Post on 13-Dec-2015
Developing a Security Program
Developing a Security Program
Exercise Plan
Develop/Update Plan
Review/Revisit
Plan
Developing a Security Program
• Understanding One Size Does Not Fit All
• The Importance of Being Prepared
• Why Communication is the Key
• Ten Key Security Program Principals
• What Resources Are Available
One Size Does Not Fit All
• Utility security programs should achieve consistent outcomes using utility-specific strategies.
• Implement approaches that are tailored to your utilities’ circumstances and operating conditions.
Source water Treatment Distribution & Storage
Customer
Security Program Scope
• Active and effective security programs should address:
– protection of public health– public safety (including infrastructure) – and public confidence
Significant System Failures
• An active and effective security program should consider:– Loss of pressure for significant parts of the
system.– Long term loss of supply, treatment, or
distribution system.– Adverse impacts to public health or
confidence resulting from a contamination threat or incident.
Key Threats or Methods of Attack
When developing an active and effective security program you should consider:
– Physical targeting of core facilities or independent infrastructure
– Chemical or biological material used to contaminate water supplies
– Cyber attack on technology assets to disrupt services
“All hoaxes must be treated as actual events until proven otherwise”
A Part of Being Prepared
• Commitment to security• Promote security awareness• Up-to-date assessment of vulnerabilities• Dedicate security resources and security
implementation priorities• Define security roles and employee
expectations
Being Prepared Continued
• Intrusion detection and access control for the physical plant, and/or at the source(s)
• Contamination detection
• Information protection and continuity
• Design and construction
• Threat level-based protocols
Communication is the Key
• Emergency response and recovery plans should incorporate security considerations and be tested and reviewed regularly.
• Internal and external communications.
• Partnerships
10 Key Security Principles
1. Security should be part of your utility’s day-to-day thinking.
2. A strong commitment to security is key.3. There are always ways to improve
security.4. Prevention is a key aspect of enhancing
security.5. Movement towards practices that are
inherently safer.
10 Key Security Principles
6. Ongoing management and monitoring, and budget commitment.
7. Security issues should be a factor in building plans and design.
8. Security may not be convenient.
9. Build strong relationships with response partners and the public.
10.You have to put a price on security.
Resources
• Technical Assistance Providers– National Environmental Services Center
• www.nesc.wvu.edu
– National Rural Water Association• www.nrwa.org
– Rural Community Assistance Partnership• www.rcap.org
– Safe Drinking Water Trust – eBulletin• www.watertrust.org
Additional Resources
• American Water Works Association– www.awwa.org
• Association of State Drinking Water Administrators– www.asdwa.org
• National Drinking Water Clearing House– www.ndwc.wvu.edu
• U.S. Environmental Protection Agency– www.epa.gov