FOR IMMEDIATE RELEASE|
October 3, 2001
Sandia develops program to assess water infrastructure vulnerabilities
ALBUQUERQUE, N.M. Sandia National Laboratories researcher Jeffrey Danneels has some answers about how water distribution systems in this country can remain secure.
SANDIA RESEARCHER JEFFREY DANNEELS is developing a program to train water utilities to assess the vulnerabilities of their systems and develop measures to reduce the risks and mitigate the consequences of terrorist or other criminal attacks.
Download 300dpi JPEG image, danneels.jpg, 720K (Media are welcome to download/publish this image with related news stories.)
Over the past year and a half he has worked with the Environmental Protection Agency (EPA) and the American Water Works Association Research Foundation (AwwaRF) developing a program to train water utilities to assess the vulnerabilities of their systems and develop measures to reduce the risks and mitigate the consequences of terrorist or other criminal attacks.
We started exploring the possibility of working together to enhance the security of Americas water infrastructure supply, treatment, and distribution well before the Sept. 11 attacks on the World Trade Center and the Pentagon, says Danneels, who is leading Sandias efforts to protect US water systems. We are putting a program in place that involves on-site assessments of utilities and training sessions for utility personnel.
The initiative comes at a time of heightened concern about the security of water supplies nationwide. Threats range from vandalism to terrorism to intentional contamination.
The program stems from a performance-based vulnerability assessment methodology initially developed by Sandia to support the national nuclear security mission. It has since been modified to evaluate the vulnerability to terrorist attack of government buildings, air force bases, nuclear power plants, nuclear processing facilities, prisons, and federal dams.
In the late 1990s the vulnerability assessment work on federal dams caught the attention of the AwwaRF and led the organization to Danneels, hoping Sandia, a Department of Energy national laboratory, could provide the same help to water utilities as it did for dams.
In the same time frame, then President Clinton issued Presidential Decision Directive (PDD) 62, Combating Terrorism, and PDD 63, Critical Infrastructure Protection, to create an integrated structure for combating terrorist attacks that involve explosives, chemical or biological agents, or sabotage against infrastructure. In PDD 63, the Critical Infrastructure Assurance Office was created to coordinate critical infrastructure assurance initiatives and create a well-directed national plan.
The EPA, the agency responsible for protecting the water supply, turned to Sandia to conduct a workshop for utilities on how to assess the vulnerabilities of their systems and develop measures to reduce the risks of attacks.
The November 2000 workshop was attended by a national audience made up of members of the AwwaRF, the American Water Works Association (AWWA), the Association of Metropolitan Water Agencies (AMWA), water utilities, Centers for Disease Control, Federal Bureau of Investigation, and others.
Also, as part of the effort, Danneels conducted assessments of two water utilities, going onsite for the analyses.
Now, as a result of the Washington and New York City terrorist attacks, he is designing additional workshops for AwwaRF and AWWA. The workshops are scheduled to begin in November.
EPAs primary concerns center around the water distribution systems that serve the nations 340 cities with 100,000 or more residents. Many are more than 60 years old and were built without particular concern for security.
In looking at different utilities around the country Danneels has found a few with shared common security issues. However, because most systems are quite old, few are configured alike, resulting in different security concerns for each utility.
He offers utilities three steps for assessing the vulnerability of their water infrastructure detect, delay, and respond.
The first, he says, is to determine how well the system detects a problem, which involves surveying all security and monitoring features. For example, how quickly could the system discover an undesired chemical being pumped into the water supply? (Sandia is developing detection devices such as the real-time soil and groundwater chemical sensor that will be able to detect events as they occur. See Sandia develops program to assess water infrastructure vulnerabilities at www.sandia.gov/media/NewsRel/NR2001/watsniff.htm.)
The second is to measure delay capabilities in an effort to determine how well the system can stop undesired events. This involves looking at what barriers exist, such as fences and walls, or how long treated water is stored before it is distributed into the water supply.
The third is to measure response capabilities determining the capacity of private guard forces, and local, state, and federal authorities to respond.
It is important that utilities be able to detect the problem and delay it long enough for the response to arrive and defeat it, Danneels says.
This could mean preventing an undesirable chemical that was released from spreading in the water distribution system before it could be cleaned up. Or it could involve stopping an intruder in a pump station from doing physical harm to critical assets before guards or police can arrive at the scene.
Danneels notes that another important aspect of a vulnerability assessment is to fully characterize the system to develop a complete understanding of the site, including its overall mission and operations. Only once this is understood can the undesired events and possible consequences be determined. Typical undesired events for water supply, treatment, and distribution may include power loss, system control loss, water supply contamination, and distribution loss.
Its only after you figure out the undesired events that you can determine the critical assets to protect, Danneels says.
The cost of security, Danneels says, depends on the level of protection a utility wants and can afford.
A low security level might mean hiring a security guard and installing some detection features around critical assets, and that wont cost a lot, he says. But to stop a fairly organized group from committing a terrorist act could be extremely expensive.
The water infrastructure security program is part of the Water Safety, Security, and Sustainability initiative undertaken by Sandia in the past couple of years. Water has been identified as a national security concern, and teams throughout the laboratory are integrating years of work into the effort.
Jeff Danneels Oct. 10 congressional testimony,
Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy under contract DE-AC04-94AL85000. With main facilities in Albuquerque, N.M., and Livermore, Calif., Sandia has major research and development responsibilities in national security, energy and environmental technologies, and economic competitiveness.
Chris Burroughs, firstname.lastname@example.org, (505) 844-0948
Sandia Technical contact:
Jeffrey Danneels, email@example.com , (505) 284-3897