Water is a fundamental element of human life, but security measures for water treatment facilities have stagnated and struggle to meet today’s challenges. A new standard published by ASCE offers a pathway for engineers to ensure that water resources are shielded from modern threats.
Guidelines for the Physical Security of Water and Wastewater/Stormwater Utilities, ASCE/EWRI 78-24, redefines guidelines for protecting water treatment facilities. With its forward-looking perspective, the standard enables engineers to consider current and future threats to the safety of our water supply.
The development of this standard was led by David Wallace, A.M.ASCE, chair of the Environmental and Water Resource Institute’s Water Infrastructure Security Enhancements Stand Committee, and Kris Schartau, A.M.ASCE, the committee’s secretary, both of whom spoke with Civil Engineering Source about the process of its creation.
Civil Engineering Source: In what ways does ASCE/EWRI 78-24 differ from its predecessor, ANSI/ASCE/EWRI 56-10, 57-10?
David Wallace: It’s a complete abandonment of the prior standard guideline model. What we've come up with is truly a disruptive methodology to help us protect critical infrastructure in a more direct way. It is written specifically for water and wastewater facilities, but it could be applied to other critical infrastructure as well.
Within a year of 9/11, President Bush stood up the Department of Homeland Security and established what now totals 16 critical infrastructure sectors necessary to support the American society. Once they were defined, the question was asked: How do we get in front of similar attacks? How do we make sure that our critical infrastructure is protected? What methodology can we use? And there wasn’t much of an off-the-shelf methodology equipped to answer.
At the time, the primary methodology we knew of to help protect infrastructure against attacks was called design basis threat, otherwise known as DBT. It was created in the 1970s to defend the atomic and nuclear industry against malevolent attacks based on a handful of known superpowers during the Cold War era.
This approach is based on frequentist probability theory and is dependent on historical data. The argument is this: If a particular event has happened in the past, then you should prepare for those same events to happen in the future. If nothing's happened in the past, then you really don't have to prepare for them in the future. But according to the DHS Lexicon, it is generally not possible to estimate new or rarely occurring events, such as the probability of a catastrophic terrorist attack. This is because of their low frequency of occurrence.
Until around 2010, nobody really batted an eye at this methodology. By 2020, the bigger city utilities who had more resources for research began to realize this is not a viable solution as the lack of security improvements was leaving them highly vulnerable.
About five years ago, we began working on other solutions. We were doing predictive analysis and creating software models. We had a couple of models that we could make work in a controlled environment with high levels of accuracy, but we could not make it work in the wild.
Finally, we came across an article written by a security professional at Sandia National Laboratories that was very intriguing in security approach. Although their team did not have a working written model, they understood the principles and utilized what they knew. We purposed to build on their work, refine it, and establish something that would be accurate and repeatable on a large scale for critical infrastructure.
After spending close to a year on the math, we reached a point where our math skills were giving out, so we hired an actuarial mathematician, Lloyd Foster, who had been a math professor at Columbia University to help us complete the model.
Instead of providing a historical checkbox for physical security, the Foster-Wallace model now focuses on what we can do to prepare, under the assumption that someday, an adversary will want to attack and fully disrupt our water supply. It is a scaled model that gives water utility owners and operators a way to mathematically determine if they’ve done all they can to secure a facility at a known vulnerability level they're willing to accept.
Source: What emerging threats do you think pose the greatest risk to water and wastewater/stormwater facilities? What measures does ASCE/EWRI 78-24 include to help civil engineers prepare for these new threats?
Wallace: The complete disruption of our water supply from known enemies is No. 1. That could happen in a number of ways through cyber disruption or physical security, so there is a mad dash right now to update cyber systems and physical security because they are in pretty bad shape.
No. 2 would be disruption by nefarious actors against our critical infrastructure. There are different threat groups including terrorist organizations, insider threats, and active shooters that want to affect our society on a massive scale. They focus on religious, political, or personal motives to inflict fear and seed distrust in a large population.
Here on the Front Range in Colorado, we've had water supplies diverted, we've had finished water storage affected, we've had threats against entire reservoirs of raw water to completely disrupt the water supply for hundreds of thousands of people. These get swept under the rug, but complete physical disruption could take months if not years to recover from.
No. 3, ongoing threats like vandalism and theft are the basic things we always have, but the ante has been raised and it's not the same as it was.
Source: Were there any specific events that inspired these updates?
Wallace: We were performing physical security vulnerability assessments based on the American Water Works Association J100 guidelines, which are completely based on DBT and frequentist probability theory.
We would go in and check these boxes all the while knowing this is not serving the water constituents or the water sector appropriately. All it was doing was telling them that they didn’t really need much, if any, improvement to their security. This is what really inspired the process to figure out how we can do this better.
The J100 standard is still in existence. It is the primary tool that has been used up until this year by the Environmental Protection Agency. Many more people are now seeking this new methodology as an alternative.
Source: What did the process of creating these new standards look like? How did your team come together to determine which specific guidelines and procedures needed to be changed?
Wallace: There was already a committee working on the guidelines that existed before we came along. We were toward the tail end of completing what this new methodology looks like when I joined the committee. When the new methodology was presented to them, they said they had never seen anything like it before, but it was probably the best solution that had been present thus far. These dozen engineers then asked if I would be willing to chair the committee and the process of creating the new standard security guidelines.
It took about another two years to get it to publication. It was a long, drawn-out process of completely rewriting a document of around 100 pages and putting that document out for peer review. It went out to about 300,000 engineers in ASCE who had the ability to review it and provide input.
As an example, we had somebody come back and challenge one portion of the math. It was a very small, decimal point kind of thing. When we reviewed it, we found they were correct, and we made the change. While it didn't have a substantial impact on the methodology, it was good to see brilliant engineers participate in heavy math calculations for a vetted final product.
Source: In what ways do you think the updated guidelines will change how civil engineers approach the design and construction of the physical components of water and wastewater/stormwater facilities?
Wallace: This change is critical, but it’s up to consultants to be aware and advise on new water build- outs with architectural design and construction firms.
It comes down to making large national security firms or consulting firms aware of the security updates, so they can advise their clients on how to properly build their facilities and secure them against modern threats.
Every five years, a new vulnerability assessment is required for water and wastewater utilities. This is currently overseen by the EPA under the America’s Water Infrastructure Act of 2018, known as AWIA, which requires facilities to complete a fresh assessment to show that they are aware of their vulnerabilities so they can mature their security posture.
If they use the old methodology involving DBT to sign off on the assessment, they are likely to be informed that they do not need to invest in physical security improvements because there are no known threats in the area or catastrophic terrorist events. The key is having consultants come in who are aware of this new methodology or who can subcontract out the specialty security assessment.
Learn more about ASCE/EWRI 78-24.
Learn more about the new methodology in the ASCE Journal of Infrastructure Systems article “Empirical Risk Analysis Methodology for Adversarial Threats against Critical Infrastructure.”
Learn more about how you can join a standards committee.
