CHAPTER 16 Security Planning and Vulnerability Assessment Although water and wastewater systems are generally well prepared to deal with natural disasters and accidents, many utilities prior to September 11, 2001 had given little consideration to defending themselves against acts of terrorism. Read this chapter to see how GIS can help in safeguarding your water and sewer systems against the acts of terrorism. Water distribution systems are especially vulnerable to acts of terror. 2097_C016.fm Page 335 Friday, December 17, 2004 1:32 PM Copyright © 2005 by Taylor & Francis LEARNING OBJECTIVE The learning objective of this chapter is to understand GIS applications in security planning and vulnerability assessment of water and sewer systems. MAJOR TOPICS • GIS applications in planning • Security planning • Vulnerability assessment • Security modeling software LIST OF CHAPTER ACRONYMS AMSA Association of Metropolitan Sewerage Agencies EPA (U.S.) Environmental Protection Agency ERP Emergency Response Plan OGC Open GIS Consortium VSAT Vulnerability Self Assessment Tool GIS APPLICATIONS IN PLANNING GIS technologies have enabled planning professionals to make better and faster planning decisions. New software advances have revolutionized the preparation and use of master plans for water and sewer systems. GIS technologies provide various planning tools such as: 1. Remote-sensing data (described in Chapter 3) 2. Land-use/land-cover data (described in Chapter 3, Chapter 11, and Chapter 12) 3. Intelligent maps (described in Chapter 8 and Chapter 9) 4. Hydrologic and hydraulic models (described in Chapter 11 to Chapter 13) With the help of case studies and examples, this chapter will focus on how to apply these tools for security planning purposes. CITY OF ALBUQUERQUE’S WASTEWATER MASTER PLAN In 1990, the City of Albuquerque, New Mexico, began a multiphase planning effort to evaluate its existing wastewater conveyance and treatment facilities, project future growth and flows, create programs for monitoring and rehabilitating existing infrastructure, and develop an organized approach to ensuring that future facilities keep pace with develop- ment. The City used GIS technology to develop a 40-year master plan for its wastewater collection and treatment system. The master plan was created by integrating the City’s GIS data with a number of other computer applications including demographic modeling, 2097_C016.fm Page 336 Friday, December 17, 2004 1:32 PM Copyright © 2005 by Taylor & Francis land-use mapping, hydraulic analysis, and infrastructure rehabilitation planning. The GIS approach enabled the City to create a master plan that could be easily updated in future as new development takes place (American City & County, 1991). SECURITY PLANNING Water, wastewater, and stormwater systems face both natural (floods, droughts, earthquakes, fires, etc.) and man-made (terrorism, vandalism, sabotage, arson, cyber attacks, etc.) threats. Although water industry utilities have learned from natural disasters, their experience with human-caused threats is small (Grigg, 2002). The basic form of protection against attacks or threats of attacks is a security system. Security planning methods include hazard assessment, vulnerability assessment, mitigation, response planning, and crisis communications (Burns et al., 2001). Vulnerability assessment is an important step in disaster preparedness. In the U.S., many utilities are performing mandatory vulnerability assessments. When terrorists attacked the World Trade Center complex in New York and the Pentagon building in Washington, D.C., on September 11, 2001, the U.S. witnessed one of the worst days of its 225-year history. The unfortunate event also witnessed the best of the American spirit as people everywhere, including the GIS community, rushed to help. GIS supported response efforts at the World Trade Center and the Pentagon by coordinating the search for survivors and identifying hazardous areas. Planning for collection of airborne imagery over Ground Zero began within hours of the terrorist attack. Only 3 hours after the attack, France’s SPOT 4 satellite captured 20-m resolution infrared images of the fires blazing in Manhattan. On September 12, Space Imaging’s IKONOS satellite acquired 1-m imagery of both the World Trade Center area and the Pentagon (Barnes, 2001b). LIDAR * images collected on Sep- tember 19, 2001, at 5000 ft were used to create 3D depictions of the terrain and buildings of the World Trade Center complex (Logan, 2002). The media, to cover the stories related to the terrorist attack, frequently used these 3D renderings. Since September 11, 2001, concerns over intentional contamination have resulted in new federal legislation in the U.S. requiring community water systems to develop Emergency Response Plans (ERPs) (Haestad Methods, 2003a). In the Public Health Security and Bioterrorism Preparedness and Response Act of 2002, U.S. Congress recognized the need for drinking water system utilities to undertake a more com- prehensive view of water safety and security. It amended the Safe Drinking Water Act and specified actions that community water system utilities and the U.S. Envi- ronmental Protection Agency (EPA) must take to improve the security of the nation’s drinking water infrastructure. In 2002, EPA issued $90-million grant monies to help U.S. water and wastewater utilities assess their security needs. In January 2003, the U.S. Government launched the Department of Homeland Security for coordinating the work of America’s security and intelligence agencies. Although water and wastewater systems are generally well prepared to deal with natural disasters and accidents, many utilities — prior to September 11 — had given * For additional information on LIDAR data, please refer to Chapter 3 (Remote-Sensing Applications). 2097_C016.fm Page 337 Friday, December 17, 2004 1:32 PM Copyright © 2005 by Taylor & Francis little consideration to defending themselves against acts of terrorism. Immediately after the September 11 terrorist attacks, many water and wastewater utilities in the U.S. quickly adopted or expanded security measures (Landers, 2002). Vulnerability of Water Systems Drinking water utilities today find themselves facing new responsibilities. Although their mission has always been to deliver a dependable and safe supply of water to their customers, the challenges inherent in achieving that mission have expanded to include security and counterterrorism. Water distribution systems are especially vulnerable to acts of terror. Water systems can be contaminated by injec- tion of poisonous substances such as cyanide. Water system operators, therefore, should be able to monitor contaminant levels and to predict contaminant movement throughout the system. These are complex tasks that require real-time monitoring and distribution-system water quality modeling. Real-time monitoring of every contaminant that could be deliberately introduced in a water system is not practical. However, a change in indicator parameters can signal the possibility of intentional contamination. The operators should be equipped with the most effective means of interpreting the monitoring data, communicating the results to decision makers and the general public, and implementing the control measures quickly (Schreppel, 2003). At the present time, most applications are focusing on the security analysis of drinking water distribution systems. Vulnerability of Sewer Systems Sewer systems can be used to contaminate receiving waters that are used for drinking-water supply intakes. Terrorists can pour volatile matter in the sewer system to create fire hazards. Large combined and storm sewers can also be used to gain access to restricted areas that have been blocked for security reasons. Although much of the attention regarding the security of water infrastructure has focused on the drinking water side, wastewater professionals have been quick to acknowledge and attempt to address their vulnerabilities. For example, the Metropolitan Sewer District (MSD) of Greater Cincinnati, Ohio, turned its attention to its sewage collection system, analyzing the likelihood that its sewers — particularly some of its large combined sewers — might be used as conduits in a terrorist attack. MSD used a GIS to compare maps of its collection system with the maps of Cincinnati to conclude that there were no major targets of opportunity in close proximity to any of its large sewers (Landers, 2002). Analysis of using a sewer system to attack a wastewater treatment plant or pumping station still requires some research. GIS APPLICATIONS IN VULNERABILITY ASSESSMENT Water and wastewater utilities must remain vigilant and develop comprehensive engineering and management measures to protect against future threats (Grigg, 2003). Implementing homeland security necessitates understanding the systems, 2097_C016.fm Page 338 Friday, December 17, 2004 1:32 PM Copyright © 2005 by Taylor & Francis infrastructure, organizations, and vital interactions necessary for the well-being of communities. GIS is critical to this effort because it integrates all types of information and relates that information spatially. GIS can help in the areas of risk assessment, security planning, mitigation of the effects of attacks, preparedness activities, response measures, and recovery efforts. GIS applications for community protection include modeling chemical releases in water and air, tracking and accessing information about hazardous storage sites, and managing hospital information. GIS applications can also reveal additional problems caused by proximity to hazards such as chemical storage. The modeling capabilities of GIS can simulate the effects of many types of attacks on critical resources, infrastructure, and populations. After identifying the hazards, assessing the risks, and prioritizing the values (i.e., assets of greatest value), both strategic and tactical plans can be formulated. GIS enhances response to acts of terror by helping managers to quickly assess the extent of damage and by speeding the decision-making process (ESRI, 2002d). There is no one-size-fits-all security approach that will work for all water or sewer systems. Because each utility’s situation is unique, security measures must be tailored to each system. In general, however, there are two basic requirements for the vulnerability assessment of water and sewer systems: 1. Network connectivity: This requirement pertains to what system components are connected to what and what is upstream (or downstream) of what. This capability would determine, for example, the area that would be impacted by a contaminated water storage tank. A GIS must have topology information to determine network connectivity. Network topology is inherent in many GIS packages and can easily provide this information. Network-tracing (described in Chapter 9 [Mapping Applications]) and isolation-tracing (described in Chap- ter 12 [Water Models]) functions are good examples of the network topological capabilities of GIS. 2. Contamination analysis: This requirement pertains to the strength and extent of the contaminants. GIS alone cannot provide this information. Hydraulic models capable of simulating both the quantity and the quality of water must be used in conjunction with a GIS. GIS and hydraulic modeling can be used for infrastructure protection, vulnera- bility assessment, consequence management, and security planning to safeguard water, wastewater, and stormwater systems against potential sabotage activities and terrorist attacks. Lindley and Buchberger (2002) outlined a holistic approach that combined GIS and hydraulic modeling to integrate multiple risk factors so as to identify locations that may be vulnerable to contaminant intrusions. Intrusions were defined as the introduction (either accidental or deliberate) of an undesirable agent into the potable water distribution system. An intrusion pathway was defined as the connectivity route between the potable supply and the contaminant source. EPANET * software was used for hydraulic modeling. GIS was used for layering of the locations having adverse pressure, intrusion pathway, and source concerns. * Additional information about EPANET is provided in Chapter 12 (Water Models). 2097_C016.fm Page 339 Friday, December 17, 2004 1:32 PM Copyright © 2005 by Taylor & Francis SECURITY MODELING SOFTWARE Sample security modeling software products are described in the following subsections. H 2 OMAP ™ Protector H 2 OMAP Protector from MWH Soft, Inc. (Pasadena, California), is an add-on module for the H 2 OMAP suite * that can be used for water security planning, infrastructure protection, and vulnerability assessment. Designed with the latest geospatial modeling technology, Protector uses a geodatabase for modeling various security scenarios. It can be used for estimating the consequences of a terrorist attack or a crisis event on a drinking-water supply infrastructure as well as formulating and evaluating sound emergency response, recovery, remediation and operations plans, and security upgrades. The program can be used to identify viable solutions before an incident or disaster occurs, or to assist in responding should it occur. Protector allows users to model the propagation and concentration of naturally disseminated, accidentally released, or intentionally introduced contaminants and chemical constituents throughout water distribution systems; assess the effects of water treatment on the contaminant; and evaluate the potential impact of unforeseen facility breakdown (e.g., significant structural damage or operational disruption or both). It enables users to locate areas affected by contamination, calculate population at risk and report customer notification information, and identify the appropriate valves to close to isolate a contamination event. Finally, it helps users track con- taminants to the originating supply sources, compute required purging water volume, develop efficient flushing strategies, determine the resulting impact on fire-fighting capabilities, and prepare data for eventual prosecution. Figure 16.1 shows a Protector screenshot showing isolation analysis. It depicts affected and closed facilities color-coded according to their vulnerability (risk factors). WaterSAFE ™ WaterSAFE from Haestad Methods, Inc. (Waterbury, Connecticut), is an add-on component for WaterCAD and WaterGEMS ** software products. WaterSAFE is designed to manage and safeguard water distribution systems. It is a water system security and emergency planning tool specifically created to study infrastructure vulnerability to terrorist attacks and natural events. Harnessing the powers of ArcGIS, WaterSAFE enables water utilities to analyze the movement of multiple constituents and track multiple sources for a given period of time. With this information, water utilities can assess the impact in real time and swiftly relay the results to customers in contaminated areas to take the necessary precautions. These water quality analysis features can enable utilities to better respond, strategize, and implement a fast and effective recovery plan in the event of * Additional information about H 2 OMAP suit is provided in Chapter 12 (Water Models) ** Additional information about WaterCAD and WaterGEMS is provided in Chapter 12 (Water Models). 2097_C016.fm Page 340 Friday, December 17, 2004 1:32 PM Copyright © 2005 by Taylor & Francis Figure 16.1 Protector screenshot showing isolation analysis. 2097_C016.fm Page 341 Friday, December 17, 2004 1:32 PM Copyright © 2005 by Taylor & Francis a contamination emergency. WaterSAFE’s extended water quality analysis features can also assist in conducting statistical analysis of water quality and evaluating contamination effects on a water treatment plant. In 2003, a WaterCAD model was used to prepare an example ERP. Two scenarios were modeled: a rehearsed drill before a terrorist attack and a real-time solution. It was assumed that a contaminant was introduced into the tank of a typical midsized system and that complete mixing occurred in this tank. The vulnerability of the water system was assessed by monitoring the effects of injection location, the nature of the contaminant, the amount of contaminant added, and the period over which the contaminant was added. The modelers were able to reduce the spread of the contaminant, monitor the impact of flushing on the environment, and more quickly bring the system back to normal operation (Haestad Methods, 2003a). VSAT ™ Association of Metropolitan Sewerage Agency (AMSA) Washington, D.C., in cooperation with EPA, released a new water and wastewater system security analysis software in 2002. Known as Vulnerability Self Assessment Tool (VSAT), the soft- ware is available free of charge. Three versions, VSATWater, VSATWastewater, and VSATWater/Wastewater, are available for water, wastewater, and both water and wastewater systems, respectively. The VSAT products provide a structured, cost- effective approach for utilities to assess their vulnerabilities and to establish a risk- based approach to taking desired actions. The software allows utilities to assess the vulnerability of the complete range of utility assets including people (utility staff), physical plant, knowledge base, information-technology platform, and customers. VSAT does not use GIS or hydraulic modeling. However, the information obtained from GIS and modeling can be used to run the VSAT program. For example, the first VSAT task is asset categorization and identification, which requires utility managers to conduct an inventory of utility assets. A GIS can be used to conduct an asset inventory for input to the VSAT program. SECURITY PLANNING DATA ISSUES The number of GIS data formats has increased exponentially with the growth in the GIS industry (Goodchild, 2002). According to some estimates, there might be more than 80 proprietary geographic data formats (Lowe, 2002b). Why are there so many geographic data formats? One reason is that a single format is not appropriate for all applications. For example, a single format cannot support both fast rendering in a command and control system and sophisticated topological analysis in a natural resource information system. Different data formats have evolved in response to diverse user requirements. Users must possess considerable expertise to overlay, combine, or analyze differ- ent map layers or images. Converting from one format or type of data to another is cumbersome, time consuming, and error prone. Therefore, different GIS data formats or models used by different government organizations can lead to compatibility 2097_C016.fm Page 342 Friday, December 17, 2004 1:32 PM Copyright © 2005 by Taylor & Francis problems that can hamper data sharing needs during an emergency situation such as a terrorist attack. This can be avoided by adopting compatible data models and interoperable data formats throughout a city or county. Efforts are currently under- way in the GIS industry to standardize data formats and database-management systems by promoting open platforms, data, and database management systems. For example, the Open GIS Consortium (OGC) has been created with the vision of “the complete integration of geospatial data and geoprocessing resources into mainstream computing.” OGC was formed in 1994 to facilitate access to and geoprocessing of data held in systems or networks. It defines an open GIS as “open and interoperable geoprocessing” or “the ability to share heterogeneous geodata and geoprocessing resources transparently in a networked environment.” USEFUL WEB SITES CHAPTER SUMMARY Water, wastewater, and stormwater systems can be vulnerable to acts of terrorism and sabotage. This chapter shows that GIS offers many useful applications in security planning and vulnerability assessment of these systems. GIS maps and hydraulic models can be used as effective security planning tools to evaluate the system vulnerability to natural and man-made disasters, and recommend solutions. For example, GIS and hydraulic models can be used to determine the areas of a water distribution system that can be affected by a contaminated water supply source. At the present time, most applications are focusing on the security analysis of drinking water distribution systems. CHAPTER QUESTIONS 1. How are water and sewer systems vulnerable to acts of terrorism? 2. What can be done to protect water and sewer systems from acts of terrorism? 3. How can GIS applications help in security planning and vulnerability assessment of water and sewer systems? Association of Metropolitan Sewerage Agencies (AMSA) www.amsa-cleanwater.org Haestad Methods www.haestad.com MWH Soft www.mwhsoft.com Open GIS Consortium www.opengis.org Vulnerability Self Assessment Tool (VSAT) www.vsatusers.net 2097_C016.fm Page 343 Friday, December 17, 2004 1:32 PM Copyright © 2005 by Taylor & Francis . plans for water and sewer systems. GIS technologies provide various planning tools such as: 1. Remote-sensing data (described in Chapter 3) 2. Land-use/land-cover data (described in Chapter 3, Chapter. VSATWastewater, and VSATWater /Wastewater, are available for water, wastewater, and both water and wastewater systems, respectively. The VSAT products provide a structured, cost- effective approach for utilities. safeguard water, wastewater, and stormwater systems against potential sabotage activities and terrorist attacks. Lindley and Buchberger (2002) outlined a holistic approach that combined GIS and hydraulic