American Water Infrastructure Act of 2018 (AWIA) Compliance

The EPA has released new risk and resilience requirements (not so new for community drinking water organizations that complied with the Bioterrorism Act of 2002). AWIA expands the hazard basis of your vulnerability assessment to include natural hazards and rapidly emerging threats to cyber security. This all hazards approach is an expansion from the previous standard or malevolent human acts only. Your utility must conduct a risk and resilience assessment and submit certification of its completion to the U.S. EPA by the following dates:

  • March 31, 2020 if serving > 100,000 people
  • December 31, 2020 if serving 50,000-99,000 people
  • June 30, 2021 if serving 3,301 to 49,999 people

BPS has the knowledge and experience to help you comply with these new requirements as we have for many other community water establishments.

Contact BPS Today

We have written hundreds of security plans for critical infrastucture including Community Water and Wastewater. Check out this article about water system security by BPS founder Frank Pisciotta, CSC.

Ask The Security Expert

  • Do you have questions about keeping your employees safe in the workplace?
  • Wondering if your security measures are adequate for your facility?
  • Or perhaps you need help with industry regulatory issues and don’t know where to start?

BPS President and Certified Security Consultant Frank Pisciotta is ready to point you in the right direction.  With over 3 decades of experience in security consulting, Frank has helped thousands of corporations, manufacturers, governments and healthcare facility managers keep their people and products safe.

Frank will personally respond to your questions within 24 hours.  Ask The Expert and start Eliminating Crime Before It Happens.

Ask The Expert

Vulnerability Assessment

Vulnerability Assessment

BPS has conducted security vulnerability and risk assessments for community drinking water organizations from coast to coast large, medium and small.

New Requirements For Drinking Water Utilities - Business Protection Specialists

A Sampling of Community Drinking Water Clients

  • City of Newport News Waterworks, VA
  • City of San Diego Public Utilities Department, CA (water and wastewater)
  • Erie Water Works, PA
  • City of Rochester, NY
  • Placer County Water, CA
  • City of Rialto, CA
  • City of Thousand Oaks, CA
  • Wayne County Water, NY
  • Livingston County Water, NY
  • Cornell University, NY

Emergency Plan

Emergency Response Plan

No later than six months after certifying completion of its risk and resilience assessment, each system must prepare or revise, where necessary, an emergency response plan that incorporates the findings of the assessment.  The plan shall include:

  • Strategies and resources to improve the resilience of the system, including the physical security and cybersecurity of the system
  • Plans and procedures that can be implemented, and identification of equipment that can be utilized, in the event of a malevolent act or natural hazard that threatens the ability of the community water system to deliver safe drinking water
  • Actions, procedures and equipment which can obviate or significantly lessen the impact of a malevolent act or natural hazard on the public health and the safety and supply of drinking water provided to communities and individuals, including the development of alternative source water options, relocation of water intakes and construction of flood protection barriers
  • Strategies that can be used to aid in the detection of malevolent acts or natural hazards that threaten the security or resilience of the system

BPS Delivers The Following Benefits To Our Clients:

  • Ensures plans are properly formatted for easy use in an emergency
  • Ensure that ERP’s are aligned with the appropriate hazards
  • Ensure the criminal and terrorist emergency action plans are consistent with industry best practice
  • Assist in implementing appropriate processes to maintain readiness for applicable emergencies

Let BPS help to ensure your Emergency Response Plan has provisions for an all hazards approach, appropriate scope for hazards and to ensure that your plan includes best practice responses. Contact Us Today.

Cyber

Cyber Risks

Cyber Risks are increasing significantly. BPS delivers a strong team of IT security professionals with such credentials as ISACA Certified Information Systems Auditor. CISSP and CSX Cybersecurity Fundamentals certification issued by ISACA. AWIA requires financial systems such as billing systems to be assessed for cyber security threats and resiliency. BPS will utilize assessment methodologies such as ISA/IEC 62443 for cyber threat and risk identification. We have also compiled a list of resources for your convenience (click on the resources tab for more information).

Community Water Tanks Housed Inside - Business Protection Specialists

Resources

Cyber Resources

This site provides an overview of the new AWIA regulation.  https://www.epa.gov/waterresilience

Homeland Security, Water and Wastewater Sector Plan – The Water and Wastewater Systems Sector-Specific Plan details how the National Infrastructure Protection Plan risk management framework is implemented within the context of the unique characteristics and risk landscape of the sector.  https://www.dhs.gov/cisa/water-and-wastewater-systems-sector

Introduction to Recommended Practices. This site provides a current information resource to help industry understand and prepare for ongoing and emerging control systems cyber security issues, vulnerabilities, and mitigation strategies. CISA (ICS) works with control systems subject matter experts to ensure that the recommended practices available here have been vetted before being published in support of this program.  https://ics-cert.us-cert.gov/Introduction-Recommended-Practices

AWWA Resources on Cybersecurity.  http://www.awwa.org/cybersecurity

A core component of the Cybersecurity and Infrastructure Security Agency (CISA) risk management mission is conducting security assessments in partnership with ICS stakeholders, including critical infrastructure owners and operators, ICS vendors, integrators, Sector-Specific Agencies, other Federal departments and agencies, SLTT governments, and international partners.  https://ics-cert.us-cert.gov/Assessments

The security experience that BPS has developed over the years has been very evident during our meetings and work sessions and we feel that this has provided an invaluable perspective in the unbiased assessment of our vulnerabilities. It is clear that the Geneva Office of The New York State Health Department is also very pleased with the draft summaries of work completed to date. The health department has even gone so far as to suggest that our VA and ERP may in fact become the prototype for similar documents that must be prepared by other small to mid-sized water systems in our area.

Martin A. Walworth, NY
Back To Top