Bottoms Up

Protecting the U.S. water supply against terrorism

  • By John Gaydos
  • Jan 01, 2009

The U.S. water supply is generally considered among the best and safest in the world. However, many water and security experts agree that it offers an attractive target for terrorists, and that threats could come from either contamination or from disruption of the distribution system.

In his 2005 resignation speech, former Health and Human Services Secretary Tommy Thompson warned that an attack on the nation’s food and water supply would be “easy to do.” One reason is that there are so many targets. The nation’s 50,000 community and 200,000 public and private water systems operate hundreds of treatment centers, thousands of miles of pipeline and countless remote pump stations—which are often many miles away from the nearest law enforcement station.

In 1993, a naturally occurring parasite made its way into the Milwaukee drinking water system, resulting in about 100 deaths and 400,000 gastrointestinal illnesses. If a water-borne protozoan could infect 400,000 people in one city, how many more lives could be lost through the deliberate introduction of a potent chemical or biological agent into the water supply of a major metropolitan area?

What the Experts Say
Many experts say such an event is unlikely, because most reservoirs contain thousands of gallons of water, which would require a large amount of a contaminant to be effective. Standard filtration and disinfection of the water further mitigates any contamination. Yet even a small amount of contaminant released after the final treatment process could cause widespread panic and distrust of the public water system, locally and nationwide.

Treatment facilities are required by law to monitor water on a regular basis for biological and chemical contaminants. However, the facilities are unable to test for all known toxins, and there are no widely available realtime tests for biological pathogens and only limited capabilities for potential chemical contaminants.

However, that may soon change. Using an Environmental Protection Agency grant, the city of Tucson, Ariz., is testing a laser system designed to detect microbes in water within seconds and identify them in minutes. Currently, water samples can take days or weeks to check in a laboratory. The test of the new system is expected to extend into 2010.

Where the water supply may be most vulnerable is in the transmission and delivery stages. Many different state and local agencies and private companies control the nation’s highly distributed design, which allows for needed flexibility when one part of the system fails or requires maintenance. Yet, all of those dams, reservoirs, lakes, treatment and filtration systems, pipes, pumps and valves offer numerous targets for terrorists.

A major disruption of this system could keep water from reaching U.S. cities. The impacts could be severe— restaurants could close; manufacturing processes could be halted; there could be frenzied rushes on retailers selling bottled water; fire departments could be unable to extinguish fires. The economic toll of such an attack would be difficult to calculate.

Recognizing Vulnerabilities
In the months following Sept. 11, 2001, Congress passed the Public Health, Security and Bioterrorism Preparedness Act of 2002. The act required all water utilities serving more than 3,000 customers to assess their vulnerability to terrorist attacks and natural disasters, complete an emergency response plan and submit the information to the EPA, the federal agency for water infrastructure security.

With their assessments completed, many water officials are increasing their security measures. For example, the Birmingham Water Works, Alabama’s largest water utility, has put the safety of its customers at the forefront. After its EPA assessment, the company went to work with ADT Security Services to incorporate network- based video and access control into an integrated system to help protect the district’s water supply.

Founded in 1951, the utility serves more than 600,000 customers and maintains more than 3,900 miles of transmission lines in Jefferson, Shelby, Blount, St. Clair and Walker counties.

More than 300 cameras monitor the exterior and interior of the company’s 18 locations, and about 600 access control cards have been issued for employees, vendors, contractors and consultants.

The video is transmitted via the utility’s wide area network to a security command center that is staffed around the clock. Security personnel can monitor live streaming video from nearby and remote facilities on a video wall, similar to the high-end, large video screens used by NASA.

The cameras monitor Water Work’s main center, intake and pumping stations, filter plants and treatment centers. When a person or object comes into contact with one of the electronic fences surrounding district property, PTZ cameras from opposing angles are activated to send real-time video to the command center. The cameras also send video footage from before and after the event to allow district security personnel to assess the situation and determine what triggered the alarm.

The district also uses video to monitor potential problems with its supervisory control and data acquisition management system that provides reports on the function and performance of critical systems. If the computerized SCADA system reports problems with water levels or pressure, the cameras are automatically activated to provide live video of water processing valves, gauges and other essential components.

Network-based audio is another part of the system. Visitors without an access card can approach each entry gate, where they can push a button activating an intercom and a camera. From the safety of the command center, security personnel are able to see and talk with visitors to either grant or deny them access to the facility.

A Unified Approach
ADT worked closely with Terry Oden, security manager for Birmingham Water Works. He has an extensive background in the security industry, including 25 years with the Secret Service. As he points out, there is no way a project of this type can be completed in a piecemeal fashion. Instead, it was approached in a comprehensive and systematic manner.

Oden also had the full support of senior management and a committed board of directors, who were willing to appropriate up to $15 million to get the job completed. At the time, there were no federal grants or other outside sources of funding for Birmingham’s security upgrade.

Oden said his biggest obstacle is complacency. Every day that passes without incident tends to make people more complacent. One way he works to overcome that tendency is to continually practice and drill employees on the system so they will know how to respond in an emergency.

Public health and safety and the economy would be placed in tremendous jeopardy following any significant disruption in the supply. The entire water treatment and distribution system must be fortified and protected. It will require dedicated efforts from local, state and federal law enforcement, other related agencies and the private sector to be truly effective. It is a system that is too important to allow to fail.

This article originally appeared in the issue of .

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

Most   Popular

New Products

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities