Establishing A Secure & Resilient Water Sector. Overview. Legislative Drivers



Similar documents
Water Security Issues: The Federal Perspective. J. Alan Roberson, P.E. Director of Security and Regulatory Affairs AWWA Washington, DC

Water Critical Infrastructure and Key Resources Sector-Specific Plan as input to the National Infrastructure Protection Plan Executive Summary

Water Sector Approach to Cybersecurity Risk Management

Table of Contents. Acknowledgments. developed by the Critical Infrastructure Partnership. Acknowledgements...1

PROTECTING CRITICAL CONTROL AND SCADA SYSTEMS WITH A CYBER SECURITY MANAGEMENT SYSTEM

Threat and Hazard Identification and Risk Assessment

How To Protect Water Utilities From Cyber Attack

Active and Effective Emergency Preparedness and Water Security Programs

Water Sector Initiatives on Cyber Security. Water Sector Cyber Security Symposium Dallas, TX August 15, 2013

Lessons Learned from a Basic Vulnerability Assessment and Emergency Response Plan Update Project in Greensboro

This page intentionally left blank.

Subject: Critical Infrastructure Identification, Prioritization, and Protection

Business Continuity & Disaster Recovery

All. Presidential Directive (HSPD) 7, Critical Infrastructure Identification, Prioritization, and Protection, and as they relate to the NRF.

THE WHITE HOUSE. Office of the Press Secretary. For Immediate Release February 12, February 12, 2013

Which cybersecurity standard is most relevant for a water utility?

Ohio Homeland Security Strategic Plan

U.S. Department of Homeland Security Protective Security Advisor (PSA) North Carolina District

Homeland Security Presidential Directive/HSPD-9 Subject: Defense of United States Agriculture and Food January 30, 2004

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

December 17, 2003 Homeland Security Presidential Directive/Hspd-7

TEXAS HOMELAND SECURITY STRATEGIC PLAN : PRIORITY ACTIONS

NIMS ICS 100.HCb. Instructions

7 Homeland. ty Grant Program HOMELAND SECURITY GRANT PROGRAM. Fiscal Year 2008

During the Clinton administration, the

Prepared by Rod Davis, ABCP, MCSA November, 2011

State Homeland Security Strategy (2012)

Resilient and Secure Solutions for the Water/Wastewater Industry

GAO CRITICAL INFRASTRUCTURE PROTECTION. DHS Could Better Manage Security Surveys and Vulnerability Assessments. Report to Congressional Requesters

FEDERAL EMERGENCY MANAGEMENT AGENCY (FEMA) INDEPENDENT STUDY COURSE INTRO TO INCIDENT COMMAND SYSTEM FOR FEDERAL WORKERS (IS-100.

Project Management Plan

Building more resilient and secure solutions for Water/Wastewater Industry

Subject: National Preparedness

Emergency Support Function #11 Agriculture and Natural Resources Strategic Plan

December 18, Dear NIMS Stakeholders:

FINAL DRAFT. State and Urban Area Homeland Security Strategy

Threat and Hazard Identification and Risk Assessment Guide. Comprehensive Preparedness Guide (CPG) 201

Final Draft/Pre-Decisional/Do Not Cite. Forging a Common Understanding for Critical Infrastructure. Shared Narrative

CYBER SECURITY GUIDANCE

BUSINESS CONTINUITY PLANNING

Pike County General Health District. Emergency Response Plan

Overview of Homeland Security Funding 1999 to Present National Incident Management System Mandates and Training Requirements

Program Overview. BOSC Homeland Security Subcommittee Meeting August 25, 2015

Homeland Security Presidential Directive/HSPD-5 1

NEBRASKA STATE HOMELAND SECURITY STRATEGY

Critical Infrastructure Security and Resilience

RESTORATION OF LIFELINES

NIPP Partnering for Critical Infrastructure Security and Resilience

National Emergency Communications Plan

Lesson 1: What Is the National Incident Management System (NIMS)? Summary of Lesson Content

Resilient and Secure Solutions for the Water/Wastewater Industry

Virgin Islands Territorial Emergency Management Agency. Territorial Homeland Security Strategy

FEDERAL PREPAREDNESS CIRCULAR Federal Emergency Management Agency Washington, D.C FPC 67

The Joint Commission s 2012 Emergency Management Standards and HRSA Health Center Emergency Management Program Expectations. NACHC Webex Training

Security and Vulnerability Assessments. Tom OʼConnor, PE H 2 OʼC Engineering

This presentation will introduce you to the concepts and terminology related to disaster recovery planning for businesses.

Healthcare and Public Health Sector-Specific Plan An Annex to the National Infrastructure Protection Plan

Supplemental Tool: NPPD Resources to Support Vulnerability Assessments

State of Ohio Homeland Security STRATEGIC PLAN

UCF Office of Emergency Management Strategic Plan

EMERGENCY SUPPORT FUNCTION (ESF) 14 LONG TERM RECOVERY AND MITIGATION

Performance Indicators for Disaster Recovery

Cornell University EMERGENCY MANAGEMENT PROGRAM

CHAPTER 6 THE ROLE OF THE PRIVATE SECTOR IN EMERGENCY PREPAREDNESS, PLANNING, AND RESPONSE By Evan Wolff and George Koenig

STATE UNIVERSITY OF NEW YORK COLLEGE OF TECHNOLOGY CANTON, NEW YORK COURSE OUTLINE EADM 220 DISASTER MANAGEMENT AND PREPAREDNESS

CAPABILITY 2: Community Recovery

BASIC EMERGENCY MANAGEMENT FOR ELECTED OFFICIALS. M a r y l a n d M a y o r s A s s o c i a t i o n. W i n t e r C o n f e r e n c e A n n a p o l i s

Flooding Emergency Response Exercise

DHS, National Cyber Security Division Overview

DISTRICT OF COLUMBIA HOMELAND SECURITY STRATEGIC PLAN

Georgia Emergency Operations Plan. Emergency Support Function # 5 Annex Emergency Management

July 30, AcuTech Group, Inc. Washington DC Houston Philadelphia San Francisco Dubai Shanghai

STATE HOMELAND SECURITY GRANT PROGRAM

Guide to Physical Security Planning & Response

2015 CEO & Board University Taking Your Business Continuity Plan To The Next Level. Tracy L. Hall, MBCP

National Infrastructure Protection Plan Partnering to enhance protection and resiliency

Western Washington University Basic Plan A part of Western s Comprehensive Emergency Management Plan

Summer Public Health Preparedness Webinar Series Presents: Emergency Management and Public Health Preparedness

Course Title: HSE-101 Introduction to Homeland Security Prerequisites: None Credit Hours: 3 lectures, 3 hours

Cisco Disaster Recovery: Best Practices White Paper

NIMS Study Guide. Lesson One: What Is the National Incident Management System (NIMS)? What is NIMS?

Statement of. before the. Committee on Homeland Security Subcommittee on Oversight and Management Efficiency U.S. House of Representatives

The Commonwealth of Massachusetts State Homeland Security Strategy

ready? are you [ ] An Elected Official s Guide to Emergency Management

Georgia Emergency Operations Plan. Emergency Support Function # 14 Annex Long Term Recovery & Mitigation

CRITICAL INFRASTRUCTURE PROTECTION. DHS Action Needed to Enhance Integration and Coordination of Vulnerability Assessment Efforts

Rhode Island Emergency Management Agency

utilities helping utilities MI WARN Michigan Water/Wastewater Agency Response Network Water and Wastewater Agency Response Network: An Update

How To Write A Book On Risk Management

Cyber Incident Annex. Federal Coordinating Agencies. Coordinating Agencies. ITS-Information Technology Systems

v. 03/03/2015 Page ii

CRS Report for Congress

Supplemental Tool: Executing A Critical Infrastructure Risk Management Approach

Table of Contents ESF

Essential Components of Emergency Management Plans at Community Health Centers Crosswalk of Plan Elements

Water Sector-Specific Plan An Annex to the National Infrastructure Protection Plan

Cyber Incident Annex. Cooperating Agencies: Coordinating Agencies:

Increasing Energy Reliability & Resiliency NGA Policy Institute for Governors' Energy Advisors Denver Colorado, September 11, 2013

Transcription:

Establishing A Secure & Resilient Water Sector December 14-15, 2010 LWQTC Overview Key Drivers Legislation Presidential Directives AWWA & Sector Initiatives Standards & Guidance Mutual Aid & Assistance Emergency Water Supply Contamination Warning Systems Cyber/Process Control Systems Legislative Drivers Bioterrorism Act Patriot Act Homeland Security Act Implementing the Recommendations of the 9/11 Commission Act Chemical Facility Anti- Terrorism Standards (CFATS) 1

Homeland Security Presidential Directives HSPD-5: Management of Domestic Incidents National Incident Management System (NIMS) National Response Framework (NRF) HSPD-7: Critical Infrastructure Identification, Prioritization and Protection (replaces PDD-63) National Infrastructure Protection Plan (NIPP) Sector Specific Plans (SSP) HSPD-8: National Preparedness HSPD-9: Defense of Ag & Food HSPD-10: Biodefense for the 21 st Century HSPD-12: Common Identification Standard HSPD-20: National Continuity Policy The Water Sector Vision A secure and resilient drinking water and wastewater infrastructure that provides clean and safe water as an integral part of daily life. This Vision assures the economic vitality of and public confidence in the nation's drinking water and wastewater through a layered defense of effective preparedness and security practices in the sector. SSP Goals 1. Sustain protection of public health and the environment. 2. Recognize and reduce risks in the water sector. 3. Maintain a resilient infrastructure. 4. Increase communication, outreach, and public confidence. 2

AWWA Standards & Guidance 1. ANSI/AWWA G430-09: Security Practices for Operations and Management 2. ANSI/ASME-ITI/AWWA J100-10 Risk Analysis and Management for Critical Asset Protection (RAMCAP) Standard for Risk and Resilience Management of Water and Wastewater Systems 3. AWWA Gxxx: Emergency Preparedness Practices 4. Selecting Disinfectants in a Security-Conscious Environment ANSI/AWWA G430-09: Security Practices for Operations and Management Purpose: This standard defines the minimum requirements for a protective security program for a water or wastewater utility that will promote the protection of employee safety, public health, public safety, and public confidence. This standard builds on the long-standing practice amongst utilities of utilizing a multiple barrier approach for the protection of public health and safety. ANSI/AWWA G430-09: Security Practices for Operations and Management Requirements: a) Explicit Commitment to Security b) Security Culture c) Defined Security Roles and Employee Expectations d) Up-To-Date Assessment of Risk (Vulnerability) e) Resources Dedicated to Security and Security Implementation Priorities f) Access Control and Intrusion Detection g) Contamination, Detection, Monitoring and Surveillance h) Information Protection and Continuity i) Design and Construction j) Threat Level-Based Protocols k) Emergency Response and Recovery Plans and Business Continuity Plan l) Internal and External Communications m) Partnerships n) Verification 3

# $ %&$! ' (% %&) ) * + + (+,! " -. /!. $,, -,! " -), ) 0 $ What assets do I have that are critical to my operations? / /! " What reasonable worst case threat, natural hazard & supply chain scenarios should I consider? What happens to my assets & operations if attacked by terrorists, natural hazards or supply chain disruption? How much money lost, to me? fatalities? injuries? How much economic loss to the Community? What vulnerabilities would allow a terrorist, natural disaster or supply chain problems to cause these consequences? Given the scenario, what is the likelihood it will result in these consequences? What is the likelihood that a terrorist natural disaster or supply chain disruption will strike my operations? Risk = Consequences x (Vulnerability x Threat) Resilience = Service Outage x (Vulnerability x Threat) What options do I have to reduce risks & increase resilience and continuity? How much will each benefit my organization? How much will it cost? What is benefit/cost ratio of my options? How can I manage the chosen options? GXXX: Emergency Preparedness Practices (draft) Purpose: This standard defines the minimum requirements for emergency preparedness for a water or wastewater utility. Emergency preparedness practices include the development of an emergency response plan (hazard evaluation, hazard mitigation, response planning, and mutual aid agreements), the evaluation of the emergency response plan through exercises, and the revision of the emergency response plan after exercises. Selecting Disinfectants in a Security Conscious Environment Provide guidance to water, wastewater, and reuse utilities Framework to evaluate disinfection alternatives that: Reflects local circumstances Addresses utility s specific disinfection objectives Provides framework to compare options consistently and transparently Accounts for reliability, safety, and other key criteria Reflects the need to incorporate risk communication within process Scaleable across system sizes Integrates risk-based performance measures for security based on CFATS 4

Resiliency Initiatives Mutual Aid & Assistance WARN Resource Typing Emergency Water Supply National Strategic Plan Healthcare Cyber/Process Control Systems The WARN Action Plan (March 2006) WARN Agreement Voluntary No Obligation No cost Liability/Workmans Comp Reimbursement process Element of NIMS All-Hazards www.nationalwarn.org April 2006 (3) 5

May 2007 (6) January 2008 (20) October 2008 (31) 6

October 2010 (47) The WARN Ultimatum Emergency Water Supply SDWA: 42 U.S.C. 300g-2(a)(5) requires States with primacy to adopt and implement an adequate plan for the provision of safe drinking water under emergency circumstances. Bioterrorism Act of 2002: 42 U.S.C. 300i-2(b) requires the utility emergency response plan to include actions, procedures, and identification of equipment which can obviate or significantly lessen the impact of terrorist attacks or other intentional actions on the public health and the safety and supply of drinking water provided to communities and individuals. Reality of vulnerability to earthquakes, ice storms, hurricanes and infrastructure failure that have the potential to compromise the mission of the water utility. 7

Emergency Water Supply (cont.) National Strategic Plan for Emergency Water Supply EPA-NHSRC/AWWA collaboration Provide guidance for utility preparedness Develop recommendations to clarify roles and responsibilities under current or new ESF Emergency Water Supply Planning for Hospitals and Health Care Facilities CDC/AWWA collaboration Address gaps in Joint Commission standards The Options Enhanced connections with neighboring water utilities Bottled water supplied locally or regionally (a common Federal response) Locally produced water Packaging already treated water Mobile treatment units Inject water into the existing distribution system Water packaging Temporary water tap distribution Point of use treatment Cyber Security Vision In 10 years, industrial control systems for critical applications will be designed, installed, and maintained to operate with no loss of critical function during and after a cyber event. Key Strategies Develop and Deploy ICS Security Programs Assess Risk Develop and Implement Protective Measures Partnership and Outreach 8

Additional Resources Questions Kevin M. Morley Security & Preparedness Program Manager AWWA Government Affairs 1300 Eye Street, NW Suite 701W Washington, DC 2005 202-628-8303 or kmorley@awwa.org Advancing Security and Emergency Preparedness in the Water Sector 9

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information