-------�
(2) Most of the security measures can be applied as retrofits to an existing facility. The
exceptions are those measures that require minimum site dimensions to be effective (for
example, double-layer fencing or set-back distances) or are dependent on other site-specific
conditions (for example, landscaping or site lighting). In applying these guidelines to
existing facilities, a utility should ensure that a consistent protection layer is achieved; for
example, the delay capability of a pry- or break-resistant door added to a facility should
match the resistance provided by the facility's other doors, windows, walls, and roof.
1.2.2.2 Local Codes and Required Aesthetics
The application of these guidelines needs to consider local codes, ordinances, restrictive
covenants, and aesthetic requirements. For example, local codes may limit the extent and
intensity of site lighting. Required aesthetics may limit the height or material type of a fence,
or it may not be appropriate to use a fence with outriggers and barbed wire for a facility that
is located in a park-like or residential neighborhood setting.
1.2.2.3 Assets Not Under Utility Control
These guidelines apply only to assets that are within the control of the utility. For critical
assets that are not owned by the utility, the utility needs to coordinate protection of the
assets with the owning parties.
1.2.2.4 Balance of the System
Where multiple facilities are located in a single complex, consider the security measures
needed for each type of facility and integrate the measures to provide the most effective
approach.
1.2.2.5 Value of the Asset
The relative value of an asset or facility is determined through the VA process and may be
contingent on perceived or actual monetary value, value to the process, value to the
community, or potential consequences if out of service. A higher value asset may warrant
enhanced security measures when compared to a lower value asset.
1.2.2.6 Levels of Security Measures
Each section of this document recommends security measures for base and enhanced levels
in each DBT category that are deemed appropriate to a wide range of facility types. The
choice between applying the base level or enhanced level of security depends upon the DBT,
the criticality of the asset, and the response time and capability of the responders. It may be
appropriate for a utility to apply security features in excess of those identified as enhanced.
It may also be appropriate for a utility to apply alternative solutions to achieve a similar
level of security for all facilities.
1.2.2.7 Response Time and Capabilities
If the anticipated response time is high or if the response capability is low, additional
security measures may be warranted.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 1-10
-------�
2.0 Raw Water Facilities
2.1 Scope
(1) This section of this Draft American National Standard for Trial Use covers raw water
facilities that are components of a municipal drinking water system and under the control of
the utility. It is limited to surface raw water facilities: river and lake intakes, pipelines and
canals that are used to convey raw water, valve vaults and control structures used on these
transmission lines and structures, and other facilities upstream of the treatment plant. It
does not include wells or pumping stations, as these facilities are addressed in Section 3.0. It
also does not include chemical feed facilities — these are addressed in the water treatment
plant section (4.0).
(2) This section establishes benchmark physical and electronic security features for
protecting raw water facilities from vandal, criminal, saboteur, and insider threats. Threats
and malevolent acts of concern include damage or destruction of individual facilities, or
introduction of a chemical or biological agent that contaminates the water supply.
(3) A dam is commonly a raw water facility that may be under the control of a utility. Large
reservoir dams are not addressed in this guideline because destruction of dams is
considered a terrorist activity and therefore is not within the capability of the design basis
threats of this guideline. Dam appurtenances can be protected in a similar manner to other
raw water appurtenances described herein. Small dams, including diversion dams, can be
protected using the approaches outlined for other raw water facilities and, therefore, are
addressed in this guideline.
2.2 Facility Mission
The mission of this facility is to provide a supply of water to treatment plants. The facilities
include storage reservoirs, basins, intakes, pipelines, and valve vaults. Generally, the
facilities are not continuously staffed. They may be visited periodically by staff so that the
staff can check the facilities, perform maintenance activities, conduct raw water monitoring,
and respond to alarms. The facilities are often isolated from the general public, although in
some cases, raw water impoundments and rivers are popular recreation areas. These
facilities may vary greatly in size, from large raw water reservoirs covering many acres to
smaller conveyance structures. The security strategy for a given facility may vary depending
on its size. For example, installation of a continuous perimeter fence may not be feasible at
facilities with large areas. In these cases, alternate security strategies should be employed.
2.3 Philosophy of Security Approach
(1) An effective security approach for raw water facilities includes equipment or systems to
deter, detect, delay, and respond to a threat prior to an adversary achieving its objective, or
mitigation of the consequences of a successful attack by the threat. The equipment and
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 2-1
-------�
systems for successful detection and delay of a threat should be matched to the capabilities
of the DBT, which are usually established during a facility's VA. In addition, equipment and
systems should be selected bearing in mind that the adversary must be adequately delayed
until the utility's identified response force arrives.
(2) DBTs considered in this guideline include vandals, criminals, saboteurs, and insiders.
Characteristics and capabilities of the two levels of threats—base and enhanced—upon
which the benchmark security measures in this guideline are based, are presented in
Table 1-1, Design Basis Threat Capability Matrix. Threats with capabilities less than or
greater than those identified in Table 1-1 require a less or more robust security system as
appropriate. Physical security measures are recommended without regard to cost or other
factors that may preclude their implementation.
(3) Benchmark security measures for deterrence, detection, and delay are provided in this
guideline. Approaches for consequence mitigation are presented in the Interim Voluntary
Security Guidance for Water Utilities (AWWA 2004a) and are not addressed here.
2.4 Benchmark Security Measures
(1) Table 2-1 establishes the benchmark measures for a recommended security system to
deter a threat or detect and delay the threat until the appropriate response force arrives. If
the threat includes more than one DBT, for example, an enhanced criminal and a base
insider, the security system should include the recommended security measures for both
threats. Recommended security measures for a specific DBT are indicated with a check mark
(^). A security measure without a check mark for a specific DBT indicates that either the
security measure is not recommended or a more robust security measure is recommended.
The security measures of Table 2-1 have been grouped into the following categories:
• Perimeter (reservoir impoundments, intake structures, raw water pumping stations,
open channels)
• Site (area between perimeter and facility structures)
• Facility Structures
• Water Quality Monitoring
• Closed Circuit Television - Alarm Assessment (fixed cameras)
• Closed Circuit Television - Surveillance (pan-tilt-zoom [PTZ] cameras)
• Power and Wiring Systems
• Supervisory Control and Data Acquisition (SCADA) - Physical Security
(2) Security decisions are site and utility specific, and the measures identified in the table are
good practice options to be considered, not rules to follow. Additionally, the measures
presented in the table are for typical raw water facilities. Facilities with different attributes
or threats with capabilities in excess of the descriptions in Table 1-1 may require additional
or more robust security measures. Appendix A provides additional details on security
measures (specific sections are referenced in Table 2-1 where applicable).
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 2-2
-------�
(3) Special considerations may be warranted for:
• Large dams because of their potential public safety implications and because they are
not addressed within this guideline
• Raw water components that do not have redundancy such as single raw water
transmission pipelines
• Facilities with public access such as intakes on rivers or impoundments
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 2-3
-------�
CD
o
co
CO
a:
CO
CD
CD
o
CD
CO
i
m
0)
CQ
m J£ u J9
« Q) _ c
lill
8 < -^LJ
|
c
S.
Saboteu
10
Crimina
(0
to
10
System
Objective3
•p
o _
111
a ~Z
to >
n £
° 'o
1 J
111
3j "•
•p
o
if
ll
m
ml
11
ui
i!
uojjoaiaa
*„.<,
C
i
1
,_
CO
,-"
T—
o"
T—
s
•
Basic perimeter fencing or
perimeter walls
in
T-
,f
T—
CM"
T—
s
-
s
s
s.
•
Enhanced climb/cut-resistant
fencing or walls
|v.
•«-
S
s
•
Foundation enhancements for
fencing to prevent tunneling
0
m
S
•
Bollards or vehicle barriers limiting
vehicle access
CM"
O)
0>
0°
0
CO
_
CO
s
-
-
-
•
Intrusion detection at perimeter
CM
o
-
CM
s
s
s
-
•
Key-locked entrance gate
.
^
o
co"
•<- CD
CO
CM
CM
CM
^
s
-
-
•
•
Entrance gate controlled by using
access control system
CO
CM
CM
CM
*
-
^
^
•
•
Intercom and remotely controlled
electronic gate lock for visitors
S
•
•
Guardhouse and manned entrance
gate to control site access
0
r--
S
s
-
-
s
s
•
Perimeter site lighting
CO
-
UT.
^
s^
^*-
-
-
s
-
•
Gate entrance lighting
tr
a:
^>
o
O td
LLJ =)
O O
-------�
1
I
OQ
CD
CQ
Lf
o> * o Si
"Idjg
8 • M e
I 111
l-.E.c
$ °-
5
c
^m
\
i
M
I
E
•c
0
m
«
•
|-|
||
W o
ll
11
m
O •g
S* g
J
ll
UJ
i!
!i
ii
Ul
J~£
$
_i
|-t
c ~"
UJ
il
m ™
uoijoajaQ
Ae|aQ
i
CO
•^~
CN
CO
^
S
s
s
s
s
s
*
Hardened site openings larger than
96 square inches (62,000 square
millimeters) in area (e.g., grates on
culverts)
00
s
^
"v
S
S
s
"No Trespassing" signage (every
50 feet [15 meters])
- .
II . .
Ill
IT
£.
3
1
w
1*
45
«
\\
.=
I
s>
q
s.
s
v*
s
•
Motion-activated lighting
0
CO
S
S
N>-
S
•
*
Perimeter minimum clear zone
distance
T—
q
S
^
*
O)
'o
1
"o
JD
T3
CO
CM
S
*
Enhanced second layer of fencing
that is climb/cut resistant
Oj
5p
°:"
q
s
s
s
•
Intrusion detection at second layer
of fencing
K
T—
S
*
Foundation enhancements for
second layer of fencing
s
s
v»'
s
•
Bollards or vehicle barriers around
critical exterior equipment
0
in
S
•
Bollards or vehicle barriers limiting
vehicle access to area within
second layer of fencing
I
LJ_
o
tt
13
CJ
LU
CO
O
-------�
CQ
CO
if la
tf\ ^3 Q? C
C CO Q)
CD m _ p
8 *•*!
"5. c •*"
5" ~ ^
£
o
"8
£
3
s
o
a
at
0}
M
CO
C
E
o
M
n
•o
c
n
^
ii
8,1
co 5
O
ll
n $
•^ J
ill
O 'm
0) 5
SJ
II
^ 0
111
Q| QJ
J2 Q)
CQ _i
u "3
n o
^ _i
IU
« "
55
ll
ra $
c J
u
qj ^
(0 >
CO S
m _!
^^o
,r
Security Measure
c>
^~
co"
c\i
CNj"
cxi
S
•
Electronic access-controlled
entrance gate for second fence
S
0
Signage, buoys and/or float lines
delineate no-entry zone around
lake or river intakes
CO
CO
S
S
s
s
Transformer (outdoor) - locked
protective barrier or cage
CO
CO
S
S
s
s
s
Generator (outdoor) - locked
protective barrier or cage
CO
CO
S
S
s
s
to
Switchgear/motor control center
(outdoor) - locked protective cag
CO,
o
CO
CD"
S
S
s
s
\
s
s.
s
•
2
Landscaping that does not obscu
building or other assets
V
S
s
s
Manholes - locked with security
fastener
\
S
•
t—
Manholes - intrusion detection 01
lock
1
I
1
iZ
S
s
s
s
•
Locking caps for valve operator
covers
CM
•*
T—
CN"
CD
s
•
Valve vault hatches - mechanically
fastened or locked with shroud
over lock
o s
LU =3
Q O
-------�
tn
ro
LL
I!
on
CO
-
oa
<
CD
CD
in
c £•
"B 3
aJ .S o J2
m ~c$ &
llsl
o < 'in UJ
Q..E£
< a
!
_c
2
%
w
1
c
E
•c
o
w
I
10
F"§:
S'-S
t/> (jj
II
II
a
0> ffl
01 >
CO to
m .3
1,
|I
LU
0
h~
s
^>
0
•
1
Valve vault hatches - double
doors with shrouded lock and
intrusion detection
S
s
s
s
•
. .52 «
Protective grating or screen tc
shield open basins from objec
that are thrown from outside tl
perimeter fence
-
s
s
s
s
•
c
Industrial-type, tamper-resista
door hinges
CO
CM
CO
CM
0
T
*"
\
S
S
•
Key-locked entrance door
,-
CO
Ol~
06
s
s
-
s
s
\
•
€
Exterior doors with status swit
contact alarmed to security
01
00
_
"fr
o
co"
o
,_"
o
s
s
s
s
s
0
•
Electronic access-controlled
entrance door
S
s
s
s
s
•
•
0
Automatic locking critical inter
doors, with access control
^
.
•
*
Double entry system or secun
lobby entry (mantrap)
S
•
Blast-resistant exterior doorsb
-------�
m
C/J
CD
O
co
CO
o;
£
|
CO
C
I
O
M
<0
?
(Q
^
S..2.
co 5
O
11
c
tu
QJ ^J
0) >
SjS
11
c ~"
UJ
Sn
>
s!
^_
ii
•= -J
c
UJ
s«
a m
m _!
^
= 1
a 5
c-1
111
J —
c
uo^,,,
_
BIBQ
Security Measure
0
iri
s
\
*
Bollards or vehicle barriers
protecting vehicle doors
S
S.
S
s
S
*
Break-resistant glass
s
Blast-resistant windows6
CO
0)
S
^
\
s.
•
^
T3
r*
Glass-break detection at wii
CO
0>
s
S
s
S
•
Interior motion detection
CO
CO
S
s
S
&
s
g>
_*?
Grilles or other barriers at s
and louvers over 96 sq. in.
(62,000 sq. mm)
S
s
s
•
T3
C
CO
w
7=
Grilles or other barriers with
intrusion detection at skyligl
louvers over 96 sq. in.
(62,000 sq. mm)
CO
J
s
s.
s
s
s.
Locked roof hatches
S
S
s
•
c:
O
w
3
i=
Locked roof hatches with in
alarm
%
S
S.
s.
s.
^
£
Roof access ladder with loc
shroud
S
s
\
•
"S
Roof access ladder with loc
shroud and intrusion alarm
2
s
-------�
o
co
CO
«M c:
UJ ^
—I O
m c
4 CD
P CO
CO
Lf
§.S o «
1 all
^^ ^>ul
<• ~ ^
I
1
3
a
(0
M
1
i
•c
0
M
I
?
CO
'
11
ij
«s-
o
s
go
fl
Ul
I!
•o
Ul
s?
ij
ll
Ul
I!
Il
re o
c. °
c -1
111
« 0
W •>
SI
_i
u«,,»^
_
Aeiea
e
CO
s
s
s.
*
indoor) - locked
rier or cage
te 5
E^ >
11
?
S
s.
s
s
*
Joor) - locked
rier or cage
.E te
•— J3
O SJ
ll
co 2
CO
s
s.
s
e\\
otor control center
ted protective cag<
1 o
8 i
ff
11
•
i
g
•c
0
in
\
s
s
•
On-line water quality monitoring
CN
p"
s
V
s
s
s
\
•
CCTV - All facility exterior doors
CN
o"
s
s
s
s
\
•
CCTV - Hatches, vaults
CN
T—
O
\
s.
\
s
•
OJ
CO
O)
c
'co
1
O
0
CM
T—
0
s
\
\
s
•
CCW - Impoundment, immediate
area near intake, open channels,
similar facilities
CN
T—
O"
s
s
\
s
•
CCTV - Main entrance door
CN
T—
T—
O"
s
s.
s.
s
\
•
CCTV - Site surveillance
t
I
LL
O
cE
3
|8
-------�
01
o
co
i
C/}
CD
CD
O
CD
CO
cs
3 1
CD d
< CD
P OD
*U-t
H| o 2t
O g> _ c
l!P
5" ~ ^
Insiders
Saboteurs
M
ra
c
E
U
10
c
re
System
Objective3
TJ
h
a S
c ~*
IU
S§
sj
1 *
ii
IU
a "S
ii
•o
0)
o "S
ll
IU
Q) ^5
re m
CD _J
ii
ra$
IU
0) "S
ca J:
uojpaiaa
A™
I
>,
•c
1
CN
-
q"
T—
s
s
-
s
•
CO
CO
CO
^
£
Q.
O
fc
O
O
m
CD
C
O
0.
0
csi
s
s
\
s
s
s.
s
•
All electrical panels locked
10,
o
csi
S
S
s
s
s
s
•
•
Backup power to security
components (as indicated): UPS,
typically
T—
o
c\i
s
S
s
s
s
N.
S
\
•
All electrical wiring in conduit
S
s
•
Redundant communication paths
S
0
c\i
S
s
s.
s.
\
s
•
Electronically supervised security
wiring
S
S
•
Redundant critical utility (power,
natural gas, etc.) connections
0
CO
s
-
s
s.
s
s
s.
*
"to"
Locked PLC/RTU enclosu
Csi
s.
-
s
s
-
\
•
1o"
¥
Tamper switch on enclosu
, ^
0
csj
-
s
N.
S
-
\
s
*
•D
C
8
c
All instrumentation wiring i
CD
u
1
•o
V
T3
•5
n
o
CO
CO
CO
0) eg
-Q."?
CO C
'•B "53
c -3
o
CD O
•^ "co
S cu
P CO
co co
O) O)
Notes:
a Many of the security met
b Blast-resistant doors and
o
5
-------�
3.0 Wells and Pumping Stations
3.1 Scope
This section of this Draft American National Standard for Trial Use covers water wells and
pumping stations used within a water system. It establishes benchmark physical and
electronic security features for protecting a well or booster pumping station (referred to as
the facility in this section) from vandal, criminal, saboteur, and insider threats. Threats and
malevolent acts of concern include contamination of the aquifer or contamination of the
water that enters the distribution system from a well or pumping facility; or damage or
destruction of the pumping station equipment that creates a public health hazard or
prevents transmission of water to the end user.
3.2 Facility Mission
(1) The mission of a well facility is to withdraw groundwater from an aquifer to be used as
drinking water supply. Generally, operations and maintenance staff only periodically visit
these facilities to perform maintenance activities or to respond to failure alarms. These
facilities may be isolated from the general public or located in residential, park-like settings
or in the midst of denser populated urban areas. Multiple wells can be found at one
location, and well facilities are often co-located with storage tanks or other utility-owned
infrastructure such as maintenance buildings.
(2) The mission of a pumping station is to pump raw water to a treatment facility (an intake
pumping station), or to lift potable water from a lower service zone to a higher zone.
Pumping stations may be exposed or in buildings above grade or may be located in below-
grade vaults. Their capacities may range from a thousand gallons per day (3.8 cubic meters
per day) to more than a million gallons per day (>3,800 cubic meters per day). Generally,
operations and maintenance staff only periodically visit these facilities to perform
maintenance activities or to respond to failure alarms. Although typically isolated from the
general public, these facilities can be located in residential, park-like settings, or in the midst
of denser populated urban areas.
(3) Wells and pumping stations have been grouped together for the purpose of this
guideline because they have similar components, staffing patterns, and types of locations,
and thus can be protected in similar ways.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 3-1
-------�
(4) More detailed information on wells can be found in AWWA Standard A100-06: Water
Wells (2006). More detailed information on pumping stations can be found in Pumping
Station Design by Jones, et al. (2005).
3.3 Philosophy of Security Approach
(1) An effective security approach for wells and pumping stations includes equipment or
systems to deter, detect, delay, and respond to a threat prior to an adversary achieving its
objective or mitigation of the consequences of a successful attack by the threat. The
equipment and systems for successful detection and delay of a threat should be matched to
the capabilities of the DBT, which are usually established during a facility's VA. In addition,
equipment and systems should be selected bearing in mind that the adversary must be
adequately delayed until the utility's identified response force arrives.
(2) DBTs considered in this guideline include vandals, criminals, saboteurs, and insiders.
Characteristics and capabilities of the two levels of threats, base and enhanced, upon which
the benchmark security measures in this section are based, are presented in Table 1-1,
Design Basis Threat Capability Matrix. Threats with capabilities less than or greater than
those identified in Table 1-1 require a less or more robust security system as appropriate.
Physical security measures are recommended without regard to cost or other factors that
may preclude their implementation.
(3) Benchmark security measures for deterrence, detection, and delay are provided in this
section. Approaches for consequence mitigation are presented in the Interim Voluntary
Security Guidance for Water Utilities (AWWA 2004a) and are not addressed here.
3.4 Benchmark Security Measures
(1) Table 3-1 establishes the benchmark measures for a recommended security system to
deter a threat or detect and delay the threat until the appropriate response force arrives. If
the threat includes more than one DBT, for example an enhanced criminal and a base
insider, the security system should include the recommended security measures for both
threats. Recommended security measures for a specific DBT are indicated with a check mark
(^). A security measure without a check mark for a specific DBT indicates that either the
security measure is not recommended or a more robust security measure is recommended.
The security measures of Table 3-1 have been grouped into the following categories:
• Perimeter
• Site (area between perimeter and enclosed facilities)
• Facility Structures
• Water Quality Monitoring
• Closed Circuit Television - Alarm Assessment (fixed cameras)
• Closed Circuit Television - Surveillance (pan-tilt-zoom [PTZ] cameras)
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 3-2
-------�
• Power and Wiring Systems
• Supervisory Control and Data Acquisition (SCADA) - Physical Security
(2) Security decisions are site and utility specific, and the measures identified in the table are
good practice options to be considered, not rules to follow. Additionally, the measures
presented in the table are for typical well and pumping station facilities. Facilities with
different attributes or threats with capabilities in excess of the descriptions in Table 1-1 may
require additional or more robust security measures. Appendix A provides additional
details on security measures (specific sections are referenced in Table 3-1 where applicable).
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 3-3
-------�
•B
s
CO
"Q.
.
CO
ca
"55
to
CO
0)
o
CD
C/)
CO
LU ^
-J O
m c
< CD
fill
iL c ^|UJ
<~*~
nsiders
Saboteurs
Criminals
(A
n
CO
>
"5
|i
CO -Q
Q
I \
c-1
111
0) 'm
li
Is
ui
a ~z
10 >
s!
1 •
c
111
% 5
m j
ll
11
m
11
a 3
uoipajaa
*™
i
1
T_
CO
T—
T-
o"
T-
S
•
Basic perimeter fencing or
perimeter walls
in
,-
T^-
,-
CM~
"
-
-
-
S.
•
Enhanced climb/cut-resistant
fencing or walls
fv.
T-
S
-
•
Foundation enhancements for
fencing to prevent tunneling
0
in
S
•
Q>
C
Bollards or vehicle barriers limiti
vehicle access
CM"
OT
o>
o
l^; T~
o"
CO
^
-
^
S
•
Intrusion detection at perimeter
CM
-
csi
S
-
S
S
•
o
to
8
c
S
1
X.
I
•
-------�
•s
S3
cn
'
T3
C
ro
CO
CD
m
OQ
CD
!
n Jj
CO ™
(0 o
£ _l
111
SI
JI
li
•^ j
ui
a •$
<0 m
m ™
uoijoajaa
Ae|3Q
c
i
1
3
1
00
s
^y
S
S
s
s
0)
i
a)
§>
??
O) 0
C -e
ll
2.^?
O **~
FS
2J.
o
i^
S
s
s
s
•
Motion-activated lighting
0
CO
s
S
S
S
•
•
Perimeter minimum clear zone
distance
o"
S
s
•
Second layer of basic fencing
CM"
-
•
Enhanced second layer of fencing
that is climb/cut resistant
CMf
SP
p ^
o
CO
s
s
s
•
Intrusion detection at second layer
of fencing
-
s
s
•
Foundation enhancements for
second layer of fencing
S
-
s
s.
•
Bollards or vehicle barriers around
critical exterior equipment
p
-
•
Bollards or vehicle barriers limiting
vehicle access to area within
second layer of fencing
0
CM
CM"
CM
S
s
-
•
•
Electronic access-controlled
entrance gate for second fence
ZD
or
oS
uj r>
Q C3
-------�
m
CO
o
s
CO
cn
"Q.
CD
"53
£
CO
CO
CO
>
n &
CD *
AB1eQ
3
CO
CO
s
s
s.
s
•
Transformer (outdoor) - locked
protective barrier or cage
CO
CO
S
S
s
s
s
•
Generator (outdoor) - locked
protective barrier or cage
CO
CO
S
S
S
S
•
0)
en
Switchgear/motor control center
(outdoor) - locked protective ca
o
^
CO"
CO
S
\
S.
S
•
Chemical storage and feed
equipment (outdoor) - locked
access
o
£:
CO"
CO
S
-
S
9
•
Chemical storage and feed
equipment (outdoor) - locked
access with intrusion detection
CO
o
CO
CO
s
s
-
s
s
s
S
\
9
s>
3
Landscaping that does not obsc
building or other assets
o
O)
S
S
S
•
Manholes - locked with security
fastener
S
S
s.
9
•
Manholes - intrusion detection <
lock
-
s
s
s.
•
co
c
o
Minimize exterior signage
indicating the presence or locati
of assets
-------�
CL
13
Q-
-o
CD
1
I
&
a>
IA CD
co c
Si
< CD
Pea
u>
? .a 3 a
If Jl
* * — P
3 9-2 «
10 O. <* —
8 < •£ m
Insiders
•
CO
Criminals
H
(0
il
II
cog
II
||
UJ
fl
CO 2
If
UJ
il
CD —I
UJ
o a
a $
to J3
||
UJ
O ~S
si
u.^,^0
**<«,
e
i
£
f
\
^
s
s
•
Locking cap on aboveground well
casing
-
-
*
*
•
en
1
1
§
Is
II
c en
II
s
s
-
•
Protective cage around
aboveground well casing and air
lines
S
s.
*
s.
•
Locking cap on monitoring wells
S
s
s
•
Protective cage around monitoring
wells
S
S
s
s
•
Locking caps for valve operator
covers
CN
CN
s
•
Valve vault hatches - mechanically
fastened or locked with shroud
over lock
d
S
-
s
•
Valve vault hatches - double hatch
doors with shrouded lock
CN
o
oj ,_:
o>
p
S
s.
•
•
Valve vault hatches - double hatch
doors with shrouded lock and
intrusion detection
E
u
CO
-------�
CO
05
T3
CO
3
0>
CO
-{ o
m c:
< CD
i-: en
2
0)
-
I
I
o
A
m
CO
|
E
o
(A
IB
•o
C
IB
i:l
to 'S
O
»
c >>
HI*
«lcU
2 8.w |
8 <"'55 ED
1:~
< "•
•o
0)
o -5;
1 1
c-1
111
4) "5
CO m
CO ®
II
c >
n &
•§-1
111
-------�
S3
CO
o>
i.
T3
oa
2
c
CO
CO
M
I
E
•c
o
to
CO
•o
to
^
E*5
w'S
O
S*
I*
w "g
fl> m
2 "
w o-
.?<
CL.E
hanced
UJ
§
&
1
i
c
Ul
i
1
a
.c
UJ
|
m
hanced
c
Ul
0
m
CO
CD
Aei
AB|
t
&
§•2
c^i
to §
0 ®
•^m
I
I
1
J
!
—
I
I
—
CO
_1
a|8Q
»o
1
1
CO
CO
S
S
s
Grilles or other barriers at skylights
and louvers over 96 sq. in.
(62,000 sq. mm)
,-
jj
s
s.
\
•
Grilles or other barriers with
intrusion detection at skylights and
louvers over 96 sq. in.
(62,000 sq. mm)
CO
j*
-
S
S
s.
s
Locked roof hatches
s
S
S
•
Locked roof hatches with intrusion
alarm
-
s
s.
s.
s
Roof access ladder with locked
shroud
S
S
\
•
Roof access ladder with locked
shroud and intrusion alarm
CO
CO
-
s
s
Transformer (indoor) - locked
protective barrier or cage
CO
CO
S
S
-
\
Generator (indoor) - locked
protective barrier or cage
CO
CO
-
s
s
Switchgear/motor control center
(indoor) - locked protective cage
0
£:
-
s
S
S.
S
Chemical fill lines at building
exterior - locked access
A
-------�
en
O
5
CO
Q.
co
"a5
L_
I
V)
CD
CD
§
CO
,_-{£
" E
CO
CD
CQ
M
§ , i1
5 u 3 .A
S Js u JS
«?«U
J5 9 — C
sill
O ^ (/) LU
iLs-c4
31
2
0)
1
2
3
fl)
i
(0
M
IB
E
O
M
ra
m
^
E"?
S'-g
(/> Q)
•o
o
o 75
f!
IU
Q) ^
tn ^
m f!
| 0
c >
n £
III
(0 >
ra m
ffl j
i i
1 "
111
o "5
IA >
n m
S3
1
o •«
C >
i!
Ill
S o
to >
n £
m *
-,».»<,
xeloa
|
1
i
s
s
•
•
I!
3 #
O fl)
W 8
Chemical fill lines
exterior - locked i
intrusion detectior
T-
00
s
V
»
•
en
§
H
,2 o
-o o
Chemical storage
equipment (indooi
,_
CO
^~
C)
CO
CD
^-"
ci
s
s
•
•
K
and feed
•) - locked
i
Chemical storage
equipment (indooi
intrusion detectior
p
10
CD
TO
cr
CO
CD
C
O
CM
s.
s.
in
8
•o
g
1
'D
o
o
1
to
l
O
O
8
-
C
CD
C
'co
O
O
§
m
'CD
CO
CD
O
O
-------�
CO
en
CTJ
=
CD
CO
UJ
-Jo
m c=
< o>
flif
* * — P
3 9-2 §
8<-S5Ei
Q..E
a
[
|
•
i
1
1
M
n
c
E
•c
u
in
to
>
%
If
*|
»
f
E
II
111
o
CO
Enhanced
—
1
0
ri
hanced
m
1
0 ^
hanced
c
111
1
I
I]
uojjoajaa
AC,*,
C
:
0
c\i
s
s.
\
\
s
s
\
•
All electrical panels locked
2-
0
csi
\
S
S
\
s
s
•
•
Backup power to security
components (as indicated): UPS,
typically
o
c\i
S
\
S
s
s
s
s.
s
•
All electrical wiring in conduit
\
S
•
Redundant communication paths
3
o
c\i
S
S
\
S
\
s
•
Electronically supervised security
wiring
S
\
•
Redundant critical utility (power,
natural gas, etc.) connections
o
CO
s
s
s
s
s
s
s
•
Locked PLC/RTU enclosure(s)
c\i
S
s
s
s
s
N.
•
Tamper switch on enclosure(s)
0
c\i
S
-
s
s
s.
s.
s
s
•
All instrumentation wiring in conduit
CD
k.
CD
IS
T3
CD
TD
I
O
JO
co
0) CO
•° .!2
CO i-
£;s
E 3
n
CD O
E -!5
§ CD
^ CO
cp co
CD CO
5-2
CO O)
8?
E co
f I
O T3
CO "E
» £
If
£•*
CO JO
5 m
-------�
4.0 Water Treatment Plants
4.1 Scope
This section of the Draft American National Standard for Trial Use covers water treatment
plants used within a municipal drinking water system. It establishes benchmark physical
and electronic security features for protecting a water treatment plant (referred to as the
facility in this section) from vandal, criminal, saboteur, and insider threats. Threats and
malevolent acts of concern include damage or destruction of individual treatment processes
or equipment, or introduction of a chemical or biological agent that contaminates the
drinking water supply. Employee safety and public health concerns can be caused by the
intentional release of hazardous chemicals or toxic gasses, or by damaging ventilation and
other life-safety control features. The potential for malevolent individuals to create
intentional fire and explosive hazards may be additional concerns requiring security
features.
4.2 Facility Mission
(1) The mission of this facility is to treat source water to drinking water standards. Water
treatment plants may produce from one hundred thousand gallons (380 cubic meters) to one
hundred million gallons (1,140,000 cubic meters) per day, although there are smaller and
larger plants in operation. The facilities to produce treated water include below-grade,
ground level, and elevated basins and tanks; buildings housing chemical systems; electrical
and control systems; staff facilities; and clearwell storage facilities.
Large water treatment plants are routinely staffed on a continuous basis; small facilities are
likely to be staffed only periodically to adjust treatment settings, perform maintenance
activities, conduct process monitoring, and respond to failure alarms. Although often
isolated from the general public, these facilities can be located in residential settings, or in
the midst of denser populated urban areas. Because of safety concerns, the public generally
has no direct access.
(2) More detailed information on specific functions and treatment processes is contained in
the Water Treatment Plant Design - 4* Edition, (AWWA/ASCE 2005a).
4.3 Philosophy of Security Approach
(1) An effective security approach for water treatment plants includes equipment or systems
to deter, detect, delay, and respond to a threat prior to an adversary achieving its objective,
or mitigation of the consequences of a successful attack by the threat. The equipment and
systems for successful detection and delay of a threat should be matched to the capabilities
of the DBT, which are usually established during a facility's VA. In addition, equipment and
systems should be selected bearing in mind that the adversary must be adequately delayed
until the utility's identified response force arrives.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 4-1
-------�
(2) DBTs considered in this guideline include vandals, criminals, saboteurs, and insiders.
Characteristics and capabilities of the two levels of threats—base and enhanced—upon
which the benchmark security measures in this guideline are based, are presented in
Table 1-1, Design Basis Threat Capability Matrix. Threats with capabilities less than or
greater than those identified in Table 1-1 require a less or more robust security system as
appropriate. Physical security measures are recommended without regard to cost or other
factors that may preclude their implementation.
(3) Benchmark security measures for deterrence, detection, and delay are provided in this
guideline. Approaches for consequence mitigation are presented in the Interim Voluntary
Security Guidance for Water Utilities (AWWA 2004a) and are not addressed here.
4.4 Benchmark Security Measures
(1) Table 4-1 establishes the benchmark measures for a recommended security system to
deter a threat or detect and delay the threat until the appropriate response force arrives. If
the threat includes more than one DBT, for example an enhanced criminal and a base
insider, the security system should include the recommended security measures for both
threats. Recommended security measures for a specific DBT are indicated with a check mark
(v'). A security measure without a check mark for a specific DBT indicates that either the
security measure is not recommended or a more robust security measure is recommended.
The security measures of Table 4-1 have been grouped into the following categories:
• Perimeter
• Site (area between perimeter and facilities)
• Facility Structures
• Water Quality Monitoring
• Closed Circuit Television - Alarm Assessment (fixed cameras)
• Closed Circuit Television - Surveillance (pan-tilt-zoom [PTZ] cameras)
• Power and Wiring Systems
• Supervisory Control and Data Acquisition (SCADA) - Physical Security
(2) Security decisions are site and utility specific, and the measures identified in the table are
good practice options to be considered, not rules to follow. Additionally, the measures
presented in the table are for typical water treatment plants. Facilities with different
attributes or threats with capabilities in excess of the descriptions in Table 1-1 may require
additional or more robust security measures. A water treatment facility may have chemical
injection facilities downstream of clearwell storage to adjust and maintain chemical
attributes of the finished water. These chemical facilities (chemical supply lines and
metering equipment) may be outside of the boundary of the water treatment plant campus,
but should be treated using similar security measures to those recommended for the
treatment plant perimeter and facilities. Appendix A provides additional details on security
measures (specific sections are referenced in Table 4-1 where applicable).
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 4-2
-------�
(3) Special considerations should be provided for security of extremely critical assets or
facilities such as in-plant pumping stations, main electrical switchgear, emergency
generators, disinfection systems, or SCAD A/security computer equipment. Special security
considerations should also be provided for water treatment plants that store large volumes
of hazardous or toxic chemicals, for example, chlorine or ammonia gas. The extremely
critical or hazardous assets may be the target of a DBT that is more capable than the DBT for
the remainder of the water treatment plant, thus the critical assets may require additional
security measures. Security approaches for these assets should be based on protection-in-
depth principles, where multiple layers of security measures are employed around the
critical assets to detect and delay the adversary. An example would be the security system
for protecting a chlorine gas disinfection system from an enhanced saboteur threat. This
system might include a second fence within the confines of the perimeter fence surrounding
only the chlorine storage and feed building and enclosing a minimum 100-foot (30-meter),
well-lighted clear zone between the second fence and storage facility. The fence system
could include intrusion detection, vehicle crash barriers, and access-controlled gates with
limited authorization rights. The disinfection building may be constructed of blast-resistant
materials and include blast-resistant and access-controlled personnel and vehicle doors. A
gas-scrubber system with the capacity to neutralize multiple containers of the hazardous gas
should be considered. Closed-circuit television cameras (CCTVs) could be used to assess the
threat of intruders and monitor authorized personnel activities. Depending on site and
response-force specifics, additional security measures may be warranted.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILmES
-------�
12
•
c
2
3
1
W
75
E
O
»
75
5
•
l|
^f
to
•2 ^"E
a> .S o J2
C OT 0)
S 8. w |
IB a.o ^*
— _ >.
S~ " °~
il
n S
U
11
to _i
II
-C _J
in
o •«;
ii
ll
C
4) ^
IJ
H
HI
i!
m "
AB|8Q
s
1 III
: ||
-
1 ^
• .^-,,
-.-:-' I
;;:-
n
1
00
,-"
T-
0
^~
v^
•
perimeter fencing or
2ter walls
m 5.
m
^-~
T-
CM
i~
S
s
s.
s
V
•
ced climb/cut-resistant
g or walls
ISJ
1^
1-
s
s
•
ation enhancements for
g to prevent tunneling
c-E
3 °
0
in
S
•
0)
is or vehicle barriers limitir
3 access
11
cSl
CM"
a>
o>
_-p
I** ^
o"
CO
CD
-
s
s
on detection at perimeter
c
CM
o
-
CM
^
S
s.
s
•
eked entrance gate
^j
^-~
d
co"
•«- o
CO
CM
\
s
s
•
Dnic access-controlled
cegate
11
CO
CM
CM"
CM
s.
s
s
s
•
jm and remotely controlled
>nic gate lock for visitors
Q "
0
S
S.
•
h
e sally port gate entrance 1
•y vehicles
j=>
CO ~m
> -o
•
8
house and manned entran
) control site access
fe 0>
0
s
S
S
s
s
en
1)
-------�
CO
CO
CD
CO
a
m c
< o>
P OQ
liL
* 1 & «
Its!
0 < M UJ
tt.E £
2
0)
M
C
C
&
&
n
(0
ra
E
O
w
IB
1
a
Q_
-------�
&
c
_co
D_
c
CO
a?
I
(2
0)
'«
1
a
(0
(A
I
E
•c
u
"55
•a
E
•
i"!
li
o
M
l^t
Applicable Seel
in Appendix
Physical Secu
Elements
§0
«8
c
U
H
si
1
u -5
II
HI
u
1 i
•C J
c
111
I!
0 J
||
U
11
.OT,
Am
eiaa
Security Measure
-
S
s.
Foundation enhancements for
second layer of fencing
v
s
s
s
•o
c
Bollards or vehicle barriers arou
critical exterior equipment
o
iri
s
0)
c
Bollards or vehicle barriers limiti
vehicle access to area within
second layer of fencing
O
co"
CM"
csi
s
s
-
•
Electronic access-controlled
entrance gate for second fence
CO
CO
%
S
s
s
Transformer (outdoor) - locked
protective barrier or cage
ro
CO
^
s
s
s.
Generator (outdoor) - locked
protective barrier or cage
CO
CO
T—
s
v
-
s
0>
rn
Switchgear/motor control center
(outdoor) - locked protective ca
O
CO"
CO
S
-
s
s
Chemical storage and feed
equipment (outdoor) - locked
access
q
CO"
CO
S
S
S
•
Chemical storage and feed
equipment (outdoor) - locked
access with intrusion detection
£2-
0
CO
CO
S
s
s
-
s
s
s
s
•
£
Landscaping that does not obsc
building or other assets
fe
E
-------�
•£
^D
CL
"£
CD
m
V)
CD
tn
CD
CD
o
CD
C/3
I
c.
0)
OQ
10
1 ^1
5" ~ ^
e
0)
a
_c
3
a
u>
"m
c
E
O
to
ID
1
n
WS
ll
|1
Ul
S s
CO m
m *
ll
c J
III
§1
0 £
0.3
O "S
|1
Ul
a Tu
ll
| „
111
I!
uo^.,™
Ae|3Q
I
i
o
£
f
o
w
S
s
s
s
s
•
•tr
i
?
I
i
8.
IF
c S
CO W
2J5
S
s
s
•
•
c
o
c
o
1
«
•o
c
o
w
.b
1
8
CO "0
5-
s
s
s
s
•
co
o
1
^
c?8
D) C
•i o.
® CD
O ^
CD ^
S
s
s
•
Locking caps for valve operator
covers
CN
"*
_
CM
O
s
•
£,
Valve vault hatches - mechanica
fastened or locked with shroud
over lock
CM
o
<>
-
S
•
j=
o
Valve vault hatches - double hat
doors with shrouded lock
CN
o
T~
^ o
e» ,j
- ,_
' .
o>
p
s.
s.
•
•
_J_
Valve vault hatches - double hat
doors with shrouded lock and
intrusion detection
00
S
•
Clearwell hatch/manway -
hardened lock with shroud or
mechanically fastened
oo
*
-
s
•
ai
Clearwell hatch/manway - doubl
layer doors with shrouded lock
-------�
Lf
§ * o.<2
5 8. <" i
m Q. 0 .2
8 < M UJ
O..E J=
4 °*
e
•
c
M
S
CO
10
1
E
~
0
M
10
m
S'J
11
g,.S
II
II
HI
I!
11
£
a> m
il
!i
UJ
Jo
J
II
1 0
c ~*
111
i!
uonowa
«.,«
I
<
1
! i
1
CO
S
S
•
•
Clearwell hatch/manway - double
layer doors with shrouded lock and
intrusion detection
00
S
•
Clearwell vent: gooseneck pipe
type - use double screen
00
S
•
Clearwell vent: rectangular or circle
(larger than pipe) - single layer
with shrouded lock
oo
S
s
\
•
Clearwell vent: rectangular or circle
(larger than pipe) - double layer
with shrouded lock
00
S
s
•
•
Clearwell vent: rectangular or circle
(larger than pipe) - double layer
with shrouded lock and intrusion
alarm
S
\
s.
•
Overflow outlet for Clearwell:
screen and/or flap valve with cage
S
s.
•
•
Overflow outlet for Clearwell:
screen and/or flap valve with cage
and intrusion detection
t
S
V,
S
•
Intrusion detection on top of
Clearwell or Clearwell area
iri
S.
S
S
S
•
Access ladder for Clearwell -
locked shroud
££3
-------�
CD
E
ro
cu
cn
co
01
f
o
UJ ^
-I -5
GO 1=
< CD
i-= m
<5
-
I
1
o
£
a
CO
(A
CO
C
E
~
o
(0
a
•o
c
CO
.
il
(A &
U) 3"
O
(A
C >i
S3
y K 7s M
<1) *~ W 4«(
co "o $ c
,' C CO «B
9J tu — c
liil
8 < '5 uj
™ 3»s
O-.E JE
< °-
•a
0)
c "*
c
UJ
col
J!
UJ
« -5
in >
n 5
J!
UJ
m TE
ft >
(0 m
m _J
II
II
ij
UJ
2«
« >
™ 0)
03 _j
uoipajaa
,r
a
Security Measure
CO
C)
-
^~
ci
N
s
s
s
Electronic access-controlled
entrance door
^.
o
CO"
d
d
\
-
S
s
Automatic locking critical interior
doors with access control
S
^
Double entry system or secured
lobby entry (mantrap)
S
S
Visitor waiting area
S
£1
•o
g
1
I
CO
CO
o ^
UJ =>
Q C3
-------�
CL
tf>
CD
CD
in
,_*£
3
31
(D £
« |
•° R
<
a.E
Q.
I
i
n
(0
M
I
E
•c
0
(A
(0
1
System
Objective8
0 «
:s 1
'in UJ
£
£L
!--
£
c
111
a
n
m
i
!
I1
•
•
n
DO
hanced
m
o
m
1
I
"S
I
1,
c
111
5
n
UOI^K,
A.,*,
1
|
t
O
10
-
s
•
Bollards or vehicle barriers
protecting vehicle doors
S
s
s
\
s
•
CO
"5)
CO
i
m
-
•
Blast-resistant windows6
CO
O>
S
-
s
s
•
£
Glass-break detection at windov
CO
OJ
S
S
-
s
•
Interior motion detection
CO
CO
s.
%
\
•
B
^^
Grilles or other barriers at skylig
and louvers over 96 sq. in.
(62,000 sq. mm)
5
s
s
s
•
•
•o
c
Grilles or other barriers with
intrusion detection at skylights a
louvers over 96 sq. in.
(62,000 sq. mm)
S
s
s
s
s
•
Locked roof hatches
S
s
v
•
•
c
Q
Locked roof hatches with intrusi
alarm
s.
S
S
s
%
•
Roof access ladder with locked
shroud
S
s
s
•
•
Roof access ladder with locked
shroud and intrusion alarm
-------�
c
jl
D_
I
tn
CO
CD
CO
^
m
£
5
'w
£
3
&
s
(0
CO
(0
m
|
0
to
m
c
n
^
E"?
0) *5
•*-* U
RH
co 5
O
to
|^€
l||l
* 0) — C
s 1™ 1
n Q- O —
8 < '5 UJ
"S..E £
< °"
jl
UJ
S >
ra o
UJ
s ?
•n
8-5
c >
W Q)
UJ
* "S
I!
Ii
II
c
UJ
o ^
(0 a)
uoipajaQ
_
eiaa
Security Measure
CO
CO
T—
s
s
v
Transformer (indoor) - locked
protective barrier or cage
CO
CO
S
s
s
s
Generator (indoor) - locked
protective barrier or cage
CO
CO
S
S
s
,
-------�
c
^
Q-
i^t
! * 3 «
{111
5" ~ "•
g
i
•
Saboteurs
1
E
u
Vandals
E"?
if
cog
if
Z''
s»
ra 5
ll
P
111
0) ai
i!
ffl "
||
III
0 •£
||
III
m *
u.,^
A=,ea
e
|
1
|
CM
p"
S
s
^>
s.
s
•
co
±1
CO
u
15
1
o
0
i P"
h
h
h
h
| •
1 15
: en
I c
1
:\ o
1 O
;
CN
K~
O"
^
S
-
-
•
1
1
"c
c
5
O
O
Cvj
O"
^
^
^
^
^
•
CCTV - Site surveillance
CNj
p"
T—
^
*
^
^
•
co
1
CO
Q.
0
I
O
O
o
oi
s
\
s
s
s.
V
s.
•
All electrical panels locked
S
o
c\i
\
\
s
s
s
s
•
•
Backup power to security
components (as indicated): UPS,
typically
o
o>i
\
S
s
s
s
s
s
\
•
All electrical wiring in conduit
S
s
•
Redundant communication paths
CSI^
o
c\i
S
s
s.
s
s
s
•
Electronically supervised security
wiring
S
s
•
Redundant critical utility (power,
natural gas, etc.) connections
-------�
c
JO
Q.
"c
3 «!
0* QJ —
3 a to
. :
Q. 0.2
o< «UJ
0)
TJ
(0
ro
|
O
ui
0)
(0
UJ
CO
II
in >
(0 m
CO °
1
UJ
o
CO
s
-
-
s
s
X,.
s
*
tn
^T
CO
.g
o
§
Locked PLC/Rl
c\i
-
s
-
-
s
s
•
"oT
"of
in
o
o
i
c
o
Tamper switch
^^
o
c\i
-
s
s
-
s
s
s
*
**
'3
T3
C
8
c
01
c
1
i
1
^
8
c
o
T3
0)
5
O
O
To
CD
0> CD
S M
CO i-
£-55
.£ "3
r>
CD O
*•* "co
C
CD CD
12 CD
co co
0) CO
co ~5>
§?
E co
o -D
Notes:
a Many of the s<
b Blast-resistant
fe
|
s
I
Q-
ig
uj r>
Q O
-------�
5.0 Finished Water Storage Facilities
5.1 Scope
This section of the Draft American National Standard for Trial Use covers water storage
tanks and finished water reservoirs used within a potable water distribution system. It
establishes benchmark physical and electronic security features for protecting a storage tank
or reservoir (referred to as the facility in this section) from vandal, criminal, saboteur, and
insider threats. The malevolent act of greatest concern is the intentional contamination of the
drinking water with a toxic agent. A similar, related concern is contamination with a foreign
substance that does not cause health effects, such as a dye, but does create a loss of
confidence or even panic among the utility's customers. Other concerns include destruction
or damage to the tank or reservoir and related appurtenances so that it cannot serve its
intended purpose, or destruction or damage such that a rapid release of the stored water
causes property damage and possibly harm to people living near the tank or reservoir.
5.2 Facility Mission
(1) The mission of this facility is to store potable water for distribution to customers. Storage
is needed to meet daily flow fluctuations, for fire fighting, and for emergencies. Three types
of potable water storage are typically employed in the water industry: aboveground water
storage tanks, elevated tanks, and covered reservoirs. Aboveground water storage tanks are
constructed of concrete, steel, fiberglass reinforced plastic (FRP), or wood with the tank floor
situated at grade (that is, it is not an elevated tank on columns). The diameter and height of
this type of tank will vary depending on volume requirements. Elevated tanks are typically
of steel construction with the tank itself perched on steel legs. The tank is accessible via a
ladder or system of ladders. Covered finished water reservoirs may be slightly larger and
are often constructed below grade but with access and vents at or above grade.
(2) Usually, these facilities are not staffed, and operations and maintenance personnel visit
the sites infrequently to perform maintenance activities or to respond to failure alarms. The
tanks and reservoirs are often located in residential, park-like settings or in the midst of
more densely populated urban areas where the public has access to the base of the tank. In
other cases, the tanks are isolated from general public access. Potable water storage facilities
at more remote locations within a distribution system may be provided with chemical
facilities (chlorine and/or ammonia) to maintain chemical attributes of finished water as it
progresses through the distribution system. Measures to address chemical facilities are
presented in Section 4.0 (Water Treatment Plants) and are not included here.
(3) AWWA Manual M-42, Steel Water-Storage Tanks, (1998) and D100-05: Welded Carbon Steel
Tanks for Water Storage (2005b) provide additional information on the design and function of
steel water storage tanks. Concrete tank standards and information are provided in
AWWA's D110-04 (2004b), D115-95 (1995) and American Concrete Institute's (ACI) 371R-98
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 5-1
-------�
Guide for the Analysis, Design, and Construction of Concrete-Pedestal Water Towers. FRP tanks
are covered in AWWA standard D120-02 (2002).
5.3 Philosophy of Security Approach
(1) An effective security approach for water storage facilities includes equipment or systems
to deter, detect, delay, and respond to a threat prior to achieving his/her objective or
mitigation of the consequences of a successful attack by the threat. The equipment and
systems for successful detection and delay of a threat should be matched to the capabilities
of the DBT, which are usually established during a facility's VA. In addition, equipment and
systems should be selected bearing in mind that the adversary must be adequately delayed
until the utility's identified response force arrives.
(2) DBTs considered in this section include vandals, criminals, saboteurs, and insiders.
Characteristics and capabilities of the two levels of threats— base and enhanced— upon
which the benchmark security measures in this section are based, are presented in Table 1-1,
Design Basis Threat Capability Matrix. Threats with capabilities less than or greater than
those identified in Table 1-1 require a less or more robust security system as appropriate.
Physical security measures are recommended without regard to cost or other factors that
may preclude their implementation.
(3) Benchmark security measures for deterrence, detection, and delay are provided in this
section. Approaches for consequence mitigation are presented in the Interim Voluntary
Security Guidance for Water Utilities (AWWA 2004a) and are not addressed here.
5.4 Benchmark Security Measures
(1) Table 5-1 establishes the benchmark measures for a recommended security system to
deter a threat or detect and delay the threat until the appropriate response force arrives. If
the threat includes more than one DBT, for example, an enhanced criminal and a base
insider, the security system should include the recommended security measures for both
threats. Recommended security measures for a specific DBT are indicated with a check mark
(^) in the table. A security measure without a check mark for a specific DBT indicates that
either the security measure is not recommended or a more robust security measure is
recommended. The security measures of Table 5-1 have been grouped into the following
categories:
• Perimeter
• Site (area between perimeter and facilities)
• Facility Structures
• Closed-Circuit Television - Alarm Assessment (fixed cameras)
• Closed-Circuit Television - Surveillance (pan-tilt-zoom [PTZ] cameras)
• Power and Wiring Systems
• Supervisory Control and Data Acquisition (SCADA) - Physical Security
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 5-2
-------�
(2) Security decisions are site and utility specific, and the measures identified in the table are
good practice options to be considered, not rules to follow. Additionally, the measures
presented in the table are for typical water storage facilities. Storage tanks with different
attributes or threats with capabilities in excess of the descriptions in Table 1-1 may require
additional or more robust security measures. Appendix A provides additional details on
security measures (specific sections are referenced in Table 5-1 where applicable).
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 5-3
-------�
CD
O
TO
03
cn
CO
&
co
CD
0)
CO
cu
CO
,_^
• CO
10 E
UJ ^
—I O
m c=
< cu
? OD
s-;*!U
•S <" .5 Q> c
£
OL
Insiders
3
iminals
o
(A
(0
•o
'S
<" >
n a;
CD _J
uoipatarj
AB|ea
i
i
od
o"
\
•
Basic perimeter fencing or
perimeter walls
C\|
S
V
s
\
s
•
Enhanced dimb/cut-
resistant fencing
h-
S
S
•
Foundation
enhancements for fencing
to prevent tunneling
o
in
S
•
Bollards or vehide barriers
limiting vehicle access
o>
°"°
i~- ^
pt\T
CO cjj
CD"
s
s
s
s
•
Intrusion detection at
perimeter
cvj
C3
csi
s
s
s
s
•
Key-locked entrance gate
•*
0
CO
Csi
CM"
csi
s
\
\
\
•
•
Electronic access-
controlled entrance gate
O
r-"
\
\
\
\
S
s
•
Perimeter site lighting
CD.
S
^
O
r^
S
s
\
s
•
Gate entrance lighting
CO
•*
csf
CO
T—
\
s.
s
\
s
\
•
Hardened site openings
larger than 96 sq. inches
(62,000 sq. mm.) in area
(e.g., grates on vents)
-------�
o
CD
0)
&
-2
CO
s
CO
-
00
CD
S .£ < 2
1 « -s * =
8 §?«* S
if Pi
£
e
«
^
'M
_e
e
I
I
i
M
I
C
E
•c
0
M
]
•o
c
ID
>
a
4
?
O •£
1"*
H
tfj
!l
Ul
II
CO m
m _i
ll
•^ J
Ul
—
n «
m "
||
c
Jo
1
uo,,oa,aa
AB,ea
e
'
! !•
ad
S
s
s
s
s
s
0) ~£
Q) i_
O) 9:
OT E
- m
0>T^
ll
|s
1— C
?l
05,
O
N^
S
S
S
S
•
Motion-activated lighting
o
00
S
S
S
S
•
•
Perimeter minimum dear
zone distance
S
•
Locate public or visitor
parking as far away from
facility as practical, but at
least 30 feet (9 meters)
away
T—
o"
S
S
•
Second layer of basic
fencing
CN
\
•
Enhanced second layer of
fencing that is climb/cut
resistant
CM"
OJ
oiP
0 ^
N^
o"
CO
S
s.
s.
•
Intrusion detection at
second layer of fencing
h-.
S
S
•
Foundation
enhancements for second
layer of fencing
'S,
§ir
o
"-
-------�
-•c
* — ^ 3 CO
8 §!<» §
ll 8.1|
tL
|
*
C
1
CO
w
E
O
m
CO
co '3
O
o -5
c "*
111
11
il
c
111
11
ll
«s
c
111
« >
eo £
m _j
]|
c ~*
111
® ^
8 $
m *
uoBo3,aa
/CB|3Q
1
s
-
s
s
Bollards or vehicle barriers
around critical exterior
equipment
o
in
S
Bollards or vehicle barriers
limiting vehicle access to
area within second layer
of fencing
o
co"
c\i
CM"
CM
S
s
s.
•
Electronic access-
controlled entrance gate
for second fence
CO
CO
S
s
s
s
Transformer (outdoor) -
locked protective barrier or
cage
CO
CO
S
s
s
v
s
Generator (outdoor) -
locked protective barrier or
cage
CO
CO
s.
s
s
s
9
Switchgear/motor control
center (outdoor) - locked
protective cage
o
CO
CO
^
s.
s
m
Chemical storage and
feed equipment (outdoor)
- locked access
o
CO
CO
I
CO
CD
CD
(75
m c
< CD
i-: m
-------�
C/3
a>
05
-o
5
a &
DO *
I'l
c
Ul
p
00 _i
uo^aa
AB,ea
Security Measure
p
T—
co"
CO
s
s
s.
•
•
Chemical storage and
feed equipment (outdoor)
- locked access with
intrusion detection
5
o
CO
to
s
-
s
s.
s
s.
s
s
•
Landscaping that does not
obscure tank or other
assets
S
s
-
•
Manholes - locked with
security fastener
-
s
s
•
•
Manholes - intrusion
detection on lock
s
S
s
s
•
Minimize exterior signage
indicating the presence or
locations of assets
i m
.'. '. /
P
Ml
UL
s
s
s
s
•
Locking caps for valve
operator covers
CN
T—
CN"
d
-
•
Valve vault hatches -
mechanically fastened or
locked with shroud over
lock
I
u_
O
5
^>
o
-------�
>.
«.£
Ss
_l
11
•i-1
I!
ll
c J
i!
uo^ea
Ae,ea
Security Measure
CM
CD
S
v
V
•
Valve vault hatches -
double hatch doors with
shrouded lock
of
o
3s
en
o"
"
\
^
•
•
Valve vault hatches -
double layer doors with
shrouded lock and
intrusion detection
CM
O
S
•
Tank hatch/manway -
mechanically fastened or
locked with shroud over
lock
CM
o
S
S.
s
•
Tank hatch/manway -
double layer doors with
shrouded lock
CM"
o
T—
3s
o>
o"
^
S
-
•
•
Tank hatch/manway -
double layer doors with
shrouded lock and
intrusion detectbn
S
•
Tank vent: gooseneck
pipe type - double screen
CO
CM
O
S
•
Tank vent: rectangular or
circle (larger than pipe) -
single layer shroud,
locked
-------�
>,
3m
0 .C < 3
1 » .s « i=
S 8 M 1
if |3j
w < £
a.
£
c
1
•
(0
m
S
|
5
(A
I
?
n
wo
1
o 75
c >
UJ
a 15
!*
CD —I
ll
111
£ o
11
ll
1]
c
UJ
1!
ll
£J
11
Uo^wa
AB|8Q
Security Measure
CO
Tt
^"_
IJ
CM"
C)
S
s
s.
•
k— 1
0 '
Tank vent: rectangular
circle (larger than pipe)
double layer with
shrouded lock
.
• CO
? ^
CM" 'r~-
o> 5
oi o"
p"^
|s-
S
s.
•
•
1— I
0 '
Tank vent: rectangular
circle (larger than pipe)
double layer with
shrouded lock and
intrusion alarm
^
S.
•
Overflow outlet: screen
and/or flap valve with
cage
S.
S
•
•
. Tl
Overflow outlet for
clearwell: screen and/o
flap valve with cage am
intrusion detection
O
JI
CM
oi
oi
p"
""•
S
S
s.
•
Q.
f\
Intrusion detection on ti
of tank or tank area
S
S
S
s.
•
Access ladder - locked
shroud
p
^Z
CM"
oi
oi
p"
^
S
S
s
•
•
Access ladder - locked
shroud with intrusion
alarm
a:
V
t
or
-------�
co
0)
o
CO
•§
£
CD
co
CO
o
CD
CO
5«
E
al
00 C
4 o>
i-: CQ
O C rf 3
£ lii £ i £
8 C TO t» o
g'i* 8.S »
0.
5
c
e
3
CO
CO
tn
CO
c
E
•c
o
tn
w
c
(0
J29
7J
w u
cog
O ^5
|I
ui
o "5
V) >
CO m
m _i
1
u o
II
•^ -^
Iti
01 at
M >
CO m
CQ _i
C "*
•^ -1
111
1!
!j
111
4) •£
11
CO J
uoipajaa
AB|9Q
Security Measure
^
\
S
•
Remote reservoir isolation
by means of automated
valve
S
S
S
N.
•
Protective grating or
screen to shield open
basins from objects that
are thrown from outside
the fence
CO
CO
T—
CO
\
S
S
•
Transformer - locked
protective barrier or cage
CO
CO
CO
\
S.
S
S
•
Generator - locked
protective barrier or cage
CO
co
\
v
Vy
•
Switchgear/motor control
center - locked protective
cage
p
T"~
S
^y
S
s
•
Chemical fill lines at
building exterior - locked
access
S
S
S
•
•
Chemical fill lines at
building exterior - locked
access with intrusion
detection
T-
co
T—
\
Ny
•
Chemical storage and
feed equipment (indoor) -
locked access
t
o:
-------�
I
u_
O
I
c i
LU
CO
3
-------�
potentially contaminated sections of the distribution system, are presented in the Interim
Voluntary Security Guidance for Water Utilities (AWWA 2004a) and are not addressed here.
(4) Because distribution systems are so expansive and include so many assets, utilities may
need to conduct evaluations that are in addition to their VAs to identify the most critical
facilities and locations within their distribution systems. These evaluations may include
extended period simulation hydraulic modeling to determine the potential water quality
impacts of a contamination event and where to focus security measures to minimize risk.
(5) As of the publication of this document, research was ongoing with respect to developing
online contaminant monitoring instruments. As these instruments are improved, they will
become a more integral part of physical security systems for distribution systems. Refer to
the Interim Voluntary Guidelines for Designing an Online Contaminant Monitoring System
(ASCE 2004) and to regular updates on the EPA web site for information on the topic of
online contaminant monitoring.
6.4 Benchmark Security Measures
(1) Table 6-1 establishes the benchmark measures for a recommended security system to
deter a threat or detect and delay the threat until the appropriate response force arrives. If
the threat includes more than one DBT, for example an enhanced criminal and a base
insider, the security system should include the recommended security measures for both
threats. Recommended security measures for a specific DBT are indicated with a check mark
(^). A security measure without a check mark for a specific DBT indicates that either the
security measure is not recommended or a more robust security measure is recommended.
The security measures of Table 6-1 have been grouped into the following categories:
• System Structures
• Water Quality Monitoring
• Power and Wiring Systems
• Supervisory Control and Data Acquisition (SCADA) - Physical Security
(2) Security decisions are site and utility specific, and the measures identified in the table are
good practice options to be considered, not rules to follow. Additionally, the measures
presented in the table are for typical distribution systems. Facilities with different attributes
or threats with capabilities in excess of the descriptions in Table 1-1 may require additional
or more robust security measures. Appendix A provides additional details on security
measures (specific sections are referenced in Table 6-1 where applicable).
(3) Distribution systems present challenges in developing adequate detection and delay
approaches, as many facilities are not constructed with defined perimeters or site areas and
are frequently accessible to the public. Based on the results of the VA and subsequent
evaluations described in the previous sections, utilities may elect to apply these security
measures on a subset of their assets in the most critical locations. For example, the
recommendations for valves may be applied to only the most critical valves, rather than
every valve in the distribution system. Additional information on distribution system
security can be found in Murphy et al. (2005).
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES
6-2
-------�
o
£
I
CD
CO
m c=
< CD
Poo
N
IgJl
— fl> — P
3 151
8 < -s\u
Insiders
e
&
i
CO
Criminals
m
m
•2
^
CO Q)
^* 'E1
cog
UJ
® 1
li
UJ
%$
55
1^
P
II
i.
f j
UJ
o "g
re m
to j
uoipajaa
«.,ea
Lirity Measure
I
i
;
s
s
s
s.
•
Bollards or vehicle barriers around
critical exposed equipment
\
^
-
-
•
Locking caps for valve operator
covers
CM
T~
CM"
o
s
•
Valve vault hatches - mechanically
fastened or locked with shroud
over lock
o
s
^>
s
•
Valve vault hatches - double hatch
doors with shrouded lock
CM"
o
T~
o> ,_:
- ^—
.
O)
p
s.
s.
•
•
Valve vault hatches - double hatch
doors with shrouded lock and
intrusion detection
S
s.
s
•
Provide locking devices for
contractor's temporary connections
^
S
•
Use uni-directional customer
meters to reduce backflow potential
S
S
•
Exposed pipelines: provide fence
barrier to limit access to
appurtenances
-------�
in
1
Q
-P
o
|
^
C/3
a
m c=
< ffi _ C
lill
8 < •» uj
Q..E £
a a.
2
5
M
2
£
I
a
OJ
M
1
E
•c
u
ID
n
CO
System
Objective3
ll
15
c
o ~z
m >
n m
03.3
n $
£• _j
(U
If
Ij
I,
II
Ul
81
5^
ll
u
I!
-o^oa
x.W
Security Measure
s.
•
•
Exposed pipelines: provide fence
barrier to limit access to
appurtenances and include
detection
S
N
s
s
•
Locking covers for control,
pressure-reducing, air-relief, and
other valves
N
S
•
•
Locking covers with detection for
control, pressure-reducing, air-
relief, and other valves
s
s
s
•
Locking cover for sampling stations
•
•
Locking cover with detection for
sampling stations
S
s
•
Hydrants: provide locking
mechanisms
s.
•
Backflow prevention valves or
tamper switches installed on
connections to multi-family
residential connections and
commercial facilities (e.g., motels)
s
•
Backflow valves to limit potential
for reverse flow at interconnections
to neighboring water systems,
wholesale customers, or customer
connections to industrial facilities
1
U_
O
-------�
co
CO*
o
!3
JS
i
.SE
Q
£
co
fl>
g
CO
CO
s
.^
1
s p
UJ _c
-J 0
OQ c=
i- m
M
fill
1 Isl
5 < -5 m
O-.E f
s~ °~
!
"
>k
09
O>
,c
3?
E
IS
i
"C
8
All instrumentati
8
li
15
-a
CD
•o
5
I
i
CO
E
g
3
CO
i
c
1
§
T3
--~
!5
measure
f
3.
Notes:
a Many of these
a:
^>
o
5 O
ccffl
OS
UJ =>
Ct O
-------�
7.0 Water System Support Facilities
7.1 Scope
This section of this Draft American National Standard for Trial Use presents guidelines for
security for support facilities that are part of municipal drinking water systems. It
establishes benchmark physical and electronic security features for protecting water support
facilities from vandal, criminal, saboteur, and insider threats. Threats and malevolent acts of
concern include damage or destruction of individual facilities.
7.2 Facility Mission
Water system support facilities include administrative buildings, maintenance yards, sites
for material and vehicle storage, and laboratories. The common element linking these
facilities is that they may not be in direct contact with the drinking water. If a facility such as
a laboratory or storage yard is located at the water treatment plant, then the security
guideline for water treatment plants should be referenced. This guideline applies to those
facilities that are not located at a water treatment plant, or water pumping station, or intake
facility, or otherwise in direct contact with the potable water. Because support facilities may
be located apart from the water flow, they have a low risk for being avenues of intentional
contamination of the water supply.
Support facilities may also have the following common factors that are often different from
other water system facilities:
• Large number of people entering and leaving the facility, including the public
• High vehicle traffic
• Fuel tanks to supply utility fleet
• May provide storage for utility vehicles, which as moving assets, present unique
challenges
• In the case of laboratories, may house chemicals or even pathogens that are used in tests
• May be symbolic of the utility's image, such as a headquarters facility
• May be combined with other government facilities, such as an administrative facility
within the city hall or a maintenance yard combined with other city maintenance
functions
The assets in a support facility may include maps, Supervisory Control and Data
Acquisition (SCADA)/controls, reports, cash, business systems, heavy and mobile
equipment, laboratory equipment and chemicals, and tools.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 7-1
-------�
7.3 Philosophy of Security Approach
(1) An effective security approach for water support facilities includes equipment or systems
to deter, detect, delay, and respond to a threat prior to an adversary achieving its objective,
or mitigation of the consequences of a successful attack by the threat. The equipment and
systems for successful detection and delay of a threat should be matched to the capabilities
of the DBT, which are usually established during a facility's VA. In addition, equipment and
systems should be selected bearing in mind that the adversary must be adequately delayed
until the utility's identified response force arrives.
(2) DBTs considered in this guideline include vandals, criminals, saboteurs, and insiders.
Characteristics and capabilities of the two levels of threats —base and enhanced—upon
which the benchmark security measures in this guideline are based, are presented in
Table 1-1, Design Basis Threat Capability Matrix. Threats with capabilities less than or
greater than those identified in Table 1-1 require a less or more robust security system as
appropriate. Physical security measures are recommended without regard to cost or other
factors that may preclude their implementation.
(3) Benchmark security measures for deterrence, detection, and delay are provided in this
guideline. Approaches for consequence mitigation are presented in the Interim Voluntary
Security Guidance for Water Utilities (AWWA 2004a) and are not addressed here.
7.4 Benchmark Security Measures
(1) Table 7-1 establishes the benchmark measures for a recommended security system to
deter a threat or detect and delay the threat until the appropriate response force arrives. If
the threat includes more than one DBT, for example an enhanced criminal and a base
insider, the security system should include the recommended security measures for both
threats. Recommended security measures for a specific DBT are indicated with a check mark
(v^). A security measure without a check mark for a specific DBT indicates that either the
security measure is not recommended or a more robust security measure is recommended.
The security measures of Table 7-1 have been grouped into the following categories:
• Perimeter
• Site (area between perimeter and facilities)
• Facility Structures
• Closed-Circuit Television - Alarm Assessment (fixed cameras)
• Closed-Circuit Television - Surveillance (pan-tilt-zoom [PTZ] cameras)
• Power and Wiring Systems
• SCADA - Physical Security
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 7-2
-------�
(2) Security decisions are site and utility specific, and the measures identified in the table are
good practice options to be considered, not rules to follow. Additionally, the measures
presented in the table are for typical water support facilities. Facilities with different
attributes or threats with capabilities in excess of the descriptions in Table 1-1 may require
additional or more robust security measures. Appendix A provides additional details on
security measures (specific sections are referenced in Table 7-1 where applicable).
(3) Special considerations should be provided for security of extremely critical assets or
facilities such as SCAD A, security equipment, and network computer servers, hubs and
related systems, and dangerous chemicals and pathogens located in analytical laboratories.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES 7-3
-------�
CO
ca
m
CD
OQ
11*1
*f
m
S" %
j
li
|S
m
%-»
a "
•o
eg
?1
15
c
id
o "5
I!
h
ll
Ul
« $
(0 S
m ™
^-PO
AejaQ
e
j
•
t
1
T—
CO
,_-
•^
q
^
Basic perimeter fencing or
perimeter walls
in
T-
^j."
l-i
CM
^
^
S
-
-
Enhanced dimb/cut-resistant
fencing or walls
^
^
S
S
Foundation enhancements for
fencing to prevent tunneling
o
m
S
en
Bollards or vehicle barriers limitir
vehicle access
CM"
o>
T_
0)
cf °-
Is- ^
0
CO
CD"
S
S
S
-
•
Intrusion detection at perimeter
S
S
s
s
•
Minimize vehicle access points
and/or number of entrance gates
CM
o
CM
s
-
s.
-
Key-locked entrance gate
.
^T
o
CO
T- O
CO
CM
CM
CM
^
s
s
s
•
Electronic access-controlled
entrance gate
CO
CM
CM"
CM
s
s
s
s
•
Intercom and remotely controlled
electronic gate lock for visitors
o
S
-
-
•
&
Vehicle sally port gate entrance f
delivery vehicles
-
•
8
Guardhouse and manned entran
gate to control site access
-------�
•c
8.
a.
O)
$.
CO
£
ro
CO
ro
m
| £
5 2S u JS
fils
0> m _ C
|lsl
Icf1"
S
M
I
&
&
ID
n
E
o
(0
CO
(0
(0 Q)
>t>x*
CO •"
Q
1 J
g«
IS
ll
111
S »
m $
m _i
ll
.c i
c
III
o "5
« 5
ffl _i
l«
53
si
™ »
CD —1
„„„=,.„<,
*«,
Security Measure
o
s
s
s
s
s
s.
•
Perimeter site lighting
u?
;?
p
S
S
S
•
Gate entrance lighting
CO
CN~
CO
-
S
s
s.
\
v
s.
•
1 CD °
C & CO
*-,?.£
Hardened site openings larg<
96 square inches (62,000 sq
millimeters) in area (e.g., gra
culverts)
S
•
•
c
"T
C
Separate visitor vehicular sig
checkpoint
OO
S
S
s
s
s
s
$
"No Trespassing" signage (e
50 feet [15 meters])
s
Is
s
illl s
s
<-~«
1
45 •
1
.c
Site (area between perime
Motion-activated lighting
O
CO
S
S
-
^
•
•
Perimeter minimum clear zone
distance
S
•
Public or visitor parking located as
far away from the facility as
practical, but at least 30 feet
(9 meters) away
S
•
Eliminate parking underneath
facilities
q"
^
-
•
Second layer of basic fencing
-------�
_
I
Q.
^
CO
E
to
1
CD
a>
2
1
c
e
1
(0
CO
M
I
E
0
in
n
•o
c
CO
>
•*"* O
CO '&
O
licable Sections
i Appendix A,
ysical Security
Elements
O. •- £
3" °-
ll
111
1!
m _i
•p
o
ll
111
O m
II
ll
1]
C
111
o ~z
in >
Jj
ll
c
Ul
11
ra £
U O I1O 919fl
Security Measure
CNI
v
CD
Enhanced second layer of fencin
that is climb/cut resistant
CN
oi
T—
oi
o"
CO
CO
V
s
•
fn
Intrusion detection at second lay
of fencing
^
s
s
Foundation enhancements for
second layer of fencing
S
V
s
s.
T3
Bollards or vehicle barriers arour
critical exterior equipment
o
in
S
a
Bollards or vehicle barriers limitin
vehicle access to area within
second layer of fencing
o
co"
CM"
s
s
•
Electronic access-controlled
entrance gate for second fence
CO
CO
s
s.
s
s
Transformer (outdoor) - locked
protective barrier or cage
CO
CO
S
s
s
s
s
Generator (outdoor) - locked
protective barrier or cage
CO
CO
s
s
s
s
m
Switchgear/motor control center
(outdoor) - locked protective cag
O
CO"
CO
S
s
s
s.
s
Chemical storage and feed
equipment (outdoor) - locked
access
-------�
CD
o
03
O
CL
CO
E
CO
1
cS
co
CD
0>
M
£ £•
.2 «£•£
*$* »s
«1<«S
* o> — c
llsl
8<-«ui
Q..E.C
9 °-
12
0)
^
'M
""
E
3
**
(1
(A
Ts
E
•c
o
10
"5
>
^
E°>
t|
«|-
il
11
c
HI
8$
m m
to *
1?
H
c
111
il
m ™
1?
1?
Ul
4) "aj
!S >
m ™
],
| 0
£ 1
C
UJ
II
uoijoa^aa
Ae|3Q
Security Measure
S
\
\
•
•
Chemical storage and feed
equipment (outdoor) - locked
access with intrusion detection
\
S
•
1 fc
CO 0
Fuel storage tanks - locate at 1
1 00 feet (30 meters) from all
buildings and away from perim
fence lines
S
o
CO
CD"
s.
V
V
s
s
\
\
s
s
•
£
0
Landscaping that does not obs
building or other assets
S
\
s
s
•
Ul
c
o
Minimize exterior signage
indicating the presence or loca
of assets
m
:
.
-
|
;:
• • -.
.
||
: II
"
-
• : . -.--
{
1
I
s
| s
\
s
s
•
Industrial-type, tamper-resistant
door hinges
\
\
\
•
Key-locked entrance door
CN
co
•*
oi
S
s
s.
s
s
s
•
Exterior doors with status switch
contact alarmed to security
\
s.
\
\
s
•
•
Electronic access-controlled
entrance door
•*
o
CO
o
o
s
V
s
\
s
•
•
Automatic locking critical interior
doors with access control
en
LU
E
o
II
m 5
^^
m :D
a O
-------�
C/J
CD
O
co
0>
&
C/3
JH
CO
CD
CD
1
,_
• CD
E
UJ £
-1 o
CD E
< CD
P CO
M
Lt
S^3j2
«>ltU
i Is!
u < '« ID
III
9 °-
|
1
3
ra
n
(0
n
E
•c
o
M
10
E
$
E">
t|
ms
1
o -5
|!
UJ
11
,s3
II
ii
Ul
« m
CO >
ra m
m .3
Is
UJ
11
s $
CO J
1
M«
||
c
Ul
to ^
m.3
ucHjoajaQ
Aciaa
Security Measure
\
•
•
Double entry system or secured
lobby entry (mantrap)
S
s
•
•
CO
O>
£
CO
0
•55
>
s
s
•
Provide dedicated meeting room
located outside secured interior for
meetings with visitors or vendors
S
S
s
•
Design building circulation to
provide unobstructed views of
people approaching controlled
areas or critical assets
S
•
Blast-resistant exterior doorsb
O
10
S
S
•
Bollards or vehicle barriers
protecting vehicle and personnel
doors
S
S
s.
s
\.
>
•
~5>
"E
CO
t/5
g
jk
i
m
\
•
a
T3
C
1
5
CO
CO
oi
\
\
\
S
•
Glass-break detection at windows
CO
0)
s.
S
S
S
•
Interior motion detection
\
S
S
V
\
•
Windows located away from doors
so that intruders cannot unlock the
doors through the windows
UJ
t
5
cr
UJ
X
a
, oc
• O
-------�
e
5
M
c
p
I
(0
(O
ra
E
o
co
n
c
(0
P'S
S'f>
S2..2.
£
— 8. "5 E
— i- >>
Q-.E £
Jl
c
111
8®
w ^
8^
|I
ui
Jl
m _i
8*
n £
ui
O o
« >
ra J
m ™
n S
c-1
ui
o "S
M >
re S,
m *
uoipataa
AB9
'
Security Measure
CO
CO
s
s
s.
&
f~
g>
CO .
co cr
•c co
^ "2 CN
0 raS-
T—
?
s
s
s
•
-o
c
Grilles or other barriers with
intrusion detection at skylights a
louvers over 96 sq. in.
(62,000 sq. mm)
S
s.
S
S
s
Locked roof hatches
S
S
s
•
c
o
Locked roof hatches with intrusi
alarm
^
\^
S
s
s.
Roof access ladder with locked
shroud
s
v
S
9
Roof access ladder with locked
shroud and intrusion alarm
CO
CO
s.
s
^
Transformer (indoor) - locked
protective barrier or cage
CO
CO
s
S
s
s
Generator (indoor) - locked
protective barrier or cage
CO
CO
s
S
s
ffl
Switchgear/motor control center
(indoor) - locked protective cag
s
s.
s
s
•
Chemical fill lines at building
exterior - locked access
CO
CD
Q_
Q_
3
CO
I
CO
tn
co
CD
CO
vfe
—
CO
0)
m
-------�
"c3
CD
^
E
CO
&
CD
f
CO
E
01 £
-J o
m c=
< CD
fi m
w
Iff
to ^ « c
1 &£-
•f "^
(0
•
c
^™
c
1
o
&
M
ra
E
•c
o
w
ra
•o
ra
o> -a
P
1
c •
c "*
W
e 'm
in >
li
ii
•C _l
Ul
4) ~S
11
CD _i
i i
c
Ul
o -5
w >
Si
_i
1
II
c
Ul
11
UO^^K,
*«,
Security Measure
S.
S
•
•
Chemical fill lines at building
exterior - locked access with
intrusion detection
CO
s.
S
•
1
M
8
Chemical storage (indoor) - 1
access
CO
O
CO
CD
S
S
s
s
•
•
1
je
8
Chemical storage (indoor) - 1
with intrusion detection
CNI
0
S
S
\
S
S
S
i •
CCTV - All facility exterior doors
CNj
p
\
S
s.
\
S
•
CCTV - Hatches, vaults
CNI
T—
p"
S
\
\
\
•
&
'• 13
i O)
c
'CD
I
O
O
CSI
p"
S
S
S
S
•
CCTV - Main entrance door
csi
p"
S
\
\
S
S
•
CCTV - Site surveillance
CNJ
O"
\
s.
S
S
•
CCTV - Interior protected areas
-------�
CO
CQ a
< o>
? CO
Lf
Q) .— O Q
«? >
S3
ll
111
j|
uoipaiaQ
Ae|3Q
e
i
n
o>
f
3
V)
0
csi
s
V
-
s
s
s
s
All electrical panels locked
52-
0
Csi
s
s
s
-
-
s
•
Backup power to security
components (as indicated): UPS,
typically
o
csi
-
S
-
-
s
s
s
-
All electrical wiring in conduit
S
S
Redundant communication paths
Si
0
csi
*
-
S
s
\
\
Electronically supervised security
wiring
-
-
Redundant critical utility (power,
natural gas, etc.) connections
S
Incoming site utilities - harden
power, gas, water, waste and their
facility entry points
o
CO
s.
s
s
-
s
^^
s
IP
"e/T
dT
3
o
ocked PLC/RTU enci
-1
Csi
s
s.
V
-
s
^^
•
«r
"m"
co
0
'amper switch on enci
^
o
s.
s.
s
-
-
s
^^
s
w
^
'3
•o
c
8
D)
C
Jl instrumentation wiri
<
CO
E-e
•G .15
.E "5
o
CD O
£^ CO
»= CO
c
CD CD
2 co
88
bi5
co en
8?
E co
lotes:
Many of the security
Blast-resistant doors
£.m xi
-------�
APPENDIX A
Physical Security Elements
The design of any security measure must always take safety and maintenance
considerations into account.
These guidelines apply only to assets that are within the control of the utility. For critical
assets that are not owned by the utility, the utility needs to coordinate protection of the
assets with the owning parties.
1.0 Fencing and Perimeter Walls
(1) The primary goals of fencing and perimeter walls are to establish a legal demarcation by
defining the perimeter boundaries of a facility, to present a barrier that causes an intruder to
make an overt action to penetrate that demonstrates intent, and to create a delay barrier
against unauthorized access.
(2) Secondary goals may include screening the facility against visual observation,
establishing a clear zone enhancing lighting and surveillance, and providing a means to
install intrusion detection sensors.
1.1 Chain-Link Fencing
(1) For terms related to chain-link fencing systems, refer to American Society for Testing and
Materials (ASTM) F552, "Standard Terminology Relating to Chain Link Fencing" (ASTM
2005d). For detailed specifications and design information related to chain-link fencing and
posts, refer to Military Handbook MIL-HDBK-1013/10, "Design Guidelines for Fencing,
Gates, Barriers, and Guard Facilities" (NFESC 1993b) and Federal Specification RR-F-
191/2D, "Fencing, Wire and Post, Metal (Chain-Link Fence Gates) (Detail Specification)"
(Naval Construction Battalion Center 1990a). Both documents have been approved for
public release and are available online. Aluminum fabric, poles, or accessories are not
recommended for security applications.
(2) Base-level fence guideline is galvanized steel chain-link fence post with a 6-foot (1.8-
meter [m]) or greater fabric height. Enhanced-level fence guideline is galvanized steel chain-
link fence post with an 8-foot (2.4-m) or greater fabric height.
(3) Fence fabric should be one piece and should be coated with zinc or poly vinyl chloride
(PVC). PVC over zinc-coated steel is recommended in harsh, corrosive environments.
(4) Base-level fabric wire gauge should be a minimum standard wire gauge of No. 9 and
mesh pattern of 2-inch (50-millimeter [mm]) diamond mesh or smaller.
(5) Enhanced-level chain-link fencing should comply with the requirements for the base-
level guideline chain-link fencing, except use No. 6 or No. 8 gauge fencing fabric in place of
No. 9 gauge and select mesh patterns less than 2-inches (50 mm) across.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-1
-------�
(6) Post strength and stiffness for base-level and enhanced-level chain-link fences should
meet ASTM F1043, "Standard Specification for Strength and Protective Coatings on Steel
Industrial Chain Link Fence Framework," Group 1A requirements (ASTM 2005c) for heavy
industrial fences. Follow manufacturer's standard with allowance for minimum embedment
below finished grade.
(7) The average dimension between line posts for chain link fences is recommended to be no
more than 10 feet (3 m) when measured center-to-center between posts and parallel to the
fence grade (ASIS 2004, Chapter 3 - Chain Link Fencing). For additional guidance on
installing chain-link fencing, refer to RR-F-191K/GEN, "Fencing, Wire, and Post Metal (and
Gates, Chain-Link Fence Fabric, and Accessories) (General Specification)" (Naval
Construction Battalion Center 1990b); ASTM F567, "Standard Practice for Installation of
Chain-Link Fence" (ASTM 2005e); and Military Handbook MIL-HDBK-1013/10, "Design
Guidelines for Fencing, Gates, Barriers, and Guard Facilities" (NFESC 1993b)for guidelines
on connection of fencing mesh to posts for security applications.
(8) The ASIS "Protection of Assets" manual (ASIS 2004) further identifies that post hole
depth be a minimum of 24 inches (610 mm), plus an additional 3 inches (76 mm) for each 1-
foot (0.3-m) increase in fence height over 4 feet (1.2 m), such that an 8-foot (2.4-m) fence
requires 36-inch (910-mm) depth for post holes. The hole should be backfilled with concrete
]into the excavation hole (2500 pounds per square inch [psi] [17,000 kilopascals]) and the
concrete extended 2 inches (50 mm) above grade, with a crowned surface to shed water.
(9) Where fences cross a stream, culvert, swale, depression or other openings that fencing
does not enclose, where opening size is 96 square inches (62,000 square mm) or larger, these
openings should be protected by additional grilles, fencing, or other barriers against
penetration. Refer to 13.3 of this Appendix and to Military Handbook MIL-HDBK-1013/10,
"Design Guidelines for Fencing, Gates, Barriers, and Guard Facilities" (NFESC 1993b) for
recommendations and construction of grilles.
1.2 Anti-Climb/Anti-Cut Fencing
(1) If the design basis threat (DBT) warrants, a specialized anti-climb/anti-cut fence such as
wire-panel mesh fencing should be considered.
(2) Wire-panel mesh fabric wire gauge should be a minimum of No. 8 wire gauge.
(3) Wire-panel mesh pattern should be non-climbable, with 0.5-inch by 3-inch (13-mm by
76-mm) mesh pattern, welded at each intersection.
(4) Fabric wire should conform to ASTM A853-04, "Standard Specification for Steel Wire,
Carbon, for General Use," Grade AISI1006 as specified by the American Iron and Steel
Institute (AISI) (ASTM 2005b). After welding, the fabric is hot-dipped and galvanized with a
zinc coating followed by a polyvinyl chloride (PVC) coating.
1.3 Ornamental Fencing
(1) Site conditions and local codes may dictate the use of aesthetically pleasing fence
materials. In such cases, ornamental fences of steel, aluminum or wrought iron should be
considered.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-2
-------�
(2) As an example of aluminum fencing meeting the requirements, base-level ornamental
fence should be a picket fence, 8-foot (2.4-m) picket height or greater, constructed of HS-35
aluminum alloy. Nominal picket spacing should be 5 inches (130 mm) on center or less.
Pickets may include spiked tops, depending on the DBT.
(3) Suggested minimum sizes for fence pickets are 1-inch (25-mm) square by 0.062-inch
(1.6-mm) thick, while suggested minimum fence rail dimensions are 1.625-inch (41-mm) by
0.070-inch (1.8-mm) thick top walls, and 1.625-inch (41-mm) by 0.100-inch (2.54-mm) thick
side walls.
(4) Line posts for aluminum ornamental fences should be constructed of HS-35 aluminum
alloy, with suggested dimensions of 2.5-inch (64-mm) square by 0.075-inch (1.9-mm) thick.
Follow manufacturer's standard with allowance for minimum embedment below finished
grade.
(5) Gate posts for aluminum ornamental fences should be constructed of HS-35 aluminum
alloy of minimum dimensions 6-inches (150-mm) square by 0.125-inch (3.2-mm) thick.
Follow manufacturer's standard with allowance for minimum embedment below finished
grade.
(6) Fencing should have a powder-coated finish or other appropriate protective finish.
1.4 Perimeter Wall
(1) The need for solid perimeter walls, such as concrete masonry walls, may be dictated by
the DBT, hardening needs, aesthetics, or the desire to fully screen a facility or asset from
outside view. In those instances where hardening and aesthetics are both objectives,
hardened (or crash-resistant) ornamental fencing is available.
(2) Base-level concrete masonry unit (CMU) wall height should be 6-feet (1.8-m) high or
greater. Enhanced-level CMU wall height should be 8-feet (2.4-m) high or greater. Wall
thickness should be 8 inches (200 mm) as a suggested minimum with additional thickness as
required to meet hardening designs.
(3) Immediate wall columns should be spaced per design criteria and site conditions.
(4) Corner columns should be positioned where directional changes in wall alignment occur.
(5) Wall foundation and reinforcement should be provided per local design criteria and
geotechnical conditions.
1.5 Fencing Topping
(1) Fence topping may include barbed-wire topping or concertina barbed-wire tape topping,
or a combination of both.
(2) For base-level barbed-wire topping guideline, attach a three-strand of barbed wire,
conforming to ASTM A176, "Standard Specification for Stainless and Heat-Resisting
Chromium Steel Plate, Sheet, and Strip" (ASTM 2004b) and ASTM A 666, "Standard
Specification for Annealed or Cold-Worked Austenitic Stainless Steel Sheet, Strip, Plate, and
Flat Bar" (ASTM 2005a) to a 2-foot (0.6-m) high single outrigger; for enhanced-level climb
resistance, use double Y-style outriggers with 3-strand barbed wire.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-3
-------�
(3) For concertina-wire topping, attach 12-gauge stainless steel wires to 2-foot (0.6 m) high
double Y-style outriggers. Concertina wire should conform to ASTM F1910, "Standard
Specification for Long Barbed Tape Obstacles" (ASTM 2003), and should be 24-inch to 30-
inch (610 to 760 mm) diameter double coil concertina type. Each concertina loop should
consist of 43 +/- 2 clusters of needle-sharp barbs on 4-inch (100-mm) centers, each barb
measuring a minimum of 1.2 inches (30 mm) in length.
(4) Refer to ASTM A121, "Standard Specification For Metallic-Coated Carbon Steel Barbed
Wire" (ASTM 2004a) and Federal Specification RR-F-191/4D, "Fencing, Wire, and Post,
Metal (Chain-Link Fence Accessories)" (Naval Construction Battalion Center 1990c) for
installation guidance.
(5) Ornamental fencing with angled "pikes" can be provided as a fence topping to
discourage or prevent access to a facility by climbing.
1.6 Perimeter Line
(1) Periodic treatment of the perimeter line is recommended to prevent vegetation growth.
(2) Provide a 1-foot (0.3-m) wide vegetation-free zone with fence or wall placed in center of
zone, using 2-inch (50-mm) thick layer of 0.375-inch to 0.75-inch (10-mm to 19-mm)
aggregates, and treat with herbicide.
1.7 Fence Foundation Enhancements
(1) To prevent stretching of the fence fabric to allow an adversary to move under the fence,
it may be appropriate to anchor the bottom fabric of the fence to create similar delay to that
of fencing. For anchorage of fabric, the bottom fence fabric should be secured to a bottom
rail and securely anchored at the midpoint between the fence posts along the fence line. For
the base-level guideline, the bottom rail may be anchored to an eyebolt embedded in a
"deadman" anchor, a concrete cube 3 feet by 3 feet (0.9 m by 0.9 m) as described in Military
Handbook MIL-HDBK-1013/10, "Design Guidelines for Fencing, Gates, Barriers, and Guard
Facilities" (NFESC 1993b); the deadman should be buried in the soil below the fence rail. As
an alternative, 12-inch (300 mm) deep rows of metal bars or pickets may be embedded at 12-
inch (300 mm) intervals along the base of the fencing.
(2) For the enhanced-level guideline to prevent tunneling under fences, provide a
continuous concrete curb at base of fence 8-inches (200-mm) wide by 24-inches (610-mm)
deep. The maximum clearance between the bottom rail and the top of the grade strip should
be no more than 2 inches (50 mm) maximum clearance with the bottom rail of fencing
secured to the concrete strip at the mid-point between the posts and at intervals of 10 feet (3
m) or less.
2.0 Gates
Personnel gates should be of similar construction guidelines as fences, or stronger, while
vehicle gates will need additional strength due to the weight of the gate assembly, and to
prevent vehicle incursion, if dictated by the DBT. Where the DBT justifies additional layered
security, hardened (or crash resistant) gates are available.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-4
-------�
2.1 Chain-Link Gates
(1) For detail specifications on chain-link gates, refer to Military Handbook MIL-HDBK-
1013/1A, "Design Guidelines for Physical Security of Facilities," Table 6 - Common Chain
Link Fence Materials (NFESC 1993a), and Federal Specification RR-F-191/2D, "Fencing,
Wire and Post, Metal (Chain-Link Fence Gates)" (Naval Construction Battalion Center
1990a).
(2) Entry gates using perimeter fence double swing gates should have maximum 2.5-inch
(64-mm) clearance between bottom rail and finished grade.
(3) Entry gates should have reinforced steel latch with hardened steel padlock protection.
(4) Posts for swing gates with fabric height up to 8 feet (2.4 m) should have nominal
minimum dimensions of 2.875-inches (73-mm) outside diameter (OD) to 8.625-inches
(219-mm) OD, depending upon the gate leaf width.
(5) Posts for swing gates with fabric height of 9 to 10 feet (2.7 to 3 m) should have nominal
minimum dimensions of 3.5-inches (89 mm) OD to 8.625-inches (219 mm) OD, depending
upon the gate leaf width.
2.2 Electronic Gate Opening
(1) Electrical gate operators should be Underwriters Laboratory (UL)-listed, heavy-duty,
high-frequency electrical models designed to open and close sliding or other types of gates
as selected for specific applications. Gates should have maximum 2.5-inch (64 mm)
clearance between bottom tension bar and finished grade.
(2) Electrical motors should be sized appropriately for gate size, duty rating, and frequency
of operation. Provide industrial-quality motor overload protection with manual reset. Gate
operators and other electrical appurtenances should be positioned within the fenced
perimeter to avoid vandalism and tampering.
(3) Recommended gate travel speed is a minimum 1 foot (0.3 m) per second. Speed adjusting
feature that provides range of appropriate speeds for slide gate operation is recommended.
(4) Provide positive limit switches that sense position of gate and provide control to prevent
damage to gate operator.
(5) Provide manual operation feature or disconnect for operation during power failure,
malfunction, or emergency. The manual gate operator should be secured inside a locked
weather resistant cabinet, with an attached key box as required. Gate operators should be
located so they cannot be reached or tampered with from outside the fence. A variety of
types of manual and automatic gate operators, from simple push-button type operators to
complex electronic operating systems as well as associated hardware and safety devices, are
available from gate manufacturers. Gate storage, housing for operators, and site-specific
operating systems, warning devices, or signage should also be considered to ensure safe
operation when authorized.
(6) Component parts of gate operator, including attachments, should be constructed with
materials or plated, coated, or finished as necessary to provide reliable service in an all-
weather environment.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-5
-------�
2.3 Electronic Gate Control System
(1) Pushbutton or card-reading sensor in weatherproof enclosure should be mounted on
steel tube post or concrete bollard anchored to concrete foundation outside gate as required.
(2) Consider providing loop, beam, or other vehicle detectors a minimum of 4 feet (1.2 m)
away from each side of gate for safety.
(3) Communication interface should enable remote monitoring of gate position from central
location, such as central security office.
(4) Suggested operation sequence:
(a) Entry: Gate opens when activated by valid card presented to card-reading sensor.
Gate closes after sensing loop / sensing beam has determined that vehicle has
passed through gate.
(b) Exit: Gate opens when activated by detector loop in pavement or push button
inside gate. Gate closes as for entry.
(5) Other options for automated gate access control systems include radio controlled, remote
operated (from control room or operations centers), guard operated, key switched, and
others. Each type will have specific features to consider with respect to the overall access
control system.
3.0 Site Areas
3.1 Clear Zones
(1) The purpose of a clear zone is such that intrusion detection surveillance and assessment
using visual observation or cameras can be applied and to provide an unobstructed area in
which placed devices can be readily observed/detected. Clear zone regions are typically
established:
(a) On both sides of a perimeter security fence to allow unobstructed surveillance of
the fence area
(b) Between a perimeter fence and structures, buildings, or other critical assets
enclosed within the fence to maintain a clear area for detection of intruders or placed
devices
(c) Around the perimeter of a building to prevent areas of concealment of intruders
or placed devices.
For additional information regarding clear zones, see "Minimum Antiterrorism Standards
for Buildings," Unified Facilities Criteria (UFC) 4-010-01 (DoD 2002).
(2) Effective clear zone distances should be in accordance with the DBT, but a suggested
minimum distance is 20 feet (6 m) or more between the outer perimeter fence and interior
structures per UFC 4-010-01 poD 2002).
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-6
-------�
(3) Within the clear zone, prune or trim vegetation to a height of 4 inches (100 mm) or less,
and remove large obstacles or rocks that can shield intruders from view. Avoid locating
equipment within clear zones or with spaces below in which devices can be readily
concealed.
3.2 Site Utilities
(1) Wherever possible, incoming site utilities need to be protected from accidental or
deliberate damage that might affect operations. It is recommended that the core site utility
connections entering the site and facility be hardened. Hardening techniques may include
burying, protecting within conduit, security cages or grilles or by adding redundant service
feeds. The following utilities should be examined and protected to the extent possible:
(a) Electrical Power
(b) Natural Gas
(c) Incoming Water
(d) Wastewater
(e) Fire Water Main(s)
(2) Exposed pipelines should be protected, where possible, using fence barriers to limit
access.
(3) Alternatively, exposed pipelines could be run within carrier pipes to enable double-wall
protection.
(4) Redundant utility connection sources should be provided if available. Dual electrical that
feeds off separate circuits or incoming water supply from different source mains should be
utilized where available.
(5) Electrical lines should be placed underground where applicable.
4.0 Facility Entrances
4.1 Sallyport Entrances
(1) A sallyport is a combination of electrically operated gates or portals that are interlocked
to prevent more than one gate from opening at a time. The sallyport provides a means for
secured, controlled entry through the fence perimeter of the facility. Entry processing,
paperwork review, and driver/load identification or verification occur within the sallyport.
Sallyports may also be used to enable searching the interior and undercarriage of vehicles
for explosives.
(2) Typical vehicle sallyport dimensions are in the range of 75-feet (23-m) long by 20-feet (6-
m) wide (and should be sized to accommodate the largest delivery vehicle), enclosed by
fenced sides of height, construction, and configuration consistent with the site perimeter
fencing. Vehicle gates should be consistent with the gate guidelines provided in Section 2.0,
Gates, of this Appendix.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-7
-------�
(3) Sallyport gates should be equipped with an interlocking system to ensure that the inner
and outer gates are not capable of being opened at the same time.
(4) Gate controls should be located in an area so that the person operating the controls
maintains a constant visual observation of the sallyport area. The controls should be
protected and covered so that non-authorized use is eliminated.
(5) A keyed manual override switch should be provided that allows the gates to be opened
simultaneously. However, this override switch must be protected and covered such that the
possibility of accidental operation is eliminated.
4.2 Building Entrances
(1) Building entrances should provide a space for screening visitors. The area should
provide enough space for visitors to wait, queue, and be logged in prior to entering the
interior secure spaces. If frequent visitor entry is anticipated, anti-vandal furniture may be
provided within the visitor waiting area.
(2) Visitor management software can facilitate the log in and registration of incoming
visitors. Some systems permit pre-registration prior to entry and notification upon visitor
arrival.
(3) If the DBT warrants, x-ray screening of incoming personnel and visitors may be
considered. Additionally, explosive screening may be considered for incoming mail and
packages.
5.0 Bollards and Other Vehicle Barriers
(1) Bollards, jersey barriers, decorative planters, or other vehicle barriers, where applied,
should be capable of stopping a 4,000-pound (1,800 kilogram [kg]) vehicle traveling at
30 miles per hour (48 kilometers per hour) within 3 feet (0.9 m) or less.
(2) Refer to Department of Defense Handbook MIL-HDBK-1013/14, "Selection and
Application of Vehicle Barriers," (NFESC1999) for detailed descriptions, attributes, and
stopping capabilities of several barrier types. This document has been approved for public
release and is available online.
6.0 Exterior Surfaces
(1) At surfaces subject to vandalism, incorporate glazed concrete masonry units, glazed
ceramic tiles, or fiberglass coatings to resist vandalism attempts.
(2) Apply non-stick, non-mark, polyurethane-based paints and coatings for external surfaces
subject to vandalism.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-8
-------�
7.0 Outdoor Security Lighting
(1) Depending on the DBT and local site environment, the amount of recommended
illumination may vary. Consult with local code officials for additional restrictions that may
apply to lighting levels.
(2) In addition to the suggested illumination levels provided below, refer to the Illumination
Engineering Society of North America (IESNA) handbook, "Guideline on Security Lighting
for People, Property, and Public Spaces - G-l-03" (IESNA 2003).
(3) General perimeter roadways and parking areas should be illuminated to 1 to 2 horizontal
foot-candles (11 to 22 lumens/square meter [lux]) on average.
(4) Vehicle gate areas should be illuminated to 3 to 5 foot-candles (32 to 54 luces), average,
measured horizontally. If this area will receive CCTV camera coverage, a recommendation
is that the illumination levels be 5 to 10 foot-candles (54 to 108 luces), measured vertically at
the subject height.
(a) Horizontal illumination measures the lighting at a horizontal surface or plane,
such as the ground surface.
(b) Vertical illumination measures the illumination received on a vertical plane, such
as a person's face or license plate of a vehicle.
(5) If a gatehouse or sallyport entrance is used, an illumination level of 10 to 30 vertical foot-
candles (110 to 320 luces) is the goal.
(6) Building exterior door areas should be illuminated to 3 to 5 horizontal foot-candles (32 to
54 luces), on average, for a radius of 15 feet (4.5 m) beyond the exterior door.
(7) General outdoor areas should be illuminated to 0.5 horizontal foot-candles (5 luces),
average.
(8) Provide a minimum light-to-dark illumination ratio of maximum 6:1, preferably 4:1.
Preferably, a lighting engineering study should be performed using point-by-point lighting
calculations with a point spacing not more than 25 feet (7.6 m) on center.
(9) Where applicable, incorporate motion-activated lighting to provide instant-on lighting
upon motion-alarm activation. Such a system will raise the illumination from 0.5 foot-
candles (5 luces) to 2 to 3 foot-candles (22 to 32 luces). If motion-activated lighting is
included, make sure that lamp re-strike time is quick enough to support instant-on
activation.
(10) When CCTV cameras are used, these additional lighting considerations should be taken
(ASIS 2004, Chapter 19 - Security and Protective Lighting):
(a) Color Rendering Index: Choose an appropriate lamp that has accurate color
reproduction.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-9
-------�
(b) Reflectance of Materials: Consider the material that will be illuminated, and its
ability to reflect and transmit light.
(c) Direction of Reflected Lighting: Identify whether reflected lighting will assist or
interfere with camera operation.
8.0 Signage
8.1 Fence Signage
(1) Post "No Trespassing" signs at 50-foot (15 m) intervals in multiple languages as
consistent with local population. From a general legal standpoint, the fence and signage
establishes a boundary that intruders must cross for violation.
(2) Include appropriate federal, state and local laws prohibiting trespassing. For example,
U.S. Code Title 42, Section 300i-l, titled, "Tampering with public water systems," states the
following (42 U.S.C. § 300
a) Tampering - Any person who tampers with a public water system shall be
imprisoned for not more than 20 years, or fined in accordance with title 18
<"Crimes and Criminal Procedure">, or both.
b) Attempt or threat - Any person who attempts to tamper, or makes a threat to
tamper, with a public drinking water system be imprisoned for not more than 10
years, or fined in accordance with title 18, or both.
c) Civil penalty - The Administrator may bring a civil action in the appropriate
United States district court (as determined under the provisions of title 28
<" Judiciary and Judicial Procedure" >) against any person who tampers, attempts to
tamper, or makes a threat to tamper with a public water system. The court may
impose on such person a civil penalty of not more than $1,000,000 for such
tampering or not more than $100,000 for such attempt or threat.
d) "Tamper" defined - For purposes of this section, the term "tamper" means -
(1) to introduce a contaminant into a public water system with the intention
of harming persons; or
(2) to otherwise interfere with the operation of a public water system with the
intention of harming persons.
8.2 Primary Site Entrance Signage
At the primary entrance to the site, post the address of the site so that first responder crews
(such as police and fire departments) can confirm the address location.
8.3 Water Line Delineation
At lake or river intakes, provide buoys or float lines with appropriate signage to delineate
no-entry zones.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-10
-------�
9.0 Electronic Security Systems
9.1 Intrusion Detection Sensors - General
(1) The intrusion detection system should be capable of detecting an individual (weighing
75 pounds (34 kg) or more) crossing the detection zone walking, crawling, jumping,
running, or rolling (at speeds between 0.5 and 15 feet (0.2 and 4.6 m) per second), or
climbing the fence, if applicable.
(2) Perimeter intrusion detection should provide average false alarm rates of not more than
one false alarm per week, per sensor, while maintaining proper detection sensitivity.
(3) Interior intrusion detection should provide false alarm rates of not more than one false
alarm every three months, per sensor.
(4) Detection probability should be at a 95 percent confidence level. When calculating
detection probability for multiple sensor systems, detection is assumed if any of the sensors
detect the intrusion.
(5) Intrusion detection systems should cover the entire length of the perimeter of a detection
area.
(6) Intrusion detection sensors should be provided with a redundant power source for a
period of not less than four hours.
(7) Detection sensors should be monitored for alarm and fault conditions by an attendant
security monitoring system (an electronic system that monitors security alarms).
9.2 Exterior Intrusion Detection
(1) Prevalent sensor technologies include active infrared, microwave, dual-technology,
buried-line, fence-mounted sensors, and video motion detection.
(2) Appropriate detection technology should be selected based on factors such as facility
environment, location, climate, and ambient temperature conditions, and on the DBT.
9.2.1 Active Infrared Sensors
(1) Active infrared sensors transmit infrared signals to a receiver. Interruption of the signal
indicates an intruder or object has blocked the path.
(2) Active infrared sensors require line of sight; the signal must be projected over a clear
path where the line of sight remains unblocked.
(3) Transmitters and receivers should be installed where they will not be misaligned due to
earth tremors, objects hitting the unit (such as falling rocks, branches, or falling trees), or
freezing and thawing of the ground.
(4) Active infrared sensors do not work well in areas with heavy snowfall because drifts or
snow mounds cover sensors and block transmission and reception paths. Weather
conditions such as fog, heavy rain, or severe sand or dust will affect the reliable detecting
range.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-11
-------�
(5) Nuisance alarm sources for active infrared sensors include animals and wind-blown
debris. Fencing can minimize animal false alarms. Vegetation can also pose a problem if it is
allowed to grow to a size where its movement will generate an alarm.
9.2.2 Microwave Sensors
(1) Microwave sensors transmit or flood a designated area with an electronic field. A
movement in the area disturbs the field and sets off an alarm.
(2) The detection area should be free of bushes and obstructions. Close proximity to other
high frequency signals can adversely affect the detection reliability of microwave sensors.
Areas that contain strong emitters of electric fields (such as radio transmitters) or magnetic
fields (large electric motors or generators) can affect the ability of the microwave sensors to
function properly and should be avoided.
(3) Grass should be cut to less than 3 inches (76 mm). A gravel surface prepared for water
drainage is better than a grass surface. Avoid dead spots or areas of no detection created by
metal objects such as dumpsters, shipping crates, trashcans, and electrical boxes. These dead
spots create areas for intrusion attempts.
(4) Nuisance alarm sources for microwave sensors include wind creating wave action on
puddles or moving nearby fences or vegetation, or movement adjacent to, but outside, the
protected area (because the signal can easily pass through standard walls, glass, sheet rock,
and wood).
9.2.3 Dual Technology Sensors
(1) Dual-technology sensors use both microwave and passive infrared (PIR) sensor circuitry
within the same housing. PIR sensors pick up heat signatures from intruders by comparing
infrared receptions to typical background infrared levels. Typically, activation differentials
are 3 degrees Fahrenheit (1.7 degrees Celsius).
(2) Dual-technology sensors generate an alarm condition if either the microwave or PIR
sensor detects an intruder.
(3) Dual-technology sensors can be installed along a perimeter line, a fence, or a buffer zone,
or as a defense against intruders approaching a door or wall.
(4) Nuisance alarms for microwave sensors are described in 9.2.2. Nuisance alarms for PIR
sensors include reflected light and radiated heat.
(5) In some dual-technology sensors, alarm settings may be adjusted to require that both the
microwave and the PIR unit detect an intruder before an alarm condition is generated. With
two independent means of detections, false alarms are reduced.
9.2.4 Buried Line Sensors
(1) There are several types of buried line sensors, including fiber optic cable, ported cable,
and ported coax cable.
(2) The two principle advantages of buried cable are that it is covert and it follows the
terrain.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-12
-------�
(3) Buried line systems do not work well with shrubbery or trees that require landscaping
and maintenance.
(4) It is important that the cable be buried to a uniform depth. Changes in soil conductivity
can affect the sensor readings.
(5) Nuisance alarms can be caused by the ground shifting due to standing or puddling
water, or erosion. Tree roots can also be a cause for nuisance alarms when windy conditions
aboveground cause movement in the roots. Large animals passing over the detection zone
can also generate alarms.
9.2.5 Fence-Mounted Sensors
(1) Fence-mounted sensors detect vibrations on fence fabric associated with sawing, cutting,
climbing, or lifting the fence fabric.
(2) Fence-mounted sensors are not reliable in areas where high vibrations are likely to be
encountered, such as in close proximity to roadway activity or construction. Do not use in
areas with high wind or numerous animal interactions with the fence line.
(3) Fence-mounted sensors perform best when mounted directly to the fence fabric. Each
sensor is connected in series along the fence with a common cable to form a single zone of
protection.
(4) Sensor zone lengths have a typical recommended range of 300 feet (90 m), although some
systems permit longer sensing zones.
(5) Install on high-quality fencing. Poor quality fences with loose fabric can create too much
background activity due to flexing, sagging, or swaying.
(6) Nuisance alarms can be generated from shrubbery and tree branches as well as animals
and severe weather that come in contact with the fence, causing it to vibrate.
9.3 Interior Intrusion Detection
(1) Provide appropriate interior intrusion detection according to the DBT and the building
environment.
(2) Applicable technologies include dual-technology (passive infrared and microwave),
linear beam, and glass-break sensors.
(3) Select products that are consistent with the ambient temperature, environment, and
moisture content of the structure to be protected.
9.3.1 Dual Technology Motion Sensors
(1) Dual technology motion sensors use passive infrared and microwave technology to
detect motion. Described in 9.2.3, these sensors are applicable for both interior and exterior
applications.
(2) Do not use dual-technology sensors in areas where the PIR sensor can be exposed to
sudden changes in temperature, such as near an exterior door.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-13
-------�
(3) Nuisance alarms can be generated from heat radiating objects such as heat-system
registers or other warm objects (including things as innocuous as a mop bucket with hot
water in it).
9.3.2 Linear Beam Sensors
(1) Linear beam sensors transmit a beam of infrared light to a remote receiver creating an
"electronic fence." Once the beam is broken, an alarm signal is generated. It has a high
probability of detection and a low false alarm rate.
(2) This type of sensor is often used to cover openings such as doorways or hallways, acting
essentially as a trip wire. The infrared beam is unaffected by changes in thermal radiation,
fluorescent lights, electronic frequency interference (EFI), or radio frequency interference
(RFI).
(3) The transmitter and receiver can be up to 1,000 feet (300 m) apart.
(4) Nuisance alarms can be created by any objects that may break the beam, such as paper
blowing off of a shelf or desk.
9.3.3 Glass-Break Sensors
(1) There are three basic types of glass-break sensors: acoustic sensors (listens for an acoustic
sound wave that matches the frequency of broken glass), shock sensors (feels the shock
wave when glass is broken), and dual-technology sensors (senses acoustic and shock
vibrations).
(2) Using dual-technology sensors significantly reduces false alarms from background noise
such as RFI and frequency noise created by office machines.
(3) Glass-break sensors provide intrusion detection for windows and doors with glass
panes. Mount on the window, window frame, wall, or ceiling. If mounted on the wall or
ceiling (this is the preferred placement), place opposite the window. If mounted on glass,
place in the corner, approximately 2 inches (50 mm) from the edge of the frame.
(4) Use mounting adhesive specified to withstand long exposure to summer heat, winter
cold, or condensation.
(5) Regardless of the type of sensor, coverage typically does not exceed 100 square feet
(9 square meters) of glass surface.
(6) Nuisance alarms can be caused by improper calibration or installation. In addition, RFI,
sharp impact noises, and background noise such as office, industrial, and cleaning
machinery can cause false alarms.
9.4 Door and Hatch Contact Alarm Switches
(1) Door and hatch contact alarm switches should interface to a security monitoring system
in addition to the SCADA system.
(2) Magnetic door contact switches should be installed at all building exterior doors to
monitor for door ajar and door forced-open conditions.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-14
-------�
(3) Exposed exterior locations, such as exterior hatches or vaults, should utilize high-
security balanced magnetic switches.
(4) Industrial doors, gates, and roll-up doors should use high-security rugged duty, sealed,
wide-gap magnetic switches.
9.5 Pipeline Vibration Detection
(1) Emerging technologies are being developed that provide vibration detection within
pipeline sections. By incorporating this technology, attempts at sabotage such as cutting,
hammering or detonation of the pipeline can be detected and a response can be initiated.
Such detection systems might be considered for critical pipeline sections without
redundancy. The detection systems monitor vibration within the pipeline section. If the
vibration level exceeds a threshold amount, then an alarm may be transmitted back to a
central monitoring station. Such systems are relatively new technology, but are in operation
currently for critical utility (oil, natural gas) pipelines within the United States.
10.0 Access Control Systems
10.1 Access Control Systems - General
A means of providing access control should be incorporated into all security systems.
Access control measures should consist of one or more of the following systems: key locks
and/or padlocks, numeric keypad locks, or card reader systems.
10.2 Locks and Padlocks
(1) Padlocks should be weather-resistant with a hardened-steel shackle.
(2) Padlock pulling resistance should be 4,500 pounds (Ibs.) (20,000 Newtons) at minimum.
(3) Padlock pressure resistance to bolt cutters should be 10,000 Ibs. (44,000 Newtons) at
minimum.
(4) Key locks should use hardened steel inserts protecting the plug face, shell, and sidebar
from drilling attack.
(5) Provide an access guard of channel steel or other material against bolt-cutter or torch
access to padlocks.
(6) Whenever possible, avoid using "daisy chains" of padlocks. Instead, use a
programmable lock that allows for authorized entry by multiple individuals using unique
codes.
10.3 Numeric Keypad Locks
(1) Numeric keypad locks are locking systems that include a programmable keypad in
addition to the door latch or deadbolt and lever handle. A user must enter a code at a
keypad before the door will unlock and allow access. New codes can be added or changed
at the keypad.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-15
-------�
(2) Models are available that require both a credential and a code. This dual method can
provide an additional layer of protection.
(3) Models are available to mount on various door thicknesses and doors with narrow stiles.
10.4 Card Reader Systems
(1) Card reader systems should incorporate:
(a) Alarm Display and Programming: A computer server or workstation that
displays alarm conditions and allows programming of the system.
(b) Badge Creation: A badge station, allowing creation and programming of badges.
(c) Local Control: Local control panels that control the doors, card reader units, and
access cards.
(d) Printer Unit: A printer unit that can print a report for each event and alarm
condition.
(2) Under normal operation, the system should grant access at doors with card readers by
comparing the time and location of any attempted entry with information stored in local (at
the door controller) memory.
(3) Access is granted only when the security card used has a valid entry code at the card
reader for the designated time frame.
(4) The access card should be a standard credit-card-size passive component with an
integral coding technology, such as coding contained within a chip in the card.
(5) Electrical locking means should be electric strike, magnetic lock, or other approved
means. Great care should be taken in designing access control for doors used for egress to
ensure free egress is permitted at all times.
(6) Refer to NFPA101, "Life Safety Code "(NFPA 2006), and NFPA101B, "Code for Means
for Egress for Buildings and Structures" (NFPA 2002) for code guidance on egress and
ingress doors.
11.0 Closed Circuit Television (CCTV) Surveillance
11.1 General Considerations
(1) CCTV cameras can be analog or IP-network cameras, depending on factors such as the
suitability to the installation, site conditions, and availability of local area networks.
(2) The ASIS publication "Protection of Assets," Chapter 38 - Television in Security (ASIS
2004), identifies the following specification items to consider when specifying CCTV
cameras:
(a) Imager: The size of the image-sensing device within the camera.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-16
-------�
(b) Resolution: The measure of detail that the camera can distinguish, usually
measured in horizontal TV lines per inch (25 mm). The larger the number, the
sharper the image and the better the camera.
(c) Sensitivity: Typically, the minimum lighting illumination level required for full
video. The lower the required illumination level, the more sensitive the camera.
(d) Signal-to-Noise Ratio: The ratio of the peak value of the video signal to the peak
value of the noise or electromagnetic interference, measured in decibels. The greater
the ratio, the sharper and better the picture image.
(e) Automatic Light Compensation: The process whereby the amount of illumination
on the image sensor is automatically adjusted to the scene brightness. A high ratio
indicates that the camera can automatically adjust to wide variations in scene
illumination without noticeable distortion in the transmitted image.
(f) Backlight Compensation: A feature available in many cameras that automatically
reduces contrast and silhouetting between near and far objects.
(g) Video Output: A measurement, stated in Volts peak-to-peak, between the darkest
black to brightest light levels of the signal. Typical values are 1.0 Volts peak to peak.
(h) Synchronization: A means of controlling the imager scanning so that the camera
image will not roll when switched between video monitors. Better cameras allow for
synchronization adjustment to accommodate multi-phase power supplies.
(i) Environment: Upper and lower temperature and humidity limits for the cameras.
It is important to specify a camera that works in the intended environment,
including weather.
(j) Dimensions: The outside measurements of the camera case.
(k) Weight: The weight of the camera within its casing.
(3) Because camera technology is improving so rapidly, detailed performance specifications
are not provided here; it is recommended that utilities consult with a security engineer for
current camera hardware standards and sensitivity ratings.
11.2 Field of View
(1) Provide fixed-position or pan/tilt/zoom cameras depending upon desired field of view
and intended application.
(2) Provide appropriate camera lenses corresponding to camera application and field of
view requirements.
(3) The CCTV surveillance system should be capable of viewing prescribed objects within
the field of view as follows, considering a screen height of 480 pixels to be full-screen
(100 percent = 480 pixels).
(a) For intrusion detection purposes, the object should occupy a minimum of
10 percent of the screen height or be 48-pixels tall.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-17
-------�
(b) For recognizing a person's face, the body of the person should be a minimum of
50 percent of the screen height or 240-pixels tall.
(c) To identify a license plate, the plate height should be a minimum of 5 percent of
the screen height or 24-pixels tall.
(4) In some cases, the field of view of a camera may include public areas or private
residential areas that should not be monitored by video surveillance. In these cases, to
minimize liability issues, a current capability with modern CCTV systems allows masking
of these areas or views so that they cannot be seen by the attendant staff.
11.3 CCTV Housings and Mounts
(1) CCTV housings should be adequate for the intended application and site location.
(2) Incorporate heater/blower units, wipers, or other elements as necessary to accommodate
site environmental conditions.
(3) Incorporate pole-mount, building-mount, or other mounting means so that the camera
obtains a clear field of view of the intended target.
(4) Specify and locate housing and camera mount such that tampering or vandalism of the
camera units is prevented.
11.4 Video Network Servers
(1) The video network server should be high-performance Internet-Protocol (IP) network-
compatible video system.
(2) The network server should be capable of streaming images at a frame rate of 30 frames
per second.
(3) The video communication system should be capable of transmitting live video across
communication networks and enable video cameras to be remotely monitored and
controlled over the network, provided password authentication requirements are met.
(4) The camera view desired should be selectable by designated camera name and IP
address.
11.5 Digital Video Recorders
(1) As a minimum, it is recommended to provide adequate digital recording capacity for all
cameras at 30 days of continuous storage at 5 frames per second.
(2) Provide a means for archiving video to digital video disc (DVD) or other long-term
storage format.
(3) Specify the physical location of recorder unit based on environmental considerations,
location, network, and bandwidth availability.
(4) Identify appropriate video compression technology to conserve network bandwidth and
storage needs.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-18
-------�
11.6 CCTV Computer Application Software
(1) CCTV application software should be full management software to monitor and manage
single or multiple sites.
(2) Software should allow monitoring and recording of images from multiple simultaneous
cameras at frame rates up to 30 frames per second.
(3) System should enable customized layouts for intuitive and interactive ways of
representing the camera network.
(4) Software should provide flexible live and recording settings per individual camera input.
(5) Software should allow connectivity to other systems, via application programming
interface (API) alarm and pre-alarm recordings, and enable support for external joysticks to
perform pan and tilt operations.
12.0 Security, Controls, and SCADA Wiring
(1) All security, controls, and SCADA wiring should be protected within conduit.
(2) All interconnecting wiring between security components should be monitored for
integrity so that an abnormal condition (wire-to-wire short, wire break, or wire ground-fault
condition) is automatically indicated to the user upon arming the system.
(3) The security wiring configuration at the end device should be a 4-state configuration
using an end-of-line (EOL) resistor network where neither alarm nor normal condition are
0 ohms or open-circuit.
(4) Conceal security conduits, telephone lines, and other critical utility connections from
view and access, or locate them in the interior of buildings.
(5) Provide a backup power source (4 hours minimum) to security components and SCADA
and other crucial control systems.
(6) Backup power sources may include battery units, auxiliary power supplies,
uninterruptible power supplies (UPS), or generators.
(7) Refer to NPPA 70, National Electrical Code (NFPA 2005), for code guidance on electrical
wiring requirements.
12.1 SCADA and Electrical Control Panel Enclosures
(1) Provide a tamper switch at all security and SCADA control panel enclosures. Upon
enclosure door opening, an alarm condition should be logged by the system.
(2) Though panels should be locked, the electrical disconnect should never be locked.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-19
-------�
13.0 Building Elements
13.1 General
(1) When new buildings are being designed, discuss with the building architect and
structural engineers the opportunity to incorporate design elements that prevent
progressive collapse of the facility in the event of explosion within or adjacent to the
building. Progressive collapse is denned by the ASCE and SEI (Structural Engineering
Institute) in "Minimum Design Loads for Buildings and Other Structures" (ASCE/SEI 2006)
as "The spread of an initial local failure from element to element eventually resulting in the
collapse of an entire structure or a disproportionate large part of it."
13.2 Doors
(1) Exterior doors should be heavy-duty steel-metal door, ASTM F476 Grade 40 high-
security level door (ASTM 2002), prepped for security door hardware. Doors should comply
with ANSI/NAAMM HMMA 862-03 "Guide Specifications for Commercial Security
Hollow Metal Doors and Frames" (ANSI/NAAMM HMMA 2003).
(2) Doors should have a maximum window opening of 96 square inches (62,000 square mm)
or nominal 4-inch by 16-inch (100-mm by 400-mm) size with a minimum side panel size.
(3) Door frame should be heavy-duty with concrete fill.
(4) Hinge pins should be on the secure side or be non-removable/tamper-resistant to
eliminate door compromise by removing hinge pins.
(5) Consider electronic door status monitoring for door forced and door ajar conditions.
(6) The following door recommendations are provided for example purposes from the U.S.
General Services Administration Publication "Facilities Standards for the Public Buildings
Service," Section 3.5 - Building Elements (GSA 2005).
(a) Glazed exterior doors and frames should be steel and meet the requirements of
SDI Grade III with a G-90 galvanic zinc coating.
(b) Hinges, hinge pins, and hasps must be secured against unauthorized removal by
using spot welds or peened mounting bolts.
(c) All exterior doors must have automatic closers.
(d) The exterior side of the door should have a lock guard or astragal to prevent
jimmying of the latch hardware.
(e) Doors used for egress only should not have any operable exterior hardware.
13.3 Security Grilles
(1) Base-level security grilles (for windows, louver openings, roof hatches, culverts, etc.)
should be woven #10 wire gauge steel, 1.5-inch (38-mm) diamond mesh, or welded #10 wire
gauge, 2-inch (50-mm) square welded mesh screens.
(2) The grilles should be hot galvanized with a hot-powdered coat finish.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-20
-------�
(3) Use tamper-resistant and tamper-proof fasteners for mounting window grilles.
(4) For enhanced-level protection, refer to Military Handbook MIL-HDBK-1013/10, "Design
Guidelines for Fencing, Gates, Barriers, and Guard Facilities" (NFESC 1993b) for security
grilles.
13.4 Security Cages
(1) Caged partitions (for critical equipment, pumps, motor control centers, and so on)
should be #10 wire gauge steel with 2-inch (50 mm) welded openings in 1.25-inch by 1.25-
inch by 0.125-inch (32-mm by 32-mm by 3-mm) angle iron framework.
(2) Ensure the partitions include framework supports, access gates, locks, and other
accessories.
14.0 Hatches/Vaults and Vents
14.1 Hatch, Vault, and Vent Alarms - General
(1) Hatch, vault, and vent alarms should use similar alarm contact hardware such as
magnetic door contact switches, depending on the final hatch/vault design.
(2) Interconnect alarm contacts to a security monitoring system.
(3) Note that curb and sidewalk devices may become a tripping or safety hazard. Consider
the location and application carefully when designing the system.
(4) Provide locking covers for valve operators.
14.2 Roof or Sidewalk Hatches
(1) Provide a lock on a manufacturer's metal door system that is set into concrete curb with
gutter and drain.
(2) Consider an additional protected keyed bar lock across the door that is mounted directly
to the structural curb, especially for large, publicly accessible pumping stations.
(3) Consider an elevated upper structure cover surrounding the sidewalk door, especially
for large, publicly accessible pumping stations. This cover is to prevent drilling through the
doorplate and adding liquids to the contents as well as to delay access to the sidewalk door
hatch. This additional layer delays someone attempting to gain access to water to introduce
a contaminant.
(4) Alarm upper structure using exterior-rated balanced magnetic door contacts.
14.3 Roof Vents
(1) Provide metal roof vents with numerous small openings rather than vents with fewer,
larger openings (96 square inches [62,000 square mm] is considered a person-passable
opening). Contaminants can be introduced through much smaller vents; prevent direct
passage of contaminants through a vent by using traps.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILfTIES A-21
-------�
(2) Position or barricade vent openings to prevent spray of a contaminant liquid into vent
opening.
(3) Provide a metal structure cover surrounding the vent to delay access to the vent
structure, with adequate standoff (nominally 8 inches [200 mm] or more) from the vent to
limit drilling attempts into the vent assembly.
(4) Provide protected dual locks on a metal vent cover system set on a concrete curb.
(5) Alarm protective cover using exterior-rated magnetic door contacts.
14.4 Vault Hatch with Elevated Curb
(1) Provide lock on manufacturer's door system. Alarm the vault hatch using exterior-rated
magnetic door contacts.
(2) Consider an additional protected key bar lock across the door that is mounted directly to
the structural curb.
14.5 Vault Door Hatch Set Flush with Top of Structural Slab
(1) Provide a lock on a manufacturer's door system. Alarm vault hatch using exterior-rated
magnetic door contacts.
(2) Consider an interior keyed bar lock system or secondary horizontal structure
immediately below the vault sidewalk door hatch to block access.
15.0 Online Water Quality Monitoring
(1) A suite of online instruments to monitor some surrogate water quality parameters
should be installed.
(2) Among parameters to monitor in water distribution systems are pH, chlorine residual
(either total or free, depending on the type of residual maintained in the system), specific
conductance, turbidity, and total organic carbon.
(3) Among parameters that could be considered for monitoring wastewater collection
systems are pH and volatile organic carbon.
(4) Periodic readings from the online instruments should be compared with baseline water
quality values to determine if there is potential contamination.
(5) The placement of the sampling location for the instruments depends on the type of asset.
For example, in water storage tanks, the sampling location should be from the outlet pipe
near the tank, ideally between the tank and the isolation valve. If there is a common inlet/
outlet pipe, then the sampling location should be installed on the common pipe near the
tank, ideally between the tank and the isolation valve.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-22
-------�
16.0 Operator Devices
16.1 Man-Down Transmitter
(1) A man-down transmitter is worn by personnel for automatic man-down signaling.
(2) The unit should be portable, lightweight, and supplied with a belt clip or holster for
mounting.
(3) Built-in tilt switches should automatically activate the man-down transmitter when the
user is knocked down.
(4) A pull cord should activate the alarm or emergency signal when an attempt is made to
remove the unit from a belt.
(5) The transmission mode should integrate both radio frequency (RF) and Infrared (IR)
signaling for redundant communications.
(6) Power should be provided by a long-life lithium battery.
17.0 Chemical Fill-Line Locking Devices
(1) Connections for filling chemical tanks should be locked to restrict access to only
authorized personnel. Chemical fill lines usually are fitted with quick-connect, cam-arm
actuated couplings for ease of use by the chemical vendor. Locking devices for contractor's
temporary connections are recommended.
(2) Lockable dust caps or dust plugs with hardened key locks should be installed on the
individual couplings.
(3) Where multiple fill lines are collocated, a hardened box or port integrated into the
building masonry complete with shrouded and hardened lock can be used in lieu of the
individual coupling locks.
18.0 Hydrants
(1) Provide tamper seals on hydrants. Tamper seals reduce the possibility of tampering or
unauthorized operation of the hydrant.
(2) Provide locking mechanisms on hydrants. Hydrant locking systems should be designed
so that the hydrants can be operated using a special keyed wrench without the need to
remove the lock.
(a) If locking mechanisms are used on hydrants, it is important that training on
unlocking the mechanisms be provided to all local firefighting personnel and any
other fire departments with which there are mutual aid agreements in place who
would respond in an emergency.
(b) Provide the specialized wrenches in sufficient quantity to the fire department and
other authorized persons so that they can operate the hydrants as needed. These
wrenches are typically only sold to fire authorities and water utilities.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-23
-------�
19.0 Manholes
(1) Securing manholes can be accomplished in three ways; tack welding, bolt locks, and pan
locks:
(a) Tack welding provides a fast method of securing manholes. It is economical and
effective for manholes not frequently accessed. The disadvantage is that the
tackweld must be removed or broken before utility staff can access the manhole.
(b) Bolt locks anchor the manhole to the manhole frame. They have a specialized bolt
head which requires a specialized tool to unbolt or unlock the manhole. To remove
or access the manhole, the bolt locks must be removed. This system of locking
manholes is more flexible than the tack welding method, but more expensive to
install.
(c) Pan locks prevent entry into the manhole, as well as eliminating dumping into
the collection system. The pan unit is installed into the manhole, with the edge of the
pan resting within the manhole opening. The manhole is then locked into place into
the pan unit. This system of locking manholes is more flexible than the tack welding
and bolt locking methods, but more expensive to install.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES A-24
-------�
APPENDIX B
Glossary and Abbreviations
access control. The physical guidance of vehicles and/or people going to and coming from a
space through judicious placement of entrances, exits, landscaping, lighting, and
controlling devices (such as, guard stations, turnstiles, etc.)
ACL American Concrete Institute.
agent. Any physical, chemical, or biological entity that can be harmful to an organism.
AISI. American Iron and Steel Institute-
AMSA. Association of Metropolitan Sewerage Agencies (now National Association of Clean
Water Agencies [NACWA]).
ANSI. American National Standards Institute.
API. Application programming interface.
ASCE. American Society of Civil Engineers.
ASDWA. Association of State Drinking Water Administrators.
asset. Anything of value (such as, people, information, hardware, software, facilities,
equipment, reputation, activities, or operations) that may be a target of the design basis
threat adversary. Assets are what an organization needs to get the job done — to carry out
the mission. The more critical the asset is to an organization accomplishing its mission,
the greater the effect of its damage or destruction.
ASTM. American Society for Testing and Materials.
AWWA. American Water Works Association.
AwwaRF. American Water Works Association Research Foundation.
base. Minimum recommended.
bollard. One of a series of posts preventing vehicles from entering an area.
CCTV. Closed-circuit television.
clear zone. An area surrounding the perimeter of a facility that is free of shrubs and trees,
and features well-maintained landscaping that does not provide hiding places for an
adversary.
CMU. Concrete masonry unit.
contaminant. Any physical, chemical, biological, or radiological substance or matter that
has an adverse effect on air, water, or soil.
contamination. Introduction of microorganisms, chemicals, toxic substances, wastes, or
wastewater into water, air, and soil in a concentration that makes the medium unfit for
its intended use.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES B-1
-------�
countermeasure. A reaction to or a defense against a hostile action to deal with a
threatening situation.
criminal. The primary motivation for a criminal is the desire to obtain equipment, tools, or
components that have inherent value and can be sold. Criminals typically use stealth to
avoid apprehension, and response times should focus on the time for the adversary to
obtain the asset. See also Table 1-1.
CSC. Codes and Standards Committee.
daisy chain. Groups of padlocks connected and hooked to a common chain in such a way as
to allow access through a key that can unlock any one of the padlocks.
delay f eatures. Security objects such as physical barriers designed to occupy or limit an
adversary until a response force can interrupt accomplishment of the adversary's
objectives. Delay features consist primarily of physical hardening features and are often
employed in multiple layers to provide protection in depth. Delay features are only
effective when placed within a layer of detection.
design basis threat (DBT). The adversary against which a utility must be protected.
Determining the DBT requires consideration of the threat type, tactics, mode of
operations, capabilities, threat level, and likelihood of occurrence.
detection. The point at which a potential attack is discovered, assessed, and determined to
be an attack in progress rather than a false alarm.
detection features. Security items such as sensors that are intended to detect the presence of
an intruder. A complete detection system generally includes electronic features such as
sensors as well as cameras or visual observation for assessment of alarm validity.
Depending on the types of sensors, a detection system may also include lighting systems,
motion detectors, monitoring cameras, access control equipment, or other devices.
deterrence. Security measures such as lighting or the presence of closed circuit television or
people in the area that may discourage an adversary from attacking the facility.
Deterrence is not generally considered a part of a physical protection system with a
predictable level of effectiveness, however, it can reduce the occurrence of crime or low-
level vandal attacks.
DoD. Department of Defense.
DSTU. Draft American National Standard for Trial Use.
DVD. Digital Versatile Disc, Digital Video Disc.
EFI. Electronic frequency interference.
enhanced. Augmented with improved, advanced, or sophisticated features.
EOL. End-of-line.
EWRI. Environmental and Water Resources Institute of the ASCE.
foot-candle. A unit of light intensity defined as the amount of light measured on a surface
one foot from a uniform point source of light equal to the light of one candle. A foot-
candle is equal to one lumen per square foot.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES B-2
-------�
FRP. Fiberglass-reinforced plastic.
GSA. General Services Administration.
harden. To improve the physical strength of a protective measure.
IESNA. Illuminated Engineering Society of North America.
improvised explosive device (IED). An apparatus or contraption placed or fabricated
without detailed manufacturing that incorporates destructive, lethal, noxious,
pyrotechnic, or incendiary chemicals and is designed to destroy, incapacitate, harass, or
distract through high-speed projectiles and overpressure.
improvised incendiary device (HD). An apparatus or contraption placed or fabricated
without detailed manufacturing that incorporates destructive, lethal, noxious,
pyrotechnic, or incendiary chemicals and designed to destroy, incapacitate, harass, or
distract by creating intense heat and fire.
insider. An individual who is granted normal access to a facility. This may be an employee,
a contractor, custodial worker, or an authorized visitor. See also Table 1-1.
intrusion. Entrance by force or without permission or authorization, either physically or via
electronic methods.
IP. Internet protocol.
IR. Infrared.
Ib. Pound.
lumen. The SI unit of measuring the power of light being produced by a light source or
received by a surface.
luces. Plural of lux.
lux. The SI unit of light intensity defined as the amount of light equal to one lumen per
square meter.
m. Meter.
mm. Millimeter.
mantrap. Secured entry system that prevents an individual from gaining access to an area
by holding them first in an assessment area.
NACWA. National Association of Clean Water Agencies (formerly Association of
Metropolitan Sewerage Agencies [AMSA]).
NDWAC. National Drinking Water Advisory Council.
NETCSC. National Environmental Training Center for Small Communities.
NFPA. National Fire Protection Association.
NRWA. National Rural Water Association.
OD. Outside diameter.
PIR. Passive infrared.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES B-3
-------�
PL. Public law.
protection in depth. The strategy of providing multiple layers of protective measures,
therefore requiring an adversary to defeat a system, travel to the next protective layer
and defeat that system, and so forth until reaching the target. An example of protection
in depth is the application of layers of protective measures at the site boundary
(perimeter fencing system), at the building envelope (exterior walls, doors, windows,
grilles, and roof system), and at the target enclosure (the room in which the targeted asset
is housed).
psi. Pounds per square inch.
PTZ. Pan, tilt, and zoom.
PVC. Polyvinyl chloride.
RAM-W™. Risk Assessment Methodology for Water Utilities.
response. Actions taken to interrupt the adversary's task. Utility staff, the utility's security
response force, or law enforcement may carry out response, depending on the threat and
policy of the utility.
RF. Radio frequency.
RFI. Radio frequency interference.
risk. The potential for realization of unwanted, adverse consequences to human life, health,
property, or the environment. The quantitative or qualitative expression of possible loss
that considers both the probability that a hazard will cause harm and the consequences of
that event. Risk is usually expressed as a function of the probability that an adverse effect
will occur and the criticality of the effect on the ability to fulfill a mission or function.
RTU. Remote terminal unit.
saboteur. A saboteur is typically motivated by political, doctrinal, or religious causes,
although revenge may also be a motivation. These individuals primarily use stealth to
achieve their objectives, but they can be armed and willing to injure or kill others if
threatened. The saboteur is bent on damage or destruction of the utility's facilities or
generating a lack of public confidence in the utility's ability to protect the public. See also
Table 1-1.
SCAD A. Supervisory Control and Data Acquisition.
SI. International System of Units.
significant. Having or likely to have a major effect; important; fairly large in amount or
quantity.
Supervisory Control and Data Acquisition (SCADA). The system that provides automatic
or semi-automatic sensing of key parameters and control of key elements of the water or
wastewater system. It generally provides for communications, notifications, and alarms,
as well as for manual over-ride of controls.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES B-4
-------�
surveillance. The placement of physical features, activities, vehicles, and people that
maximize visibility by others during their normal activities. Surveillance may be natural
or electronic, informal (office windows placed to facilitate surveillance of entry roads), or
formal (continuous monitoring). Surveillance provides the link between detection
(sensors activated due to the presence of an intruder) and assessment (confirming that
the detection is valid and not a nuisance alarm).
SWAT. Special Weapons and Tactics.
target. This term is used synonymously with asset throughout this document.
terrorist. A radical who employs terror as a political weapon; with significantly enhanced
tool and weapon capabilities, terrorists may be politically or doctrinally motivated to
cause maximum human casualties, often without regard for the terrorist's personal
survival.
TISP. The Infrastructure Security Partnership.
UL. Underwriters Laboratory.
UPS. Uninterruptible power supply.
USEPA. U.S. Environmental Protection Agency.
VA. Vulnerability assessment.
vandal. An individual acting alone or in a group, unarmed and using spray paint to deface
property or using hand tools to inflict damage to utility assets. See also Table 1-1.
vehicle sally port. Interlocking gates within a fenced area where incoming drivers pass
through the first gate and stop at the second gate. Once both gates are closed and the
vehicle is captured within the sally port, a security guard may confirm the identity of the
driver and, if necessary, search the vehicle to confirm the contents. Once the vehicle and
driver are approved, the second gate opens and the vehicle may drive onto the facility.
VSAT™. Vulnerability Self-Assessment Tool.
vulnerability. A characteristic of a critical infrastructure's design, implementation, or
operation that renders the infrastructure susceptible to destruction or incapacitation by a
threat. Vulnerabilities may consist of flaws in security procedures, software, internal
system controls, or installation of infrastructure that may affect the integrity,
confidentiality, accountability, or availability of data or services. Vulnerabilities also
include flaws that may be deliberately exploited and those that may cause failure due to
inadvertent human actions or natural disasters. Vulnerability may be considered any
weakness that can be exploited by an adversary or, in a non-terrorist threat environment,
make an asset susceptible to hazard damage.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES B-5
-------�
vulnerability assessment (VA). An assessment of the vulnerabilities of a water or
wastewater system. The six common elements of vulnerability assessments identified by
USEPA are: (1) characterization of the system, including its mission and objectives; (2)
identification and prioritization of adverse consequences to avoid; (3) determination of
critical assets that might be subject to malevolent acts that could result in undesired
consequences; (4) assessment of the likelihood (qualitative probability) of such
malevolent acts from adversaries; (5) evaluation of existing counter-measures; and (6)
analysis of current risk and development of a prioritized plan for risk reduction. Two
example approaches to VAs are the Risk Assessment Methodology for Water Utilities
and the Vulnerability Self-Assessment Tool (VSAT™).
WEF. Water Environment Federation.
WISE. Water Infrastructure Security Enhancements.
WISE SC. Water Infrastructure Security Enhancements Standards Committee of the EWRI
of ASCE.
WSWG. Water Security Working Group.
DECEMBER 2006
GUIDELINES FOR PHYSICAL SECURITY OF WATER UTILITIES B-6
-------�
(O
o
x £
15
so
-~j
OJ
QJ £
^ ^
01 S
security, see the USEPA WISE Phase I documents d
r Works Associahon (2004a), and the Water Envirom
01 £
**^ CQ
(Q ^.
Ql (-1
45 w
CO tO
ca .y
> C
> 01
"c ^
(0 "^H
_s ^
fB v
^ 'TTT
° 1
OJ ^
« -^
u C3
*-• W
0 ^
m -5
1|
l=t
J= «S O
t'St
u 0) TJ
2 "S §
O ^-i O
42 PH
Annotation
4)
O
1
£
V
. CD >>
•— O "?
!2 tn
^ *- T—
H &£
"* r? —
£ ^ I
O (B >T
**~ 5 x
CU O O.
*?. TO 5
OC "5 o
•<- "55 -g
oo •§ o
CO (? ^-
111
" 2 §
n Concrete Institute (ACI)
and Construction of Conci
ww.concrete.org/bookstoi
8 c ^
CU 'jf^
< Q CM !
;
i O O
: O O
I •= "^
This document provides specifications for commercial security
metal doors and frames. Its focus is protection from vandalism
entry, theft, and firearms attack.
>
OCM
ii
[2 ±±
(1) ^ ^
"s 5 « 5
_ _ - ^
1 S 'P ^
g| o E
S± E E
CO (D c ^
^ "53 o D)
CD S O o
o 5 S E
<= O •*- p !
TO = en £
^£§1
^"^'•i5 ^
Sill
Si o i i
3 S.w"~
i National Standards Insti
ural Metal Manufacturers
on (HMMA). 2003. Guide
ors and Frames. Chicago
8 1 « <3
cu !c ° "to "S
E a llri
<«So
i
|
f 12*
_ o en ..
Although the availability of security literature is growing rapidly
general and specialized texts, it has not been possible— until n
a business manager or protection professional to find in one ph
current, accurate, and practical treatment of the broad range ol
protection subjects, strategies, and solutions.
W
s
<
"o
c
•K
8
1
s
0
CN
W^^ !
<< I
1
!*fg
This update to ASCE/SEI Standard 7-02 and its supplement pn
requirements for general structural design and includes means
determining dead, live, soil, flood, wind, snow, rain, atmospheri
and earthquake loads, and their combinations that are suitable
inclusion in building codes and other documents.
|S
(TJ rf
Q
c^
^c-
trt C.
$ 0
Q w
" cu
t 01
ig^ |
* TJ OO
si*
CN TO "o
QJ^-a
O LLJ p
< S «
^o-S
Society of Civil Engineer!
and Other Structures, AS
/w.asce.org/bookstore/boi
III
|1 8.
^ m **"*
I i
USEPA WISE ASCE/AWWA/WEF Phase 1 Documents
(December 9, 2004) are available at the ASCE, AWWA WEF ;
USEPA web sites.
CD
O)
C
'c
g>
1
O
£
i
c
"53
5
'^
°<
S*
s§
DjJ
o&
sg
Society of Civil Engineers
mtaminant Monitoring Sys
(.org/static/1/wise.cfm
§° «
§ J i i
io i
< O 5 i
|
i .«
Sen
,- D
This standard provides the minimum requirements for vertical w
supply wells, including geologic/hydrologic conditions and water
and well construction.
Wi
. ^_ :
I "35
i §
o>
1
CO 8
§2
ii
< ^
. c*-
81
§o
CM-JJ
<~-o
t2 i
-------�
Annotation
T3 -O
CD C
D)ro
Q. CO
-.ffi
S3
5. .2
range from
and startup
1-5 5_
I « » ?J2
! £ CD CO^
CD £ C CO
! ro ^ .S5^
li-Sl0
;^5^T
Is 1
d
ion,
ce
ncl
ru
re
ics
or wate
d
io
construction. Topi incl
through design, cons
to
l ta
ls o
ha
This standard provides guidance
and procurement of welded steel
standard does not cover all detail
of the large variety of sizes d s
05:
od
< LU
ater
for W
CD CD
.01-
CD CD
E £
< 0)
co o:
o O
II
l!
-------�
Annotation
£
£
3
UJ
§2
i&
i>.E « S 2.
UJ CO « CO g5 i
CO i CD .c .£ !
73 to fe — -C
£ 2 8.0 «
tO 0 Q 73 £
^_. *^ /i\ in
m\i \
8I?S" i
•§ to c o w
£ 5^1S
£ o w B c
llll!
rd test methods coven
e capability of a swing
rate the commission o
naterials and types of i
so include individual ci
strike, and jamb/wall.
•§£§ S-CO.Q
i c co E 3 ui E
i ro ts *- o ~o CD
i M uj 2 •= ° -:
! CD
-------�
Annotation
Reference
The Unified Facilities Criteria (UFC) system is prescribed by MIL-STD
3007 and provides planning, design, construction, sustainment,
restoration, and modernization criteria.
,0
tf)
•0
CO
C
CO
55
E
U)
o
1
•3=
i. 2002. Minimum Ar
iteria UFC 4-01 0-01
ldards.pdf
snt of Defense (DoD]
. Unified Facilities Ci
.org/files/pdf/dodstar
p <« CL
ami
This book provides detailed information on the full process of security
system design and integration, illustrating how the various physical and
electronic elements work together to form a comprehensive system.
0
75
1
"CD
o
>.
a
"o
c
o .
Design and Evaluati
lerworth-Heinemann
»1
jEm
5I
0 2
CM -
C S
C D)
±r^
i >> ^
I co co
1 ^ «>
CO ^
ow
This guideline covers basic security principles, illuminance
requirements for various types of properties, protocol for evaluating
current lighting levels for different security applications, and security
survey and crime search methodology. This guideline includes exterior
and interior security lighting practices for the reasonable protection of
persons and property.
o ^
cu o
.E >-
cu 5
5 Z
i?
o -7
. O
Z %
u3 §_
s— - (/)
3ty of North America
3roperty, and Public
on Engineering Socii
Lighting for People, F
CO ^
C -C
°c 3
l!z
This document provides detailed information needed to design, equip,
and build efficient, reliable pumping stations that are easy to operate
and maintain.
,
. €
LU O
"E ^
CO .g
co ,3
CO CO
"O d
CD •—
S'l
"§3r>
i c
co .91
o tO
O CD
11
EPS
o 55
CU UJ
0 g>
to" 'a.
ji E
CU CM
! t C C
i CD CO C
ICDEJS
i S8|
1 g 8-1
I -3 CD I
This handbook provides material to design, analyze, operate, maintain,
and rehabilitate water distribution systems. Topics include from
hydraulic design for pipelines and tanks to water quality issues,
computer models, and rehabilitation/replacement information
>-
2_
5=
|
|
CD
o
.
o
o
•o
c
CD
Distribution Systems
1 0)
11
8
S
|l
of
i _i
to"
CO >
This document provides tools to assess, prioritize, and address water
distribution system vulnerabilities.
^,
''S
o
>
S •"•
CO *-*
||
^ ^
Q
O o
ei
O to
^f CU
Water Agencies (N>
& Wastewater Utiliti
irg/pugs/index.cfm
Association of Clean
ent Tool™ for Water
. http://www.nacwa.c
ill
'^ in -Q
CD U) CU
Z < UL
This document was developed to help wastewater utilities identify and
evaluate the vulnerability of their assets, as well as the threats against
them. This document was originally developed under NACWA's former
name, Association of Metropolitan Sewerage Agencies (AMSA).
•g
CO
CO
CO
CO
<
S
0
3"
5
^f
Water Agencies (N>
stewater Utilities©.
dex.cfm
Association of Clean
ility Checklist for Wa;
w. nacwa.org/pugs/in
1 — -° s
i CO CD 5
i si!
i = — Q.
This guide allows decisionmakers for small wastewater treatment
systems to evaluate the security of their systems and to plan for
emergencies. Tools provided in the guide include an Inventory of
Critical Assets, Threat Assessment, Vulnerability Assessment
Checklist, and Prioritization of Potential Corrective Actions.
a
O ui
CM c
o"-S
CO >,_
oco§
LU co $
~~^ S £
•'g CD <-
ill
siA
O CO o1
ng Center for Small
Assets: A Guide for
fvu.edu/netcsc/netcs
Environmental Traini
g Your Community's
;r. http://www.nesc.vv
To-Jl-g
c o E
o cu cu
15 2 o
Z o. z
-------�
Annotation
u
1
£
S.
This code addresses those egress features necessary to minimize
danger to life from fire and smoke, crowd pressures, and movement of
individuals and groups, and provides minimum criteria for the design of
egress facilities in order to permit prompt escape of occupants from
buildings or, where desirable, into safe areas within buildings.
•«
1
6)
wK
©
5
^
LL
•z.
s
o
CM
t
LJ-
:ire Protection Association (l>
luincy, MA.
*• o
to „•
c. ©
o 33
"CD o
z o
This code describes the safe installation and use of electrical
equipment by consumers.
1
T3
O
O
1
111
To
c
.g
"re
§
o
CN
LL
:ire Protection Association (f1
) Handbook. Quincy. MA.
I Tn
i c <
!5S:
! CD ^
z e.
I
This code includes the latest technologies, advances, and safety
strategies in areas such as alarms, egress, emergency lighting, and
special hazard protection. The contents are not meant as a standalone
document, but for inclusion in a building code.
i CO
1 z "°
This document provides detailed requirements for chain-link fence gates
and accessories.
en
'§
LL
1
^r ^*
f5
11
CD i*—
1C °
IE
-§ 9-
^ 'cfl*
dl^-
O5 7 ^
O5 CD ^~
ii- O O5
nstruction Battalion Center.
Post, Metal (Chain-Link Fen
N. wbdg.org/ccb/FEDMIL/rrf1
I 0 T3 %
0 c §
! — to ->
I > £ ^.
CO «^| J2
\ z
This specification covers general requirements for chain-link fencing and
accessories including classification for various parts of fencing, wire and
post metal, fencing fabric, gates, posts, top rails, braces, and
accessories.
•o
CO
To -£•
To o
*n ^
(rt (^
n CL
C CO
CO —
oj re
*— (D
IE ***
rn
?«•
If
0) 'C
^ °!g
III
nstruction Battalion Center.
lain-Link Fence Fabric, and
/v.wbdg.org/ccb/FEDMIL/rrf1
i o £5 s
O .5
~* (/) -^J
• TO Q) "T-:
; > •*-— O
• j r? *^
I Z
This specification covers general requirements for chain-link fence
accessories including: caps, rail sleeves, brace bands, rail and brace
ends, wire ties and clips, tension wires, tension bars, truss rods, barbed
wire, barbed wire support arms, and other miscellaneous accessories.
£
1
o
2
o5
+s
V)
c?
c
CO
i (t)
': W
>
^
i £?
'o
• *-
It!*
111!
nstruction Battalion Center.
;e Accessories) (Detail Spec
w.wbdg.org/ccb/FEDMIL/rrf1
( O g 5
i o § i
i To "- ^
i CD C *^
I 2 —i -c
:
This handbook provides guidance to ensure that appropriate design,
operational, environmental, cost, security, and safety considerations
are included in the selection process for vehicle barrier systems. Topics
covered in the handbook include: vehicle barrier requirements, vehicle
barrier installation and design, and descriptions and data on
commercially available vehicle barriers and passive barriers that can be
constructed on site.
"o. §
z< i
This manual provides guidance to ensure that appropriate physical
security considerations are included in the design of general facilities.
Aspects considered in this manual include the pre-design phase, the
assessment of physical security threats, and an overview of the design
phase. Specific technical sections in the manual also describe exterior
site physical security, building physical security, ballistic attack
hardening, standoff weapon hardening, and bomb blast hardening.
cS-o
H ro
0) V
•o "T
'3 S1
O re
c ^
O5 C
it
• -^ :
CO ^
CO m i^_
05 ;S 'S
en > a.
'-^ re
o"^ '"i
CO ?5 2
LU ^ o
U_ 0 ^
Ss'cni
•g Q ^
:ilities Engineering Service C
al Security of Facilities (MIL-
wbdg.org/ccb/NAVFAC/DMf
J-; O ^
i2's.i
; L±- >% >
IE*
1 CO g O
-------�
Annotation
Reference
0)
This military handbook provides guidance and detailed criteria for t
design, selection, and installation of new security fencing, gates,
barriers, and guard facilities for perimeter boundaries of Navy and
Marine Corps installations or separate activities, and designated
restricted areas.
c3s-
C T-
"55 co
"O *~
•5°
^ *:
o>S
s5
Sl.
O5 0)
T— •*—.
gl 1
es Engineering Service Center (Nl
rencing, Gates, Barriers, and Guai
Navy Yard, DC.
rg/ccb/NAVFAC/DMMHNAV/1013
s c 9
7; .2" O C>>
nn
— » ;._!_<->
| g> i 0)CO
I — ! ,y ns
1 IP
! '33 ! CL~
oration. 2002. Risk Assessment M
iOO(i)(1). http://frwebgate.access.gi
3i?dbname=browse_usc&docid=Ci
I 9- IS?
i 0 | . 0
^O 'oJ-D
re o>=-
u; re ^
8 §|
o "o -fi
1 Services Administration (GSA). 2
igs Service. Washington, DC.
sa.gov/Portal/gsa/ep/channelView.
,2Fchannel%2FgsaOverview.jsp&(
[5^5 »s
^3 1%
w m | LL-
0 o|g
en -Q till
i re'JHcMEi'-^jsco
! CO 5 ITJ-^I ! 3 0- .c o)
USEPA WISE ASCE/AWWA/WEF Phase 1 Documents
(December 9, 2004) are available at the ASCE, AWWA, WEF, and
USEPA web sites.
S
c co
re , i
co c i=
O) t -5
c re o -1
This report presents the consensus reached by WSWG on 18 findi
that: (1) establish the features of active and effective security prog
(2) identify ways government and others might encourage utilities I
adopt and maintain active and effective programs, and (3) suggest
specific and national measures of water sector security progress.
c S
O
O
•^ ^"* t
z §H
CD O) 3
£ < v
x- c re
O r* en
o t? m'&~5
0) O)
»J
?* *•—
'ra S if
f $ 1°- 8-
c s-~- 1 CD to =;
M l^1
i O S 'C
111
> I 5 1 ess
^ o
•Nl
J . »
inment Federation (WEF). 2004. Ir
ter/Stormwaler Utilities. Alexandria
ningProfessionalDevelopment/Wa
ater Envirc
Wastewa
aining/Trai
O c:
o> p 3) u.
"lit
•ity Working Group (WSWG). 2005
ter Advisory Council to the U.S. Er
•ity Practices, Incentives, and Mea
wswg/wswg_report_finaljuly2005
3*81
* S"2-t
^ !
f- fl) re *o
£ JT >- x
This report documents the security incidents, threats, and hoaxes
have occurred involving or of direct relevance to water systems. Tl
report includes a review of 264 incidents, classifying them by geog
region, type of attacker, mode of attack, targeted asset, and other
categorization. The report reviews the incidents and discusses sp«
types of contaminants and the purported motivation of attackers.
j
5
w
CD
re
"re
CO
>
UJ
t
2003. Actual and Threatened Sec
enver, CO.
I £l
1 1 1
"*
"V
o
-------�
-------�
-------�
-------�
-------�