Provide PDF Format
AWWA ACE58222
- Security Vulnerability Assessments - What Happens Once You've Identified the Critical Assets?
- Conference Proceeding by American Water Works Association, 06/15/2003
- Publisher: AWWA
$12.00$24.00
This paper discusses how water and wastewater systemowners go about conducting a security vulnerability assessment (SVA). Most proactiveowners are using the Sandia National Laboratory's Risk Assessment Methodology for Water(RAM-W) to identify and protect critical infrastructure assets. The RAM-W helps an ownerestablish a foundation for risk management and security enhancement. The RAM-W includesa strategy for planning and prioritizing the protection of critical infrastructure assets. Itprovides a framework for making decisions about which are the most critical using a pair-wise comparison. Next, a design basis threat is created to identify and plan for potentialthreats to the utility. A detailed and well organized inventory of the critical assets associatedwith each facility is then generated using a fault tree analysis process. The critical assets areselected using qualitative analysis of potential impacts on an owner's ability to deliver theservices required due to asset destruction or impairment.This paper is designed to familiarize the reader with the best practices and "lessonslearned" that are available about what happens after the critical assets have been identified. Thiswould include security and operational improvements that may be or have beenimplemented, as well as physical protection system improvements. The lessons learned andbest practices produced for this paper are based on several SVA's conducted throughout thecountry using the RAM-W.