Developing a Security Program

Developing a Security Program

Exercise Plan

Develop/Update Plan

Review/Revisit

Plan

Developing a Security Program

• Understanding One Size Does Not Fit All

• The Importance of Being Prepared

• Why Communication is the Key

• Ten Key Security Program Principals

• What Resources Are Available

One Size Does Not Fit All

• Utility security programs should achieve consistent outcomes using utility-specific strategies.

• Implement approaches that are tailored to your utilities’ circumstances and operating conditions.

Source water Treatment Distribution & Storage

Customer

Security Program Scope

• Active and effective security programs should address:

– protection of public health– public safety (including infrastructure) – and public confidence

Significant System Failures

• An active and effective security program should consider:– Loss of pressure for significant parts of the

system.– Long term loss of supply, treatment, or

distribution system.– Adverse impacts to public health or

confidence resulting from a contamination threat or incident.

Key Threats or Methods of Attack

When developing an active and effective security program you should consider:

– Physical targeting of core facilities or independent infrastructure

– Chemical or biological material used to contaminate water supplies

– Cyber attack on technology assets to disrupt services

“All hoaxes must be treated as actual events until proven otherwise”

A Part of Being Prepared

• Commitment to security• Promote security awareness• Up-to-date assessment of vulnerabilities• Dedicate security resources and security

implementation priorities• Define security roles and employee

expectations

Being Prepared Continued

• Intrusion detection and access control for the physical plant, and/or at the source(s)

• Contamination detection

• Information protection and continuity

• Design and construction

• Threat level-based protocols

Communication is the Key

• Emergency response and recovery plans should incorporate security considerations and be tested and reviewed regularly.

• Internal and external communications.

• Partnerships

10 Key Security Principles

1. Security should be part of your utility’s day-to-day thinking.

2. A strong commitment to security is key.3. There are always ways to improve

security.4. Prevention is a key aspect of enhancing

security.5. Movement towards practices that are

inherently safer.

10 Key Security Principles

6. Ongoing management and monitoring, and budget commitment.

7. Security issues should be a factor in building plans and design.

8. Security may not be convenient.

9. Build strong relationships with response partners and the public.

10.You have to put a price on security.

Resources

• Technical Assistance Providers– National Environmental Services Center

• www.nesc.wvu.edu

– National Rural Water Association• www.nrwa.org

– Rural Community Assistance Partnership• www.rcap.org

– Safe Drinking Water Trust – eBulletin• www.watertrust.org

Additional Resources

• American Water Works Association– www.awwa.org

• Association of State Drinking Water Administrators– www.asdwa.org

• National Drinking Water Clearing House– www.ndwc.wvu.edu

• U.S. Environmental Protection Agency– www.epa.gov