Introduction

Every day, the New York City water system delivers millions of residents over one billion gallons of water through a network of three lakes, 19 reservoirs and miles of aqueducts and tunnels (Hu). This water, some sourced over 100 miles north of Manhattan, almost entirely avoids filtration plants, instead it is rigorously tested and delivered (unfiltered) to city taps (Hu). Should this massive system face pathogenic disruptions, especially if combined with another crisis like the current outbreak of COVID-19, it could cause mass societal breakdown. For years, water systems in New York City and elsewhere have faced biosecurity threats in both digital and physical forms. From tampering with chemical additives dispersed by increasingly digital systems, to attempts to deposit chemicals in the water supply, there is a clear need for better protections of large water systems. In order to address this key capability gap in biosecurity, I propose a three-pronged policy approach that would take the form of a new executive order to advance national water protections, similar to existing Homeland Security Presidential Directives seven and nine (EPA). Homeland Security Presidential Directives are issued by the president on matters pertaining to homeland security (EPA). To better protect water resources from bioterrorism, this executive order would expand Early Warning Systems and public health knowledge, and promote digital and physical defenses of water supply systems, all of which can help protect the general population from waterborne terrorist attacks.

Context, definitions and history

In order to conceptualize the urgency for increased protections against waterborne attacks, let me first turn to historical incidents of attempted attacks on various water supply systems, as well as an example of the danger of waterborne disease in such systems.

Before diving into these examples, it is critical to clarify that it is unlikely that any large water supply system (like New York City’s) could be contaminated through the addition of a single pathogenic super-agent (Gleick 483). In fact, such attacks would likely be identified by existing water quality control checks at various points outside of the city limits (Worth). However, even terrorist attacks which fail to kill or injure large numbers of people can have important political ramifications, including sowing widespread fear and anxiety and eroding popular trust in public infrastructure (Gleick 483). Inherent in any “terrorist” attack is a desire to stir up widespread fear, regardless of real physical impact. Designing strategies to prevent such attacks, then, is a meaningful and worthy public investment — helping to mitigate fear and panic in addition to the low, but existing, risk of actual harm on the population. In addition, in studying this topic, it has become clear to me that any national actions on preventing biosecurity threats in water supplies could garner enough media attention to inspire such attacks. However, I think the government would be remiss to abandon important preparation and defense strategies, even in light of the risk of publicity.

Attacks on water systems go back over 4,500 years, and take on military, geopolitical or social motivations (Gleick 485). In keeping with New York as an example of a large water system at risk, there have been a variety of discovered plots to attack its system. For example, in 1985, law enforcement authorities discovered that a small survivalist group in the Ozark Mountains of Arkansas known as The Covenant, the Sword, and the Arm of the Lord had acquired a drum containing 30 gallons of potassium cyanide, with the apparent intent to poison water supplies in New York and other major cities (487). A decade earlier, in 1972, two members of the right-wing “Order of the Rising Sun” were arrested in Chicago with 30-40 kg. of typhoid cultures that were allegedly to be used to poison the water supply in Chicago, St. Louis and other cities (486). Though both of these thwarted plots were unlikely to cause major harm given dilution and chlorination efforts (respectively) in major municipal water systems, they hint at both historical precedent for attacks on water systems and serve to inform today’s ever-tech savvier attackers of the do’s and don’t’s of waterborne terrorism.

In the vein of cyberterrorism, as water systems and technology find themselves increasingly intertwined, there have been attempts to maliciously overwhelm such technologies. In 2000 in Australia, police arrested a man for using electronics (including a computer and radio) to take control of the Maroochy Shire wastewater system and release sewage into parks, rivers and property (Gleick 488). Just two years ago, the special agent in charge of the F.B.I.’s New York Special Operations and Cyber Division released an op-ed subtitled “America’s water supply is increasingly digitized, and increasingly vulnerable” (Mahairas). In the piece, he and a co-author explain that until recently, water systems were physically separated from the internet and from computer systems (Mahairas). However, in recent years, water systems working on modernizing their purification, distribution and maintenance, and their industrial control systems have started to lose this gap between operation and digitization (Mahairas). In 2013, Iranian hackers gained unauthorized access to a dam in Rye Brook, N.Y., just twenty miles north of New York City (Connor). Though they did not cause any damage, the risk was present (Connor). According to another article, if a successful assault occurs at New York’s Hillview Reservoir it could be a catastrophic event for the city (Worth). In the article, one expert said: “One could argue it [Hillview Reservoir] should be protected like Fort Knox, but at present it does not even have the security of a 7-Eleven” (Worth). In 2016, Syrian hackers attacked an American water district’s industrial control systems, and managed to manipulate the system to alter the amount of chemicals that went into the water supply (Mahairas). Later in this paper, I will present possible preventative measures to such attacks as part of the three-pronged approach to water defense.

Lastly, it is key to turn to an example of what an infected water supply can look like in terms of human suffering and financial damage (examining natural outbreaks, given a waterborne terrorist attack of the same scale has not occurred in the United States). The large outbreak of cryptosporidiosis in Milwaukee, Wisconsin, in 1993 is an example of how contaminated water distributed through a municipal water system can result in significant medical, public health, and economic consequences in a community (Meinhardt 214). In this case, an estimated 403,000 Milwaukee residents developed diarrhea, which reflected an attack rate of 52% of the population served by the affected municipal water system (214). In addition, more than 4,000 Milwaukee residents were hospitalized during the waterborne outbreak, andcryptosporidiosis was listed as the underlying or contributory cause of death in 54 residents following the outbreak (214). Investigators estimate that 725,000 productive days were lost as a result of the water contamination event, at a cost in excess of $54 million in lost work time or additional expenses to residents and local authorities in Milwaukee (214). In 2000, the municipal water supply of Walkerton, Ontario, was contaminated with E. coli, resulting in 2,300 symptomatic residents and 7 deaths attributed to the waterborne disease outbreak (214). Current estimates of the total cost of the Walkerton Ontario, waterborne disease outbreak and municipal water contamination event have reached $155 million (215). Both of these examples from Meinhardt’s in-depth study highlight, under an academic microscope, the health and financial effects possible during disruptions to a water system. If such events were to be caused maliciously, especially to a large system like New York City, it would clearly harm the health and financial resources of the municipality.

Three-pronged approach, approach one and two: EWS and public health measures

A wide body of scholarship shows that improved Early Warning Systems, or EWS, can improve municipalities’ response to biosecurity issues in their water (or food) systems. So, part of any Homeland Security Presidential Directive would include strategies for improved EWS across domestic municipalities. As Foran notes in his study of EWS and the implementation thereof, the resources necessary for the development, installation, operation, and maintenance of an EWS will be substantial; therefore, virtually all of the decisions regarding the EWS must be made at the local or community level (Foran 995). Such EWS would include technology-based and other pre-event (or pre-exposure) management strategies which can be effective deterrents to widespread human exposure to bioweapons, as well as other low-probability/high-impact contaminant events in drinking water supplies, such as the intentional introduction ofCryptosporidium (see “Milwaukee,” above, for a natural example of Cryptosporidium dangers) (993). Of particular note are existing and developing technologies to rapidly detect pathogens in real time, both in source water and water distribution systems (993). Included among these technologies are DNA microchip arrays, immunologic techniques, microrobots, and a variety of optical technologies, flow cytometry, molecular probes, and other techniques (993). Also of consideration would be the type of EWS to install (and its included costs), interpretation of information from the EWS, responses that should occur as a result of a signal from the EWS, and the nature of communications to the affected public (995). The emergency preparedness plan will play a crucial role in many of these decisions, and (see above) there should be significant local involvement in the development of the plan (995). However, funding assistance for EWS development, installation, and operation may be available from both the state and the federal government (995). Foran also notes, regarding the price of implementing such systems, that if the price of false negatives and other issues is less than the benefit of averting true positives, spending on such measures will garner public support (993). Given the importance of local and state action on designing and implementing such systems, an executive order (coupled with federal funding) would provide the key spark in designing such systems.

If the feedback testing associated with EWS does not work sufficiently, or just to complement such measures, it is critical that healthcare providers are well-informed and able to identify patient patterns which may indicate emerging or novel waterborne threats. According to Meinhardt, this can prove difficult since many weaponized biological agents display a significantly different clinical picture when the route of exposure is ingestion (Meinhardt 217). The researcher notes that food and water as a mode of dispersion for weaponized biological agents may confound diagnosis, delay treatment, and impede protective public health measures if epidemiologic investigations and clinical assessments are restricted to evaluation of inhalation and cutaneous routes of exposure alone (217). Meinhardt notes that the first indication of a terrorist attack may be an increased number of patients presenting to their health care provider or hospital emergency department with unusual or unexplained illness or injury (230). She notes that one method to monitor epidemiological trends and search for biosecurity threats is to employ syndromic surveillance, which utilizes the recognition of characteristic signs and symptoms of large groups of presenting patients usually at hospital emergency departments (231). Meinhardt also argues that providing access to constantly updated and credible clinical information could help most health care providers and public health practitioners to rapidly evaluate, manage, and prevent disease resulting from exposure to biowarfare agents (233). Both syndromic surveillance and increased internet resources for healthcare providers would be part of the proposed Homeland Security Presidential Directive.

Three-pronged approach, approach three: digital and physical policy and preparation

To address the digital biosecurity risks such as those highlighted in the preceding section, there exist a variety of strategies. In New York City and other large water utilities, that could look like the adoption of a “defense in depth” approach that creates multiple layers of security, instead of relying on passive defenses like antivirus software and digital filters (Mahairas). Utilities can also employ more practical cybersecurity guidance from federal agencies, such as hardware measures like single-direction gateways that prevent the inward flow of information (Mahairas). Last, utilities need to trust the government channels available to them to report attacks, using resources like the Department of Homeland Security’s national Risk Management Center to organize private and public sector defense of key infrastructure (Mahairas). All of these digital protection strategies (including those designed to build trust) would be included in the proposed Homeland Security Presidential Directive. On the physical side, water resources such as New York City’s upstate reservoirs and web of interconnected water mains and pipes have a variety of weak points. In his analysis of Polish water systems, Chudzicki identifies both critical points in a water system, measures taken to physically protect them, and a three-level plan which can be implemented in the event of a major disruption (Chudzicki). As a precursor to the three-level preparations plan he proposes, Chudzicki highlights the importance of physical fencing and surveillance of junctures in the water system (5). Though municipalities like New York do perform security checks on their resources, including fly-overs of upstate reservoirs and constant chemical monitoring, the proposed Homeland Security Presidential Directive would emphasize the need for similar security measures across the nation (Worth). Chudzicki also highlights that geodetic data showing individual underground utility components (technical infrastructure), including the information about water supply network elements, is widely available on geodetic websites and in public and private sources (Chudzicki 9). The proposed Homeland Security Presidential Directive would call to strike such data from public sources, making it harder for the general populace and malicious actors therein to access geodetic information about water systems. In order to placate criticism from champions of information freedom, such data could be accessible through petition and review to local or state governing bodies. In limiting public access to data such as entry points, junctions and pipe networks, the government would help thwart physical attacks on water systems. One 2001 article, written in the wake of the Sept. 11 attacks in New York City, highlighted the physical inadequacies of the New York system (which can be reasonably inferred to be mirrored in municipal systems elsewhere) (Worth). In the article, city officials disclosed that staffing was lacking for patrol of the New York municipal water system (Worth). In addition, New York City police have limited jurisdiction over the watersheds which feed New York, because they lie outside of city limits (Worth). The Homeland Security Presidential Directive would address these concerns, outlining regulations to increase hiring of staff to patrol water systems, and ensuring extended jurisdiction for a municipality’s police and environmental forces over the watersheds which supply their respective constituents.

Lastly, on the physical protections side, Chudzicki highlights a three step preparations plan in the event of water system disruptions; this plan would be incorporated into the Homeland Security Presidential Directive (Chudzicki 10-11). In Variant (scenario) I, a disruption which would last up to 48 hours, water would be supplied to municipality inhabitants by means of tank trucks with non-potable water for domestic use and distribution of drinking water (11). In Variant II, a water supply failure between 2 days and 4 weeks, temporary water tanks supplied with clean water from non-disrupted sources would provide residents with essential water (11). In Variant III, a water supply failure between 1 month and 1 year, strategies included in the Homeland Security Presidential Directive would include preparations to distribute bottled packaged water, use fragments of water supply networks as underground reservoirs, or drill new wells to create alternative water intakes (12). These policy changes and preparation strategies would better prepare domestic municipalities for attacks on their water supply.

Conclusion

The new Homeland Security Presidential Directive which I propose would take three different approaches to improving domestic preparation for bioterrorism in municipal water supply systems. These three prongs are improved Early Warning Systems, better public health measures, and increased physical and digital defense mechanisms. The approaches I suggest can also be applied to other countries’ municipal water systems, through whichever legislative processes are best aligned with the United States executive order process. In this paper, I examine the strategic value of implementing these recommendations (which include preparedness to minimize harm to the general population in a terrorism event), but in further research detailed financial calculations would need to be made to better highlight the cost, benefits and risks of such an executive order. I also identify biosecurity threats to water as the most serious problem in biosecurity because water systems sustain every member of society, and especially when coupled with another attack or threat, can cause widespread disruption. Further research on this subject would also look into the toxins, like those Meinhardt identifies, which can cause such disruptions — and explore cures and treatments (Meinhardt 224-228). Executive orders are highly feasible pieces of legislation: they require no public deliberation and can inspire national action immediately. Circling back to the introduction, given that millions of New Yorkers wake up each morning and reach for their unfiltered taps, it is imperative to address the real risk of biosecurity in this (and other) water systems in order to keep citizens safe.

Works Cited