The EPA has released new risk and resilience requirements (not so new for community drinking water organizations that complied with the Bioterrorism Act of 2002). AWIA expands the hazard basis of your vulnerability assessment to include natural hazards and rapidly emerging threats to cyber security. This all hazards approach is an expansion from the previous standard or malevolent human acts only. Your utility must conduct a risk and resilience assessment and submit certification of its completion to the U.S. EPA by the following dates:
- March 31, 2020 if serving > 100,000 people
- December 31, 2020 if serving 50,000-99,000 people
- June 30, 2021 if serving 3,301 to 49,999 people
BPS has the knowledge and experience to help you comply with these new requirements as we have for many other community water establishments.
Ask The Security Expert
BPS President and Certified Security Consultant Frank Pisciotta is ready to point you in the right direction. With over 3 decades of experience in security consulting, Frank has helped thousands of corporations, manufacturers, governments and healthcare facility managers keep their people and products safe.
Frank will personally respond to your questions within 24 hours. Ask The Expert and start Eliminating Crime Before It Happens.
BPS has conducted security vulnerability and risk assessments for community drinking water organizations from coast to coast large, medium and small.
A Sampling of Community Drinking Water Clients
- City of Newport News Waterworks, VA
- City of San Diego Public Utilities Department, CA (water and wastewater)
- Erie Water Works, PA
- City of Rochester, NY
- Placer County Water, CA
- City of Rialto, CA
- City of Thousand Oaks, CA
- Wayne County Water, NY
- Livingston County Water, NY
- Cornell University, NY
Emergency Response Plan
No later than six months after certifying completion of its risk and resilience assessment, each system must prepare or revise, where necessary, an emergency response plan that incorporates the findings of the assessment. The plan shall include:
BPS Delivers The Following Benefits To Our Clients:
Let BPS help to ensure your Emergency Response Plan has provisions for an all hazards approach, appropriate scope for hazards and to ensure that your plan includes best practice responses. Contact Us Today.
Cyber Risks are increasing significantly. BPS delivers a strong team of IT security professionals with such credentials as ISACA Certified Information Systems Auditor. CISSP and CSX Cybersecurity Fundamentals certification issued by ISACA. AWIA requires financial systems such as billing systems to be assessed for cyber security threats and resiliency. BPS will utilize assessment methodologies such as ISA/IEC 62443 for cyber threat and risk identification. We have also compiled a list of resources for your convenience (click on the resources tab for more information).
This site provides an overview of the new AWIA regulation. https://www.epa.gov/waterresilience
Homeland Security, Water and Wastewater Sector Plan – The Water and Wastewater Systems Sector-Specific Plan details how the National Infrastructure Protection Plan risk management framework is implemented within the context of the unique characteristics and risk landscape of the sector. https://www.dhs.gov/cisa/water-and-wastewater-systems-sector
Introduction to Recommended Practices. This site provides a current information resource to help industry understand and prepare for ongoing and emerging control systems cyber security issues, vulnerabilities, and mitigation strategies. CISA (ICS) works with control systems subject matter experts to ensure that the recommended practices available here have been vetted before being published in support of this program. https://ics-cert.us-cert.gov/Introduction-Recommended-Practices
AWWA Resources on Cybersecurity. http://www.awwa.org/cybersecurity
A core component of the Cybersecurity and Infrastructure Security Agency (CISA) risk management mission is conducting security assessments in partnership with ICS stakeholders, including critical infrastructure owners and operators, ICS vendors, integrators, Sector-Specific Agencies, other Federal departments and agencies, SLTT governments, and international partners. https://ics-cert.us-cert.gov/Assessments
The security experience that BPS has developed over the years has been very evident during our meetings and work sessions and we feel that this has provided an invaluable perspective in the unbiased assessment of our vulnerabilities. It is clear that the Geneva Office of The New York State Health Department is also very pleased with the draft summaries of work completed to date. The health department has even gone so far as to suggest that our VA and ERP may in fact become the prototype for similar documents that must be prepared by other small to mid-sized water systems in our area.