Step back to high school science class and you might remember the statistic that roughly two-thirds of a human body is made up of water. That fact in itself is a central reason that the security of America's drinking water is not to be taken for granted. Water systems, like any other company or essential infrastructure, must take into account a myriad of potential threats. Today's threats do not simply stem from terrorism, though that has been a chief concern in these years after September 11th. A quick scan of headlines and new stories, like the reports below, illustrates the concern that water utilities must place on the security of their systems:
"A former water department employee has been charged with poisoning a pair of city wells and alarming thousands of home owners. The perpetrator was accused of spiking two wells with PCE and TCE in June 2001. During a 6 day crisis, thousands of homeowners with private wells were told not drink or bathe in their water while the Ohio EPA tested hundreds of wells and searched the water table and streams for the source of contamination." Source: Michigan Section of the American Water Works Association, www.mi-water.org
"Vandals broke into a fenced compound containing a 3-million gallon drinking water reservoir about 7 weeks ago, causing the system to be taken offline until officials could confirm that no damage was done and the water was not contaminated. The vandals left behind a pair of rubber gloves, an empty plastic bag, and a pair of shorts, and also changed the padlock on the gate." Source: North County Times, California, 10/11/02
"Italian police arrested 4 Morrocans in possession of large quantities of cyanide and maps of Rome highlighting the locations of the U.S. Embassy. Police are investigating whether the men were plotting an attack on the embassy or on Rome's water supply. The men arrested had 10 pounds of cyanide, maps pinpointing the embassy and other locations, maps of Rome's water network, and a stack of counterfeit immigration papers." Source: ABCnews.com, 2/20/02"
"Residents [of Columbus, Miss.] were urged Tuesday [Jan. 21, 2003] to drink bottled water while authorities investigated a phone call that the water supply had been poisoned. The incident turned out to be a hoax." Source: The Clarion-Ledger, 1/22/03
"Bottled water was a prime commodity as Baldwin [Kansas] continued under a state boil advisory while the city's water system was returning to normal. The town of about 3,600 people has two 750,000 gallon water tanks that almost went dry earlier in the week because of a valve problem in the water line that brings treated water to Baldwin from Lawrence." Source: Lawrence Journal-World, January 2006
As these incidents indicate, there are significant challenges faced when it comes to safeguarding our nation's water supply. Those challenges include:
- Obtaining accurate, credible and timely threat information;
- Identifying vulnerabilities that can be exploited by an array of adversaries, including terrorists using an appropriate risk management framework;
- Funding security improvements identified in vulnerability assessments;
- Preparing for and responding to emergencies;
- Safeguarding security sensitive information in light of federal FOIA and local/state sunshine laws;
- Understanding interdependencies with other sectors; and
- Incorporating security into facilities where security was never a primary concern.
This is the first of a series of articles that is designed to improve America's ability to protect our drinking water. Contrary to popular belief, the federal government does not have primary responsibility for implementing security enhancements at privately owned critical infrastructure such as water. In the absence of federal regulation of water security expectations, the Environmental Protection Agency (EPA), as the lead federal agency for the water sector, has taken some actions to try to facilitate private sector security improvements by (1) providing financial assistance, (2) providing information and guidance, (3) providing training and exercises, (4) developing infrastructure protection initiatives, (5) setting security requirements for some facilities and related deadlines for taking required measures, and (6) reviewing actions taken at those facilities.