Securing Wastewater Facilities:
Utilities Have Made Important Upgrades but Further Improvements to Key System Components May Be Limited by Costs and Other Constraints
GAO-06-390: Published: Mar 31, 2006. Publicly Released: May 1, 2006.
Wastewater facilities provide essential services to residential, commercial, and industrial users, yet they may possess certain characteristics that terrorists could exploit to impair the wastewater treatment process or to damage surrounding infrastructure. For example, large underground collector sewers could be accessed by terrorists for purposes of placing destructive devices beneath buildings or city streets. GAO was asked to determine (1) what federal statutory authorities and directives govern the protection of wastewater treatment facilities from terrorist attack, (2) what steps critical wastewater facilities have taken since the terrorist attacks of September 11, 2001, (9/11) to ensure that potential vulnerabilities are addressed, and (3) what steps the Environmental Protection Agency (EPA) and the Department of Homeland Security (DHS) have taken to help these facilities in their efforts to address such vulnerabilities.
Federal law does not address wastewater security as comprehensively as it does drinking water security. For example, the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 required drinking water facilities serving populations greater than 3,300 to complete vulnerability assessments, but no such requirement exists for wastewater facilities. While federal law governing wastewater security is limited, Homeland Security Presidential Directive 7 designated EPA as the lead agency to oversee the security of the water sector, including both drinking water and wastewater. The directive tasked EPA with several responsibilities, including the development of mechanisms for information sharing and analysis within the water sector. Our survey of over 200 of the nation's large wastewater facilities shows that many have made security improvements since 9/11. Most facilities indicated they have completed, have under way, or plan to complete some type of security assessment. Similarly, more than half of responding facilities indicated they did not use potentially dangerous gaseous chlorine as a wastewater disinfectant. Survey responses show that other security measures taken after 9/11 have generally focused on controlling access to the treatment plant through improvements in visual surveillance, security lighting, and employee and visitor identification. Little effort, however, has been made to address collection system vulnerabilities, as many facilities cited the technical complexity and expense involved in securing collection systems that cover large areas and have many access points. Others reported that taking other measures, such as converting from gaseous chlorine, took priority over collection system protections. While EPA and DHS have initiatives to address wastewater facility security, efforts to provide critical and threat-related information would benefit from closer coordination. EPA and DHS fund multiple information services designed to communicate information to the water sector--specifically, EPA funds the Water Information Sharing and Analysis Center (WaterISAC) and its Water Security Channel, while DHS funds the Homeland Security Information Network (HSIN). EPA, DHS, and other industry experts are concerned that these multiple information services may overlap and produce inefficiencies. For example, a substantial part of the $2 million annual grant EPA uses to fund the WaterISAC is dedicated to purchasing computer services likely available through DHS and HSIN at no cost. A Water Sector Coordinating Council was established by the water sector to help determine the appropriate relationship among these information services. A preliminary review is under way to examine options for improving coordination between the WaterISAC, the Water Security Channel, and HSIN; however, the scope and time frame for completion of this review is unclear.
- Review Pending
- Closed - implemented
- Closed - not implemented
Recommendation for Executive Action
Recommendation: The Administrator of EPA should work with DHS and the Water Sector Coordinating Council to identify areas where the WaterISAC and HSIN networks could be better coordinated, focusing in particular on (1) how operational duplications and overlap could be addressed, and (2) how water systems' access to timely security threat information could be improved. EPA should also work with DHS and the Water Sector Coordinating Council to identify realistic time frames for the completion of these tasks.
Agency Affected: Environmental Protection Agency
Status: Closed - Implemented
Comments: At EPA's direction, the Association of Metropolitan Water Agencies, which operates the Water Information Sharing and Analysis Center (WaterISAC) with a grant from EPA, completed an evaluation and recommended that WaterISAC adopt components of the Homeland Security Information Network (HSIN) and incorporate them into WaterISAC. The incorporation of these components has included the expansion of the WaterISAC to other critical interdependent sectors and, within the WaterISAC, establishment of a link from WaterISAC to HSIN and maintenance of highly sensitive and analyst-originated information. According to EPA, these actions have improved access to timely and authoritative security threat information.