Water Infrastructure Resilience

Water systems, including water treatment and distribution systems, are considered one of the nation’s critical infrastructures. Critical infrastructure requires increased protection and the ability for utilities to detect, respond to, and recover from physical and cyber threats and attacks. Water system operators can lose their ability to control the flow and quality of the water or lose the ability to track the true status of the water system. Water system managers need to improve their ability to know:

• when their treatment systems, pumps, valves, tanks, etc. are being compromised, 
• how to stop an attack, and
• how to recover so that safe and full service can be returned to the community.

Research Areas

Contaminant Detection

EPA conducts contaminant detection research to support water utilities. Most drinking water utilities use commercially available water quality sensors to monitor for changes in water quality indicators. These indicators may include pH, levels of free or total chlorine, and total organic carbon. Some contaminants are a concern because they can be adapted for use as weapons. 

EPA has tested commonly used sensors to learn if they can detect water contaminated with these chemical, biological, or radiological agents, in addition to detecting routine water quality variations. Research focuses on novel detection technologies that are new to the market, and technologies that could detect of contamination in source water, such as reservoirs.

Physical/Cyber Protection and Resilience

The Bioterrorism Act of 2002 requires that drinking water utilities serving more than 3,300 people conduct vulnerability assessments and develop emergency response plans. EPA and its partners helped utilities meet these requirements by developing tools and a system of methods. 

EPA also led a steering committee of water industry experts to develop the capability to evaluate and test cybersecurity equipment for the protection of water system infrastructure. Research to improve the cyber security of water utilities is carried out at the EPA Water Security Test Bed (WSTB) located at the Department of Energy Idaho National Laboratory near Idaho Falls, Idaho.

Research Products

• EPA's Water Security Test Bed Research
• Subject Matter Expert Workshop to Identify Cybersecurity Research Gaps and Needs of the Nation’s Water and Wastewater Systems Sector (EPA Report, 2017)
• Planning for an Emergency Drinking Water Supply (EPA Report, 2011)

Available Tools

• Blast Vulnerability Assessment Tool – Water Information Sharing and Analysis Center (WaterISAC) Portal: a desktop computer application developed by EPA that can provide estimates of damage that could occur from an attack on a water utility using explosives. This tool is available from the Water Information Sharing and Analysis Center (WaterISAC), a secure website with a controlled subscription list.
• Threat Ensemble Vulnerability Assessment (TEVA) Sensor Placement Optimization (TEVA-SPOT): allows water utilities to estimate health consequences, risks, and vulnerabilities from contamination. With this tool, utilities can harden their system against contaminant attacks, better handle security incidents, and day-to-day operations.
• Water Network Tool for Resiliency (WNTR): a Python package designed to simulate and analyze the resilience of water distribution networks. WNTR has an application programming interface (API) that is flexible and allows for changes to the network structure and operations, along with simulation of disruptive incidents and recovery actions.

Additional EPA Resources

• Water Infrastructure Decontamination
• Stormwater Management
• Sensor Studies Publications in Science Inventory
• Cyber Security Publications in Science Inventory