OCWA—Central New York’s Water Authority—considers the resiliency of its water system a high priority.  As such, we have conducted risk and resiliency assessments of our facilities for nearly 20 years.

While OCWA and other public water systems across New York State have been conducting such assessments for years, the United States Environmental Protection Agency (USEPA) instituted a requirement in 2018 that all U.S. water systems serving over 3,300 people complete an assessment every five years.

The USEPA set a nationwide compliance schedule based on the size of a water system, with those serving over 100,000 people (OCWA serves 500,000 consumers) being required to complete and certify completion in 2020.  The USEPA required that the evaluation incorporate the following six elements:

  1. the risk to the system from malevolent acts and natural hazards;
  2. the resilience of the pipes and constructed conveyances, physical barriers, source water, water collection and intake, pretreatment, treatment, storage and distributions facilities, electronic, computer, or other automated systems (including the security of such systems) that are utilized by the system;
  3. the monitoring practices of the system;
  4. the financial infrastructure of the system;
  5. the use, storage or handling of various chemicals by the system; and
  6. the operation and maintenance of the system.

In the case of OCWA, we only needed to modify our methods and program to meet the new requirements.  Our assessments are designed around the national water industry standard known as J100-10 (Risk and Resilience Management of Water and Wastewater Systems) developed by the American Water Works Association (AWWA).

We utilize IBM’s Maximo asset and project management software to manage all our data and analysis related to risk and resiliency of our water system.  This allows us to seamlessly and in real-time synchronize multiple streams of data to continuously evaluate our risks and implement/track countermeasures designed to reduce them.

The J100-10 standard involves the following seven (7) integrated steps:

1.  System/Site Asset Characterization

 The purpose of asset characterization is to determine the assets that, if compromised by malevolent, accidental, or natural hazards, could result in prolonged or widespread service interruption or degradation, injuries, fatalities, detrimental economic impact, or any combination thereof. Ultimately, asset characterization produces a list of critical assets that must be considered in subsequent steps. The J100-10 standard requires a six-step approach to characterizing assets:

  1. Identify the mission or critical functions of the utility to determine which assets perform or support the mission or critical functions.
  2. Identify a list of potentially critical assets.
  3. Identify the critical internal and external supporting infrastructures.
  4. Identify and document existing protective countermeasures and mitigation measures/features.
  5. Estimate the worst reasonable consequences resulting from the destruction or loss of each asset, without regard to the threat. The consequence metrics include the potential for fatalities, serious injuries, and major economic losses to the facility or the community it serves, impacts to the environment, loss of public confidence, and/or inhibiting the effective function of national defense or civilian government at any level.
  6. Prioritize the critical assets using the estimated consequences from step 5. Identify critical assets by screening the prioritized list using criteria relevant to the decisions to be made.

OCWA’s critical assets requiring vulnerability assessment are grouped into one of three general categories:

  1. Physical barriers, treatment, storage and distribution, electronic computers, and other automated systems,
  2. Pipes, and
  3. Water sources and collection.

For our piping system, OCWA maintains a detailed GIS-based inventory. Valves, meters, hydrants, and other associated assets are also tracked via specific geographic sites.  Sites are grouped into pressure zone systems or transmission main systems, which determines the countermeasures that should exist to help protect them and additional criteria to be assessed as part of the assessment.

OCWA tracks all three of our water sources (Otisco Lake, Lake Ontario and Skaneateles Lake) via our Maximo system. Each water source, including surface water, ground water, and interconnects, is considered a separate site and has its own vulnerability strategy.

2.  Threat Characterization

After evaluating and grouping all our assets, OCWA next characterizes the threats against those assets.  Referencing the J100-10 standard, we utilize an “all-hazards” approach to threat characterization. The following types of threats are evaluated: man-made hazards or accidents; natural hazards; and dependency hazards (interruptions of supply chains or proximity to dangerous sites).

3.  Consequence Analysis

The third step in the risk and resiliency evaluation process is to identify the worst reasonable consequences that can be caused by the specific threats on the asset sites identified in the prior steps. The consequence analysis estimates the results of threat scenarios using common quantitative metrics that include evaluating human, facility and financial impacts.

In addition to these criteria, OCWA adds additional criteria we feel are more representative to the true consequence of losing a large water system asset, regardless of the cause of the event. The additional criteria are applied based on the asset site type.

4.  Threat Analysis

This step involves estimating the likelihood of a malevolent event, dependency/proximity hazard, or natural hazard. For example, how likely is Central New York to be hit with an ice storm vs. a hurricane?  OCWA has estimated the likelihood or frequency of all hazards and threats at each of their assets/sites.  OCWA considers all elements of the J100-10 requirements when assessing the likelihood of threats, including the attractiveness of specific targets to malevolent actors.

5.  Vulnerability Analysis

In this step, OCWA analyzes the ability of each critical asset and its protective systems to withstand each specified threat. OCWA performs our vulnerability analysis using the following four-step procedure, in compliance with the J100-10 standard:

  • Review pertinent details of the facility construction, systems, and layout. Include countermeasures, mitigation measures, and other impediments to threats, such as topographic, design, and equipment features that provide deterrence, detection systems, and delay features, and local and supporting response measures. Include information on interdependencies, personal interactions, and process flows within the facility. Identify vulnerabilities or weaknesses in the protection system.
  • Analyze the vulnerability of each critical asset or system to estimate the likelihood that, given the occurrence of a threat, the consequences estimated in step 1 result.
  • Document the method used for performing the vulnerability analysis, the worst-reasonable-case assumptions, and the results of the vulnerability
  • Record the vulnerability estimates as point estimates

6.  Risk/Resilience Analysis

The assignment of a risk/resiliency rating to each asset site is the result of this step.   It entails the analysis and aggregation of the likelihood of an undesirable event, the vulnerability of a specific asset to that event and the consequences of that event.  Each asset is assigned a value of between 0 (no risk) to 5 (most risk).

7.  Risk/Resilience Management

 In this final step, OCWA evaluates what options we have to reduce risks and increase resilience.  How much will each asset benefit in reduced risks and increased resilience, and how much will it cost?

As demonstrated above, managing the risk and resilience of OCWA’ expansive five-county water system is not a once-in-every-five-year exercise that, once completed, is put on the shelf.  Rather, it is a continuously evolving and proactively managed process that represents a high priority for Authority management.