Water and wastewater facilities face a number of challenges when addressing physical security threats and vulnerabilities. Since Sept. 11, 2001, water departments have been under increased pressure to secure their physical assets and electronically control and track anyone that accesses their facilities.
In 2002, the Department of Homeland Security introduced the Public Health Security and Bioterrorism Preparedness and Response Act and appointed the U.S. Environmental Protection Agency (EPA) as the lead federal agency for protecting the water sector. The EPA is responsible for helping community water systems improve water and wastewater security and safety.
In 2004, the EPA developed vulnerability assessment guidelines to help water utilities evaluate their susceptibility to potential threats and identify corrective actions needed to reduce risks. These regulations focus primarily on reducing the risk of contaminants in drinking water systems, contingency planning, physical security and cyber security threats. Under the Bioterrorism Act, water utilities serving more than 3,300 persons must:
- • Conduct a vulnerability assessment, certify to the EPA that the assessment has been completed and submit a copy of the assessment to the EPA;
- • Show that the utility has updated or completed an Emergency Response Plan outlining response measures if an incident occurs; and
- • Take corrective action to minimize vulnerabilities.
Seattle Public Utilities (SPU) supplies water to 1.4 million people in the greater Seattle area. Their drinking water supply from the Cedar River is unfiltered so the watershed is completely closed to the public and no trespassing of any kind is allowed. In an effort to comply with these standards, SPU conducted a vulnerability assessment. The assessment revealed that improvements were needed to meet the Federal Critical Infrastructure Guidelines. SPU set out looking for an access control solution that would deter, detect and delay potential threats to their widespread watershed.
According to the “Guidelines for the Physical Security of Water Utilities,” published by the American Society of Civil Engineers and the American Water Works Assn., access control measures should consist of one or more of the following systems: key locks and/or padlocks, numeric keypad locks or card reader systems.
The challenge with numeric keypad locks and card reader systems is that they both require either power or wiring for installation, making it virtually impossible to secure remote locations. In addition, mechanical locks and padlocks do not provide an audit trail or key control.
An Electronic Solution
After evaluating a variety of access control solutions SPU found CyberLock, a key-centric electronic access control solution that met their requirements. With the CyberLock system, SPU was able to track and control access to remote areas without the need for power or wiring.
The system is comprised of four main components:
- 1. Electronic locks and padlocks. CyberLock cylinders and padlocks operate with power provided by the electronic key, making it ideal for securing remote assets.
- 2. Electronic keys. CyberLock keys contain access permissions for each user and record all access activity.
- 3. Communication devices. CyberLock communication devices update CyberKey smart keys with new access permissions and download all access event records from the key.
- 4. Management software. CyberAudit management software enables users to administer access permissions, view audit activity and download reports.
SPU has installed CyberLock on remote watershed gates, storage units, utility sheds and more than 30 gate entrances. With the installation of the CyberLock system, SPU was able to comply with the Department of Health regulations and maintain their Limited Alternative Filtration status.
CyberLock is a key part of SPU’s security plan-of-action. Contractors, employees and researchers throughout the watershed are given a key programmed with their specific access privileges so that only authorized personnel may access restricted areas.
With implementation of a key-centric electronic access control system, water and wastewater utilities can greatly improve access control to sensitive areas and provide proof to the EPA that corrective action has been taken to minimize risk and vulnerabilities.
James T. McGowan is vice president of sales and marketing for CyberLock Inc. McGowan can be reached at [email protected] or 541.738.5500.