Wastewater_Content Page_Vulnerability Assessments

Vulnerability Assessments

Vulnerability Assessments are a good way to determine what types of security measures meet each wastewater system's needs. Vulnerabilities may consist of flaws in security procedures, software, internal system controls, transmission of data, or the lack of back up or redundancy for critical parts of the wastewater system. Vulnerabilities are also weaknesses that can cause disruption or failure of the wastewater system due to human actions or natural disasters. A Vulnerability Assessment helps identify the following.

  • General security measures to take throughout the wastewater treatment plant and collection system.
  • More specialized security measures to take to protect the critical parts of the wastewater system that are essential to maintain operation.
  • Administrative actions to protect staff, important documents and information.

Vulnerability Assessments can be prepared by:

  • wastewater treatment plant operators/staff;
  • public works directors; or
  • consulting engineering firms.

A team approach involving wastewater treatment plant staff, municipal administrators, law enforcement, fire department staff and others is recommended in determining what security measures will meet the needs of each wastewater treatment facility.

There are several types of Vulnerability Assessment tools available:

Security Vulnerability Self-Assessment Guide for Wastewater Systems
The National Rural Water Association developed the "Security Vulnerability Self-Assessment Guide for Wastewater Systems." The guide can be downloaded online at no charge from the Wisconsin Rural Water Association [exit DNR]. This vulnerability assessment method uses a simple evaluation checklist inventory. It does not require the use of a computer to complete, and is recommended for use with small- to medium-sized wastewater treatment plants.

VSAT™ (Vulnerability Self-Assessment Tool)
The Water Environment Federation and the Association of Metropolitan Sewerage Agencies developed the "VSAT™." This assessment tool uses a computer software program to identify security measures to reduce the impacts from both man-made and natural disaster threats to wastewater system operations. The software program allows users to determine critical wastewater system assets, assign possible threats, assess how security measures will reduce vulnerabilities and identify the most cost-effective security measures.

A free copy of the VSAT™ software is available by registering with the Water Environment Federation [exit DNR]. This assessment method is recommended for larger wastewater treatment plants and those with Supervisory Control and Data Acquisition (SCADA) systems. Intermediate computer skills are required to use this software tool. Training on VSAT™ usage is recommended. For more information, review Security training and education.

RAM-W (Risk Assessment Methodology for Wastewater Utilities)
Sandia National Laboratories developed the “RAM-W”. This assessment tool uses a sophisticated computer software program to determine potential terrorist activity threats to wastewater systems and security measures to reduce those threats. Intermediate to advanced computer skills are required to use this software tool. It is recommended for large wastewater treatment plants. For more information on this assessment method, contact the American Water Works Association [exit DNR].