detection tools into system Test system for intrusion and vulnerability
33
34
35
Overview
Guidance addresses: Raw Water Facilities Wells & pumping stations Water Treatment plants Finished Water Storage Facilities Distribution systems Water system support facilities For each facility the guidance includes: Scope Facility mission Philosophy of security approach Benchmark security measures
36
37
38
39
40
Benchmark Security Measures Guideline establishes benchmark measures to deter, detect and/or delay threats Based on each type of facility and DBT Decisions are site and utility specific and benchmarks are considerations not rules Special considerations may be required depending upon public safety, redundancy, public access etc Based on layered approach Appendix A provides design guidelines for specific security elements
41
42
43
44
45
46
Security Equipment
Access control access cards, PIN, biometrics Interior intrusion devices volumetric sensors, penetration sensors Exterior intrusion detection free-standing sensors, buried line sensors, fence mounted sensors Camera systems
48
49
50
51
52
Online Contaminant Monitoring Objective is to reduce risk due to contamination of water / wastewater Early warning system to allow for proper response Technology is still relatively new no knowledge base Design to characterize contamination and location Source intake monitoring Distribution / collection system monitoring
53
54
Contaminants monitored Monitoring locations Data analysis & models Communications Operation and maintenance
55
56
Fully Integrated Security Planning & Design Do what is best for your utility Integrated plan of management, operations and design strategies Simple solutions Solutions with multiple benefits Use a cross functional utility team to develop and implement the solutions Supplement with external resources
57
Acknowledgement
Tables and figures presented in this presentation are from: Interim Voluntary Security Guidance for Water Utilities, ASCE/AWWA/WEF, Dec.9,2004 Guidelines for the Physical Security of Water Utilities Draft American Nation Standard for Trial Use, ASCE/AWWA, Dec. 2006
58
Questions??
59