All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011

Similar documents
The J100 RAMCAP Method

An Update on Security and Emergency Preparedness Standards for Utilities

Business Continuity: How to Keep City Departments in Business after a Disaster

The Water Sector Approach to Cybersecurity

Presented by Joe Burns Kentucky Rural Water Association July 19, 2005

NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium

FEMA Update. Tim Greten Technological Hazards Division Deputy Director. NREP April 2017

Statement for the Record

Energy Assurance Energy Assurance and Interdependency Workshop Fairmont Hotel, Washington D.C. December 2 3, 2013

Emergency Management Response and Recovery. Mark Merritt, President September 2011

DISTRICT OF COLUMBIA WATER AND SEWER AUTHORITY ATTACHMENT A A-1: BACKGROUND AND CONTRACTOR QUALIFICATIONS A-2: SCOPE OF WORK

Resiliency and the Need for Re-Thinking our Water Infrastructure. Andrew Bielanski U.S. Environmental Protection Agency June 25, 2015

PERSPECTIVES ON A J100 VULNERABILITY ASSESSMENT OUTCOMES AND LESSONS LEARNED BY MINNEAPOLIS WATER AUGUST 2016

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Community-Based Water Resiliency

Quadrennial Homeland Security Review (QHSR) Ensuring Resilience to Disasters

Don t Fail to Prepare for Failure Key Issues in Energy Assurance and Cybersecurity and Related NGA Center Activities

Cybersecurity Presidential Policy Directive Frequently Asked Questions. kpmg.com

Chapter 1. Chapter 2. Chapter 3

June 5, 2018 Independence, Ohio

The Office of Infrastructure Protection

Active and Effective Water Security Programs. Be Informed Be Alert Be Ready

NATIONAL CAPITAL REGION HOMELAND SECURITY STRATEGIC PLAN SEPTEMBER 2010 WASHINGTON, DC

Information sharing in the EU policy on NIS & CIIP. Andrea Servida European Commission DG INFSO-A3

National Preparedness System (NPS) Kathleen Fox, Acting Assistant Administrator National Preparedness Directorate, FEMA April 27, 2015

Alternative Fuel Vehicles in State Energy Assurance Planning

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

DHS Supply Chain Activity: Cross-Sector Supply Chain Working Group and Strategy on Global Supply Chain Security

Sustainable Networks: Challenges and Opportunities. Anne Meltzer

Integrated Consortium of Laboratory Networks (ICLN) Brief to the NPDN National Meeting

Executive Order on Coordinating National Resilience to Electromagnetic Pulses

Government-Industry Collaboration: 7 Steps for Resiliency in Critical Infrastructure Protection

Features of an Active and Effective Protective Program for Water and Wastewater Utilities. Be Prepared Be Secure Be Resilient

CYBER SECURITY FOR WATER AND WASTEWATER UTILITIES PRESENTED BY: DAVID A. CHANDA, PE

Security Master Planning to Protect Water Resources Lara Kammereck John Saunders May 1, 2015

Outreach and Partnerships for Promoting and Facilitating Private Sector Emergency Preparedness

Critical Infrastructure Resilience

Emergency Support Function #12 Energy Annex. ESF Coordinator: Support Agencies:

March 21, 2016 MEMORANDUM FOR THE HEADS OF EXECUTIVE DEPARTMENTS AND AGENCIES. Building National Capabilities for Long-Term Drought Resilience

Business Continuity Planning

American Association of Port Authorities. Navigating the Cyber Domain. Homeland Security UNCLASSIFIED

Continuity of Business

STRATEGIC PLAN VERSION 1.0 JANUARY 31, 2015

Overview of the Federal Interagency Operational Plans

Energy Assurance Plans

Presentation on the Community Resilience Program

Presidential Documents

ALBEMARLE COUNTY SERVICE AUTHORITY

Drinking Water Emergency Management Ministry of the Environment 2012 Drinking Water Leadership Summit October 25, 2012

South East Region THIRA

Critical Infrastructure Protection (CIP) as example of a multi-stakeholder approach.

National Policy and Guiding Principles

Infrastructure PA Stephen Lecce

THE WHITE HOUSE. Office of the Press Secretary. EMBARGOED UNTIL DELIVERY OF THE PRESIDENT'S February 12, 2013 STATE OF THE UNION ADDRESS

Roadmap to a Secure & ResIlient Water Sector

Chapter 12 Security. Security Element. The Central Virginia Urban Areas Security Initiative

National Level Exercise 2018 After-Action Findings

The Office of Infrastructure Protection

The Office of Infrastructure Protection

Maintaining Resiliency Within the Defense Industrial Base Through Preparedness Response and Recovery

Transportation Security Planning in British Columbia David Morhart, Deputy Solicitor General

STATE ENERGY RISK ASSESSMENT INITIATIVE ENERGY INFRASTRUCTURE MODELING AND ANALYSIS. National Association of State Energy Of ficials

Summary of Cyber Security Issues in the Electric Power Sector

For providing decision support on climate stressors to infrastructure and assets for federal, state, local, and private clients...

Bradford J. Willke. 19 September 2007

New York City Emergency Management Public/Private Collaboration and Support

April 2009 Unclassified // For Official Use Only

RESILIENT UTILITY COALITION OF SOUTH FLORIDA

EMERGENCY SUPPORT FUNCTION (ESF) 13 PUBLIC SAFETY AND SECURITY

STRATEGIC PLAN. USF Emergency Management

ASEAN COOPERATION ON DISASTER MANAGEMENT. Disaster Management & Humanitarian Assistance Division, ASEAN Secretariat

Bundling Arrows: Making a Business Case for Adopting an Incident Command System (ICS) 2012 The Flynt Group, Inc.; All Rights Reserved. FlyntGroup.

Long-Term Power Outage Response and Recovery Tabletop Exercise

The Age of Heightened Security

Why you should adopt the NIST Cybersecurity Framework

The UNISDR Private Sector Alliance for Disaster Resilient Societies

Integration of Business Continuity, Emergency Preparedness, and Emergency Response

European Responsible Care Forum. Security & Safe Maintenance

ArcGIS Solutions for Community Resilience. Matthew S Deal

ARRA State & Local Energy Assurance Planning & Implementation

November 14, Emergency Management and Hurricane Irma. Florida Human Resources People and Strategy (FLHRPS)

SENATE, No STATE OF NEW JERSEY. 217th LEGISLATURE INTRODUCED DECEMBER 12, 2016

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

Energy Assurance State Examples and Regional Markets Jeffrey R. Pillon, Director of Energy Assurance National Association of State Energy Officials

Private sector s engagement in the implementation of the Sendai Framework

NATIONAL STRATEGY FOR GLOBAL SUPPLY CHAIN SECURITY

Critical Infrastructure Partnership

Critical Information Infrastructure Protection Law

Corporate Security & Emergency Management Summary of Submitted 2015 Budget From Rates

Regional Resilience: Prerequisite for Defense Industry Base Resilience

Principles for a National Space Industry Policy

Security Guideline for the Electricity Sector: Business Processes and Operations Continuity

STRENGTHENING THE CYBERSECURITY OF FEDERAL NETWORKS AND CRITICAL INFRASTRUCTURE

Appendix 3 Disaster Recovery Plan

Developing a Holistic Strategy To Achieve Community Health Resilience

Infrastructure Resilience in Flood Management

Toward All-Hazards Security and Resilience for the Power Grid

Joining Forces: Collaborating with Law Enforcement to Boost Resilience

Earthquake Preparedness

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

Transcription:

All-Hazards Approach to Water Sector Security & Preparedness ANSI-HSSP Arlington, VA November 9, 2011 Copyright 2009 American Water Works Association Copyright 2011 American Water Works Association

Security and Resilience Guns/Gates/Guards vs Response, Recovery, Resilience

Key Points in Time December 7, 1941 Pearl Harbor April 19, 1995 Oklahoma City December 31, 1999 Y2K September 11, 2001 WTC, Pentagon, PA August 29, 2005 Hurricane Katrina

The Water Sector Vision A secure and resilient drinking water and wastewater infrastructure that provides clean and safe water as an integral part of daily life. This Vision assures the economic vitality of and public confidence in the nation's drinking water and wastewater through a layered defense of effective preparedness and security practices in the sector.

Established in 2004 under the HSPD-7 National Infrastructure Protection Plan framework for partnership with CI/KR. The WSCC serves as a policy, strategy and coordinating mechanism that recommends actions to reduce and eliminate significant homeland security vulnerabilities to the water sector through interactions with the Federal Government and other critical infrastructure sectors.

SSP Goals 1. Sustain protection of public health and the environment. 2. Recognize and reduce risks in the water sector. 3. Maintain a resilient infrastructure. 4. Increase communication, outreach, and public confidence.

Standards & Guidance 1. ANSI/AWWA G430-09: Security Practices for Operations and Management 2. ANSI/ASME-ITI/AWWA J100-10 Risk Analysis and Management for Critical Asset Protection (RAMCAP) Standard for Risk and Resilience Management of Water and Wastewater Systems 3. AWWA G440: Emergency Preparedness Practices (pending) 4. M19: Emergency Planning for Water Utilities

ANSI/AWWA G430-09: Security Practices for Operations and Management Purpose: This standard defines the minimum requirements for a protective security program for a water or wastewater utility that will promote the protection of employee safety, public health, public safety, and public confidence. This standard builds on the long-standing practice amongst utilities of utilizing a multiple barrier approach for the protection of public health and safety.

ANSI/AWWA G430-09: Security Practices for Operations and Management Requirements: a) Explicit Commitment to Security b) Security Culture c) Defined Security Roles and Employee Expectations d) Up-To-Date Assessment of Risk (Vulnerability) e) Resources Dedicated to Security and Security Implementation Priorities f) Access Control and Intrusion Detection g) Contamination, Detection, Monitoring and Surveillance h) Information Protection and Continuity i) Design and Construction j) Threat Level-Based Protocols k) Emergency Response and Recovery Plans and Business Continuity Plan l) Internal and External Communications m) Partnerships n) Verification

ANSI/AWWA G430-09: Security Practices for Operations and Management Requirements: a) Explicit Commitment to Security b) Security Culture c) Defined Security Roles and Employee Expectations d) Up-To-Date Assessment of Risk (Vulnerability) e) Resources Dedicated to Security and Security Implementation Priorities f) Access Control and Intrusion Detection g) Contamination, Detection, Monitoring and Surveillance h) Information Protection and Continuity i) Design and Construction j) Threat Level-Based Protocols k) Emergency Response and Recovery Plans and Business Continuity Plan l) Internal and External Communications m) Partnerships n) Verification

Where is Management?

Hopefully this is not the answer

ANSI/AWWA G430-09: Security Practices for Operations and Management Requirements: a) Explicit Commitment to Security b) Security Culture c) Defined Security Roles and Employee Expectations d) Up-To-Date Assessment of Risk (Vulnerability) e) Resources Dedicated to Security and Security Implementation Priorities f) Access Control and Intrusion Detection g) Contamination, Detection, Monitoring and Surveillance h) Information Protection and Continuity i) Design and Construction j) Threat Level-Based Protocols k) Emergency Response and Recovery Plans and Business Continuity Plan l) Internal and External Communications m) Partnerships n) Verification

The J100 RAMCAP Process What assets do I have that are critical to my operations? 1) Asset Characterization 2) Threat Characterization 3) Consequence Analysis 4) Vulnerability Analysis 5) Threat Likelihood Analysis 6) Risk / Resilience Likelihood 7) Risk / Resilience Management What reasonable worst case threat, natural hazard & supply chain scenarios should I consider? What happens to my assets & operations if attacked by terrorists, natural hazards or supply chain disruption? How much money lost, to me? fatalities? injuries? How much economic loss to the regional community? What vulnerabilities would allow a terrorist, natural disaster or supply chain problems to cause these consequences? Given the scenario, what is the likelihood it will result in these consequences? What is the likelihood that a terrorist natural disaster or supply chain disruption will strike my operations? Risk = Consequences x (Vulnerability x Threat Likelihood) Resilience = Service Outage x (Vulnerability x Threat Likelihood) What options do I have to reduce risks, increase resilience and value? How much will each benefit my organization? My region? How much will it cost? What is benefit/cost ratio of my options? How can I manage the chosen options?

ANSI/AWWA G430-09: Security Practices for Operations and Management Requirements: a) Explicit Commitment to Security b) Security Culture c) Defined Security Roles and Employee Expectations d) Up-To-Date Assessment of Risk (Vulnerability) e) Resources Dedicated to Security and Security Implementation Priorities f) Access Control and Intrusion Detection g) Contamination, Detection, Monitoring and Surveillance h) Information Protection and Continuity i) Design and Construction j) Threat Level-Based Protocols k) Emergency Response and Recovery Plans and Business Continuity Plan l) Internal and External Communications m) Partnerships n) Verification

AWWA G440: Emergency Preparedness Practices (ANSI designation pending) Purpose: This standard defines the minimum requirements for emergency preparedness for a water or wastewater utility. Emergency preparedness practices include the development of an emergency response plan (hazard evaluation, hazard mitigation, response planning, and mutual aid agreements), the evaluation of the emergency response plan through exercises, and the revision of the emergency response plan after exercises.

ANSI/AWWA G440-11: Emergency Preparedness Practices Requirements: 4.1 Explicit Commitment to Emergency Preparedness 4.2 Preparedness Culture 4.3 Defined Preparedness Roles and Employee Expectations 4.3 Risk Assessment 4.4 Preparedness Plans 4.5 Internal and External Communications 4.6 Training 4.7 Partnerships 5.0 Verification

M19: Emergency Planning for Water Utilities Core Elements: Hazard Summary Vulnerability Assessment Mitigation Actions Preparedness Planning Emergency Response, Recovery & Training Complements G430, J100, G440

Emergency Water Supply Planning for an Emergency Drinking Water Supply EPA-NHSRC/AWWA collaboration Provide guidance for utility preparedness Clarify roles and responsibilities Emergency Water Supply Planning for Hospitals and Health Care Facilities CDC/AWWA collaboration Address gaps in Joint Commission standards

Additional Resources

Questions Kevin M. Morley Security & Preparedness Program Manager AWWA Government Affairs 1300 Eye Street, NW Suite 701W Washington, DC 2005 202-628-8303 or kmorley@awwa.org Advancing Security and Emergency Preparedness in the Water Sector

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback