National
Drinking Water Clearinghouse
West Virginia University
P.O. Box 6064
Morgantown, WV
26506-6064
Security
and Emergency Planning
Community-Wide Efforts Require Preparation
by
Chain-Wen Wang, Ed.D.
NDWC Contributing Writer
In
May 2002, the 107th Congress enacted the Public Health Security and Bioterrorism
Preparedness and Response Act of 2002 (Bioterrorism Act), to enhance federal
and state efforts to prepare for and respond to the threat of bioterrorism and
other public health emergencies. On June 12, 2002, the President signed the
bill into law. The Bioterrorism Act reauthorizes or amends several important
grant programs established under the Public Health Threats and Emergencies Act
and the Public Health Service and also provides significant new grant opportunities
for states and local governments.
As part of the legislation, the Safe Drinking Water Act (SDWA) Title XIV has
been amended to include Section 1433, which pertains to terrorism and and other
intentional acts. Title IV of the act requires all community water systems (CWSs)
serving a population greater than 3,300 to conduct a vulnerability assessment
(VA) and provide a written copy of the assessment to the U.S. Environmental
Protection Agency (EPA) administrator and, within six months of completing the
assessment, prepare an emergency response plan (ERP) that incorporates the results
of the vulnerability assessment.
According to the Act, by August 1, 2002, the EPA administrator is to provide
baseline information to community water systems that are required to conduct
vulnerability assessments. After consultation with appropriate departments and
agencies of the federal government and with state and local governments, the
baseline information is supposed to cover which kinds of terrorist attacks or
other intentional acts are considered probable threats. EPA is also required
to develop security protocols that “may be necessary to protect the copies
of the assessments required to be submitted under the subsection 1433 (5) (and
the information contained therein) from unauthorized disclosure” in consultation
with appropriate federal law enforcement and intelligence officials no later
than November 30, 2002.
The baseline report was completed by the August 1 deadline; however, it did
not go out in August because the EPA administrator asked for and received an
Academy of Science peer review of the document. The final baseline report was
ready on September 1 after the peer review. However, it was delayed while EPA
was setting up a secure method of distributing the report to the more than 7,900
community water systems who are the recipients of the report. The security protocols
did not need to meet the same requirements as the report and were ready on November
30. (An article on the security protocols may be found at www.awwa.org/
communications/waterweek/.)
While the new bioterrorism law requires EPA to provide guidance on vulnerability
assessments to community drinking water systems, it does not specifically authorize
EPA to prescribe the components of the vulnerability assessments. Some drinking
water organizations feel that community water systems are thus not required
to use any particular vulnerability assessment tool.
However, in the baseline report EPA has identified common elements found in
vulnerability assessments that would be appropriate to all size systems. Drinking
water systems can choose any vulnerability assessment method, but these basic
elements should be addressed so that there’s consistency in the assessments.
Each
Situation Is Unique
Photo Caption-Volunteer firefighters and hazardous materials handlers
participate in a “mock disaster” in Morgantown, West Virginia.
Several hundred emergency response personnel took part in the event, sponsored
by the Department of Justice's Office for Domestic Preparedness. Photo
by Dave Custer |
Tommy Ricks, Mississippi state coordinator of the Community Resource Group–Southern RCAP, says the same thing when it comes to providing assistance to water systems conducting their vulnerability assessments. “The Mississippi State Department of Health, the Mississippi Water and Pollution Control Operators Association, and my organization developed Plan template that incorporates the general ideas/principles of a vulnerability assessment and made that available to water systems in the state. “The template,” Ricks explains, “uses a common sense approach that contains the most basic and general rules regarding emergency response plans. It gives you (the water system) an idea where to start your ERP (general guidelines on what needs to be included in an ERP). What you need to do is to modify it to suit your system.”
EPA has several tools available that can be downloaded from or linked to from their Web site at www.epa.gov/safewater.
These tools include:
• “Vulnerability Assessments and Remediation Plans,” a method developed by Sandia National Laboratory for large systems;
• “Security Vulnerability Self-Assessment Guide for Small Drinking Water Systems,” a tool for systems serving fewer than 3,300 people;
• “Security Vulnerability Self-Assessment Guide for Small Drinking Water Systems Serving Populations Between 3,300 and 10,000,” a guide developed by the Association of State Drinking Water Administrators (ASDWA) and National Rural Water Association (NRWA) in cooperation with the USEPA; and “Model Emergency Response Guidelines (Guidance for Water Utility Response, Recovery & Remediation Actions for Man-Made and/or Technological Emergencies),”
a downloadable tool.
Many organizations, such as NRWA, ASDWA, the Water Environment Federation (WEF), and the American Water Works Association (AWWA), as well as many state primacy agencies, also have tools and guides to provide assistance to water systems either conducting VAs or preparing ERPs.
While the acceptability of different types of vulnerability assessments is not clear, water systems can still work on developing a new ERP or revise their old ERP. “What needs to be included in the ERP is really the step-by-step plan of action in response to various emergency events, whether it’s natural disasters or threats of bioterrorism,” says John Mori, director of the National Environmental Services Center. “If you have it spelled out ahead of time what action to take when certain events occur, you have a plan.”
Integrating Assessments with Community Plans
Photo Caption-The temporary command area was a busy place during
a recent mock disaster held in Morgantown, West Virginia. |
“From the feedback we’ve received, there seem to be two levels of inadequacy regarding emergency planning for security purposes when it comes to protecting drinking water systems,” Mori says explaining the importance of revisiting security issues. “One, some systems have done little or nothing in spite of the laws. And, two, few systems have accomplished true integration.
“What we think should happen for every drinking water system is not only to have a vulnerability assessment tied to an emergency plan in place, but also to have the plan integrated into the overall community emergency plan,” he says.
Why do water systems need to think about integrating their ERP into the overall community emergency plan? “For example, if a delivery truck accidentally runs into your facility, what will you do first? Who will you call?” Mori asks. “Do you need to contact the fire department? The police department? The state emergency response team? Who is responsible for doing what? Ask yourself, is this a situation you (the water system) can handle yourself, or is this a situation that needs the involvement of the larger community? If it’s a situation the water system can not handle by itself,” Mori suggests “then it needs to be included in the overall community emergency plan.” (For more information about crisis communications and community networks, see the On Tap articles “Crisis Communication: Building a Network to Keep Drinking Water Safe” in the Fall 2002 issue and “Crisis Communications: Keeping Your Community Informed During Emergencies” in the Winter 2002 issue.)
“Communication and training is the key to success,” Ricks concurs with Mori’s statement. “In Mississippi, we are really working at the overall community level. Many local governments are not only training related personnel on appropriate emergency response, but they are also running mock drills.” What’s more impressive, according to Ricks, is that many small water systems in Mississippi volunteer to participate in the drills, even though they are not required to have an emergency plan.
“Without first doing your vulnerability assessment to identify potential weaknesses, you really can’t update your emergency response plans,” Bielanski cautions. “Systems should not skip the step of doing a complete and thorough vulnerability assessment when updating their emergency response plans.
“At this point, EPA hasn’t made a final decision on how to evaluate the adequacy of vulnerability assessments except that it will be on a system-by-system basis,” he says, “and we are working really hard trying to iron out all the details regarding security protocols to protect the copies of the assessments submitted.”
Ricks agrees, “It is tricky. Usually, this kind of document is accessible to the public, but, because of the sensitive nature of the documents, it is exempt. And, how do you decide who has access to your emergency plan when you are supposed to work with different agencies? If you don’t share some of the information, is it still possible to be an effective plan? If you do share the information with everyone who might be involved, how do you know you’re not compromising your system’s security?” Ricks, along with other drinking water professionals, has no answer to those questions.
Assessment ABCs
Although there are many complex regulatory issues involved in vulnerability assessments and emergency response planning that remain unresolved at this point, there are still some basic components that should be included.
According to the Bioterrorism Act, water system VAs must include:
• a review of pipes and constructed conveyances;
• physical barriers;
• water collection, pretreatment, treatment, storage and distribution facilities;
• electronic, computer or other automated systems, which are used by the public water systems;
• the use, storage or handling of various chemicals; and
• the operation and maintenance of such system.”
The language above basically coincides with the physical and managerial aspects of water systems. Comparing NRWA’s Water/Wastewater Security Vulnerability Self-Assessment and the Security Vulnerability Self-Assessment Guide for Small Drinking Water Systems by ASDWA, in collaboration with EPA, the EPA Drinking Water Academy, and the NRWA, it’s easy to see that these two documents follow the same physical and managerial aspects of water systems, including: water sources; treatment plant and suppliers; distribution; personnel; information storage/computers/controls/maps; and public relations.
According to the vulnerability assessment tools available for review, the most common way to conduct a vulnerability assessment for water systems seems to be to answer a series of “yes,” “no,” or “not applicable” questions regarding the aspects mentioned above. For instance, for facility security, typical questions relate to access to the pumping stations, treatment plants, storage facilities, offices, and other physical components, such as who has access to what within the facility and how will unauthorized entry or attempted entry be detected?
One consideration that has been given scant attention is utility personnel. Requiring background checks in the hiring process and photo-identification cards for utility personnel are two examples. Another topic that is relatively new is protecting records and critical information from someone who might plan to vandalize a water system.
Again, as experts point out, a lot of this is common sense, especially for small water systems that do not have complicated facilities or large staffs. The first and most important thing is to have an inventory of critical system components. Once the inventory is completed, identify all the physical and managerial components of the system to detect vulnerable points. Once the vulnerable points are identified, you’re starting to get into the beginning of emergency response planning. At this point, the water system needs to prioritize actions needed to decrease the vulnerability of the system and improve the system’s security.
Create an Emergency Contact List
Based on the NRWA/ASDWA tool available to systems serving populations less than 3,300, one essential part of an ERP for a water system is an “Emergency Contact List.” The list should contain the names and phone numbers of people to call in case of an emergency. The Security Vulnerability Self-Assessment Guide for Small Drinking Water Systems suggests including three sections on the list: system identification, notification/contact information, and communication and outreach.
The system identification section contains basic information about the system, such as the water system ID number; system name and location; population served and numbers of service connections; system owner; and the name, title, and phone number of the person responsible for maintaining the list.
The notification/contact information section should include a local officials list, a service/
repair company list, a state agency list, and a media list. Specific contact information includes organizations, such as the fire department, police department, health department, hospital, schools, and primacy agency, as well as the designated spokesperson for the system and newspaper, radio and television stations.
The guide suggests that water system representatives talk with the state drinking water primacy agency about local emergency preparedness and solutions to potential emergency communication problems, such as disrupted phone lines and overloaded cell phone lines. It also suggests making a plan to notify the public in case of contamination of the water supply, including how to reach all customers in the first 24 hours of an emergency and how to contact institutions with large numbers of people.
In addition to the emergency contact list, a good water system ERP should also include general emergency response procedures, as well as procedures for handling accidents, natural disasters, external and internal emergencies, threats and hoaxes, contamination and waterborne diseases outbreaks, water outages, security measures, recovery plans, and emergency training and drilling, according to Ricks.
Another important component of a good plan is to include a chain-of-command that identifies those persons who are responsible for making decisions in case of an emergency and outlines each person’s responsibilities, suggests Mori, “especially when the situation calls for the involvement of the larger community.”
The last, but not the least important, component of a good emergency plan is communication. This includes communication between the water system and state agencies, such as the drinking water primacy agency and the emergency management agency; between the water system and local organizations, such as fire and police departments; between the water system and the public; between the water system and the media; and within water system personnel, as well with other federal, state, and local governments and agencies.
At this time, because it’s not required by law, there is no way of verifying how many drinking water systems serving populations of less than 3,300 have an emergency response plan or vulnerability assessment in place. However, drinking water system personnel should still work on conducting individualized vulnerability assessments for their systems and developing an emergency response plan that can be integrated into the overall community emergency plan.
References
Association of State Drinking Water Administrators and National Rural Water Association. 2002. Security Vulnerability Self-Assessment Guide for Small Drinking Water Systems. Washington DC.
Association of State Drinking Water Administrators and National Rural Water Association. 2002. Security Vulnerability Self-Assessment Guide for Small Drinking Water Systems Serving Populations Between 3,300 and 10,000. Washington DC.
National Rural Water Association. 2002. Rural Water/Wastewater Security Vulnerability Self-Assessment. Duncan, OK: NRWA.
U.S. Congress. 2002. H.R. 3448 Title IV—Drinking Water Security and Safety. Washington DC.
U.S. Environmental Protection Agency. 2002. Guidance for Water Utility Response, Recovery & Remediation Actions for Man-Made and/or Technological Emergencies (Model Emergency Response Guidelines). Washington DC. Online at www.epa.gov/safewater
U.S. Environmental Protection Agency. 2002. Water Security Strategy for Systems Serving Populations Less than 100,000/15 MGD or Less. Washington DC. Online at www.epa.gov/safewater
About the Author
Chain-Wen Wang holds an Ed.D. in technology education from West Virginia University and operates an environmental consulting business specializing in drinking water, wastewater, and stream water quality issues.