Clean Water Advocacy - Newsroom - AMSA in the News
Civil Engineering
Copyright (c) 2002 ProQuest Information and Learning. All rights reserved.
Copyright American Society of Civil Engineers Jun 2002
Saturday, June 1, 2002
Volume 72, Issue 6; ISSN: 0885-7024
Safeguarding water utilities
Jay Landers
Immediately after the September 11 terrorist attacks, many water
and wastewater utilities quickly adopted or expanded security
measures. Now with many systems conducting or planning to conduct
detailed vulnerability assessments, utilities are embarking on a
long-range effort to merge sound engineering with basic security
considerations.
Officials at the District of Columbia Water and Sewer Authority
(WASA) realized well before last September that they needed to
reduce the amount of hazardous chemicals stored on-site at their
Blue Plains advanced wastewater treatment plant. Located just miles
from the nation's capital and the large metropolitan area
surrounding it, the 370 mgd (1.4 million m sup 3 /d) facility-one of
the largest in the country-typically had on hand approximately 400
tons (363 Mg) of liquid chlorine and 150 tons (136 Mg) of sulfur
dioxide.The chemicals, which were stored in 90 ton (82 Mg) railroad
tank cars, are used to disinfect the wastewater before it is
discharged into the Potomac River.
The likely consequence of an accidental release of major amounts of
the highly toxic chemicals was well known: a deadly cloud of gas
quickly spreading beyond the plant itself to its immediate
neighbors, including several federal installations such as the Naval
Research Laboratory and Boiling Air Force Base, nearby residential
communities in the District of Columbia and Maryland, and, moving
across the Potomac, possibly engulfing Ronald Reagan Washington
National Airport and the Virginia communities of Alexandria and
Arlington.
Such a scenario had prompted WASA to begin work during the spring
of 2001 on a $15-million project to switch to the less hazardous
disinfectants sodium hypochlorite and sodium bisulfite, says Michael
Marcotte, WASA's deputy general manager and chief engineer. By
September 11, the conversion was well under way and scheduled for
completion by the end of 2002. Of course, the terrorist attacks of
that day on the World Trade Center and the Pentagon-a mere 5 mi (8
km) from Blue Plains-dictated that WASA review its plans.
After the tragic and previously unthinkable events of September 11
revealed both the enormity of the terrorists' aspirations and their
ability to exploit the vulnerabilities inherent in an open society,
the need to reduce the risks associated with the chemicals at Blue
Plains became all the more apparent and urgent. "On September
twelfth we sat down and asked ourselves if there was a way to do
something much more quickly," Marcotte says. Within a week WASA's
engineers had developed a plan for constructing an interim facility,
and the authority swung into action, issuing a change order to a
contractor working on a different project on-site and directing the
firm to start on the new project. WASA quickly purchased six tanks
between 5,000 and 7,000 gal (19 and 26.5 m sup 3 ) in size and 10
feed. pumps, sometimes having to "pay a premium" for such short
notice, Marcotte notes.
Foundations and retention structures were soon built, and
electrical and plumbing concerns were also addressed. Roughly 90
days after September 11, work on the interim storage facility was
complete, and the last railroad cars were removed on a Sunday
morning in mid-December.
Although water and wastewater treatment systems are generally well
prepared to deal with natural disasters and accidents, many
utilities prior to September 11 had given little consideration to
defending themselves against intentional acts of destruction. Since
then, the design and engineering of water and wastewater facilities
have undergone a reevaluation. "I think everything has changed since
September eleventh and certainly the role of engineers has changed,"
Marcotte says. For example, many scenarios that had been considered
possible only in the event of an accident-such as a chemical spill--
now have to be evaluated as resulting from intentional actions as
well, according to Marcotte. "That raises the ante," he says. "That
raises the complexity."
It also raises the cost of doing business for water and wastewater
utilities. At an April 11 hearing before the U.S. Senate
Appropriations Committee, representatives of the Association of
Metropolitan Water Agencies, which is based in Washington, D.C.,
testified that the nation's 54,000 public drinking water systems and
16,000 wastewater agencies will spend $700 million to conduct
vulnerability assessments and as much as $4 billion for immediate
security needs. Capital improvements related to security could cost
billions of dollars more, they said.
No simple prescription exists for addressing terrorism at water and
wastewater facilities. Depending on a given utility's size,
location, treatment processes, and many other factors, the threats
may vary greatly. However, terrorists targeting water or wastewater
infrastructure would probably employ one or more of three basic
approaches: physical attack, chemical or biological contamination,
and cyber attack.
In an article entitled "Reducing Vulnerability of Water Supply
Systems to Attack," which appeared in the December 1998 issue of the
Journal of Infrastructure Systems, Yacov Y. Haimes, Nicholas C.
Matalas, James H. Lambert, Bronwyn A. Jackson, and James F.R.
Fellows noted that physical attacks typically involve some type of
explosive device intended to destroy or impair one or more
components of a facility, including collection and distribution
systems. Chemical and biological contamination, the authors state,
rely on the introduction of a foreign agent into a water supply
either before or after the treatment process. Cyber threats involve
attacks from hackers on facilities that employ supervisory control
and data acquisition (SCADA) systems or other computer-based
systems, the goal being to commandeer and disrupt a facility's
operations.
The ultimate goal of terrorists extends beyond merely disrupting
the quality or quantity of a community's drinking water or its
ability to dispose of wastewater in an environmentally acceptable
manner. They know that causing the public to lose confidence in the
integrity and safety of its water infrastructure, particularly the
drinking water delivered directly to homes and businesses, would
have enormous ramifications. "You have to remember that one of the
key things that is considered in terrorism is not so much killing a
lot of people; it's to instill that fear and panic," says Sonny
Fong, the emergency preparedness manager and chief of security for
the California Department off ater Resources (DWR). "If the public
lost confidence in its drinking water source, can you imagine the
disruption in daily lives and business functions that would cause?
So that's why the onus is on the water utilities to actively engage
in security."
The consequences of widespread public insecurity regarding a
community's water supply could have a domino effect, notes Douglas
Fitzgerald, a senior vice president for the engineering and
consulting firm HDR, Inc., based in Omaha, Nebraska. If enough
customers stopped using drinking water from their utility and
switched to bottled water, the drop in usage-albeit a small
percentage of the utility's output-could "affect the overall ability
of a plant to operate" because of the corresponding decrease in
revenue, he says.
The possibility of an attack on a water-related utility is no
longer remote. In late January, the Federal Bureau of Investigation
issued a bulletin through its National Infrastructure Protection
Center to utilities warning of apparent attempts by persons linked
to Osama bin Ladin's al Qaeda terrorist network to seek information
via the Internet regarding SCADA systems in particular and water
utilities in general. The bulletin also stated that evidence found
on a computer owned by a person with "indirect ties" to bin Ladin
suggested the person was interested in structural engineering as it
pertained to dams and similar structures, according to published
reports.
Fong acknowledges that the California DwR's computer system has
been "scanned numerous times by overseas entities." The activity
which involves searching electronically for weaknesses in a computer
system that can be exploited, "increased quite significantly
immediately before" September 11 and "continued for quite a while
and still continues but at less frequency" Fong says."So we're
consciously monitoring our electronic systems."
To their credit, many utilities reacted quickly to the events of
September 11, implementing such immediate security measures as
installing and repairing fences, gates, and cameras; hiring security
personnel to guard facilities; and restricting access to utility
property. Utilities "took the intuitive steps" early on, says Jim
Doane, the principal engineer for the Bureau of Water Works in
Portland, Oregon, and a member of the Critical Infrastructure
Protection Advisory Group, which is coordinating the efforts of
water-related utilities, federal agencies, and associations to
develop a comprehensive approach for protecting the nation's
infrastructure against terrorism. Although "prudent," the steps
taken were by themselves not sufficient, Doane says. Recognizing
this fact, many utilities have conducted or are in the process of
conducting detailed vulnerability assessments, often with the
assistance of security experts and consultants. By looking at
vulnerabilities "through the eyes of someone who knows how" to
assess such risks, Doane says, utilities can raise their security
"to a higher plane."
Jeffrey Danneels is one of those security experts. The department
manager of the Security Systems and Technology Center at Sandia
National Laboratory in Albuquerque, New Mexico, Danneels has
experience conducting vulnerability assessments on such federal
facilities of"high consequence" as large dams. For the past two
years, he has worked with others at Sandia, the U.S. Environmental
Protection Agency (EPA), and the American Water Works Association
Research Foundation (AWWARF), based in Denver, to develop a
methodology for assessing the vulnerabilities of water supply and
treatment systems based on existing procedures for determining
security needs at other types of facilities.
Based on observations he made during visits to water utilities to
develop and test the vulnerability assessment tool, Danneels
believes the industry as a whole, despite the initial efforts, has a
long way to go in terms of addressing security needs. After
September 11, "everybody went out and hired guards and put them at
what they thought were critical locations," he says. "What we're
seeing now is almost all of [the guards] are gone. People cannot
sustain that type of a security program or don't have the budgets.
We're almost back to pre-September eleventh status, I would say. I
think there's heightened awareness, and people are concerned and
wanting to do something to improve security, but we have not seen
substantial improvements at this point."
That condition is expected to change as more utilities conduct
detailed vulnerability assessments to determine their true security
needs. To promote the practice, Congress recently provided the EPA
with $89 million to fund vulnerability studies and in general reduce
the likelihood of attacks on the nation's water supply. In March the
EPA announced that it would begin accepting grant applications from
publicly owned drinking water systems that regularly serve more than
100,000 people. The grants, which will not exceed $115,000, are
expected to be available as early as June. Grant recipients will be
required to use the funding to develop a vulnerability assessment or
emergency response and operating plan, to develop security
enhancement plans and designs, or to make advances that combine
these two endeavors. However, the funds may not be used for physical
improvements, according to the EPA.
Because the EPA will not be able to provide direct grants to small
and medium-size water systems, the agency is developing a strategy
these utilities can use to improve their security, says Susan
Dolgin, who is leading outreach efforts as a member of the EPA's
water protection task force. The agency is working with states and
associations to discern the needs of these facilities and the types
of tools and training they will require, Dolgin says.
Water utilities employing the vulnerability assessment methodology
developed by Sandia and the AWWARF and funded by the EPA will have a
comprehensive framework for assessing threats to every element of
their systems, Danneels says. The methodology evaluates a water
system's "whole operation," he says, including policies and
procedures, the types of chemicals stored on-site, and existing
cyber and physical security measures. Particular attention is
devoted to the processes and components that support what the
utility sees as its core mission. After determining potential risks,
the assessment methodology provides various options for addressing
the risks, and the utility then "has to decide which one of those
alternatives is more palatable," Danneels says.
To expand the universe of groups that can help water utilities
employ its methodology, Sandia conducted two "train-- the-trainer"
seminars in April and May involving more than 60 participants from
17 organizations. Companies successfully completing the course will
be licensed to train others on the Sandia-AWWARF vulnerability
assessment methodology. (For a list of the organizations selected by
Sandia to participate in the courses, visit the EPA's site at
[http://www.epa.gov/safewater/ security/sandia_training.pdf].)
For wastewater treatment plants, the Association of Metropolitan
Sewerage Agencies (AMSA), of Washington, D.C., released two
publications in February related to vulnerability assessments: Asset
Based Vulnerability Checklist for Wastewater Utilities and Legal
Issues in a Time of Crisis Checklist. AMSA plans to release a more
sophisticated assessment methodology for wastewater utilities in
June, according to Adam Krantz, its communications director. Its
Vulnerability Self Assessment Software Tool, funded by the EPA, will
provide wastewater officials with a step-by-step evaluation process
that will enable them to classify the threats to their assets and
will suggest steps to be taken to address the threats. The
application will also allow utilities to track their progress on a
continuing basis as they conduct the appropriate remediation
measures.
As part of its Critical Infrastructure Response Initiative (cIRI),
ASCE has formed a process whereby "blue ribbon panels" can conduct
peer-reviewed evaluations of vulnerability assessments as they are
being carried out at an individual facility. In early May plans were
being finalized for a three-member team of experts to review the
work of a consultant conducting a vulnerability assessment in
Oakland, California, at the East Bay Municipal Utility District. The
team will focus on the process and methodology employed during the
assessment, rather than on any recommendations or conclusions made
by the consultant, says Marla Dalton, the director of the CIRI. "The
expected benefit of this-and other-peer reviews is a streamlined,
improved vulnerability assessment methodology and accompanying
guidelines based on best industry practices and best available
technology," she says.
The most important advice Michael Hightower would give to a utility
seeking to conduct a vulnerability assessment would be to use a
performance-based approach rather than one based on compliance. A
distinguished member of the technical staff at Sandia, Hightower
describes a performance-based approach as one that looks at
different threat scenarios and evaluates the system's performance
under those conditions, whereas a compliance-based approach is
essentially a checklist.
The performance-based approach generally provides better results
because it requires users to consider a wider range of possibilities
and is less likely to provide a false sense of security, Hightower
says. A simple checklist approach might cause someone to overlook
basic-even obvious-security considerations and lead the person to
conclude incorrectly that existing security measures are adequate.
For example, although a checklist might ask if a facility has a
fence, "many times those types of checklists don't ask how high the
fence is," he notes. "They don't ask, 'Does the fence have any holes
in it?"' Similarly, a checklist might ask if a facility has cameras
but neglect the more important question of whether the equipment has
been properly located. "If you have cameras in the wrong
locations-where you can't see the right things-even though you have
the cameras and they record, you may not be getting the right type
of security," Hightower says.
At its most basic level, a performance-based assessment involves
determining threats and their consequences, deciding which threats
most need to be mitigated, assessing the importance of each of a
system's facilities, and determining the security needs of the
different facilities. By considering these factors, staff members at
the plant then have a basis for addressing the three main elements
of security: detecting the attack, delaying its effect, and
apprehending the perpetrator.
A performance-based approach also allows a more flexible and
individually tailored response, Hightower says. Because small,
medium, and large utilities have different vulnerabilities and
security needs, it would be a mistake to provide the same level of
security at every utility, he notes. Therefore, the
performance-based approach enables "smaller cities that have smaller
risks to take appropriate action" rather than simply adopt the same
security measures used by "larger cities that have larger risks," he
says. By the same token, the assessment is designed to account for
factors that might cause a smaller utility to have a greater level
of risk than another system of a similar size. For example, a small
water utility that supplies a military installation may have to
address a set of risks not encountered by other small systems.
With recipients of the EPA grants required to complete their
vulnerability assessments within six months of receiving the
funding-and with the imminent launch of AMSA's software tool for
wastewater utilities-the water and wastewater industries are poised
to embark on a process of self-assessment and scrutiny never before
attempted on this scale. Although these assessments will be
conducted by individual agencies seeking to address their own needs,
the findings and subsequent responses by utilities across the
country are expected to have a significant and lasting effect on the
ways the various elements of the nation's water infrastructure are
designed, operated, and maintained.
The Washington Suburban Sanitary Commission (WSSC), of Laurel,
Maryland, was one of the first utilities to try out the Sandia-AWWRF
vulnerability assessment methodology. The agency, which provides
water and wastewater services to 1.6 million residents in two
Maryland counties bordering Washington, D.C., says the experience
was a success. The methodology proved useful because "it was very
appropriately tailored for engineers, being a mathematical,
empirical model type of approach," says Liz Kalinowski, a wssc
spokesperson. The vulnerability assessment, she says, "was done in
the classical engineering method and it provided a very good
framework from which utilities could work to help identify any
blanks that needed to be filled."
While conducting a vulnerability assessment entails a variety of
challenges, in some respects the difficult part begins once the
assessment is complete. At that point a utility, which now has a
detailed list of its vulnerabilities, has to reconcile what it needs
to do with what it is able or can afford to accomplish. Risks must
be prioritized and dealt with accordingly, but this can prove
difficult, according to Eddie Rigdon, the assistant manager for
water system operations at the Metropolitan Water District of
Southern California (MWD). Based in Los Angeles, the MWD is a
consortium of 26 cities and water districts that provide drinking
water to 17 million people. "Once you buy into the fact that you
can't eliminate the threat, then you're stuck with, 'How much do we
invest to reduce it to what is an acceptable level of risk?"' he
says. "That's really the challenge." Rigdon points to the World
Trade Center as an example: "The twin towers were two of the most
secure buildings in the United States.Yet against the extreme
there's no protection. It's just really, really a challenge. And at
the same time we don't want to be under any illusions that by
putting in an alarm system or a camera we're protected. It's a real
balancing act."
The MWD is moving ahead with more than $5 million worth of security
enhancements at its facilities, including additional monitoring of
water quality and the use of testing equipment of a more advanced
type. The agency's approach involves a "combination of enhancing the
level [of monitoring] as well as the sophistication" of the
monitoring technology it uses, Rigdon says. Although advanced
equipment to improve a utility's monitoring capability is now
entering the marketplace, he notes that common monitoring practices
remain useful. "The tried and true are really very good indicators,"
he says, noting that dramatic changes in pH levels, for example,
could signal the presence of intentional contaminants.
When it comes to analyzing the potential for harm caused by the
introduction of chemical or biological contaminants into the
drinking water system, experts are generally in agreement that the
distribution system is the industry's most vulnerable component.
Most drinking water sources, be they rivers, reservoirs, or other
surface water bodies, enjoy some protection simply by virtue of
their size-- large amounts of a contaminant would have to be
introduced to avoid dilution. Furthermore, the contaminants would
still have to pass through the treatment process, which is designed
to remove a wide variety of agents.
Downstream of the treatment plant, however, the distribution system
could prove a more inviting target for an attacker capable of
injecting contaminants into the system itself. Known as backflow,
such an incident would be localized but could cause "considerable
panic," says David Spath, the chief of the division of drinking
water and environmental health within the California Department of
Health Services. Although backflow prevention devices are often
installed on larger facilities, retrofitting buildings with the
devices would be expensive, Spath notes.
As a result, keeping tabs on the distribution system is now more of
a priority for water systems than ever before. For example, the wssc
is "looking at beefing up throughout the entire distribution system
remote sensing capabilities to detect any changes in water chemistry
and things like that," Kalinowski says. However, ensuring the
integrity of water in its distribution system is not new to the
WSSC, she notes. "We have had for some time the ability to monitor
our system" remotely and at any time of the day or night, including
pressure losses, Kalinowski says.
Facilities with aging SCADA systems that are looking to achieve
better detection capabilities may want to consider upgrading their
technology, says Fred Elwell, a senior vice president in the
Orlando, Florida, office of Boston-based CDM. Modern SCADA systems
can detect intrusions or react to a system interruption almost
immediately, while also offering rapid communication with local
police and fire departments, Elwell says.
For the Bureau of ater Works in Portland, Oregon, which along with
a few dozen other metropolitan areas stores its treated drinking
water in open reservoirs, the threat of terrorist activity is
prompting it to proceed more quickly than it had anticipated with
plans for either burying or covering its five reservoirs. Although
the bureau's long-range capital improvement plan called for removing
the reservoirs, "the new vulnerability concerns are escalating the
plans," says Ross Walker, a spokesperson for the agency. In late
April the agency was in the process of seeking approval for the
$65-million project, which probably would be completed over the
course of 10 years.
The five reservoirs range in size from 12 million to 75 million gal
(45,000 to 284,000 m sup 3 ). The reservoirs are longtime fixtures
in Portland-three were completed in 1894, and the other two were
finished in 1911. Because the public tends to view the reservoirs as
"landscape amenities," Walker says, the process will require a
significant amount of public input to ensure it proceeds smoothly.
According to Walker, concerns about water quality as well as
security provide the impetus for the plan. "It doesn't make sense to
have state-of-the-art treatment and have [the treated water] sit
three days in an open reservoir where the ducks and geese can land,"
she says. As for security, Portland's plan is as much about making
its system less of a target as it is about reducing vulnerability
Comparing utilities to airports, Walker notes, "You don't want to be
the only airport without baggage screening. Why would you want to be
the only metropolitan area with open reservoirs?"
Although much of the attention regarding the security of the
nation's water infrastructure has focused on the drinking water
side, wastewater treatment professionals have been quick to
acknowledge and attempt to address their vulnerabilities. For
example, the Metropolitan Sewer District of Greater Cincinnati (MSD)
undertook a rapid conversion operation similar to that conducted at
Blue Plains, successfully switching from chlorine to sodium
hypochlorite for disinfection within a month after September 11.
Currently an interim measure, a permanent installation will house
the new disinfection chemicals within the next 9 to 12 months at a
cost of $5 million to $6 million, says Patrick Karney, the executive
director of the MSD.
Although the agency years ago had studied the possibility of making
the change, it had rejected the idea because of the associated
expense and because the possibility of catastrophic failure of the
system seemed, at the time, remote. Before September 11 Karney had
worried about someone shooting a tank car with a gun, but that
scenario was not too threatening because it would not have caused
catastrophic failure, he says. After September 11, Karney says, the
realm of possibilities expanded to include a "rocket-propelled
grenade coming from the hillside," among other concerns.Within a
month, the chlorine-filled tank cars had been removed from the MSD
facility.
As might be expected, the rapid change has meant the MSD staff
members have had to make some adjustments. The new approach to
disinfection "takes a lot more concentration and oversight," Karney
says, "whereas the other system was tried and true. We knew how it
would perform." Experience is required to learn how the new system
responds to such factors as changes in flow rates and rainstorms.
"You get to where you can anticipate needing to increase flows and
feed rates with one material," Karney explains. "When you go to
another material you have to relearn all that."
At its Blue Plains plant, WASA too has learned about the challenges
of making rapid changes to a treatment system. The interim chemical
storage facility built at the plant can hold about 25,000 gal (95
m sup 3 ) of hypochlorite, but since the utility typically uses
between 10,000 and 15,000 gal/d (38 and 57 m sup 3 /d), there is
little spare capacity, Marcotte points out. Although the interim
installation has worked "flawlessly," Marcotte says, the utility
"came very close to running out" of the hypochlorite solution on a
day when chemical delivery was delayed. "We are having to monitor
very closely the delivery of chemicals to make sure that we don't
run out," he says. "We have little margin of safety. That's probably
our greatest concern." Once complete, the permanent storage facility
will be able to hold up to 160,000 gal (606 m sup 3 ).
In Cincinnati the MSD also turned its attention to its collection
system, analyzing the likelihood that its sewers-particularly some
of its large combined sewers-might be used as conduits in a
terrorist attack. The agency employed a geographic information
system to compare maps of its collection system with maps of the
city. "We didn't find any major buildings or targets of opportunity
in close proximity to any of our larger lines," Karney says. Despite
the reassuring findings, he says he remains concerned about the
possibility of an attack conducted via the system's sewers causing
"fundamental damage" to a treatment facility or a pump station.
"That's an area that still requires some research on our part,"
Karney concedes.
Routine procedures and operations also need to be evaluated to
ensure they do not contribute to a security problem. For example,
redundancy has long been recognized as an important practice for
ensuring properly functioning water and wastewater treatment
systems. Backup equipment and spare parts are usually kept close at
hand to facilitate quick responses and efficient replacement in the
event of a malfunctioning pump, valve, or other key piece of
equipment. This capability remains an essential strategy for a
utility responding to an attack. However, many have begun to rethink
the wisdom of this common practice as it is often carried out today,
viewing it as a weakness rather than a strength.
"One of the things that we have discovered in a lot of plant
operations is that they did account for the backups," says HDR'S
Fitzgerald,"even in the case of something as simple as a motor. But
the spare motor is sitting next to the operating one, so that it
would be easily replaceable. One of our concerns is that if
somebody's smart enough to get there and damage the primary
[component], then they're going to take out the secondary
[component] at the same time." As a result, utilities need to ensure
the security of their backup components, he says. Sandia's Hightower
agrees, suggesting that plants avoid storing all their related spare
parts in the same building.
A utility needs to scrutinize the issue of redundancy as it relates
to its power supply, says John "Jack" Farnan, the general
superintendent of the Metropolitan Water Reclamation District of
Greater Chicago. A vulnerability assessment needs to determine which
facilities require backup generating capacity or an uninterruptible
power supply system, Farnan notes. Furthermore, a utility must
answer the question of what would happen to its treatment processes
if they went without power for various amounts of time, such as 12,
24, or 48 hours, he says.
Ultimately, the design of water and wastewater facilities will no
doubt change to reflect the new awareness of terrorism.Whereas
historically these utilities have been designed with little thought
given to security, Fong says, "security measures or systems will now
be considered during design phases."As a result, engineers will
focus more on designing "certain features that will accommodate the
more updated or the latest technologies for surveillance and for
physical security," he says.
One upshot of this new focus is a desire to take advantage of
facility upgrades to incorporate as many security features as
possible. Security concerns have led WASA to view upgrade projects
"through a little different lens," Marcotte says. He readily
acknowledges that significant design changes are "certainly much
easier to accomplish if you're in the midst of a major rehab," as is
his agency. Large-scale modifications to existing facilities "become
much more challenging if you're dealing with a brand-new system," he
says. In at least this respect, the age of WASA'S facilities may
turn out to be something of a silver lining. "I never thought that
having a system whose average age of components is fifty to sixty
years was a blessing," Marcotte says. "It may be post September
eleventh because we're already working on fixing those [facilities]
and we can look at them. Someone in a brand-new town that's just
built its infrastructure may have a greater challenge because they
have to go and think about how they can retrofit them."
Unfortunately, an awareness of the dangers does not easily
translate into solutions, according to Portland's Doane. To make
this point, Doane contrasts a natural disaster, such as a flood,
with a terrorist act. Engineers have developed ways to quantify
certain naturally occurring events and accurately predict their
effects, with the result that a dam, for example, can be designed
and built to withstand the statistically derived probable maximum
flood. However, designing a structure to survive a bomb blast is a
more difficult proposition, Doane says: "The problem with explosive
devices is that if we design for a minivan, somebody can bring along
a larger van full of explosives. If we design for a larger van,
somebody can bring along a semi. So you've got these problems of
scale. What actually hits you can easily be an order of magnitude
higher than what was expected. And that's assuming that it was
designed for any of these loads at all."
A related problem involves the ability of terrorists to change
targets rapidly. For example, if a facility "secures what is
perceived to be a vulnerable point, it's very easy for that
vulnerability to shift," says Peter Beering, the deputy general
counsel for the Indianapolis Water Company and a participant in the
National Domestic Preparedness Program as a member of the US.
Department of Justice's State and Local Advisory Board. "If one of
my weak points is the general office and I secure the general
office, then maybe somebody moves to an unattended plant," he says.
Similarly, as larger utilities located for the most part in urban
settings increase security at their facilities, terrorists may
decide to target smaller, less secure plants, Beering warns.
These types of concerns are likely to prompt a broad reevaluation
of the way in which treatment facilities are situated. "I think that
what's going to occur is we're going to realign the way we lay
plants out to a certain extent," Fitzgerald says, "so that we put
critical components more in the core, so that they have natural
physical barriers and additional delay times that are going to give
them inherently greater security." Utilities should now also
consider the possibility of decentralizing facilities as a partial
solution to terrorist activity, he argues: "Are you better having
one main plant that, if taken off line or if contaminated," affects
the whole system, or would a utility "be better with smaller,
cellular type operations and the ability to cross connect them?" In
this way, he notes, if one plant did go off line the utility "could
basically pump to the other location and be able to keep up and
running without an interruption of service."
Cost and geographical considerations, of course, may prohibit or
greatly limit the extent to which a utility can decentralize its
operations, Fitzgerald acknowledges. However, the idea may prove
practical in certain situations. For example, if a rural utility not
encumbered by space limitations needs to increase the amount of
water it provides to its customers, it can consider installing a new
filtration system on its existing site or developing a secondary
operation. "That would be the call," Fitzgerald says. By the same
token, utilities that rely on a single water source, such as a
river, should evaluate adding new sources, such as a well field, to
provide backup capabilities in the event of either a natural or a
man-made disaster, he says.
To make water and wastewater engineers more aware of the need to
consider security as part of treatment plant design, ASCE's
Environmental and Water Resources Institute (Ewer) has proposed the
creation of a committee that would disseminate information on the
subject. In particular, the Water Infrastructure Security
Enhancements Standards Committee, if approved, would analyze
existing manuals of practice and standards and, as necessary, issue
design supplements or rework the standards to ensure that they
addressed security concerns, says Conrad Keyes, Jr., an independent
consultant and former president of the EWRI. Keyes would chair the
new standards committee.
The security of water and wastewater facilities, as with any
critical structure, will always depend on a combination of
surveillance, awareness, and caution, typified by cameras, guards,
and site access procedures. However, the role that engineers can and
must play in raising security to a higher level at these critical
components of the nation's infrastructure cannot be overstated.
"The central reality about securing anything is that it is
fundamentally an invisible, engineered solution," Beering says. "The
most important security enhancements are those that are never seen."
Such enhancements include constructing a building half a floor above
grade or erecting a fountain or some type of barrier to make it
"harder to drive a truck bomb through the front door, he says.
The new emphasis on security is expanding the functions of
engineers involved in the water and wastewater industries, says
Allen Rose, a vice president with Black & Veatch's Special Projects
Corporation, of Kansas City, Missouri. "Most of the security
measures" that utilities are considering "will involve some type of
engineering," he says. "In addition to having to collect the water,
then treat the water, and distribute the water, now the engineer
will also be partly responsible for the security of that product,"
Rose says.
Concerns about the security of water and wastewater treatment
facilities in the United States are relatively recent. The threats
are new, and the answers are often elusive. However, in many cases
these solutions will probably result from sound engineering
conducted by the very professionals who have been trusted to provide
safe drinking water and clean wastewater for decades.
---
Although water and wastewater treatment systems are generally well
prepared to deal with natural disasters and accidents, many utilities
prior to September 11 had given little consideration to defending
themselves against intentional acts of destruction.
To their credit, many utilities reacted quickly to the events of
September 11, implementing such immediate security measures as
installing and repairing fences, gates, and cameras; hiring security
personnel to guard facilities; and restricting access to utility
property.
The performance-based approach generally provides better results
because it requires users to consider a wider range of possibilities
and is less likely to provide a false sense of security.
Modern SCADA systems can detect intrusions or react to a system
interruption almost immediately, while also offering rapid
communication with local police and fire departments.
Although much of the attention regarding the security of the nation's
water infrastructure has focused on the drinking water side,
wastewater treatment professionals have been quick to acknowledge and
attempt to address their vulnerabilities.