Thursday, March 30, 2017

HR 1579 Introduced – Drinking Water Security

Earlier this month Rep. Peters (D,CA) introduced HR 1579, the Secure and Resilient Water Systems Act. This bill would completely re-write the current drinking water security requirements of 42 USC 300i-2. It expands the current counter terrorism requirements to include protecting against climate change and source water degradation to enhance system security and resiliency.

Vulnerability Assessment

The new paragraph (a) would require community water systems to prepare new vulnerability assessments and submit them to the EPA within 24 months of enactment of the bill. The bill would require those assessments to identify threats to {§300i-2(a)(2)}:

• Source water from industrial activity, pipelines and storage tanks, contaminated sites, agricultural activity, and oil and gas exploration;
• Source water and distribution system from climate change, extreme weather, drought, and temperature changes; and
• Source water and distribution system from intentional acts, including intentional contamination, sabotage, and theft of any chemical of interest (as designated under Appendix A to 6 CFR 27).

The assessment would also be required to include “a comparison of the disinfection methods used by the community water system and reasonably available alternative disinfection methods, including a determination of whether reasonably available alternative disinfection methods could reduce the community water system’s vulnerability to the threats identified” {§300i-2(a)(2)}.

Protection Plans

Each community water system would be required to submit to the EPA a source water and distribution system protection plan. The submitted plan would {§300i-2(b)}:

• Identify strategies and resources to mitigate the threats identified in assessments prepared; and
Include specific emergency response plans for the threats identified in assessments.


The bill would establish the Drinking Water Infrastructure Resiliency and Sustainability Program to provide grants “for the purpose of increasing the resiliency or adaptability of the community water systems to threats identified” {§300i-2(c)(1)}. The grants could be used to {§300i-2(c)(3)(B)}:

• Promoting more efficient water use, water conservation, water reuse, or water recycling;
• Using decentralized, low-impact development technologies and nonstructural approaches, including practices that use, enhance, or mimic the natural hydrological cycle or protect natural flows;
• Reducing stormwater runoff or flooding by protecting or enhancing natural ecosystem functions.
• Modifying, upgrading, enhancing, or replacing existing community water system infrastructure in response to changing hydrologic conditions;
• Improving water quality or quantity for agricultural and municipal uses, including through salinity reduction; or
• Providing multiple benefits, including to water supply enhancement or demand reduction, water quality protection or improvement, increased flood protection, and ecosystem protection or improvement.

The bill would authorize $50 Million for each year from 2018 through 2022 to support the bill.

Moving Forward

Peters is a senior member of the House Energy and Commerce Committee to which this bill was referred for consideration. This means that he may have enough influence to have the Committee consider the bill.

The inclusion of ‘climate change’ language and inherently safer technology reporting provisions will automatically raise the ire of many Republicans on the Committee. Their inclusion almost guarantees that the Committee will not favorably consider the bill without modifying those provisions. Peters will almost certainly have to agree to such changes prior to the Committee considering the bill.


The bill greatly expands the security considerations that community water systems need to require in both the vulnerability assessment and response plans currently required. This expansion is more than a little justified, particularly after looking at the fiasco associated with the aftermath of the Freedom Industries chemical spill in West Virginia.

I covered a number of issues about water facility planning and response that probably should be taken when there are potential chemical contamination issues from industrial chemical sources in a series of blog posts about the lessons learned from the Freedom Fiasco. It would have been nice to see this bill address at least some of those issues in some more detail.

I am very happy to see the bill specifically address chemical security issues. Unfortunately, it only addresses the threat of theft of DHS chemicals of interest (COI). This would probably only be an issue for smaller water facilities that use 150-lb cylinders of chlorine gas; stealing chlorine gas from rail cars or even 1-ton storage cylinders is much less of a problem. What should have also been included was the threat of deliberate releases of COI; a much larger potential terrorist threat.

The major shortfall of this bill (and the original 2002 legislation) is that there is no provision for the EPA to review and approve either the vulnerability assessment, the response plans, or the implementation of those plans. The additional requirement to submit the response plans to the EPA was a step forward over the existing keep on file requirement, but there are no provisions for the facility to have adequately implemented the response plans.

Another system security problem that is virtually ignored by this bill is the problem of water control system cybersecurity. There are increasing amounts of automation being used by even smaller water treatment systems for increased efficiency and manpower reduction efforts. Failure to specifically address the protection of these automated systems from deliberate attacks is a major shortcoming of this bill.

Finally, the funding provided for the grant program is more than ludicrously small. The original, significantly more limited requirements, were supported by $160 million in funding for the first year. Interestingly, none of the grant monies could be used to protect facility physical, cyber or chemical security work.

No comments:

/* Use this with templates/template-twocol.html */