Tasks for Group 1 • Describe the best candidate agents (chemical and biological) that could be used to attack this system. • Why are these preferable? • What sorts of physical attacks could be used? • What are the best alternatives for: • hurting people? • spreading fear? • hurting the economy? • Which approach most cost-effective? • Which approach is most difficult to detect? • What are the types of personnel needed to have an effective system to address these issues?
Tools for Group 1 • Maps of the city and water system • Description of the water system • Lists of: • Potential organisms • Potential toxins • Information on organisms/toxins: • NOEL • Infective dose • Chlorine resistance
Weapons of Mass Destruction • Weapons of Mass Destruction (WMD) • Nuclear weapons or improvised nuclear device • Radiological material dispersal device • Chemical weapons • Biological agents • Bombs
Biological Agent Characteristics • Produce delayed effects • Do not penetrate unbroken skin • Do not evaporate • More toxic than chemicals by weight • Undetectable by senses • Difficult to detect in the field
Biological Agent Characteristics (continued) • Most effectively disseminated as aerosols • Range of effects • Obtained from nature • Multiple routes of entry • Destroyed by environment (UV light) • Some are contagious
Enhanced Potential of Agents to Contaminate Drinking Water • Resistance to disinfectants at normal concentrations • Resistance to boiling for 1 to 3 minutes • A low oral infectious dose • Easy availability • Easy to culture without sophisticated equipment • Survival in water for long periods of time • Difficult to remove by common water treatment practices
Tasks for Group 2 • Describe the vulnerability assessment process. • What are the vulnerable components of the Redmond system? • What types of protections could be put into place to fortify the system? • What are the potential costs of these fortifications? • What are the types of personnel needed to have an effective system to address these issues?
Tools for Group 2 • Maps of the city and water system • Description of the water system • Outline of the vulnerability assessment process • Potential vulnerabilities • Security products
Public Law 107-188 • Bioterrorism Preparedness and Response Act of 2002. • Requires all cities with a population of over 3300 to conduct a vulnerability assessment (VA) of their water systems (by end of 2004). • Incorporate results of VA into Emergency Response Plan (ERP). • Obtain EPA certification of ERP.
6 Elements of Vulnerability Assessments • 1. Characterization of the water system, including its mission and objectives • 2. Identification and prioritization of adverse consequences to avoid • 3. Determination of critical assets that might be subject to malevolent acts that could result in undesired consequences
6 Elements of Vulnerability Assessments • 4. Assessment of the likelihood (qualitative probability) of such malevolent acts from adversaries • 5. Evaluation of existing countermeasures • 6. Analysis of current risk and development of a prioritized plan for risk reduction
1. Characterization of the System • What are the important missions (customers) of the system? • General public - Industrial • Government - Critical Care • Military - Retail Operations • Firefighting
Characterization of the System • What are the most important facilities, processes, and assets of the system? • Utility facilities • Operating procedures • Water sources (ground water/surface water) • Management practices • Treatment processes • Storage methods/capacity • Chemical use/storage • Distribution system
2. Identification and Characterization of Adverse Consequences to Avoid • Impacts that could disrupt supply of safe and reliable water or cause public health concerns • Ranges of consequences for impacts: • Magnitude of service disruption • Economic impact • Number of illnesses/deaths • Impact on public confidence • Chronic problems • Other indicators of the impact of each event
3. Determination of Critical Assets that Might be Subject to Malevolent Acts • Could include: • Physical damage or destruction of critical assets • Contamination of water • Intentional release of stored chemicals • Interruption of electricity or other infrastructure interdependencies
4. Assessment of the Likelihood of Malevolent Acts • Moving from what is possible to what is likely • Very difficult task • “Baseline Threat Information for Vulnerability Assessments of Community Water Systems” • Sensitive document prepared by EPA and supplied to community water systems serving more than 3,300 people.
5. Evaluation of Existing Countermeasures • What capabilities does the current system employ for detection, delay, and response? • Detection • Intrusion detection systems • Water quality monitoring • Operational alarms • Guard post orders • Employee security awareness
Evaluation of Existing Countermeasures • Delay • Locks and key control • Fencing • Structure integrity for critical assets • Vehicle access checkpoints • Response • Policies and procedures for evaluation and response to: • Physical intrusion • System malfunction alarms • Adverse water quality indicators • Cyber system intrusions
6. Analysis of Current Risk and Development of a Prioritized Plan for Risk Reduction • Analyze information from steps 1-5 to determine current level of risk • Are current risks acceptable or should risk reduction measures be pursued? • Recommended actions should measurably reduce risks by reducing vulnerabilities and/or consequences through improved deterrence, delay, detection, and/or response
Top 10 Cyber Vulnerabilities • Operator station logged on all the time (with or without operator present) • Physical access to the SCADA equipment relatively easy • Unprotected SCADA network access from DSL or dial-up modems • Insecure wireless access points on the network • Most of the SCADA networks directly or indirectly connected to the Internet
Top 10 Cyber Vulnerabilities • No firewall installed or the firewall configuration is weak or unverified • System event logs not monitored • Intrusion detection systems not used • Operating and SCADA system software patches not routinely applied • Network and/or router configuration insecure: passwords not changed from default
Security Products(epa.gov/safewater/security/guide) • Cyber Protection Products • Firewalls • Anti-virus and pest eradication software • Network intrusion hardware/software
Physical Asset Monitoring and Control Products • Backflow prevention devices • Exterior intrusion buried sensors • Fences • Films for glass-shatter protection • Fire hydrant locks • Ladder access control • Locks • Manhole locks • Security for doorways • Valve lockout devices • Visual surveillance monitoring
Tasks for Group 3 • Describe the system that should be in place to detect an attack (through the health care system) involving chemical, radiological, or biological agents. • Who would need to be communicating with whom? • Who should report a potential problem? • To whom? • What do you think the pre-defined thresholds (excess cases) of symptoms should be? • Should we be testing patients for exposure to potential agents? • What are the infra-structure needs/costs to put such a system in place? • Describe the potential indicators of an attack (syndromes, epi clues) • What are the types of personnel needed to have an effective system to address these issues?
Tools for Group 3 • Lists of: (in Group 1 section) • Potential organisms (in Group 1 section) • Potential toxins • Information on organisms/toxins: (in Group 1 section) • NOEL • Infective dose • Epidemiological indicators/sentinel clues • Syndromic surveys
Identifying an Event • Illness may be the first indication that an event has occurred. • Epidemiological clues (sentinel clues) can be used to identify and confirm a CBR exposure event.
Epidemiological Indicators and Sentinel Clues • Record number of severely ill or dying patients over short period • Very high attack rates (>60%) • Severe and frequent disease in previously health patients • Increased and early presentation of disease in vulnerable populations (elderly, immunocompromised)
Epidemiological Indicators and Sentinel Clues • “Impossible” epidemiology • Naturally occurring diseases diagnosed in regions where the disease has not previously occurred. • >normal number of patients with gastrointestinal, respiratory, neurologic, or fever diagnoses • Record number of fatal cases with few recognizable signs and symptoms • Localized areas of disease in specific areas (neighborhoods) • Multiple infections at single locations (school, hospital, nursing home) with unusual or rare pathogen
Epidemiological Indicators and Sentinel Clues • Lack of response or clinical improvement of patients to traditional treatment • Near simultaneous outbreaks of similar or different epidemics at the same or different locations indicating a pattern of agent release • Endemic disease presenting during an unusual time of the year • Endemic disease presenting in a community where the normal vector is absent
Epidemiological Indicators and Sentinel Clues • Unusual temporal or geographic clustering of cases attending a common public event • Increased patient presentation with acute neurologic illness or cranial nerve impairment with progressing generalized weakness • Unusual or uncommon route of exposure of a disease • Illness resulting from a waterborne agent not normally found in the water environment
Syndromic Surveys • Monitoring of disease through grouping of cases into syndromes rather than specific diagnoses • Certain syndromes may be characteristic of terrorist activity
Types of Syndromic Disease Clustering Potentially Indicating CBR Exposure • Gastrointeritis of an apparent infectious etiology, acute toxic chemical exposure, or possible acute radiation exposure • Upper and lower respiratory disease with fever and sudden death of previously healthy patients • Rash of synchronous skin lesions and fever, reddened skin, radiation burns • Suspected meningitis, encephalitis, encephalopathy
Types of Syndromic Disease Clustering Potentially Indicating CBR Exposure • Sepsis or non-traumatic shock • Unexplained death with a history of fever • Advancing cranial nerve impairment with progressive generalized weakness