|
|
Vulnerability Assessments
About PDF Files
Vulnerability assessments help water utilities to evaluate their susceptibility to
potential threats and identify corrective actions to reduce or mitigate the risk of serious
consequences from vandalism, insider sabotage, or terrorist attack. As required under the Bioterrorism Act, a drinking water utility serving more than 3,300
persons must
- Conduct a vulnerability assessment, certify to EPA that the assessment has been completed, and
submit a copy of the assessment to EPA.
- Show that the system has updated or completed an emergency
response plan outlining response measures if an incident occurs.
Although it is not a requirement of the Bioterrorism Act, water systems are strongly encouraged
to regularly review and update their vulnerability assessments and emergency response plans.
The Bioterrorism Act sets the following due dates for certifying and submitting vulnerability
assessments and for certifying emergency response plans:
Systems serving population of: |
Certify and submit vulnerability assessment by: |
Certify emergency response plan: |
100,000 or greater |
March 31, 2003 |
Six months following completion* of the vulnerability assessment |
50,000-99,999 |
December 31, 2003 |
3,301-49,999 |
June 30, 2004 |
* EPA interprets "completion" to mean the date on which the
vulnerability assessment and certification were sent to EPA. Community water systems that fail to
comply with their respective vulnerability assessment submission requirements 6 months after the
deadline date may be liable for failing to comply with both the vulnerability assessment
submission requirements and the emergency response plan certification
requirements of the Bioterrorism Act.
Several tools are available to help water utilities to identify the basic elements of
vulnerability assessments and comply with completion, submission, and certification requirements.
The tools below will help systems evaluate their susceptibility to potential threats and identify
corrective actions to prepare for and respond to contamination of the nation's water supply.
Guidance on Completing a Vulnerability Assessment
This table briefly summaries the vulnerability assessment tools available. More detail about each
tool is provided below.
Vulnerability Assessment Tools
-
Vulnerability Self-Assessment Tools (VSAT) - Three VSAT tools developed by the Association of
Metropolitan Sewerage Agencies (AMSA) are available for drinking water, wastewater, and
combination drinking water/wastewater systems. Registered VSAT users should click on "What's New"
to receive online access to Web-based upgrades and improvements to VSAT, including important new
information on threats, countermeasures, and other modifications to the initial release.
- AMSA has released a new software module to help drinking water utilities create, update,
or revise their emergency response plans (ERPs). The strictly drinking water ERP module offers an
enhancement to both the Water and Water/Wastewater versions of the VSAT software. The release of
this new tool will support medium and small water utilities in meeting the ERP update/preparation
deadlines contained in the 2002 Bioterrorism Act.
- Utilities can use the new ERP module referenced as VSAT 3.0 regardless of whether they have
used VSAT to conduct a vulnerability assessment. However, users must have the VSAT software to
download the new ERP module. The VSAT 3.0 Upgrade can be installed on any version of VSATwater or
VSATwater/wastewater (Version 2.0, 2.1 or 2.2). It is not necessary to install the intermediate
versions before installing the VSAT 3.0 Upgrade.
- To learn more about the VSAT effort and AMSA, visit the Association of Metropolitan Sewerage Agencies (AMSA) and click on the security icon.
- Security Vulnerability
Self-Assessment Guide for Small Drinking Water Systems Serving Populations Between 3,300 and
10,000 (PDF 30 pp, 887 K) - Developed by the Association
of State Drinking Water Administrators (ASDWA) and the National Rural Water
Association (NRWA) , this guide was designed to help drinking water systems
serving populations of between 3,300 and 10,000 persons to identify critical components of
vulnerability assessments, complete assessments required under the Bioterrorism Act, and identify
security measures to be implemented.
-
Video: Security
Vulnerability Assessment for Water Systems - EPA's Drinking Water Academy and the National
Environmental Training Association have produced a video for small water systems that shows how to
develop a vulnerability assessment through music and character-based scenarios. The video
highlights the six basic elements common to all vulnerability assessments; and some vulnerability
assessment tools available to small systems.
After viewing the video, the small water system should have a working knowledge of how to prepare
a vulnerability assessment; know enough about a vulnerability assessment to ask informed questions
if needing assistance from EPA Regional Offices, State Drinking Water Primacy Agencies, third
party providers, or other resources that have been established to assist in preparing security
vulnerability assessments; and, gain confidence in their ability to prepare and submit an
assessment.
A version of the video is also available for water systems with populations under 3,300 to aid in
assessment of their vulnerability. The videos are available singly or as a 2-video set from the
National Environmental, Safety, and Health Training Association (NESHTA) at no cost except for
shipping and handling. You can print the order
form (PDF 4 pp, 42 K) and mail
or fax it to the address on the form.
- Security Vulnerability
Self-Assessment Guide for Very Small (<3,300) Systems - Developed by the Association of State Drinking Water
Administrators (ASDWA) and the National Rural Water Association (NRWA) in consultation with EPA.
This document is targeted for drinking water systems serving less than 3,300 people and is
designed to help these systems assess their critical components and identify security measures
that should be implemented. This document is provided electronically in MS Word and PDF formats
and is intended for states and trainers to use, distribute, copy, add specific contact names, and
customize for the locality of each system as appropriate. The document includes an emergency
contact list, a phone threat identification checklist, and states may wish to attach their model
emergency response plans as well. Visit ASDWA's Web site and scroll down to the middle of the
page to view this document.
- The second edition of Risk Assessment Methodology for Water Utilities
(RAM-W) - Revised methodology for conducting vulnerability assessment programs for drinking
water utilities. Developed by Sandia National Laboratories, the methodology contains sensitive
information and is subject to strict nondisclosure requirements. RAM-W is available only to
relevant stakeholders in the water supply community, such as personnel at drinking water
utilities, consulting engineers working for drinking water systems, EPA, state drinking water
program regulatory personnel, and others providing security for drinking water utilities. The American Water Works Association Research Foundation (AwwaRF) provides free copies to its subscribers. Any other relevant
stakeholder may obtain a copy from the AwwaRF (product 20529) for $85 plus shipping and handling.
To order, contact Eric Lovick at 303-734-3441.
- Protecting Your
Community's Assets: A Guide for Small Wastewater Systems - Developed by the National Environmental Training Center for
Small Communities, this guide helps utility managers, operators, and local officials improve
security and plan for emergency situations affecting wastewater treatment systems. Though designed
for use with systems serving fewer than 10,000 people, the guide might also be of benefit to those
who work in larger systems.
- Security and Emergency Management System
(SEMS) Software Program - Developed by the National
Rural Water Association (NRWA) , this software program is based on ASDWA/NRWA's "Security
Vulnerability Self-Assessment Guide for Small Drinking Water Systems Serving Populations Between
3,300 and 10,000." SEMS replaces NRWA's previous Automated Internet Assessment Engine. It uses
the same questions and prompts as the Self-Assessment Guide, but it can also automatically
generate an emergency response plan based on vulnerability assessment answers. For a copy of the
software, contact your state Rural Water Association.
- NEWWA ASSET Vulnerability Assessment
Tool for Small Systems - The New England Water Works
Association (NEWWA) has developed the Automated Security Survey & Evaluation Tool (ASSET) for
small and medium-sized drinking water systems. ASSET is a self-guided software program designed to
help drinking water systems complete a vulnerability assessment, as well as to improve their
security and their responsiveness to a range of threats.
- Control Systems Security Web Site - The Department of Homeland Security, Control Systems Security Program is excited to announce a web site developed as a resource for control systems security personnel. The site provides Control System Security Program activities as well as information on cyber threats, vulnerabilities and mitigations. It also provides a convenient event listing that the CSSP is participating in, and an extensive listing of reference documents and other related web links.
|
|