Enhancing Water-Distribution System Security through Modeling

Since the early days of King Hezekiah (late 8th century to early 7th century BCE), who constructed a $533\mathrm{m}$ underground tunnel to channel the Gihon Spring outside Jerusalem into the city as part of his war against Sennacherib, water resources systems have been the subject of threats and conflicts throughout history, with diverse intensities (Gleick 1998).

Following the events of September 11, 2001, in the United States, the world’s public awareness about possible terrorist attacks on water-supply systems has increased dramatically, causing the security of drinking-water distribution systems to become a major concern around the globe.

A drinking-water distribution system typically consists of tanks, pipes, and pumps that deliver treated water from treatment plants to consumers. Even a moderate system may contain hundreds of kilometers of pipes and numerous delivery points, making such a system inherently vulnerable.

The threats to a water-distribution system can be partitioned into three major groups according to the methods neccessary for enhancing their security: (1) a direct attack on the main infrastructure: dams, treatment plants, storage reservoirs, pipelines, etc.; (2) a cyber attack disabling the functionality of the water utility supervisory control and data acquisition (SCADA) system, taking over control of key components that might result in water outages or insufficiently treated water, or changing or overriding protocol codes, etc.; and (3) a deliberate chemical or biological contaminant injection at one of the system’s nodes.

The threat of a direct attack on major water-supply-system infrastructure is addressed by improving the system’s physical security (for example, with additional alarms, locks, fencing, surveillance cameras, or guards), which can be assessed by comparing the resulting degree of risk reduction to cost. The American Water Works Association (AWWA) provided comprehensive physical security guidance (AWWA 2004) aimed at helping water utilities tailor a physical security policy to their specific needs.

The threat of a cyber attack can be minimized by employing several basic activities, such as establishing an optical isolator between communication networks, allowing for one-way data traffic only, using a router to restrict data transfer to a small number of destinations as regulated by an access control list (ACL); using firewalls; installing antivirus software on all servers and workstations and configuring for daily virus pattern updates; restricting access to the SCADA control room; and so on (AWWA 2004).

A deliberate chemical or biological contaminant injection is the most difficult threat to address, both because of uncertaintyabout the type of injected contaminant and its consequences and uncertainty about the location and injection time. In principle, a pollutant can be injected at any water-distribution-system connection (node) by using a pump or a mobile pressurized tank. Although backflow preventers can provide an obstacle to such actions, they do not exist at all connections and might not be functional at some connections.

An online contaminant monitoring system (OCMS) should be considered as the major tool to reduce the likelihood of deliberate contaminant intrusion (ASCE 2004). An OCMS should be designed to detect random contamination events and to provide information on the location of the contaminants within the system, including an estimation of the injection characteristics (i.e., contaminant type, injection time and duration, concentration, and injected mass flow rate). After the type of the contaminant and its characteristics have been determined, a containment strategy can be implemented to minimize the pollutant’s spread throughout the system and to suggest the portions of the system that need to be flushed.

However, although an OCMS is recognized as the appropriate solution to a deliberate contaminant intrusion, much of the basic scientific and engineering knowledge needed to construct an effective OCMS is only partially available: (1) the monitoring sensors and instrumentation tools required to accomplish the detection task are still missing (e.g, only surrogate measures such as residual chlorine, pH, turbidity, and conductivity can be effectively monitored), (2) full knowledge of the effects of the injected contaminants on public health are unknown; and (3) models for the sensors’ locations, although published in the research literature, have not yet been practically implemented.

The ASCE (2004) and AWWA (2004) reports have provided comprehensive best-practice guidelines for coping with the threats of a direct attack, a cyber attack, and a deliberate contamination intrusion and highlight major difficulties associated with addressing those problems.

This special issue, which includes 10 technical papers and 3 technical notes on drinking-water distribution systems security, presents a state-of-the art ensemble of models addressing solutions to some problems highlighted in the ASCE (2004) and AWWA (2004) reports, with the objective of enhancing drinking-water distribution systems security through modeling and thereby reducing the gap between best-practice guidelines to quantitative analysis. The following topics are covered: reduction of physical threats (Skolicki et al.), sensor location design (Berry et al.; Propato; Grayman et al.), sensor detection limits (McKenna et al.), sampling (Janke et al.), contamination event characterization (Dawsey et al.), contamination source identification (Laird et al.; Guan et al.; Preis and Ostfeld) contaminant isolation (Baranowski and LeBoeuf), response to contamination events (Khanal et al.), and contamination health impacts (Murray et al.).

I thank all the contributing authors and especially all the reviewers, whose valuable comments have substantially improved the quality of this special issue. Finally, I would like to acknowledge the support of Daene McKinney, the Journal editor, and the remarkable assistance and professional help of Jackie Perry, Managing Editor of ASCE Journals.