May 2012, Vol. 24, No.5

From 'yuck' to 'yes'


It’s no longer a question of whether treated wastewater will someday become a common contributor to the world’s drinking water supply. It’s a question of when.

That’s the conclusion of four University of California–Davis engineering professors in a new white paper on direct potable reuse published by the National Water Research Institute (NWRI; Fountain Valley, Calif.).

“We’re now treating wastewater to such high-quality standards, it only makes sense to reuse it, especially in places where other sources are already in short supply,” said George Tchobanoglous, one of the report’s authors. “For some municipalities to continue to import water, use it once, treat it, and pump it into the ocean is simply unsustainable.”

A new report by the National Academy of Sciences (Washington, D.C.), in fact, says that if coastal communities used advanced treatment procedures on effluent that is now discharged into the ocean, municipal water supplies could be increased by as much as 27%.


A case in point: Southern California 

The ability to provide a stable, alternative water supply may not be even the most important benefit of direct potable reuse, the NWRI authors contend, after analyzing its potential impact on four Southern California counties.

They point to the Orange County (Calif.) Water District, one of only a handful of utilities that currently use treated wastewater to replenish a portion of its local supply. About half of the water purified at the district’s 265,000-m3/d (70-mgd) advanced treatment facility is used to recharge the local groundwater basin, with the remainder going into injection wells to prevent seawater from entering coastal aquifers. While a major step forward, the reused amount is still negligible, compared to the 4.7 million m3 (1.25 billion gal) of effluent discharged into the Pacific Ocean from Los Angeles, San Diego, Orange, and Riverside counties each day.

Substantially increasing the amount of recycled wastewater not only has the potential to stabilize the water supply, it also dramatically would lower the energy costs and environmental stresses associated with importing water, better support the region’s large agricultural base, and improve overall water quality, the study found.


The cost of advanced treatment 

Treating wastewater effluent to drinking water standards is more expensive than tapping local groundwater, the report’s authors note. But this is not necessarily the cost comparison that communities need to make.

“Utilities know the costs associated with their existing drinking water supply,” Tchobanoglous said. “The real question is, what would the next gallon of water cost?”

The NWRI paper cites costs ranging from $0.81 to $8.10 per cubic meter ($1000 to $10,000 per acre-foot) for such alternatives as desalinization, water storage, and water conservation in Southern California.

By comparison, Orange County currently pays about $0.60/m3 ($750/ac-ft) to treat wastewater to potable water standards, which is roughly comparable to the selling price for treated potable water.

Another factor in water reuse’s favor is the energy savings it offers. According to the NWRI report, 19% of all the electric power consumed in California is used to transport water from one part of the state to another. This doesn’t include the energy needed to treat it once it gets there.

The potential net energy savings associated with direct potable reuse in Southern California alone is estimated to be $50 million to $87 million per year.

“Clearly, the technology will continue to improve, and treatment costs will come down,” Tchobanoglous said. “When you consider the alternatives, you find that reuse is a bargain in the long run.” 


A more accepting public, a more promising future  

The biggest historical roadblock to wastewater reuse hasn’t been so much technical as psychological in nature. This barrier, too, appears to be diminishing.

“The challenge is to convince the public that treated wastewater is safe to drink and is a good solution to water scarcity,” Tchobanoglous said. Both messages seem to be getting through.

A 2004 poll by the San Diego County Water Authority found that 63% of respondents opposed wastewater reuse. Seven years later, a follow-up poll found that opposition had dropped to 25%. Recent experiences in places as far-flung as Texas and Singapore suggest that people are not as resistant to the idea as they once were, Tchobanoglous said.

Acceptance will likely come fastest in the parts of the world where water supplies are most stressed, Tchobanoglous said. But he and his co-authors envision reuse growing elsewhere.

“Unplanned, indirect potable reuse is already the standard all over the U.S.,” Tchobanoglous said, with cities to the north pumping their effluent into rivers to be used again downstream. “The question is, to what extent do we make this reuse direct? And what steps do we need to do to make it happen?”

The shift to direct reuse raises significant questions about everything from the location of treatment plants to the ownership of the treated water.  

“Going back to the 1920s, treatment plants have been located near coastal waters so the effluent could be discharged to [the] ocean or [a] river,” Tchobanoglous explained. If effluent is going to be treated and reused, that rationale doesn’t necessarily work.

“Today’s plants are also encircled by development,” Tchobanoglous said. “So the opportunity for nearby agricultural reuse is limited. If you have to pump it somewhere to reuse it, the pumping costs may well exceed the cost of treatment.”

These and other issues, Tchobanoglous said, point to the need for a more decentralized approach to wastewater treatment. “It makes more sense to put treatment facilities at various locations within a collection area, taking the water out and treating it where it will be used,” he said.

The changes also call for possible rethinking of the way water and wastewater utilities are managed as the line between their individual missions starts to blur. Wastewater treatment processes may have to be modified to optimize the performance of advanced water purification systems. Studies are needed to assess the acceptable ratios for blending reused water with the existing water supply. Reassessments may be ongoing as per capita water use declines.

“It’s a long-term process, and we’re just beginning,” Tchobanoglous said. “What we learn will benefit not only California, but the whole world.”


— Mary Bufe, WE&T 

'Climateproofing' wastewater infrastructure

Wastewater agencies are folding climate change adaptation into master plans

Record floods, tidal surges, and heat waves are becoming the new normal for wastewater facilities. Adding to this perfect storm is the inventory of aging infrastructure that needs replacing in a time of budget cuts and rocky finances. But some facilities are turning this crisis into an opportunity, becoming “climate-ready” by incorporating climate adaptations into master plans for scheduled upgrades and maintenance.


Extreme events interrupt service 

Heavy clouds dumped a record 250 to 380 mm (10 to 15 in.) of rain on the Nashville, Tenn., area on May 1 and May 2, 2010, submerging 28 wastewater pumping stations, two wastewater treatment plants (WWTPs), and a biosolids facility. In March 2001, unusually high storm-surge tides in New York City blocked discharge of effluent from a Bronx WWTP into the East River, causing backups.

In the last 5 years, repeated record floods have hit Atlanta and parts of Wisconsin, said Lauren Fillmore, a program director at the Water Environment Research Foundation (WERF; Alexandria, Va.). “People at these facilities have told me that when you face your first 100-year storm, you think you’ll never face a second one in your career, but then down the road you face a second one,” she said.

More frequent and intense storms are one of the hallmarks of climate change manifested in recent hydrological records. Studies have found that the share of annual precipitation associated with extreme events increased by 14% per decade from 1970 to 1999, according to a report from WERF.

The global average sea level has risen by 3.1 mm/yr since 1993 due to warming seas and melting glaciers. By 2100, relative sea levels could rise by 0.7 m (2.3 ft) in New York City, 0.9 m (2.9 ft) in Hampton Roads, Va., and 1 m (3.5 ft) in Galveston, Texas, according to the WERF report.

“If utilities don’t adapt to climate change, they can expect failures of their current systems, potentially greater water quality impacts, investments in long-term infrastructure that will not meet future needs, and more expenses and resources for responding to extreme events and emergency situations,” said Peter Ruffier, director of regulatory affairs at Clean Water Services (Hillsboro, Ore.).


Assessing vulnerabilities  

To avoid service interruptions and become climate-ready, wastewater agencies must first conduct a vulnerability assessment to identify which of their assets are at risk. “There isn’t a standardized process which fits all circumstances, but WERF has a guide, Implications of Climate Change for Adaptation by Wastewater and Stormwater Agencies, as does EPA [the U.S. Environmental Protection Agency] in its Climate Resilience Evaluation and Awareness Tool,” Ruffier said. 

The City of Seattle started with an analysis of sea-level rise because the modeling data for this is now accurate enough to rely on for planning purposes, explained Paul Fleming, manager of the climate and sustainability group at Seattle Public Utilities (SPU). Working with researchers at the University of Washington (Seattle), SPU gleaned predictions from 20 climate models to conclude that it should expect sea level in its region to rise 76 to 560 mm (3 to 22 in.) by 2050. “We mapped the new shoreline and developed an inventory of assets that would be inundated,” Fleming said. To get a handle on risks, SPU will note the lifetime of each asset and its scheduled replacement date, determine when it will get wet, and describe the risks associated with that asset getting wet.

For instance, if an outfall or pumping station is due for replacement in 2025 and the risk analysis concludes that it will be submerged by 2030 with a significant impact, then SPU will plan on relocating or protecting the structure in 2025, Fleming said.


Addressing uncertainty 

While climate models can be used to plan for regional freshwater supply and sea-level rise, they provide only a qualitative prediction of changes in stormwater behavior, Fleming said. “This is because stormwater models require highly resolved spatial and time scales, and the climate and precipitation data is currently too coarse for that,” he said. Nevertheless, SPU can assume that the future will bring an increase in the frequency and intensity of storm events.

In order to prepare for an increase in storms without knowing much about their magnitude and timing, SPU has decided to build elasticity into its projects, said Tracy Tackett, low-impact development program manager at SPU. Typically, SPU designs projects to handle the kind of weather found in a 30-year set of historical records. Now, the agency uses a 150-year record set, which includes a greater variety of storms and a wider range of storm sizes than the 30-year set.

Another way the agency incorporates resiliency to climate change is to design projects that reduce demand on gray infrastructure, such as pipes, with the use of green infrastructure, Tackett said. “Green infrastructure has a modular quality that inherently has more flexibility to it than gray infrastructure,” she said. If future stormwater flows increase, system capacity can be boosted step by step, as needed, by adding more rain gardens or green roofs to a drainage basin, she explained. In fact, instead of choosing worst-case conditions for designing gray infrastructure, engineers might design a stormwater system for current conditions but provide for green infrastructure to be added later, if needed.


Adapting in Florida 

Lying no more than 4.5 m (15 ft) above sea level, southern Florida is one of the most vulnerable coastal regions to sea-level rise. “We’re already seeing big rainstorms leading to flooding that didn’t use to occur, especially if there is a high tide,” said Doug Yoder, deputy director of the Miami–Dade Water and Sewer Department.

In 2009, a compact of four counties containing more than 100 municipalities in south Florida joined to tackle climate change. Experts mapped areas potentially vulnerable to 0.3-, 0.6-, and 1-m (1-, 2-, and 3-ft) sea-level rise scenarios. The compact is now working on an inventory of susceptible structures, including three WWTPs located on the coast.

“As we construct new facilities, we’re very mindful of the elevation at which we build — you can do a lot of mitigation just by getting out of the flood zone,” Yoder said. For instance, a tentative plan for a new WWTP includes provisions to build it 0.3 m (1 ft) higher above the flood zone.

Currently, stormwater is shunted to the ocean with the help of gravity. But a 150-mm (6-in.) rise in sea level will reduce the velocity of flows, cutting efficiency of drainage systems by 60%, Yoder said. “One way to overcome sea-level rise is to use pumps, but the question is, how much pumping can you do,” he said.

“Ironically, a lot of what we would have to do requires lots of energy-intensive measures like reverse osmosis to purify drinking water and pumps to deal with drainage,” Yoder noted.

The compact now is supporting moves to discourage development in vulnerable areas and promoting land acquisition to protect sensitive areas for drinking water supply, habitat, and stormwater management.


Building adaptation into master plans 

Like SPU and the utilities in south Florida, the city of Boston’s wastewater utility hasn’t made a separate plan for climate adaption but has incorporated it into the normal master plan, “just as we do with other high-consequence, long-horizon issues,” said Steve Estes–Smargiassi, director of planning at the Massachusetts Water Resources Authority. “It makes sense to integrate adaptation into master plans, because work on rehabilitating facilities with moving parts is done about every 20 years, and that is the appropriate time to make investments, when you already have contractors and design professionals onsite,” he said.

When engineers worked on designs for Boston’s Deer Island WWTP in the 1990s, they knew they needed enough of a drop from the plant to sea level to handle peak flows during a storm surge at high tide, Estes–Smargiassi said. Then they added 0.6 m (1.9 ft) to the planned elevation to accommodate sea-level rise expected by 2050. “Rather than making expensive adaptations to climate change at a later date, it’s easier and cheaper to incorporate changes during the design phase as projects come up for renewal,” Estes–Smargiassi said.

Integrating planning for extreme events into master plans is also a good way to frame the issue for people who aren’t yet comfortable that we know enough about climate change, Estes–Smargiassi says. While not everyone agrees that humans have altered the climate, no one wants wastewater systems to fail during a big storm.



A report from the National Association of Clean Water Agencies (Washington, D.C.) suggests that it will cost between $123 billion and $252 billion to adapt U.S. wastewater infrastructure and operations to handle climate change through 2050. “However, actions to adapt to climate change don’t always mean opening your pocketbook,” Fleming said. Many measures are relatively minor and incremental, such as raising a berm around a building on a day when your backhoe is at the facility for scheduled maintenance, he said.

“It’s not just about infrastructure, it’s also about people and services — part of this is engagement, and making the global local, and figuring out the right actions to take,” Fleming said. For instance, Seattle has taken pressure off its infrastructure through policies that dropped water consumption to 1957 levels last year, he said. Meanwhile, other jurisdictions are changing zoning to prohibit development and living quarters in flood zones.

“Currently, a lot of infrastructure needs to be replaced, and while you’re doing it, you might as well take climate change into account,” Ruffier said.


— Janet Pelley, WE&T 


A massive shake-up

Ohio agency tightens regulations of deep-well injecting of fracking wastewater after a series of earthquakes near injection site

After several months of testing, study, and evaluation, the Ohio Department of Natural Resources (DNR) in March announced its new regulatory standards for transporting and disposing of brine, a byproduct of oil and natural-gas hydraulic fracturing. The state created “among one of the nation’s toughest” regulatory frameworks in the area of fracking wastewater disposal, according to DNR.

“Ohioans demand smart environmental safeguards that protect our environment and promote public health,” said DNR Director James Zehringer in a March 9 press release. “The new standards accomplish that goal.”

The regulations stemmed from a dozen earthquakes recorded last year and early this year in the Youngstown, Ohio, area near deep-well injection sites where brine was being stored. It was suspected that the deep-well injecting was causing these earthquakes.

After investigating the geological formation and seismic activity data, DNR regulators and a team of geologists “found a number of co-occurring circumstances strongly indicating the Youngstown area earthquakes were induced,” according to the news release, which also discussed study results included in a DNR preliminary report. “Specifically, evidence gathered by state officials suggests fluid from the Northstar 1 disposal well intersected an unmapped fault in a near-failure state of stress, causing movement along the fault.”

Prior to the release of the preliminary report and the new regulatory requirements, some had called for more restrictions on natural-gas drilling in Ohio, but the drilling industry argued against it.

“Despite calls by the oil-and-gas opposition to place restrictions or a moratorium on oil and gas development, we believe, like the [Ohio] governor, that we shouldn’t let our fears outweigh our potential,” said Thomas E. Stewart, executive vice president of the Ohio Oil and Gas Association (Granville), in a Feb. 9 news release.

The scientist who led the team of researchers that investigated the Youngstown earthquakes also spoke out against a possible moratorium.

“I’m not someone who says that all of this should be banned,” said John Armbruster, professor of seismology and
techtonophysics at Columbia University (New York). “Society takes some risks.”

Armbruster noted that the drilling industry “can be more careful where they do these injections, but there are no guarantees. If you want to dispose of this waste with no risk at all, you’re asking for a fantasy.”


A long, well-documented history 

The Youngstown earthquakes are not the first earthquakes associated with deep-well injection sites, Armbruster said.

“Among seismologists, it has been accepted since the 1960s that injecting into the earth can cause earthquakes,” Armbruster said. Some of the earliest earthquakes near deep-well injection sites were recorded in Denver in the 1960s, he said. “There was a trail of small earthquakes in that area,” he said. “The largest was a 5.5 magnitude quake.”

The deep-well injection functions principally like a hydraulic jack, Armbruster explained. “You’re pumping into this fault at 2000 lb/in.2 [14,000 kPa],” and it is jacking two sides of the fault apart.

Armbruster and other scientists were commissioned by DNR to investigate the earthquakes that had started in the Youngstown area in December 2010. Their findings led to a temporary ban of deep-well injecting at the Youngstown site on Dec. 30, said Heidi Hetzel-Evans, communications manager in DNR’s Oil and Gas Resources Management division.

The next day, the area experienced a category 4 earthquake. Hetzel-Evans said that at that point, DNR decided to suspend a total of five wells near the site. “One of the wells was under peer review,” she said. “The other had started operations and was ordered to suspend operations, and three were under construction.” DNR also suspended the issuance of all new deep-well injection licenses.

Armbruster and the other scientists continued recording the seismic activity through Jan. 25. The earthquakes decreased in intensity from three a day to one a day and then stopped, Armbruster said. He has two different theories for why the earthquakes stopped: Either the magnitude 4 earthquake released the pent-up energy that had been stored in the sediment rock or stopping the deep well injection also stopped the source of the pressure.

Armbruster said the initial cause of the earthquakes was related to basement rock at the site. Sandstone in rock at deep-well injection sites can accept wastes like brine, but the basement beneath the sandstone cannot. “You don’t want to inject into the basement rock,” Armbruster said. “You try to avoid sandstone that is right above the basement. Even if the well was of a shallow depth, it doesn’t matter, because the water can filter through the sandstone into the basement” and therefore build up pressure along a fault line.

Armbruster said drillers can try to be more careful when deep-well injecting, but there is currently no technology that can look 2 km down into Earth’s crust to find all faults. “Maybe they will be doing it a couple-hundred years from now with technology we can only imagine,” he said.


Tightening requirements 

To safeguard against more earthquakes, Ohio introduced tighter regulations for deep-well injecting because it is one of the few means available to treat and dispose of brine in Ohio.

Under Ohio code, the only two things that drillers can do with hydraulic fracturing wastewater are to recycle it onsite or inject it in deep wells, Hetzel-Evans said. Currently, treating it at publicly owned treatment works is not an option.

On March 9, DNR released its long list of new regulations. Among them, DNR now requires a review of existing geologic data for known faulted areas within the state and prohibits locating new Class II disposal wells within those areas. DNR also requires plugging with cement the wells that penetrate into the Precambrian basement rock and prohibits injection into Precambrian basement rock. Drillers also are required to install automatic shutoff systems set to operate if fluid-injection pressure exceeds a maximum level to be set by DNR. Additionally, drillers must install an electronic data recording system for purposes of tracking all fluids brought by a brine transporter for injection.


— LaShell Stratton-Childers, WE&T 


Slashing energy costs

Smaller WWTPs can do it, too

One day last spring, something happened at the Sheboygan (Wis.) Regional Wastewater Treatment Plant (WWTP) that plant superintendent Dale Doerr won’t soon forget. On that day in May 2011, the 69,600-m3/d (18.4-mgd) plant generated a record 124 more kW of energy than its operation required.

“Our electric meter started going backward as we pushed our excess power out onto the grid,” Doerr recalled.

It was quite an accomplishment for a plant that a decade earlier was operating at 60% capacity, using inefficient, aging boilers, and flaring 1400 m3 (50,000 ft3) of biogas each day. Today, the WWTP’s energy bill is a fraction of what it was then, as it produces about 90% of its energy needs annually through a combination of lower energy requirements and increased onsite energy generation.


Smaller plants think big 

Sheboygan Regional WWTP is one of a growing number of small to midsize WWTPs to demonstrate that “you don’t need to be big to save money on energy,” said Joseph Cantwell, an energy advisor for Wisconsin’s Focus on Energy (Madison, Wis.), a statewide energy efficiency program.

Beginning in 2002, Doerr and his Sheboygan staff worked with Cantwell and the Focus on Energy program to identify and implement a host of energy conservation and generation initiatives. “It was a time when we needed to make some upgrades anyway,” Doerr said. “If we could install more energy-efficient equipment and reduce energy consumption, that is what we did.”

Replacing aeration blowers at the treatment plant decreased the WWTP’s electrical consumption by 20%, saving tens of thousands of dollars a year. A host of other upgrades, including replacing eddy-current drives with more-efficient variable-frequency drives at its pump stations, yielded additional reductions in electricity use.

On the energy generation side of the equation, biogas production was boosted through the addition of high-strength cheese and beverage processing wastes to the WWTP’s anaerobic digesters. The end result: “We lowered our energy requirements by about 17.5% and now generate enough gas to run everything, heat the plant, and use minimal natural gas,” Doerr said.


Best practices become common knowledge 

Like other WWTPs around the country, Sheboygan Regional WWTP is benefiting from the growing body of knowledge that is available on best energy-saving practices, according to Lauren Fillmore, senior program director at the Water Environment Research Foundation (WERF; Alexandria, Va.). Among WERF’s published works is A Compendium of Best Practices and Case Studies of Novel Approaches, which summarizes well-established energy optimization and energy recovery best practices, and documents a series of case studies of novel technologies and practices in wastewater treatment, ranging from sludge reduction and anaerobic digester mixing to wind and solar power.

As is the case with larger WWTPs, the best place for smaller plants to start is with the lowest-hanging fruit: the aeration systems used to remove organic materials and nutrients. The blowers, diffusers, and other equipment needed to operate these systems typically consume about half of a treatment plant’s electricity, Fillmore said.

“It takes a lot of energy to run the equipment used for oxygen transfer in an activated sludge process,” Fillmore said. “So the number-one thing any plant can do to make the greatest impact on energy costs is to make that oxygen transfer more efficient,” she said.

Sheboygan Regional WWTP took this advice to heart. So did the City of Wausau, Wis., which operates a 31,000-m3/d (8.2-mgd) treatment plant with an average flow of about 17,000 m3/d (4.5 mgd). By replacing the 1960s-era aeration blowers with high-speed turbo blowers that have variable-frequency drive controls, the city of 38,000 cut its aeration energy requirements in half, according to Ken Ligman, senior project manager at Becher Hoppe Associates Inc. (Wausau), which serves as a consultant to the city.

The blowers speed up or slow down based on the oxygen levels needed in the aeration tank, Ligman explained. “By not running the blowers constantly, they’re saving a substantial amount of energy and money,” he said.


Renewable energy generation and recovery  

Wastewater contains 10 times the energy needed to treat it, according to WERF. The challenge for WWTPs of all sizes is finding affordable ways to capture this energy, a task that remains capital-intensive.

How smaller WWTPs approach energy generation and recovery, Fillmore said, depends a lot on how they manage biosolids. “Plants with anaerobic digesters can optimize biogas production by adding other high-strength organic wastes to its flow,” she said. “Plants that already are using codigestion can look at adding combined heat and power [CHP] equipment, which allows them to produce electrical power and heat at the same time from the biogas they produce. Or, they can clean what they produce and sell it as compressed gas.”

Some WWTPs have been using these technologies for many years and now are upgrading their systems to improve their efficiency, Cantwell said. This is the case at the Janesville (Wis.) Wastewater Treatment Facility.

Janesville began operating its first CHP system in 1985. It replaced that aging system in 2002 with a larger, more efficient one that is fueled by the biogas produced at the facility. Today, heat recovered from the CHP’s engine-jacket water and exhaust gases is used to heat two of its anaerobic digesters and the biogas supplied to its CHP engines. The City of Wausau, too, now is recovering the heat from its microturbine and using it heat the anaerobic digesters and buildings on its site. Wausau expects to save 77,000 therms of natural gas a year in the process, Ligman said.

“These energy-related technologies are all proven, they’re economically feasible, and they’re being implemented in smaller facilities right now,” Cantwell said. “Whether a plant treats 1 [million], 5 [million], or 10 million gallons of wastewater a day, it can succeed in offsetting its energy needs.”


— Mary Bufe, WE&T 


Clear and present danger

Water and wastewater utilities increasingly face the possibility of cyberthreats to control systems, but many are unprepared

It’s a story that no water or wastewater utility manager wants to hear. According to a Dec. 13, 2011, article in Information Week, a hacker known as “pr0f” gained access last year to the programmable logic controller, one of the digital computers that control equipment, at a water treatment facility in South Houston, Texas. The hacker posted evidence of his cyberhacking online and later wrote an e-mail to another computer technology publication, Threatpost, explaining that this was “barely a hack. A child who knows how the [human–machine interface] that comes with [this particular system] works could have accomplished this.” The software that he exploited was protected by only a three-character password. Fortunately, “pr0f” did not do anything while inside the system, though with another hacker, the utility might not have been so lucky.

Earlier, in October 2011, the U.S. Department of Homeland Security (DHS) Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) issued an alert to control-system owners and operators — including water utilities — about a search engine called SHODAN being used to locate Internet-facing control systems. The search engine makes these systems more vulnerable to cyberhacking. According to the alert, an independent security researcher in February 2011 used SHODAN to identify online remote access links to multiple utilities’ supervisory control and data acquisition (SCADA) systems. Many of these systems were using default usernames and passwords that would have made them easy targets. The researcher and ICS-CERT later contacted the vendor and the affected SCADA system owners and operators. Later, in April 2011, ICS-CERT received reports of 75 control system devices that were accessible through the Internet. Most of the devices were in the water sector. The control system owners and operators were notified. Many of these control systems had their remote access configured with default login credentials.

With the spread of more and more stories about the vulnerability of water and wastewater utility SCADA systems to cyberhacking, utilities across the United States would be wise to tighten their security protocols for these systems.

Michael Arceneaux, managing director of the Water Information Sharing and Analysis Center (WaterISAC; Washington, D.C.) said many of them are. “SCADA security has definitely improved across the board,” he said. “Utility staff is much more aware of vulnerabilities and the internal measures needed to reduce risk of cybercrime and terrorism.”

But many utilities are still “way behind the power curve these days in terms of what they should be doing,” said Ron L. Booth, vice president at Westin Engineering (Rancho Cordova, Calif.), an engineering firm that specializes in helping clients secure their SCADA systems. “The days are now gone when we could simply say, ‘Make sure you do your vulnerability assessment once a year,’” he added.


Real limitations and imposing threats 

Booth said there are many possible reasons why utilities have fallen behind on SCADA system security. Some systems “were never properly secured,” he explained. “Or, they might be new systems that haven’t been reviewed with proven vulnerability assessment methods. Or they could be systems that were once secure but have been updated, reconfigured, or incrementally changed to a state that puts the system at risk. I suspect that all utilities suffer from that last scenario.”

Some utilities face limitations in what they know and how much they can do.

“It varies, of course, but the limitations that I have typically seen are mostly that of limited knowledge when it comes to the ‘Why?’ part of the reasons for having a sound SCADA security posture,” Booth said. “General managers and directors usually do not understand how vulnerable they are to a cyberattack, but some of them do know the implications of having to operate their plant manually due to a SCADA outage. That’s a good thing.”

Booth also pointed out that there are other instances when utilities have limited staff to the point that they rely on one or two employees or a contractor for their entire SCADA system operation. “That is dangerous from both a continuity of operations standpoint and from an insider-threat point of view,” he said.

But Arceneaux said that despite these hurdles, there are resources utilities can use to help them get better, such as DHS’s cybersecurity vulnerability tool, free training, and free consultations with DHS cybersecurity teams.

Utilities could use all the help they can get, because they can face multiple threats to many of their software systems, Booth said. Control systems for equipment related to the collection and treatment of water and wastewater are vulnerable, he said. So are databases that include such customer data as names, Social Security numbers, and addresses. Databases that include information about utility assets and operations details, such as builds and security measures, also are susceptible, Booth said.

The threats to SCADA systems could come externally from independent coordinated hackers. Booth said many will hack for opportunistic reasons. Some hackers just like the challenge. Others will do it with a purpose in mind. These include well-funded political activist groups, organized crime groups, or nation states, he said. Attacks also can come from internal sources, such as a disgruntled employee or a contractor seeking revenge.

“Based on the way utility SCADA systems are typically built, I would say that you always have the greater threat from an insider in terms of attack, especially if you factor in which kind of attack could cause the most damage,” Booth said.

But Booth pointed out that it is not that difficult for a SCADA system to be compromised by an external attack even though the system is not Internet-facing. “There are hundreds of utilities that do not allow remote access to their SCADA, which is good,” he said, “but what’s being done to ensure that there are not rogue wireless networks connected to devices that connect to your SCADA system?”

Booth said viruses could also be transferred to these computers through seemingly benign flash drives.


Closing the gates and putting up firewalls 

To combat the chances of compromising SCADA systems, ICS-CERT has some security recommendations for control system owners and operators. In addition to using the DHS Control System Security Program’s cybersecurity evaluation tool to determine where improvements can be made, owners and operations should take the following steps:

  • Minimize network exposure for all control system devices by not making them accessible by Internet.
  • Place control system networks and devices behind firewalls and isolate them from the business network.
  • If remote access is required, use secure measures, such as virtual private networks, recognizing that such networks are only as secure as their connected devices.
  • Remove, disable, or rename any default system accounts wherever possible.
  • Implement account lockout policies to reduce the risk from brute-force attacks.
  • Implement policies requiring the use of strong passwords.
  • Monitor the creation of administrator-level accounts by third-party vendors.

Booth also has some of his own recommendations. He said utilities should educate their employees to make them more aware of possible threats.

“Set up extensive countersocial engineering training,” he said. “[For example], if someone calls out of the blue asking an employee for their system password, they should call IT [the information technology department] first to confirm who that person is.” Booth said cybersecurity also should be included in all risk management planning, utilities should set up and conduct extensive penetration testing, and utilities should ensure that they have a SCADA-specific emergency response plan that considers any mutual-aid agreements with neighboring utilities.

“You can run a plant manually, but staffing has gone down a lot since the advent of SCADA systems,” Booth said. “You need mutual-aid agreements to have additional people on hand to operate equipment.”

Overall, to better educate water and wastewater utilities about cybersecurity, the industry could benefit from “more security grants that will enable utilities to get the help that they need to deal with cyberthreats,” Booth said. These grants would also address the utilities that do not have the in-house capability to properly fund security measures.

Booth pointed to the heyday of cybersecurity funding for utilities as evidence of how government dollars aid in supporting tighter security measures. He said that in 2002, the U.S. Environmental Protection Agency gave grants to utilities with customers of 100,000 or more to do vulnerability assessments and to put cybersecurity emergency response plans in place. “They were mandated to do these assessments and were advised to do it every 5 years after, but very few do,” he said.

Booth said utilities also would benefit from more tools to conduct gap analysis to better understand how vulnerable they are, as well as webinars where utility management can go to find out what the latest trends are for cyberthreats and what the best practices are for dealing with them. “Do the same type of seminar, but [make it] more technical in nature for the IT staff,” he said.


— LaShell Stratton-Childers, WE&T  

A new stealth virus

In information technology circles, the stealth virus Stuxnet casts a long shadow. Stuxnet is the computer virus that sabotaged Iran’s nuclear program. The cyberattack on Iran is believed to be the product of collaboration between the U.S. Central Intelligence Agency, Great Britain’s MI6, and Israel’s Mossad. According to a March 3 Agence France–Presse article, Stuxnet targets computer control systems made by Siemens (Berlin and Munich) that commonly are used to manage water supplies, oil rigs, power plants, and other critical infrastructure.

Though it gained prominence because it was used in cyberespionage, Stuxnet also poses a serious threat to utilities, said Ron L. Booth, vice president at Westin Engineering (Rancho Cordova, Calif.). He explained that the virus works by targeting specific programmable logic controllers, the digital computers that control equipment. He estimates 75% of all water and wastewater utilities use the same type of programmable logic controller. If attacked by the Stuxnet virus, water pumps and water hammers could malfunction, Booth said. “It could lead to pipe bursts and have huge implications,” he said.  


©2012 Water Environment Federation. All rights reserved.