Flood Safety Awareness Week

The National Weather Service has designated March 15-21, 2015 as Flood Safety Awareness Week.  More than half the states are planning events that recognize the need for flood safety outreach initiatives.  This website http://www.nws.noaa.gov/floodsafety/index.shtml connects you to links for individual state flood response activities, including a clickable, interactive map, and other helpful resources on educational materials and available resources for flood awareness, prevention, and response.

EPA’s Water Security Division has developed a Guide and supporting training documents related to flood planning and mitigation and is hosting a series of webinars, each targeted toward a specific audience – state primacy agencies, water and wastewater utilities, assistance providers, and others.  ASDWA is working with WSD to present the state-focused web training event at the end of March.  More information will be sent to states as soon as the details are finalized.

Help Small Communities Understand What They Face Without Water Service

Sometimes, it pays to go back and look at what’s already been done – often, it still has relevance!

Several years ago, ASDWA’s Security Committee worked with EPA Region 5 to create a simple discussion guide for smaller communities to use when considering what to do if their water service is disrupted.  The Guide explains how to have such a discussion:  who to invite, what types of questions to ask, what types of impacts a lack of service can cause, whether formal presentations or just shirtsleeves discussions are right for a particular group, and whether this discussion could be the first in an ongoing dialog between the water system and its key customers.

The Water Emergency Roundtable – Outline for Discussion is a low cost approach and allows anyone – the water system, an assistance provider, the state primacy agency – to help facilitate the Roundtable Discussion.  Such a discussion could go a long way toward helping smaller communities better engage with their own emergency and utility service providers to create an effective and efficient foundation for community resiliency.

For more information, click the link above or go to the Security tab on the ASDWA website at www.asdwa.org.


Small City Takes On Big Cyber Challenge

The City of Fort Morgan is the county seat for Morgan County, Colorado.  It has a population of nearly 11,500, a median household income of $33,128, and about 13% of the population earns below the poverty line.  Denver is about 80 miles away.  The area is known primarily for its agricultural enterprises.  And yet, this relatively small community has stepped up and taken the cyber challenge to become more protective of its citizens, its infrastructure, and its resources.

DHS’s Cyber News Spotlight reports that Fort Morgan is planning to install a new security system to protect infrastructure control systems from cyber attacks. Referencing a January 23rd Morgan Times news report, “The article explains how attacks on automated control systems at water treatment and power facilities could threaten public health and cripple local economies. These upgrades represent the growing awareness of cities about how malicious actors have targeted and will likely continue to target utilities and unprotected supervisory control and data acquisition (SCADA) systems.”

Read more about this proactive, forward looking community’s cyber initiatives at: http://www.fortmorgantimes.com/fort-morgan-local-news/ci_27383214/city-looking-be-ahead-game-cyber-threats


Over the past few years, ASDWA’s Security Committee has been engaged in developing tools that provide low or no cost ways for state drinking water programs and their water community partners to support water utilities (and their own programs) in the collective and ongoing effort to better prepared and more resilient in the face of water emergencies of all sorts.

One tool is appropriate for states, member organizations, assistance providers and utilities – especially smaller systems.  The tool, Water Emergency Roundtable – Outline for Discussion, creates a step-by-step process for a one-day shirt-sleeves discussion on what a community can or should do in the event of an emergency that either severely diminishes the available water supply or shuts the supply off completely.  The Outline Guide offers tips, scripts, and templates on how to organize such a discussion, who to invite, what materials may be needed, topics that may be discussed, and what sort of follow up would be helpful to the community after the discussion takes place.

This is a low cost approach, which would be helpful in enhancing collaborative partnerships among state drinking water programs, water utility organizations, and the communities that they both support.  It would also go a long way toward helping those communities better engage with their own emergency and utility service providers to create an effective and efficient foundation for community resiliency.

Most recently, the Committee has partnered with EPA’s Water Security Division to host webinars in 2014 to showcase how states are collaborating with their WARN programs; how state labs can design a Continuity of Operations (COOP) plan; and demonstrate how state drinking water programs are partnering with their emergency management counterparts.  Information on all of these webinars can be found on ASDWA’s website www.asdwa.org under the Security tab.

The Committee has also developed targeted tools for state drinking water programs to use to enhance their own preparedness, responsiveness, and resilience in times of crisis.

BRIDGING THE GAP:  Coordination Between State Primacy Agencies and State Emergency Management Agencies focuses on collaborative opportunities between state primacy and emergency management agencies when an incident requires state involvement.  The document highlights the need to consider water as part of an effective emergency response; the value that state primacy agencies can provide both before and during an emergency; and a quick checklist of topics that should be discussed when a primacy agency meets with their emergency management counterparts.

STATE DRINKING WATER PROGRAM All Hazards Preparedness, Mitigation, Response and Recovery Checklist provides state drinking water programs with a checklist of actions that should be considered before, during, and after an emergency.  The document offers recommended actions that every state drinking water program should be able to undertake and implement to support and sustain public health protection.

Please take a few moments to look at these tools.  Think about whether you can make changes within your own program to improve your resilience.  Maybe one or more of these can help.

Water Security Division Posts New Products

Our colleagues at EPA’s Water Security Division have been busy of late!  They have just posted two new products and links for ICS training that may be of interest to you.  Click the bulleted description (not the title) to view the materials in more detail.

Water Security: Incident Action Checklists

There are 10 checklists appropriate for:  drought, earthquake, extreme cold & winter storms, extreme heat, flooding, hurricane, tornado, tsunami, volcanic activity, and fire.

Water Security Initiative: Public Health Surveillance (PHS) Assessment document

This document helps water utility personnel walk through an interview with public health personnel responsible for monitoring available public health data such as epidemiologists at the local, city or county health department and toxicologists at the Poison Control Center (PCC) for the utility’s service area.

Water Security: Incident Command System (ICS) Training

EPA offers first time and refresher training for four courses:  Introduction to ICS; Single Resources and Initial Action Incidents; National Incident Management System; and National Response Framework.  These are self-paced video reviews of presentations made during earlier trainings.

Want to Know More About Cyber Security?  Sign Up for a C³ Webinar

As part of Executive Order (EO) 13636, the Department of Homeland Security (DHS) launched the Critical Infrastructure Cyber Community or C³ (pronounced “C Cubed”) Voluntary Program to assist the enhancement of critical infrastructure cybersecurity and to encourage the adoption of the National Institute of Standards and Technology’s (NIST) Cybersecurity Framework (the Framework), released in February 2014. The C³ Voluntary Program was created to help improve the resiliency of critical infrastructure’s cybersecurity systems by supporting and promoting the use of the Framework.

The C3 Voluntary Program is hosting the second installment of its Webinar Series in 2015. The primary goal of the Webinar Series is to encourage those unfamiliar with the program to better understand and interact with our centralized repository of cyber risk management practices, tools, and procedures. The upcoming webinar will discuss resources for small and mid-sized businesses with respect to cybersecurity.

Date:    February 18, 2015

Time:   1:00pm-2:00pm ET

Register/RSVP:  Email your name & affiliation to CCubedVP@hq.dhs.gov by February 16.

At the Time of the Webinar:

Dial:      888-390-0971/PIN: 8100240

HSIN Link: https://share.dhs.gov/ccubedvp-webinar2/

More information on the C3 Voluntary Program can be found at: https://www.us-cert.gov/ccubedvp.

10 Basic Cybersecurity Measures That Use Common Sense

Our colleagues at the WaterISAC, along with several other ISACs and DHS ICS-CERT have developed a “top ten” list of basic cybersecurity recommendations that all water and wastewater utilities can use to minimize their vulnerability to cyber breaches and defend against cyber attacks.  These low or no cost common sense recommendations should work for any system size or type.

Each recommendation is accompanied by links to corresponding technical resources.

  1. Update systems and software
  2. Use only strong passwords and change default passwords
  3. Apply firewalls to implement network segmentation
  4. Minimize network exposure for all control system devices
  5. Establish role-based access controls
  6. Use secure remote access methods
  7. Do not open suspicious email or respond to suspicious phone calls
  8. Limit use of removable storage devices
  9. Develop and enforce policies on mobile devices
  10. Develop a cybersecurity incident response plan

Hiring Our Heroes

If you know of water utilities looking for operators, managers, security coordinators, or other staff positions, here’s another possible resource.

The US Chamber of Commerce Foundation has created the “Hiring Our Heroes.” project.  According to their website, “Hiring Our Heroes…launched in March 2011 as a nationwide initiative to help veterans, transitioning service members, and military spouses find meaningful employment opportunities. Working with the U.S. Chamber of Commerce’s vast network of state and local chambers and strategic partners from the public, private, and non-profit sectors, our goal is to create a movement across America in hundreds of communities where veterans and military families return every day.”

The Hiring Our Heroes webpage http://www.uschamberfoundation.org/events/hiringfairs contains information not only about in person job fairs but also offers opportunities for virtual fairs.  Water systems individually, or through their member organizations such as NRWA or AWWA or WEF, can reserve a booth (usually at no or minimal charge) and conduct interviews on the spot.  Right now, there are more than 25 job fair locations posted on the hiring fairs site.  In an interesting new twist, the Foundation also hosts fairs that include job opportunities for military spouses – an often overlooked resource!

Take a look at the web pages devoted to Hiring Our Heroes.  Please share this information with others in the water community who may be in need of well trained professionals.

EPA’s Inspector General Releases “Quick Reaction Report” on Ebola Information

On January 21, EPA’s Office of the Inspector General (OIG) released a “Quick Reaction Report” on the information provided by EPA related to combating the Ebola virus.  More specifically, the Report addresses the completeness and consistency of information provided on the EPA website regarding disinfectants for use against the Ebola virus.

In short, the OIG offered two recommendations that have been accepted and acted upon by EPA’s Assistant Administrator for Chemical Safety and Pollution Prevention.  The recommendations are to:

  1. Modify the EPA’s List L Web page information to indicate the status of the EPA’s ATP testing on all products listed, and
  2. Ensure that all List L products are included on the ATP list, and product testing status is clearly reported.

To read the complete report, please click this link: Quick Reaction Report: Complete and Clear Information on the Effectiveness of Ebola Disinfectants Will Better Inform the Public

Two New Climate Tools

Earlier today, Security Notes reported on a new interactive storm surge map from EPA’s Climate Ready Water Utilities initiative.  There are two additional climate- related tools that you may also be interested in exploring:

Scenario-Based Projected Changes Map:  This online map provides easy access to localized scenarios of projected changes in annual total precipitation, precipitation intensity, annual average temperature, 100-year storm events, and sea-level rise from EPA’s Climate Resilience Evaluation and Awareness Tool.  To explore local climate change projection data across the United States, simply zoom in on your location of interest or type a location into the search field of the map.  Climate change projection data within this map is provided by grid cell, illustrated as a square grid with 1/2-degree resolution, approximately 32 X 32 miles, for the United States.  Explore the map on EPA’s website.

EPA Water Utility Climate Resilience Support Project:  EPA is initiating a nationwide effort to promote an understanding of climate risk and adaptation options within the water sector.  By working with a diverse set of individual utilities in a collaborative process, EPA will assist 20 water and wastewater utilities in conducting comprehensive climate related risk assessments using our Climate Resilience Evaluation and Awareness Tool (CREAT). The assessments will identify utility-level adaptation strategies for implementation to bolster climate readiness and resilience.  A list of confirmed participating utilities can be found on EPA’s website.