Thursday, February 18, 2010

Water Security Breach

There is an interesting article over on (Columbus, OH Dispatch) about a recent security breach at a local water treatment plant. The interesting thing about this breach is that the police can only narrow the time of the breach down to a time period of about 15 DAYS long. The intruders cut through two fences and stole 200 feet of copper wire from an on-site electrical sub-station while avoiding detection by facility security cameras. According to the article, a spokesman from the American Water Works Association downplayed the seriousness of the breach since the drinking water treatment equipment on the 148 acre facility was not involved in the break-in. Hopefully that spokesman is not involved in advising member utilities on security matters. Purpose of Perimeter Security There are three complimentary reasons for having perimeter fences. The most obvious is to keep people out of the facility. All security professionals realize that fences can not stop unauthorized access, just deter it. To paraphrase a common folk saying; fences are designed to keep honest people honest. They will not keep out people determined to enter the facility. With this in mind, we can see that a well constructed perimeter fence serves the second purpose of classifying intruders. Anyone breaching that barrier is a threat to the facility. Without a good perimeter barrier intruders could be anything from a casual passerby to someone with nefarious intent. The third purpose is to provide early warning of intruders. This will allow a security response team, either guard force or police, to interdict and apprehend the intruders before they get into the restricted area at the heart of the facility; in this case the actual water treatment works or drinking water distribution system. In this case while the perimeter barrier performed the first two functions, the third was completely lacking. While it was not apparently the intent of these intruders, someone wishing to do damage to the water supply for 1.1 million people could have conducted an extensive on-site reconnaissance of the facility security and conducted a well rehearsed attack on the water treatment equipment in the 15 day period that the breach had not been detected. Critical Resources One would assume that an electrical substation on the grounds of the water treatment facility would be there, at least in part, to supply power to the water treatment equipment used on site. As such we would have to consider this substation a critical resource for this facility. A successful attack on this substation would shut down the water treatment facility and the supply of drinking water to much of the city of Columbus, OH. Now there was another perimeter fence around this substation, but it was also penetrated without detection. It is not clear if this fence was simply a safety device, installed to keep untrained personnel away from dangerous electrical currents, or if it was an actual security barrier. It obviously performed neither function well. One would like to assume that the security barrier around the actual treatment and distribution equipment would provide more of a warning of penetration. Based on the news report on this incident, I really doubt it. Oh well, it doesn’t matter anyway; no one wants to do harm to this country, there is no terrorist threat, and no one has ever attacked a water treatment facility. Why do we need security anyway……

No comments:

/* Use this with templates/template-twocol.html */