Publications
Risk Assessment Methodology for Water utilities (RAM-W) : the foundation for emergency response planning
Concerns about acts of terrorism against critical infrastructures have been on the rise for several years. Critical infrastructures are those physical structures and information systems (including cyber) essential to the minimum operations of the economy and government. The President's Commission on Critical Infrastructure Protection (PCCIP) probed the security of the nation's critical infrastructures. The PCCIP determined the water infrastructure is highly vulnerable to a range of potential attacks. In October 1997, the PCCIP proposed a public/private partnership between the federal government and private industry to improve the protection of the nation's critical infrastructures. In early 2000, the EPA partnered with the Awwa Research Foundation (AwwaRF) and Sandia National Laboratories to create the Risk Assessment Methodology for Water Utilities (RAM-W{trademark}). Soon thereafter, they initiated an effort to create a template and minimum requirements for water utility Emergency Response Plans (ERP). All public water utilities in the US serving populations greater than 3,300 are required to undertaken both a vulnerability assessment and the development of an emergency response plan. This paper explains the initial steps of RAM-W{trademark} and then demonstrates how the security risk assessment is fundamental to the ERP. During the development of RAM-W{trademark}, Sandia performed several security risk assessments at large metropolitan water utilities. As part of the scope of that effort, ERPs at each utility were reviewed to determine how well they addressed significant vulnerabilities uncovered during the risk assessment. The ERP will contain responses to other events as well (e.g. natural disasters) but should address all major findings in the security risk assessment.