GUIDANCE FOR WATER UTILITY RESPONSE, RECOVERY & REMEDIATION ACTIONS FOR « MAN-MADE AND/OR TECHNOLOGICAL EMERGENCIES Office of Water (4601M) EPA810-R-02-001 www. epa. gov/safewater April 2002 ------- DISCLAIMER The statements in this document are intended solely as guidance. This document is not intended, nor can it be relied on, to create any rights enforceable by any party in litigation with the United States. EPA and state officials may decide to follow the guidance provided in this document, or to act in variance with the guidance, based upon an analysis of site-specific circumstances. This guidance may be revised without public notice to reflect subsequent changes in EPA's policy. This document was prepared by Michael Baker Jr., Inc. for the EPA's Water Protection Task Force under contract EMW-2000-CO-0002. ------- Table of Contents Introduction: 1 Background: 1 I. Incident types 1 n. Development of the Guidance 2 IE. Structure 2 Response Planning: 2 Notification Considerations: 2 Sampling: 4 Annexes: 4 1. Sample Collection, Identification and Chain-of-Custody Form Annex I-1 2. Incident-specific Guidance I. Contamination Event: (Articulated Threat with Unspecified Material) Annex II- 1 n. Contamination Threat at a Major Event Annex II- 3 m. Notification from Health Officials of Potential Water Contamination Annex II- 5 IV. Intrusion through Supervisory Control and Data Acquisition (SCADA) Annex II- 7 V Significant Structural Damage Resulting from an Intentional Act Annex II-9 ------- Introduction; This document provides uniform response, recovery and remediation guidance for water utility actions in response to man-made and/or technological emergencies. The guidance was developed as an initiative of EPA's Water Protection Task Force and has been reviewed with water utilities and associations, EPA Regions, EPA Office of Water and other federal agencies. The intent of this guidance is to provide the minimum actions that EPA recommends be carried out by a water utility for the events described. Emergency response planning is primarily a local responsibility. Good business practices suggest that every water utility have an Emergency Operations/Response Plan that is coordinated with state and local emergency response organizations, regulatory authorities and local government officials. Water utilities ought to consider whether the actions contained within this guidance have been thoroughly coordinated with these entities. The Federal Response Plan (section VT) identifies Federal responsibilities and capabilities that can support the local response effort dependent upon the type and severity of the incident. Throughout this guidance "water system" includes the "system" elements of source water (ground and surface), drinking water treatment, drinking water distribution and storage, wastewater collection and wastewater treatment. Background; The Environmental Protection Agency (EPA) has been given the responsibility under Presidential Decision Directive (FDD) 63 for working with the Water Sector (including water and wastewater utilities) to provide for the protection of the nation's critical water infrastructure including the systems used to collect, treat and distribute potable water. The EPA has a similar responsibility for wastewater operations. These critical infrastructures are fundamental to the public health and welfare and are subject to both natural disasters such as floods and earthquakes, and man-made hazards such as terrorist attacks. Such disasters could place surrounding areas and populations at significant risk. In October, 2001 the EPA established an internal Water Protection Task Force to ensure that activities to protect and secure water supply infrastructure are comprehensive and carried out expeditiously. This guidance supports the Task Force's mission of providing information in an expeditious manner to public and private water utilities that can be used to protect public health and critical water infrastructure. I. Incident types This guidance was developed for five (5) different incident types: • Threat of or Actual Intentional Contamination of the Water System • Threat of Contamination at a Major Event • Notification from Health Officials of Potential Water Contamination • Intrusion through the Supervisory Control and Data Acquisition (SCADA); and • Significant Structural Damage Resulting from an Intentional Act While this guidance is oriented toward these 5 incident types, it should also serve as a guide for response, recovery and remediation actions for other threatened or actual intentional acts that would affect the safety or security of the water system.. ------- II. Development of the Guidance Each incident type was assessed for potential impact on water system operations and public safely to identify the minimum actions for each element of the water system to consider taking in response to the incident, recover from the incident and to remediate the impacts of the incident. Response refers to actions immediately following awareness of the incident, recovery refers to actions to bring the system back into operation, and remediation refers to longer term restoration actions. Where applicable, each incident type was assessed as if it had occurred separately at each of the system elements and the potential impacts were assessed upstream and downstream of the incident location. Additionally, the guidance was developed considering the response needs of large, medium and small water and wastewater systems. Water utilities should apply the concepts contained in the guidance to meet their system configuration and capabilities. m. Structure: The guidance provides recommended actions in the categories of Response Actions, Recovery Actions, and Remediation Actions in separate tables for each incident type. Each of these categories contain a section on notifications and utility actions. Where applicable, specific actions for each element of the water system are provided under the utility actions section. The Notification Considerations section recommends standard notifications for any suspicious or threatened intentional man-made or technological emergency. Supplemental notifications are recommended within the incident tables for some events based on the potential impact of the event. Response Planning; This response, recovery and remediation guidance to intentional acts can be used to supplement existing water utility emergency operations plans (EOPs) developed to prepare for and respond to natural disasters and emergencies. EPA recommends that established policies and procedures contained in existing plans be used to the maximum extent while incorporating the recommendations in this guidance. A high quality water utility EOF clearly delineates the organizational structure within the water system that will be responsible for incident response and management. This structure should identify specific individual roles and responsibilities for decision-making, logistics, operations, incident response control and finance. The structure could be based on the Incident Command System, or other similar system, that is compatible with the system(s) used by other elements (Fire, Law Enforcement, Emergency Management, Emergency Medical Services (EMS), etc.) of the community's incident response and management structure. It would be helpful to coordinate potential response requirements and expectations with local response organizations prior to an incident to ensure that the water utility's response needs are met. Notification Considerations; Water utilities that have established notification procedures to meet a regulatory requirement, such as the Emergency Planning and Community Right-to-Know Act (EPCRA), should use them as the starting point for developing broader notification procedures. Utilities that do not have established notification procedures should work with their Local Emergency Planning ------- Committee (LEPC) or similar local emergency planning organization, prior to an incident, to coordinate the specific procedures for contacting local, state and federal officials when an incident occurs. You can find the LEPC for your location at http ://www. epa. gov/ceppo/lepcli st.htm. EPA expects that the facility would first call local law enforcement officials to initiate local emergency response actions. This may be accomplished by calling 911 or direct call to local law enforcement. The local notification coordination effort should determine which additional emergency response and management agencies (fire, Emergency Medical Services (EMS), the community emergency management organization and state agencies) need to be notified. For instance, do fire and EMS need to be notified in addition to law enforcement for a water-related incident? The notification procedures developed within the local notification coordination effort should provide agency-specific names and contact numbers for these notifications on a 24-hour basis and define what information about the incident needs to be provided, who will make the notifications and which authorities are notified when a call is placed. As a minimum, these notification procedures should include protocols for notifying local and state health and environmental authorities, local critical care facilities (hospitals, dialysis centers, etc.) and others as identified in state and local requirements. An intentional act to disrupt the operations of a water utility or to jeopardize public health is a criminal act. This creates the need for notifications to the appropriate FBI field office, National Response Center and other entities that may not normally be contacted in response to a natural disaster or emergency. Water utilities should work with the LEPC or similar organization, in conjunction with appropriate state offices, to verify how these additional notification requirements will be met and who has responsibility for the notifications. The procedures developed within the local notification coordination effort should ensure that all of the entities listed below are notified, identify who the utility must contact to initiate the notifications and identify who within the organization should make the notifications. These organizations are not listed in any particular order of preference. • Notify local law enforcement • Notify local FBI Field Office (to begin the threat assessment process) Your local FBI field Office can be located by visiting http://www.fbi.gov/contact/fo/info.htm or in the front pages of your local telephone book • Notify National Response Center 1-800-424-8802 (to notify pre-determined federal response agencies) for more information on NRC see http://www.nrc.uscg.mil • Notify state/local emergency management organization • Notify Governor's office • Notify local EPA CID Special Agent in Charge (SAC) • Notify other associated system authorities (wastewater, water) • Notify local government official (responsible authority for the water utility) • Notify state/local health, water and/or environmental department • Notify critical care facilities • Notify employees • Notify EMS and Fire Department as deemed necessary • Consider when to notify customers and what notification to issue ------- The recommendations provided in this guidance are supplemental to regulatory or other promulgated reporting requirements. Normal reporting/notification to state health and/or environmental agencies, or the EPA for states without approved state programs, will still be required when the impacts of an incident result in an inability to meet Water Quality or National Primary Drinking Water Standards or to meet CERCLA and/or EPCRA requirements. Sampling; The results of sample analysis after a threatened or actual contamination event can serve a critical role in determining response, recovery and remediation actions; assessing the potential impacts of the contaminant; and, providing data for eventual prosecution. Sampling requirements (quantity, type of sample container, environmental controls, type of sample, sample locations, etc.) can vary significantly depending upon the properties of the contaminant and where the contaminant was introduced into the system. This guidance provides recommendations for when sampling might be beneficial but can not provide specific sampling requirements for every potential contaminant. It is important to ensure that sampling is conducted by trained personnel and that the safety of sampling and other personnel is fully considered while conducting sampling activities. The diversity of sampling capabilities and resources among large and small water utilities makes it difficult to establish standard requirements for all water utilities. Water utilities should work with their LEPC and appropriate local, state and federal agencies to develop procedures for obtaining requirements or recommendations on taking samples, sample control, sample distribution and use of sample analysis results on an event-by-event basis. The water utility's sampling capabilities and procedures for obtaining sampling recommendations should be contained within the utility's EOF. In the event of an incident that is suspected or confirmed to be the result of an intentional act to disrupt the operations of a water utility or to jeopardize public health, law enforcement officials may also require/take additional samples for evidence preservation. Annexes: Annex I provides a Sample Collection, Identification and Chain-of-Custody Form and instructions for its use. The form is an example of the information needed for recording data on samples taken in response to an intentional act and for maintaining a record for chain-of- custody of the sample. Annex II provides incident-specific response, recovery and remediation guidance for each of the five (5) incident types. ------- Annex I - Sample Collection, Identification and Chain-of-Custody Form Sample Collection, Identification and Chain-of-Custody Form Sample ID # (Place ID Label Here) Sample Description Comments Sampler Signature Print Date/Time Sample ID Sample Date/Time Sample Location Witness Signature Print Date/Time Location 1. Released by: Signature Print 2. Released by: Signature Print 3. Released by: Signature Print 4. Released by: Signature Print Date/Time Sample ID Date/Time Sample ID Date/Time Sample ID Date/Time Sample ID Received by: Signature Print Received by : Signature Print Received by: Signature Print Received by: Signature Print Date/Time Location Date/Time Location Date/Time Location Date/Time Location Annex I -1 ------- Instructions for Sample Collection, Identification and Chain-of-Custody Form Whether from an epidemiological or evidentiary standpoint, it is critically important that samples taken in response to an intentional act against a water system be taken in a systematic manner. Each sample collected should have a separate identifying number (Sample ID #) and the transfer of each sample should documented. The Sample Collection, Identification and Chain-of-Custody Form provides a standardized format for annotating this information. Sample Identification Number (Sample ID #) Each sample should have separate identification number. A uniform system should be established for assigning sample identification numbers. Sample Date/Time Annotate the date and time that the sample was taken. Sample Description Describe the type of sample taken (water, sludge, sediment basin, etc.) Sample Location Annotate as specifically as possible where the sample was taken so that later samples can be taken (if necessary) from the exact same location. Comments Provide any additional comments that may assist in sample analysis (water temperature, humidity, how sample was taken or materials used to take sample, etc.). Sampler Identification The person taking the sample should sign his/her name in the Signature block, annotate the date/time of signature in the Date/Time block, print the sampler's name in the Print block and annotate the sample ID number from the Sample ID# block at the top of the form. Witness Identification The person witnessing the taking of the sample should sign his/her name in the Signature block, annotate the date/time of signature in the Date/Time block, print the sampler's name in the Print block and annotate the location of where the sample was taken from the Sample Location block at the top of the form. Chain-of-Custody Tracking A record of control for all samples should be maintained. Each person who releases control of the sample should maintain a copy of who the sample was released to. Persons who receive samples should verify the sample identification number ON THE SAMPLE before signing for receipt of the sample. The original copy of the form, with original signatures should remain with each sample until final disposition. The person releasing the sample should sign his/her name in the Signature block, annotate the date/time of release in the Date/Time block, print the releaser's name in the Print block and annotate the sample ID number from the Sample ID# block at the top of the form. Annex 1-2 ------- The person receiving the sample should sign his/her name in the Signature block, annotate the date/time of receipt in the Date/Time block, print the receiver's name in the Print block and annotate the location where the sample was received in the Location block. Other Considerations Photographs When possible a photograph should be taken of each collected sample at the sample location. Ideally, the photograph would show the completed sample ID label and security seals in-place. Photographs should be annotated or dated-stamped with the date and time that the photo was taken. Annex 1-3 ------- Water Utility Response, Recovery & Remediation Guidance for Man-made and/or Technological Emergencies April 15, 2002 I. Contamination Event: (Articulated Threat with Unspecified Material) Event Description: This event is based on the threat of intentional introduction of a contaminant into the water system (at any point within the system) without specification of the contaminant by the perpetrator. Initial Notifications: RESPONSE ACTIONS • Notify local Law Enforcement • Notify local FBI Field Office • Notify National Response Center Source Water • Increase sampling at or near system intakes • Consider whether to isolate the water source if possible • Notify local/state emergency management organization • Notify ISAC Drinking Water Treatment Facility • Notify other associated system authorities (wastewater, water) • Notify local government official Water Distribution / Storage • Preserve latest full battery background test as baseline • Increase sampling efforts • Consider whether to continue normal operations (if determination is made to reduce or stop water treatment - provide notification to customers/issue alerts) • Coordinate alternative water supply • Consider whether to isolate the water in the affected area if possible • Notify local/state health and/or environmental department • Notify critical care facilities Wastewater Collection System • Notify employees • Consider when to notify customers and what notification to issue • Notify Governor Wastewater Treatment Facility • Assess what to do with potentially contaminated water within the system based on contaminant, contaminant concentration, potential for system contamination, and ability to by-pass treatment plant. • If by-passed-notify local & appropriate state authorities, & downstream users. Increase monitoring of receiving stream. • Preserve latest full battery background test as baseline • Increase sampling efforts • Consider whether to continue normal operations (if determination is made to reduce or stop water treatment - provide notification to customers/issue alerts) Annex II-1 ------- 1 '1 ,•. -iT Water Utility Response, Recovery & Remediation Guidance for Man-made and/or . ., ^ _ 2002 Technological Emergencies ' I. Contamination Event: (Articulated Threat with Unspecified Material) RECOVERY ACTIONS Recovery actions should begin once the contaminant is through the system. Recovery Notifications: • Notify Customers • Notify Media • Notify ISAC Appropriate Utility Elements: Sample appropriate system elements (storage tanks, filters, sediment basins, solids handling) to determine if residual contamination exists. • Flush system based on results of sampling • Monitor health of employees • Plan for appropriate disposition of personal protection equipment (PPE) and other equipment REMEDIATION ACTIONS • Based on sampling results - assess need to remediate storage tanks, filters, sediment basins, solids handling. • Plan for appropriate disposition of PPE and other equipment • If waste water treatment plant was by-passed sample and establish monitoring regime for receiving stream and potential remediation based on sampling results. Notes: 1. Response, recovery and remediation actions may be tailored to a specified (identified) material if the physical properties for the material are known. Annex II-2 ------- Water Utility Response, Recovery & Remediation Guidance for Man-made and/or Technological Emergencies II. Contamination Threat at a Major Event April 15, 2002 Event Description: This event is based on the threat of, or actual, intentional introduction of a contaminant into the water system at a sports arena, convention center or similar facility. Initial Notifications: RESPONSE ACTIONS • Notify local Law Enforcement • Notify local FBI Field Office • Notify National Response Center • Notify ISAC Source Water • No recommended action to take • Notify local/state emergency management organization • Notify wastewater facility • Notify Governor Drinking Water Treatment Facility • No recommended action to take • Notify other associated system authorities (wastewater, water) • Notify local government official Water Distribution / Storage • Coordinate isolation of water • Assist in plan for draining the contained water • Assist in developing a plan for sampling water for potential contamination based on threat notification • Provide alternate water source i Notify local/state health and/or environmental department ' Notify critical care facilities Wastewater Collection System • Notify employees • Consider when to notify customers and what notification to issue Wastewater Treatment Facility • Coordinate acceptance of isolated water • Monitor accepted water • Assist in plan for draining the contained water • Assist in developing a plan for sampling water for potential contamination based on threat notification Annex II-3 ------- Water Utility Response, Recovery & Remediation Guidance for Man-made and/or Technological Emergencies II. Contamination Threat at a Major Event April 15, 2002 RECOVERY ACTIONS Recovery actions should begin once the contaminant is through the system. Recovery Notifications: • Notify customers in the area of the facility of actions to take • Notify customers in affected area once contaminant-free clean water is re-established • Notify down-stream users such as water suppliers, irrigators, electric generating plants, etc. Water Distribution / Storage • Consider flushing system via hydrants in distribution systems REMEDIATION ACTIONS: Notes: Water Distribution/Storage Wastewater Treatment Plant • Assess need to decontaminate/replace distribution system components. • Based on sampling results - assess need to remediate storage tanks, filters, sediment basins, solids handling. • Plan for appropriate disposition of PPE and other equipment • If waste water treatment plant was by-passed - sample and establish monitoring regime for receiving stream and potential remediation based on sampling results. Annex II-4 ------- Water Utility Response, Recovery & Remediation Guidance for Man-made and/or . ., ^ _ 2002 Technological Emergencies ' III. Notification from Health Officials of Potential Water Contamination Event Description: This event is based on the water utility being notified by Public Health officials of potential contamination based on symptoms of patients. Initial Notifications: RESPONSE ACTIONS • Ask notifying official who else has been notified and request information on symptoms, potential contaminants and potential area affected Source Water • Increase sampling at or near system intakes • Consider whether to isolate • Notify local Law Enforcement • Notify local FBI Field Office • Notify National Response Center • Notify local/state emergency management organization Drinking Water Treatment Facility • Notify other associated • Notify local/state • Notify employees system authorities (wastewater, water) • Notify local government official • Notify Governor health and/or environmental department Notify critical care facilities • Consider when to notify customers and what notification to issue • Notify ISAC • Preserve latest full battery background test result as baseline • Increase sampling efforts • Consider whether to continue normal operations (if determination is to reduce or stop water treatment - provide notification to customers/issue alerts) • Coordinate alternative water supply (if needed) Water Distribution / Storage Wastewater Collection System Wastewater Treatment Facility • Increase sampling in the area potentially affected and at locations where the contaminant could have migrated to. It is important to consider the time between exposure and onset of symptoms to select sampling sites • Consider whether to isolate • Consider whether to increase residual disinfectant levels • Increase sampling at pumps stations and specifically in the area potentially affected • Assess what to do with potentially contaminated water within the system based on contaminant, contaminant concentration, potential for system contamination, and ability to by-pass treatment plant • If by-passed - notify local & appropriate state authorities, downstream users (especially drinking water treatment facilities) & increase monitoring of receiving stream Annex II- 5 ------- Water Utility Response, Recovery & Remediation Guidance for Man-made and/or T u i • i -I?" • Technological Emergencies A ., t _ April 13, III. Notification from Health Officials of Potential Water Contamination RECOVERY ACTIONS Recovery actions should begin once the contaminant is through the system. Recovery Notifications: • Assist health department with notifications to customers, media, downstream users and other organizations Appropriate Utility Elements: ' Sample appropriate system elements (storage tanks, filters, sediment basins, solids handling) to determine if residual contamination exists. • Flush system based on results of sampling • Monitor health of employees ' Plan for appropriate disposition of personal protection equipment (PPE) and other equipment REMEDIATION ACTIONS • Based on sampling results - assess need to remediate storage tanks, filters, sediment basins, solids handling and drinking water distribution system • Plan for appropriate disposition of PPE and other equipment ' If waste water treatment plant was by-passed sample and establish monitoring regime for receiving stream and potential remediation based on sampling results. Notes: Patient symptoms should be used to narrow the list of potential contaminants. Annex II-6 ------- Water Utility Response, Recovery & Remediation Guidance for Man-made and/or . ., ^ _ 2002 Technological Emergencies ' IV. Intrusion through Supervisory Control and Data Acquisition (SCADA) Event Description: This event is based on internal or external intrusion of the SCADA system to disrupt normal water system operations. Initial Notifications: ' Notify local Law Enforcement . Notify local FBI Field Office • Notify National Infrastructure Protection Center (NIPC) at 1-888-585- 9078 (or 202-323- 3204/5/6) Notify other associated system authorities (wastewater, water) Notify employees If the water is assessed to be unfit for consumption, consider when to notify customers and what notification to issue RESPONSE ACTIONS Source Water • Increase sampling at or near system intakes • Consider whether to isolate Drinking Water Treatment Facility Water Distribution / Storage • Preserve latest full battery background test as baseline • Increase sampling efforts • Temporarily shut down SCADA system and go to manual operation using established protocol • Consider whether to shut down system and provide alternate water • Monitor unmanned components (storage tanks & pumping stations) • Consider whether to isolate Wastewater Collection System Wastewater Treatment Facility • Temporarily shut down SCADA system and go to manual operation using established protocol • Monitor unmanned components (pumping stations) - required only if wastewater SCADA system is compromised • If SCADA intrusion caused release of improperly treated water consider whether to continue normal operations (if determination is made to reduce or stop water treatment - provide notification to customers/issue alerts) Annex ll- / ------- Water Utility Response, Recovery & Remediation Guidance for Man-made and/or . ., ^ _ 2002 Technological Emergencies ' IV. Intrusion through Supervisory Control and Data Acquisition (SCADA) RECOVERY ACTIONS Recovery actions should begin once the intrusion has been eliminated and the contaminant/unsafe water (if this occurs) is through the system. Recovery Notifications: Appropriate Utility Elements: • Employees • Local law enforcement • Notify customers and media if the event resulted in contamination and the full range (see scenario I) of standard notifications were made . With FBI assistance, make an image copy of all system logs to preserve evidence. • With FBI assistance, check for implanted backdoors and other malicious code and eliminate them before re-starting SCADA system • Install safeguards before re-starting SCADA • Bring SCADA system up and monitor system REMEDIATION ACTIONS Notes: • Assess/implement additional protections for SCADA system. • Check for an NIPC water sector warning based on the intrusion that may contain additional protective actions to be considered. NIPC warnings can be found at www.NIPC.gov or at https://www.infragard.org for secure access Infragard members. Annex II- 8 ------- Water Utility Response, Recovery & Remediation Guidance for Man-made and/or TI u i • 1 171 • Technological Emergencies A ., t _ April 13, V. Significant Structural Damage Resulting from an Intentional Act Event Description: This event is based on intentional structural damage to water system components to disrupt normal system operations. Initial Notifications: • Notify local Law Enforcement • Notify local FBI Field Office • Notify National Response Center • Notify local/state emergency management organization • Notify Governor • Notify ISAC • Notify other associated system authorities (wastewater, water) • Notify local government officials Notify local/state health and/or environmental department Notify critical care facilities • Notify employees • Consider when to notify customers and what notification to issue Source Water Drinking Water Treatment System Water Distribution / Storage Wastewater Wastewater Collection System Treatment Facility RESPONSE ACTIONS • Deploy damage assessment teams, if damage appears to be intentional then treat as crime scene - Consult local/state law enforcement and FBI on evidence preservation • Inform law enforcement and FBI of potential hazardous materials • Coordinate alternative water supply, as needed • Consider increasing security measures • Based on extent of damage, consider alternate (interim) treatment schemes to maintain at least some level of treatment Recovery actions should begin as soon as practical after damaged facility is isolated from the rest of the utility facilities. RECOVERY ACTIONS Recovery Notifications: • Employees • Law enforcement Notify local FBI office Appropriate Utility Elements: Dependent on the feedback from damage assessment teams • Implement damage recovery plan REMEDIATION ACTIONS Notes: • Repair damage. • Assess need for additional protection/security measures for damaged facility, and other critical facilities within the utility. Annex II-9 ------- |