Securing Wastewater Facilities:

Utilities Have Made Important Upgrades but Further Improvements to Key System Components May Be Limited by Costs and Other Constraints

GAO-06-390: Published: Mar 31, 2006. Publicly Released: May 1, 2006.

Additional Materials:

Contact:

John B. Stephenson
(202) 512-6225
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

Wastewater facilities provide essential services to residential, commercial, and industrial users, yet they may possess certain characteristics that terrorists could exploit to impair the wastewater treatment process or to damage surrounding infrastructure. For example, large underground collector sewers could be accessed by terrorists for purposes of placing destructive devices beneath buildings or city streets. GAO was asked to determine (1) what federal statutory authorities and directives govern the protection of wastewater treatment facilities from terrorist attack, (2) what steps critical wastewater facilities have taken since the terrorist attacks of September 11, 2001, (9/11) to ensure that potential vulnerabilities are addressed, and (3) what steps the Environmental Protection Agency (EPA) and the Department of Homeland Security (DHS) have taken to help these facilities in their efforts to address such vulnerabilities.

Federal law does not address wastewater security as comprehensively as it does drinking water security. For example, the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 required drinking water facilities serving populations greater than 3,300 to complete vulnerability assessments, but no such requirement exists for wastewater facilities. While federal law governing wastewater security is limited, Homeland Security Presidential Directive 7 designated EPA as the lead agency to oversee the security of the water sector, including both drinking water and wastewater. The directive tasked EPA with several responsibilities, including the development of mechanisms for information sharing and analysis within the water sector. Our survey of over 200 of the nation's large wastewater facilities shows that many have made security improvements since 9/11. Most facilities indicated they have completed, have under way, or plan to complete some type of security assessment. Similarly, more than half of responding facilities indicated they did not use potentially dangerous gaseous chlorine as a wastewater disinfectant. Survey responses show that other security measures taken after 9/11 have generally focused on controlling access to the treatment plant through improvements in visual surveillance, security lighting, and employee and visitor identification. Little effort, however, has been made to address collection system vulnerabilities, as many facilities cited the technical complexity and expense involved in securing collection systems that cover large areas and have many access points. Others reported that taking other measures, such as converting from gaseous chlorine, took priority over collection system protections. While EPA and DHS have initiatives to address wastewater facility security, efforts to provide critical and threat-related information would benefit from closer coordination. EPA and DHS fund multiple information services designed to communicate information to the water sector--specifically, EPA funds the Water Information Sharing and Analysis Center (WaterISAC) and its Water Security Channel, while DHS funds the Homeland Security Information Network (HSIN). EPA, DHS, and other industry experts are concerned that these multiple information services may overlap and produce inefficiencies. For example, a substantial part of the $2 million annual grant EPA uses to fund the WaterISAC is dedicated to purchasing computer services likely available through DHS and HSIN at no cost. A Water Sector Coordinating Council was established by the water sector to help determine the appropriate relationship among these information services. A preliminary review is under way to examine options for improving coordination between the WaterISAC, the Water Security Channel, and HSIN; however, the scope and time frame for completion of this review is unclear.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendation for Executive Action

    Recommendation: The Administrator of EPA should work with DHS and the Water Sector Coordinating Council to identify areas where the WaterISAC and HSIN networks could be better coordinated, focusing in particular on (1) how operational duplications and overlap could be addressed, and (2) how water systems' access to timely security threat information could be improved. EPA should also work with DHS and the Water Sector Coordinating Council to identify realistic time frames for the completion of these tasks.

    Agency Affected: Environmental Protection Agency

    Status: Closed - Implemented

    Comments: At EPA's direction, the Association of Metropolitan Water Agencies, which operates the Water Information Sharing and Analysis Center (WaterISAC) with a grant from EPA, completed an evaluation and recommended that WaterISAC adopt components of the Homeland Security Information Network (HSIN) and incorporate them into WaterISAC. The incorporation of these components has included the expansion of the WaterISAC to other critical interdependent sectors and, within the WaterISAC, establishment of a link from WaterISAC to HSIN and maintenance of highly sensitive and analyst-originated information. According to EPA, these actions have improved access to timely and authoritative security threat information.

    Jul 29, 2014

    Jul 24, 2014

    Jul 16, 2014

    Jun 27, 2014

    Jun 24, 2014

    Jun 23, 2014

    Jun 18, 2014

    Looking for more? Browse all our products here