Presentation to: THEAMERICAN WATER WORKS ASSOCIATION

1
Presentation toTHEAMERICAN WATER WORKS
ASSOCIATION

• OUR RESOURCES / OUR LIFE
• A STRATEGY FOR FACILITY PROTECTION
• By
• Mark A. Graves, AIA
• DMJMHN

2
SECURITY MASTER PLANNING

• I. Asset Definition
• II. Threat Definition Vulnerability Analysis
• III. Development of Security Measures
• - Electronic Security
• - Physical Barriers
• - Policies and Procedures
• - Security Personnel
• Selection of Security Countermeasures
• The Design Process

3
I. ASSET DEFINITIONPROCESS

• Interview Stakeholders
• - Senior Management, Mid Management,
  Operations Professionals
• Identify Components of Your Operation
• - Research Development
• - Plants Equipment
• - Employee Morale

4
I. ASSET DEFINITIONPROCESS-List and Classify
Assets

• Tangible Assets
• - Plant and Equipment
• - Raw Materials
• - Specialized Personnel
• Operating Elements
• - Production
• - Maintenance
• - Administration

• Facility Infrastructure
• - Power
• - Communications with Outside Resources
• - Domestic Water Requirements
• - Cooling and Heating Equipment
• - Access (Road, River Pathways)

5
I. ASSET DEFINITIONPROCESS-List and Classify
Assets (Cont.)

• Processing Operations
• - Computer Equip. Hardware
• Central Processing Equip.
• Data Storage
• Communications Equip.
• - Software
• Operating Software
• Utilities Applications Communications

• - Physical Plant Support (Emergency)
• Dual Comm. Power Supply
• UPS
• Battery Back-Up System
• Emergency Generators
• Emergency Drinking Water
• Emergency Cooling Tower Make-Up Water

6
I. ASSET DEFINITIONPROCESS-List and Classify
Assets (Cont.)

• Intangible Assets
• - Information
• Utility Confidential Info.
• Complaints
• Service Data
• - Utility Image
• Reputation
• Staff Morale
• Hiring Practices

7
I. ASSET DEFINITIONPROCESS-Classify Assets

• VITAL Loss Would be Catastrophic
• IMPORTANT Loss Would Prove Seriously Disruptive
• SECONDARY Loss Would Prove Relatively
  Insignificant

8
II. THREAT ASSESSMENT

• CRIMINAL
• NATURAL
• ACCIDENTS

9
II. THREAT ASSESSMENT PROCESS

• CRIMINAL
• Possible Crimes
• - Burglary Robbery
• - Larceny Arson
• - Assault Theft
• - Bribery Extortion
• - Terrorism Sabotage
• - Vandalism
• - Drug / Alcohol Abuse
• Review Internal Loss Data
• Review Internal Crime Data
• (National Local)

• NATURAL DISASTERS
• - Floods
• - Tornadoes
• - Hurricanes
• - Blizzards
• - Earthquakes
• ACCIDENTS
• - Hazardous Materials
• - Fire
• - Explosion
• - Industrial Safety
• - Negligence Exposure (The Contractor)

10
II. THREAT ASSESSMENT LIST AND CLASSIFY

• PROBABILITY OF OCCURANCE
• Probable Expect Event to Occur
• Possible Circumstances Expected for that
  Event
• Unlikely Possible But Unlikely
• SEVERITY OF OCCURANCE
• Devastating Disastrous Event
• Moderate Survivable
• Insignificant Relatively Inconsequential

11
III. SECURITY MASTER PLANNING

• Vulnerability Analysis
• Develop Analysis Group
• - Facilitator
• - Crime Specialist
• - Resource Specialist (Site Manager)
• - Computer Systems Specialist
• - Structural / Architectural Facilities
  Specialist
• - Plant Engineering Specialist
• Establish Assets and Threats to Specific
  Facility
• Prioritize Results

12
III. SECURITY MASTER PLANNING

• Vulnerability Analysis - Process
• Correlate Assets and Threats
• Develop Team Analysis
• - Operational Management
• - Facility Engineering
• - Data Processing Management
• - Administration Issues
• Develop Contrived Scenarios

13
III. SECURITY MASTER PLANNING

• Vulnerability Analysis - Process
• Facility Infrastructure Vulnerability
  Examples - Site Access Improper Vehicular
  Access Travel Lane Capacity
• Planned Roadway Access Blockade
• Adjacent Rail-Line Blockage
• Poor Vehicular Pedestrian Monitoring
  Control System
• Poor General Site Access Control (Passive /
  Active Monitoring)
• - Building Envelope
• Building Stand-Off Distances
• Building Envelope Resistance to Blast/Forced
  Entry
• Door Window Resistance to Forced Entry
  Ballistics Intrusion

14
III. SECURITY MASTER PLANNING

• Vulnerability Analysis - Process
• Facility Infrastructure Vulnerability
  Examples
• - Building Envelope (Cont.)
• Visual Exposure of Personnel From
  Uncontrolled Areas
• Building Access by Vehicles (Parking,
  Deliveries, Waiting Areas)
• - Public / Employee Building Access Control
• Perimeter Door Access Control
• Staff Identification System
• Visitor Identification / Holding Area Control
• Employee / Maintenance Personnel Internal
  Access Control

15
III. SECURITY MASTER PLANNING

• Vulnerability Analysis - Process
• Facility Infrastructure Vulnerability Examples
  (Cont.)
• - Power Commercial Substation Attack
• Emergency Power Fuel Line Attack
• Internal Power line Sabotage
• - HVAC Chem / Bio Air Born Contaminants
• Internal Chem / Bio Release
• Water Contaminant Intro. to HVAC Supply
  System
• Power Fluctuations (Brown Out)

16
III. SECURITY MASTER PLANNING

• Vulnerability Analysis - Process
• Facility Infrastructure Vulnerability Examples
  (Cont.)
• - HVAC (Cont.) Power Failure (Re-Start Time)
• Maintenance Sabotage
• Poor Maintenance Personnel Training
• Parts Manufacturer Reliability

17
III. SECURITY MASTER PLANNING

• Vulnerability Analysis - Process
• Facility Infrastructure Vulnerability Examples
  (Cont.)
• - Domestic Water Supply
• Introduction of Contaminants
• Upstream Line Disruption
• natural
• accidental
• intentional disruption

18
III. SECURITY MASTER PLANNING

• Vulnerability Analysis - Process
• Facility Infrastructure Vulnerability Examples
  (Cont.)
• - Telephone / Data Lines
• Attack or Human Error on External Lines
• Internal Employee / Maintenance
  Sabotage
• - Natural Gas
• Attack or Human Error on External Lines
• Explosive Sabotage

19
IV. SELECTION OF COUNTERMEASURESProcess

• 4. Select Countermeasures
• - Electronic (Active) Monitoring and
  Surveillance
• - Physical (Passive) Barriers
• - Policy and Procedure Initiatives
• - Security Personnel (Staffing and Training)

• 1. Define Defensive Strategy
• -Least Dangerous Events Most Likely to Occur
• Most Dangerous Events Least Likely to Occur
• 2. Define Priorities
• 3. Define Requirements
• Regulatory and Legal (National Guidelines)
• Vital Asset Probable Devastating Threat.
  Primary, Secondary, Tertiary
• Important Asset Unlikely and Moderate Threat.
  Primary Assets

20
IV. SELECTION OF COUNTERMEASURESApplications -
Electronic

• Intrusion Monitoring
• - Entry and Perimeter Detection
• (Subsurface, Vibration, Motion, and Infrared
  Detection)
• - Perimeter Lighting
• - Door Position Detection.
• (Alarmed Release Delay, Electronic Lockdown)
• CCTV
• - Full Operation at Low Light Levels
• - Pan, Tilt, Zoom Capability
• - Event Recording
• Duress
• - Emergency Alert Devices

• Access Control
• - Employee and Visitor Access ID Badge Software.
  
• (Palm, Retinal, Visual Guard ID
  Verification, and Proximity Readers)
• - Vehicle Access Control Software
• (Vehicle Bar Code, Proximity, Driver ID
  Readers)
• - Vehicle Arrest Systems. Sally Port
  Configuration (Delta Barriers Gates).

21
IV. SELECTION OF COUNTERMEASURESApplications
Electronic (Cont.)

• Security Communication
• - Radio Dispatch System
• - Private Intercom System / LAN
• - Public Address Group Communication
• - Telephone / Internet WAN
• Life Safety
• - Fire and Toxic Substance Detection
• Process Supervision
• - Infrastructure Monitoring
• - Process System Monitoring
• - Vehicle Access Control Software
• (Vehicle Bar Code, Proximity, Driver ID
  Readers)
• - Vehicle Arrest Systems. Sally Port
  Configuration (Delta Barriers Gates).

• Computer Security
• - Virus Detection Programs
• - File Encryption
• - System Sweeps
• - Distributed System Architecture
• Screening
• - Walk Thru Metal Detection
• - Large Package Inspection
• - Mail Inspection

22
IV. SELECTION OF COUNTERMEASURESApplications
Physical Design

• Building Envelope
• - Blast Resistant Structural System. Develop to
  Deter Progressive Collapse
• - Blast Resistant Skin
• - Forced Entry, Ballistic Entry, and Blast
  Resistant Doors
• - FEBR Windows at First Levels, Ballistic only
  Above.
• - Roof Mounted Air Intake

• Environmental Site Enhancements
• - Eliminate Straight Drive Aisles at Building
  (Reduce Vehicle Speed)
• - Ditch/Berm Grading Mote
• - Landscape Deterrents
• - Maximize Building Location Setback
  (Government Standards)
• Building Configuration
• - Configure Building Elements Remoting Sensitive
  Areas from Perimeter wall. Elevate as High as
  Functionally Feasible.
• - Fire and Toxic Substance Detection
• Process Supervision
• - Infrastructure Monitoring
• - Process System Monitoring
• - Vehicle Access Control Software

23
IV. SELECTION OF COUNTERMEASURESApps Physical
Design (Cont.)

• Locking Mechanisms
• - Electromagnetic Remote Operated Locks
• - Forced Entry Locks
• - Carefully Articulated Door Hardware
• Internal Compartmentalization
• - Design Layout to Limit Unnecessary Access to
  Operation Sensitive Areas

• Building Infrastructure
• - Redundancy is Paramount.
• - Separate Power Feeds from Different Grids
• - Emergency Power Generation
• - UPS for Critical Systems
• - Back-Up Battery System for UPS Assurance
• - On-Site Storage Tanks for Emergency Conditions
• (Determine Emergency Duration)
• Domestic and HVAC Water (and/or Well as
  Allowed)
• Diesel Fuel for Generators
• Fire Water as Required
• Sanitary Tank

24
IV. SELECTION OF COUNTERMEASURESApps Policy
Procedures

• Accounting
• - Audits for Fraud
• - Inventory Control
• Drug and Alcohol Abuse
• - Termination Guidelines
• - Assistance Guidelines
• Disaster Avoidance and Recovery
• - Mitigation Strategy
• - Delegation of Authority
• - Implementation
• - Training Exercises

• Facility Access
• - Access Levels
• - Credentials
• Security Management
• - Operating Philosophy
• - Security Plan Updates
• Personnel
• - Background Investigations
• - Debriefing
• - Heightened Security Awareness

25
IV. SELECTION OF COUNTERMEASURESApps Security
Personnel

• Management Philosophy
• - Legal Requirements vs. Necessary Service
• Security Training
• Community Relations
• Operations
• - Command Center
• - Mobile Patrols
• - Fixed Posts
• - Investigations

• Post Orders
• Law Enforcement Liaisons

26
V. SYSTEM AND FACILITY DESIGN

• Design Criteria
• Conceptual Design
• Preliminary Design
• Final Design
• Importance of Consensus Throughout the Process

27
WHY?