Stemming the Tide of Terrorism
Significant efforts are being undertaken at the federal level to protect the nation's drinking water resources from becoming a primary medium for terrorist attacks
Immediately following the attacks on the World Trade Center on September 11, 2001, the city of New York and a group of federal, state, and local authorities took steps to secure and maintain the city's lifeline: its drinking water supply system. The Federal Bureau of Investigation (FBI), the United States Army Corps of Engineers, and the state and city of New York quickly negotiated an agreement to evaluate restrictions on access to the city's drinking water facilities and to strengthen measures to prevent biological, chemical, and radiological contamination. The swift action taken in the days that followed 9/11's horror and chaos underscores the critical importance of water resources to public health and our collective psyche.
Standing at ground zero in New York City and at the Pentagon, those of us who were among the first responders pondered the terrible loss of life and devastation. Much more than the physical landscape at those sites had been radically altered. America, long considered safe and invulnerable to terrorist attack, had been changed forever in ways that were obvious, and in more subtle ways that may take generations to fully comprehend.
In the weeks, months, and years that have followed, national conditions and global events have sharpened the focus of concerned citizens, government leaders, industry, and the business community on protecting the country, its citizens, and its assets against future attacks. While the horrific events of that day thankfully have not been replicated since, serious risks persist. The rate of terror-related incidents throughout the world is on the rise and the ongoing military operations in Iraq have contributed to an increasingly unstable global climate.
The rate of terror-related incidents throughout the world is on the rise and the ongoing military operations in Iraq have contributed to an increasingly unstable global climate.
In the wake of 9/11, the U.S. Congress and the Executive Branch engaged in a flurry of activities, including passage of the USA PATRIOT Act, creation of the Department of Homeland Security, enactment of numerous statutes that arguably touch every aspect of American life, and the promulgation of a myriad of security-related rules, regulations, and policies by several federal agencies. Countless other measures have been proposed or are contained within bills pending before Congress. In fact, today it is difficult to identify a sector of American business that is not subject to some form of Homeland Security regulation.
This article examines what is being done by federal regulators to combat the risks posed to water-based sectors of the nation's critical infrastructure.1 The focus is on drinking water security, with additional attention paid to maritime security and the security of hydroelectric dams. While only time will tell if our water resources can be fully protected, it is obvious now that the emerging Homeland Security regulatory regime is transforming the American legal landscape. Consequently, Homeland Security compliance, planning, and preparedness are quickly becoming a cost of doing business in the United States and unavoidable facts of life, not unlike the burdens of other areas of traditional regulation.
The Vulnerability of Water and the Importance of Water Security
Water is essential to human life, an important source of power, and an integral mode of transportation and commerce. Unfortunately, whether it is a drinking water treatment facility protected only by a fence and padlocks, a dam and its pristine reservoir located in a remote area, or a bustling port of call handling large amounts of international trade each day, water and waterborne activities are susceptible to attack. Likewise, legal protections for water resources, particularly drinking water, and critical water-based activities (i.e., maritime transportation and the generation of hydroelectric power) present unique challenges for the federal government and affected private sector businesses. These challenges must be overcome, however, because the stakes for protecting the nation's water resources are unquestionably high. Water's vital role in society and the magnitude of the consequences that would flow from an attack on water unfortunately make it an attractive medium through which terrorists may seek to once again strike at the American public. A brief examination of the security challenges facing the maritime industry provides a useful context for assessing the magnitude of the task confronting drinking water providers.
The Maritime Experience
There are more than 360 salwater and freshwater ports in the United States.2 These ports, the waterways on which they are located, and the vessels and vehicles that use them make up the nation's Maritime Transportation System (MTS). According to recent estimates, "approximately 7,500 foreign ships, manned by 200,000 foreign sailors, enter U.S. ports every year to offload approximately six million truck-size cargo containers onto U.S. docks."3 Many observers believe that, given the large amount of traffic constantly moving in and out of America's ports and the fact that ports generally are large, open areas, the MTS is the mode of transportation currently most vulnerable to a large-scale terrorist attack.4
In 1999, the Inter-Agency Commission on Crime and Security in the United States Ports created by the Clinton Administration found America's ports to be vulnerable: "a lack of minimum physical and personnel security standards at ports and related facilities leaves many ports and port users very vulnerable. Access to ports and operations within ports is often uncontrolled."5 Moreover, periodic international incidents like the attack on the U.S.S. Cole have kept risks to vessels and ports fresh in the American public's collective mind. The events of 9/11, however, served to underscore these risks dramatically, while raising new concerns that attacks on maritime targets could occur in the United States. Moreover, several incidents of suspicious activity have been detected since then in ports across the country, including a photographer that fled police twice on the same day in Benicia Port terminal near San Francisco, a person of Middle Eastern descent filming the piers of New York's Staten Island Ferry, and other reports of "suspicious photography" of ferries in California, Texas, Louisiana, and Washington State.6 Ultimately, the sheer "size, diversity, and complexity of this infrastructure" make securing ports, tracking vessels, and inspecting cargo a monumental task, to say the least.7
In an attempt to respond to these challenges, the U.S. Congress passed the Maritime Transportation Security Act (MTSA) in the fall of 2002.8 Comprehensive in scope, the MTSA creates a new national maritime security system and charges the U.S. Coast Guard with lead responsibility for its implementation.9 The MTSA and a series of six Coast Guard rules promulgated in October 2003 to implement the statute impose extensive obligations on the Coast Guard, as well as owners and operators of facilities and vessels operating within the MTS.10 Such onerous regulatory requirements are likely to be an enforcement priority for the Coast Guard in both the short and long term. In fact, the busiest U.S. ports already are finding it difficult to meet the demands of this new maritime security regime.11 Like the efforts underway to protect drinking water, the effectiveness of the government action to secure the nation's maritime system will only be proven over time.
Protecting Drinking Water from Attack
Although smaller in size and generally less complex, drinking water facilities in the United States far outnumber America's ports and, perhaps more importantly, serve as a direct conduit to the health of every American. According to the U.S. Environmental Protection Agency (EPA), approximately 160,000 public water systems (serving at least 25 people or 15 service connections at least 60 days per year) provide drinking water to approximately 90 percent of all Americans.12 While most of these facilities are quite small, an attack on even the most isolated of systems may accomplish a terrorist's goals. Consider the nationwide hysteria that flowed from the targeted anthrax attacks perpetrated shortly after 9/11, and then imagine the serious, widespread and long-lasting damage that would be wrought on our collective psyche and the public's confidence in the safety of our drinking water supplies across the country if a small, isolated, or even unsuccessful attack were launched on a water system somewhere in the United States.
Security Prior to 9/11
It would be accurate to say that the law of Homeland Security really began after 9/11. However, for at least some categories of facilities, the risk to the nation's infrastructure was so great that protection from terrorism and other safety measures have been a longstanding part of the regulatory framework. Such is the case with the Nuclear Regulatory Commission's and the U.S. Department of Energy's regulation of nuclear power and nuclear defense facilities under the Atomic Energy Act of 1954, as amended.13 Similar concerns also resulted in the early protection of the nation's energy infrastructure, including hydropower facilities and dams.
Water's vital role in society and the magnitude of the consequences that would flow from an attack on water unfortunately make it an attractive medium through which terrorists may seek to once again strike at the American public.
Because of their locations in natural settings that are often open and remote, dams are accessible in ways that many experts believe render them vulnerable to attack. Situated within a river complex, dams often may be reached by land, water, or air. Underwater access also is possible. As a result, imposing effective barriers to access by land, water, and air, as well as monitoring for intruders, is a complex and challenging task for dam owners and operators. A successful attack at a major hydropower facility, such as Hoover or Grand Coulee dams, would have the devastating result terrorists seek: significant loss of human life, massive property destruction and economic loss, long-term economic disruption of a critical part of the nation's infrastructure, and a serious blow to national symbols of power and pride.
The Federal Energy Regulatory Commission (FERC) licenses private hydropower facilities under the Federal Power Act, and developed a robust dam safety and security program long before 9/11.14, 15 Since 9/11, vulnerability assessments have been conducted and corrective actions taken at many of the nation's most important private and public hydropower facilities.
Similarly, the importance and relative vulnerability of the nation's drinking water resources were recognized long before 9/11. In fact, a Clinton Administration Presidential Directive on national security designated "water systems" as a sector of the nation's increasingly interconnected and, thus, vulnerable critical infrastructure.16 However, efforts to protect water systems from attack did not begin in earnest until after 9/11. The commitment to such efforts was buoyed by FBI reports in January 2002 that al Qaeda had "considered and investigated the possibility of attacking water distribution systems."17 Accordingly, while some observers have sought to downplay the risks to drinking water, Congress and EPA have taken affirmative steps in the wake of 9/11 to assess the vulnerabilities of drinking water systems and to identify measures that may be taken to eliminate or at least minimize risk.
Security Since 9/11
The centerpiece of the federal response to terror-related risks to drinking water since 9/11 is the Public Health Security and Bioterrorism Preparedness and Response Act of 2002 (Bioterrorism Act).18 Title IV of the statute amends various aspects of the Safe Drinking Water Act (SDWA), and imposes obligations on both community water systems (CWSs) and EPA.19, 20 First, each CWS serving more than 3,300 people was required to conduct a vulnerability assessment to determine "the vulnerability of its system to a terrorist attack or other intentional acts intended to substantially disrupt the ability of the system to provide a safe and reliable supply of drinking water."21 With the help of guidance provided by EPA, each assessment considered the vulnerability of the water supply source; the transmission, treatment, and distribution systems; and the risks posed to the surrounding community.22 According to the statute, this was to include:
A review of pipes and constructed conveyances, physical barriers, water collection, pretreatment, treatment, storage and distribution facilities, electronic, computer, or other automated systems which are utilized by the public water system, the use, storage, or handling of various chemicals, and the operation and maintenance of such systems.23
The vulnerability assessments were submitted to EPA on a rolling basis according to system size.24 The largest systems (serving more than 100,000 people) were required to submit their assessments by March 31, 2003; medium-sized systems (50,000 to 99,999 persons served) by December 31, 2003; and, most recently, the smallest CWSs covered by the amendments were to have submitted their vulnerability assessments to EPA by June 30, 2004.25 EPA, in turn, is obligated to protect from disclosure the information contained within the assessments and has developed an information protocol that severely limits access to these assessments even within the agency.26 Finally, once completed, each CWS was to incorporate the findings of its vulnerability assessment into the systems' emergency response plan within six months.27
The SDWA amendments passed as part of the Bioterrorism Act also imposed various obligations on EPA. These obligations generally focused on protecting sensitive security-related information from disclosure, assisting CWSs in identifying the most likely threats to water systems and fulfilling their obligations under the statute, and conducting additional research and technical studies to enhance water system protections.28 Such studies will address (1) the prevention, detection, and response to the intentional introduction of contaminants to water sources and distribution systems; (2) methods by which terrorists could disrupt the availability or safety of drinking water supplies; and (3) methods by which alternative drinking water supplies could be utilized in the event of an attack on public water systems.29
The requirements of the Bioterrorism Act have complemented EPA's other water security efforts undertaken in cooperation with water utilities and non-governmental organizations such as the Association of Metropolitan Water Agencies (AMWA) and the American Water Works Association (AWWA). Through these and other partnerships, EPA has conducted research to develop new monitoring and analytical methods that provide real-time drinking water quality data and the agency has initiated efforts to develop lists of "best security practices" to be implemented by water utilities.30 EPA also continues to offer training and technical assistance in a variety of security-related areas, and created the Water Information Sharing and Analysis Center (Water ISAC), a secure information-sharing portal utilized by water utilities, regulators, and law enforcement. 31
Many major drinking water supply facilities are designed to decontaminate water from biological agents before it is distributed to customers. Based on this fact, some experts contend there is little likelihood that a successful terrorist attack will target a drinking water system. This conclusion of course ignores other forms of sabotage designed to disrupt supplies by bombing or contamination resistant to ordinary treatment. Sadly, prior to 9/11 few experts would have given terrorists much of a chance to use commercial aircraft to attack the headquarters and symbol of our Defense Department and to bring down two skyscrapers in lower Manhattan -- all in a single morning. Thus, while we all hope that the predictions are right, the federal government is not taking such conclusions at face value.
Imagine the serious, widespread and long-lasting damage that would be wrought on our collective psyche and the public's confidence in the safety of our drinking water supplies across the country if a small, isolated, or even unsuccessful attack were launched on a water system somewhere in the United States.
EPA and others in the administration are developing what could prove to be complex and costly monitoring systems that some within the water industry oppose. Moreover, the Bioterrorism Act and the inherent need to protect the nation's water supplies have driven EPA and water utilities to actively prepare for and plan a response to such an unlikely event. As EPA set forth as a desired result in its September 2002 Strategic Plan for Homeland Security, "water utilities will incorporate security measures as a standard aspect of day-to-day operations and EPA, states, and tribes will review security measures at water utilities on a continuous basis."32 While progress toward this goal may have been achieved, much more is left to be done, and the need to be vigilant and proactive persists. Such needs are reflected in the expanding regulatory regime facing the drinking water industry that must, regardless of the magnitude of terror-related threats, be confronted head-on: drinking water providers will always remain the front line of these efforts.
As demonstrated by this brief overview, significant efforts are being undertaken at the federal level to protect the nation's water resources from terrorist attack. As with many societal problems, legal responses often precede actual change that corrects the problem. Statutory and regulatory controls can be implemented quickly; corrective action often takes decades. A consequence of recent well-intentioned efforts to combat terrorism is the explosion in Homeland Security compliance requirements imposed upon entities operating within the various sectors of the nation's critical infrastructure that rely upon water, whether for consumption, to generate electric power, or for use as a mode of transportation.
Unfortunately, as the threat of terrorism persists, so too will the obligation to comply with a regulatory regime that can only be expected to expand significantly in the coming years. Drinking water providers must confront these obligations pro-actively, cost-effectively and systemically. Compliance and, more importantly, national security demand it.
1. The USA PATRIOT Act defines critical infrastructure as "systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters." (H.R. 3162, 107th Congr., 1st Sess. 2001).
2. Implementation of Maritime Transportation Security Act: Sub-Committee on Coast Guard and Transportation: Hearing Before the Sub-Committee On Coast Guard and Maritime Transportation of the Transportation and Infrastructure Committee, 108th Cong., 2nd Sess. (June 9, 2004).
3. Memorandum and Agenda regarding the June 2, 2004, House Subcommittee on Coast Guard and Maritime Transportation Hearing on Implementation of the Maritime Transportation Security Act.
4. Id.; see also Congressional findings in the MTSA, Pub. L. No. 107-295, 116 Stat. 2064 (2002).
5. See Pub. L. 107-295, § 101(14). (2002).
6. Adam Zagorin and Elaine Shannon, "Suspect Snapshots: Cracking Down on Picture-Taking at Potential Terrorist Targets," Time, Jul. 12, 2004.
7. See The National Strategy for the Physical Protection of Critical Infrastructure and Key Assets (February 2003) at 60 (available at
8. Pub. L. No. 107-295 (2002).
9. The Coast Guard estimates that its regulations implementing the MTSA will affect approximately 10,000 vessels, 5,000 facilities, 361 ports, and 40 offshore facilities. See 68 Fed. Reg. 60,448 (Oct. 22, 2003).
10. See Implementation of National Maritime Security Initiatives, 68 Fed. Reg. 60,448 (Oct. 22, 2003); Area Maritime Security, 68 Fed Reg. 60,472 (Oct. 22, 2003); Vessel Security, 68 Fed. Reg. 60,515 (Oct., 22, 2003); Facility Security, 68 Fed. Reg. 60,515 (Oct. 22, 2003); Outer Continental Shelf Facility Security, 68 Fed. Reg. 60,545 (Oct. 22, 2003); Automatic Identification System, 68 Fed. Reg. 60,559 (Oct. 22, 2003).
11. John M. Broden, "At Ports, Cargo Backlog Raises Security Questions," N.Y. Times, Jul. 27, 2004.
12. See U.S. Environmental Protection Agency, Factoids: Drinking Water and Ground Water Statistics for 2003 (2004).
13. 42 U.S.C. §§ 2011-2259.
14. 16 U.S.C.§ 803(c). Section 10(c) provides, "that the licensee shall maintain the project works in a condition of repair adequate for the purposes of navigation and for the efficient operation of said works in the development and transmission of power, shall make all necessary renewals and replacements ... shall conform to such Rules and Regulations as the Commission may from time to time prescribe for the protection of life, health, and property."
15. 18 C.F.R. Part 12. The Corps of Engineers and the Department of Interior's Bureau of Reclamation have similar programs for federal dams pursuant to the National Dam Safety Program Act. 22 U.S. §§ 467 et seq. 1972) as amended. Together, the Federal Emergency Management Agency, the Corps of Engineers, FERC, and the Bureau of Reclamation work with local authorities to inventory all dams, inspect them, determine vulnerabilities and risks, and correct deficiencies. Id.
16. National Security Council, Presidential Decision Directive No. NSC/63 (May 22, 1998).
17. Conference Report of Public Health Security and Bioterrorism Preparedness and Response Act of 2002, 148 Cong. Rec. 2844 (daily ed. May 22, 2002) (statement of Rep. Pallone).
18. Pub. L. No. 107?188 (2002).
19. 42 U.S.C. §§ 300f et seq.
20. As defined under the SDWA, CWSs are those systems serving at least 15 service connections or 25 residents year round. 42 U.S.C. § 300f (15).
21. 42 U.S.C. § 1433(a)(1).
22. See EPA Vulnerability Assessment Fact Sheet at 1 (Nov. 2002).
23. 42 U.S.C. § 1433(a)(1).
24. See 42 U.S.C. § 1433(a)(2).
26. See 42 U.S.C. § 1433 (a)(5); U.S. Environmental Protection Agency, Protocol to Secure Vulnerability Assessments Submitted by Community Water Systems to EPA (Nov. 2002).
27. 42 U.S.C. § 1433(b). According to the amendments, "the emergency response plan shall include, but not be limited to, plans, procedures, and identification of equipment that can be implemented or utilized in the event of a terrorist or other intentional attack on the public water system ... and shall also include actions, procedures, and identification of equipment which can obviate or significantly lessen the impact of terrorist attacks or other intentional actions on the public health and safety and supply of drinking water provided to communities and individuals." Id.
28. EPA's "Baseline Threat Report," completed in August 2002, contains information regarding the likely modes of terrorist attacks on water systems and, accordingly, is not publicly available.
29. 42 U.S.C. §§ 1434-1435.
30. Such security measures can be as simple as installing fencing, lighting, and intruder detection equipment, secure storage of chemicals, re-keying locks, and employee security screening. The Bioterrorism Act authorized federal funding to assist small systems in implementing such basic security enhancements. See 42 U.S.C. § 1433(e).
31. See generally, Am. Water Works Assoc., Protecting Our Water: Drinking Water Security in America After 9/11 (2003).
32. U.S. Environmental Protection Agency, Strategic Plan for Homeland Security, at 4. (September 2002).
This article originally appeared in the January/February 2005 issue Water and Wastewater Products, Vol. 5, No. 1.
This article originally appeared in the 01/01/2005 issue of Environmental Protection.
Robert M. Andersen, Esq., is senior counsel at the law firm of LeBouef, Lamb, Greene, & MacRae LLP in Washington, D.C. He can be contacted at (202) 986-8287.
Paul C. Freeman, Esq., is an associate at LeBouef, Lamb, Greene, & MacRae and can be reached at (860) 293-3508.