|
|
Requirements of the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 (Bioterrorism Act)
About PDF Files
The Bioterrorism Act (PDF 105 pp, 105 K) requires community drinking water systems serving populations of more than 3,300 persons to conduct assessments of their vulnerabilities to terrorist attack or other intentional acts and to defend against adversarial actions that might substantially disrupt the ability of a system to provide a safe and reliable supply of drinking water. The requirements of the Act assign EPA and water utilities responsibilities to enhance water sector security and to develop response measures for potential threats to the nation's water supplies and systems, as outlined below.
Requirements for Community Drinking Water Systems
The Bioterrorism Act requires every community water system serving more than 3,300 persons to
- Conduct a vulnerability assessment.
- Certify and submit a copy of the vulnerability assessment to the EPA Administrator.
- Prepare or revise an emergency response plan based on the results of the vulnerability assessment.
- Certify to the EPA Administrator, within 6 months of completing the assessment, that an emergency response plan has been completed or updated.
The following sources provide additional information on complying with the requirements of the Bioterrorism Act:
-
7 Easy Steps to Submitting your Emergency Response Plan (ERP) Certification (PDF 1 p, 23 K) - Describes how to complete a certification, maintain your records, and express mail it in order to ensure compliance with the Bioterrorism Act.
-
Instructions to Assist Community Water Systems in Complying with Bioterrorism Act (PDF 23 pp, 244 K) - Contains information on actions required of community water systems to comply with the Act, deadlines based on system size, instructions for submitting required materials to EPA, and contact information. The Addendum to the Instructions (PDF 6 pp, 126 K) provides important clarifications, corrections, and additions.
- Vulnerability Assessment Certification (PDF 2 pp, 147 K) - Interactive form that can be filled out electronically and printed. Submit this form to EPA to certify completion of a vulnerability assessment.
- Certification of Completion of an Emergency Response Plan (PDF 2 pp, 111 K) - Interactive form that can be filled out electronically and printed. Submit this form to EPA to certify completion of an emergency response plan.
The Vulnerability Assessments page provides further tools and resources for completing these assessments. The Emergency/Incident Planning page provides more information on developing and completing emergency response plans.
The Bioterrorism Act sets the following due dates for certifying and submitting vulnerability assessments and for certifying emergency response plans:
Systems serving population of: |
Certify and submit vulnerability assessment by: |
Certify emergency response plan: |
100,000 or greater |
March 31, 2003 |
Six months following completion* of vulnerability assessment |
50,000-99,999 |
December 31, 2003 |
3,301-49,999 |
June 30, 2004 |
* EPA interprets "completion" to mean the date on which the vulnerability assessment and certification were sent to EPA. Community water systems that fail to comply with their respective vulnerability assessment submission requirements 6 months after the deadline date may be liable for failing to comply with both the vulnerability assessment submission requirements and the emergency response plan certification requirements of the Bioterrorism Act.
Responsibilities of EPA Under the Bioterrorism Act
In terms of water security, the Bioterrorism Act requires EPA to
- Protect the vulnerability assessments submitted by drinking water systems, as well as any information in them, while in EPA's possession.
- Provide information on potential adversarial actions that could threaten the nation's water supply systems, as well as strategies and responses that utilities should consider while conducting their assessments.
- Conduct research studies in areas relevant to water security.
EPA's Information Protection Protocol
Before receiving water utilities' vulnerability assessments, EPA is required to implement a protocol to protect these assessments from unauthorized disclosure. Through coordination with federal law enforcement and intelligence officials, EPA has completed an information protection protocol that outlines measures to be taken to ensure information security. The protocol includes restrictions on persons who are allowed access to the assessments, actions those persons must take to ensure the security of the information, and security provisions regarding storage and handling of these documents. The security measures implemented include the following:
- An EPA Information Security Manager with "Top Secret" clearance will oversee the protection of information, manage protocol implementation, and conduct routine security checks.
- Only persons designated by the Assistant Administrator for Water will have access to the vulnerability assessments and information derived from them (except as specified under sections 1433(a)(6) and (7) of the Safe Drinking Water Act); all designees must have "Secret" clearance.
- Potential designees must undergo security training and receive refresher training annually, and designees must sign an access agreement summarizing their responsibilities and liabilities if information related to the vulnerability assessment is knowingly or recklessly disclosed.
- Access will be withdrawn from a designee upon termination of employment or change in work duties or status, and the designee will be requested to sign a confidentiality agreement before access is terminated.
- All vulnerability assessments will be housed in a secure location at EPA headquarters and locked to restrict access when not in use.
- A secure room will be installed for review and processing of the documents.
- Documents will be covered and labeled as sensitive; a document tracking system will render the documents traceable at all times; and copying, faxing, and loaning of the assessments will be prohibited except as authorized by the Director of the Office of Ground Water and Drinking Water.
Baseline Threat Information for Community Water Systems
EPA has developed a threat information document, "Baseline Threat Information for Vulnerability Assessments of Community Water Systems," as required under the Safe Drinking Water Act and the Bioterrorism Act. The document is available to drinking water systems serving populations of more than 3,300 persons. It outlines threats, methodologies, strategies, and responses for water utilities to consider when conducting vulnerability assessments. Eligible water systems should contact their regional EPA water program office to receive a copy of the document. Community drinking water systems that serve more than 3,300 people are eligible to receive a copy of the document by following the steps outlined in the directions for ordering (PDF 1 p, 16 K) document.
EPA Research Studies
The Bioterrorism Act requires EPA to conduct the following research:
- Studies regarding prevention and detection of, and actions in response to, intentional introduction of contaminants to community water systems and source water
- Research into the methods by which terrorists could affect the supply of drinking water or threaten water system infrastructure and physical security
- Research into ways to provide alternative supplies of safe drinking water in the event of destruction, impairment, or contamination of public water systems.
More information on current research studies is provided on the Security Enhancements, Research and Technology
and Information Sharing pages.
For More Information
A full version of the Protocol to Secure Vulnerability Assessments Submitted by Community Water Systems to EPA (PDF 27 pp, 282 K) is available. Further questions should be directed to the Safe Drinking Water Hotline at 800-426-4791 or submitted by email to hotline-sdwa@epa.gov.
The Public Health Security and Bioterrorism Preparedness and Response Act (PDF 105 pp, 316 K) (see Title IV) is available in its full form.
|
|