ASSESSMENT OF THE BUREAU OF RECLAMATION’S SECURITY PROGRAM

Committee on the Assessment of the Bureau of Reclamation’s Security Program

Board on Infrastructure and the Constructed Environment

Division on Engineering and Physical Sciences

NATIONAL RESEARCH COUNCIL OF THE NATIONAL ACADEMIES

THE NATIONAL ACADEMIES PRESS

Washington, D.C.
www.nap.edu



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page R1
ASSESSMENT OF THE BUREAU OF RECLAMATION’S SECURITY PROGRAM Committee on the Assessment of the Bureau of Reclamation’s Security Program Board on Infrastructure and the Constructed Environment Division on Engineering and Physical Sciences

OCR for page R1
THE NATIONAL ACADEMIES PRESS 500 Fifth Street, N.W. Washington, DC 20001 NOTICE: The project that is the subject of this report was approved by the Gov- erning Board of the National Research Council, whose members are drawn from the councils of the National Academy of Sciences, the National Academy of Engi- neering, and the Institute of Medicine. The members of the committee responsible for the report were chosen for their special competences and with regard for appropriate balance. This study was supported by Contract/Grant No. 05CS811164 between the National Academy of Sciences and the U.S. Bureau of Reclamation. Any opinions, findings, conclusions, or recommendations expressed in this publication are those of the author(s) and do not necessarily reflect the views of the organizations or agencies that provided support for the project. International Standard Book Number-13: 978-0-309-12527-7 International Standard Book Number-10: 0-309-12527-8 Additional copies of this report are available from the National Academies Press, 500 Fifth Street, N.W., Lockbox 285, Washington, DC 20055; (800) 624-6242 or (202) 334-3313 (in the Washington metropolitan area); Internet, http://www.nap.edu. Cover photographs from top to bottom: Glen Canyon Dam (from the Committee on the Assessment of the Bureau of Reclamation’s Security Program); Hoover Dam at night (from U.S. Bureau of Reclamation); Grand Coulee Dam (from the Com- mittee on the Assessment of the Bureau of Reclamation’s Security Program); Fri- ant Dam (from U.S. Bureau of Reclamation); Folsom Dam (from U.S. Bureau of Reclamation) Copyright 2008 by the National Academy of Sciences. All rights reserved. Printed in the United States of America

OCR for page R1
The National Academy of Sciences is a private, nonprofit, self-perpetuating society of distinguished scholars engaged in scientific and engineering research, dedicated to the furtherance of science and technology and to their use for the general welfare. Upon the authority of the charter granted to it by the Congress in 1863, the Academy has a mandate that requires it to advise the federal govern- ment on scientific and technical matters. Dr. Ralph J. Cicerone is president of the National Academy of Sciences. The National Academy of Engineering was established in 1964, under the charter of the National Academy of Sciences, as a parallel organization of outstanding engineers. It is autonomous in its administration and in the selection of its mem- bers, sharing with the National Academy of Sciences the responsibility for advis- ing the federal government. The National Academy of Engineering also sponsors engineering programs aimed at meeting national needs, encourages education and research, and recognizes the superior achievements of engineers. Dr. Charles M. Vest is president of the National Academy of Engineering. The Institute of Medicine was established in 1970 by the National Academy of Sciences to secure the services of eminent members of appropriate professions in the examination of policy matters pertaining to the health of the public. The Institute acts under the responsibility given to the National Academy of Sciences by its congressional charter to be an adviser to the federal government and, upon its own initiative, to identify issues of medical care, research, and education. Dr. Harvey V. Fineberg is president of the Institute of Medicine. The National Research Council was organized by the National Academy of Sciences in 1916 to associate the broad community of science and technology with the Academy’s purposes of furthering knowledge and advising the federal government. Functioning in accordance with general policies determined by the Academy, the Council has become the principal operating agency of both the National Academy of Sciences and the National Academy of Engineering in pro- viding services to the government, the public, and the scientific and engineering communities. The Council is administered jointly by both Academies and the Institute of Medicine. Dr. Ralph J. Cicerone and Dr. Charles M. Vest are chair and vice chair, respectively, of the National Research Council. www.national-academies.org

OCR for page R1

OCR for page R1
COMMITTEE ON THE ASSESSMENT OF THE BuREAu OF RECLAMATION’S SECuRITy PROgRAM JOHN T. CHRISTIAN, Chair, Consulting Engineer, Waban, Massachusetts BILAL M. AyyUB, University of Maryland, College Park GEORGE H. BAkER III, James Madison University, Harrisonburg, Virginia DWIGHT A. BERANEk, Michael Baker, Jr., Inc., Alexandria, Virginia MARk M. HANkEWyCz, The Protection Engineering Group PC, Chantilly, Virginia JEREMy ISENBERG, Weidlinger Associates, Inc. (retired), Atherton, California L. MICHAEL kAAS, U.S. Department of the Interior (retired), Arlington, Virginia DAVID A. kLINGER, University of Missouri, St. Louis RICHARD G. LITTLE, University of Southern California, Los Angeles JOHN A. McCARTHy, kamal Advisory Services LLC, Dubai CHARLES I. McGINNIS, U.S. Army Corps of Engineers (retired), Charlottesville, Virginia kARLENE H. ROBERTS, University of California, Berkeley RANDy ROSSMAN, Miami-Dade Police Department, Miami, Florida CRAIG D. UCHIDA, Justice & Security Strategies, Silver Spring, Maryland Staff LyNDA STANLEy, Director kEVIN LEWIS, Senior Program Officer DANA CAINES, Financial Associate v

OCR for page R1
BOARD ON INFRASTRuCTuRE AND THE CONSTRuCTED ENVIRONMENT DAVID J. NASH, Chair, Dave Nash & Associates, Washington, D.C. JESUS de la GARzA, Virginia Tech, Blacksburg REGINALD DesROCHES, Georgia Institute of Technology, Atlanta DENNIS DUNNE, dddunne & associates, Scottsdale, Arizona BRIAN ESTES, U.S. Navy (retired), Williamsburg, Virginia PAUL FISETTE, University of Massachusetts, Amherst LUCIA GARSyS, Hillsborough County, Florida THEODORE C. kENNEDy, BE&k, Inc., Birmingham, Alabama PETER MARSHALL, Dewberry Company, Norfolk, Virginia DEREk PARkER, Anshen+Allen Architects, Inc., San Francisco, California JAMES PORTER, E. I. du Pont de Nemours and Company, Wilmington, Delaware E. SARAH SLAUGHTER, Massachusetts Institute of Technology, Cambridge WILLIAM WALLACE, Rensselaer Polytechnic Institute, Troy, New york Staff LyNDA STANLEy, Director kEVIN LEWIS, Senior Program Officer DANA CAINES, Financial Associate vi

OCR for page R1
Preface M alicious acts intended to cause the failure of a major dam or dams are a threat to the nation and its citizens. Nearly 7 years ago, on September 11, 2001, 19 determined individuals took control of four airplanes with hundreds of passengers aboard and crashed the planes into the World Trade Center in New york City, the Pentagon in Washington, D.C., and a field in Pennsylvania, all within a matter of hours. In seeking to determine how these attacks could have happened, the 9/11 Commission found that the lack of preparedness was the result of an underlying “lack of imagination” on the part of the U.S. security enterprise. The commission concluded that although the 9/11 attacks were a shock, they should not have come as a surprise. It is tempting to assume that, because no dams have yet been com- promised by international terrorists or domestic extremists, it cannot someday happen. In the United States today more than 79,500 dams are used to control flooding and provide power and water for a variety of uses, and many would become significant hazards if they should fail. Some hold back millions of gallons of water, which, if unleashed in an uncontrolled way, could rush downstream and destroy lives, property, and communities. Thirty-two years ago, the failure of the Teton Dam changed how the nation managed, inspected, and invested in dams. Following the 9/11 attacks, the physical assurance of dams took on new importance. Now the owners and operators of dams find they need to change the ways they identify threats to and vulnerabilities of dams, manage risk, and imple- vii

OCR for page R1
viii PREFACE ment measures to protect dams from security-related failures. The owners and operators of large dams, including the U.S. Bureau of Reclamation, the U.S. Army Corps of Engineers, the Tennessee Valley Authority, and others, have recognized the potential consequences of an intentionally caused dam failure. They are consequently redefining their concept of stewardship and responsibility for their infrastructure to include physi- cal security. At the request of the U.S. Bureau of Reclamation, the National Research Council (NRC) appointed a multidisciplinary committee of 14 experts to assess Reclamation’s security program and determine its level of preparedness to deter, respond to, and recover from malicious threats to its physical infrastructure and to the people who use and man- age it. The committee held four meetings, and subgroups of committee members and NRC staff visited all five of Reclamation’s regions and the Hoover, Shasta, Folsom, Glen Canyon, and Grand Coulee dams, among others. The committee held briefings and discussions with Reclamation’s senior executives, program managers, regional directors, and area staff; Reclamation contractors and partners; and representatives of other federal agencies involved in dam security. The committee appreciates the excep- tional cooperation, support, and insights provided by all of the Reclama- tion staff with whom it met. The committee also appreciates the support and insights of Reclamation’s partners and its fellow federal agencies. The committee’s report is organized into five chapters. Chapter 1, “Context,” describes Reclamation’s security challenges, the history of its security program, previous reviews of that program, and the committee’s approach for addressing the statement of task. Chapter 2, “Description of Reclamation’s Security Program,” describes the program’s organizational structure, the major responsibilities of the security, law enforcement, and emergency management offices, and the resources available to implement security-related activities. Chapter 3, “Assessment of Reclamation’s Security-Related Processes,” contains the committee’s observations and findings on Reclamation’s physical security, law enforcement, and incident response processes, functions, and expertise, its organizational structure, and its working relationships. Chapter 4, “Future Plans,” contains the committee’s observations and findings on the development of a robust, sustainable security program. Chapter 5, “Conclusions and Recommendations,” contains the com- mittee’s conclusions and its recommendations for improvement based on its observations and findings. Although this report focuses on the Bureau of Reclamation, the security-related challenges described are not unique to that organiza- tion. Other owners and operators of large dams, including the U.S. Army

OCR for page R1
ix PREFACE Corps of Engineers, the Tennessee Valley Authority, other federal agen- cies, states and localities, water and power authorities, and private-sector corporations, must grapple with similar challenges and find ways to meet them. Each of these organizations has its own history, culture, organiza- tional structure, and physical location. The committee did not extend its investigations to consider security issues beyond the Bureau of Reclama- tion because time and resources were limited and because its mandate and authority extended only to the Bureau of Reclamation. Nevertheless, it believes that the nation would benefit from cooperation among the dam-owning organizations to ensure the security of their dams and the safety of the public. The public and private effort to develop guidelines and tools for protecting the nation’s dams being led by the Department of Homeland Security is one way of doing this. Indeed it may be that a comprehensive review of the security of the nation’s dams is called for. The committee hopes this report will contribute not only to the continued development of Reclamation’s security program but also to the national dialogue on how best to ensure the physical security of the nation’s dams and the people who rely on them for water and power. John T. Christian, Chair Committee on the Assessment of the Bureau of Reclamation’s Security Program

OCR for page R1

OCR for page R1
Acknowledgments T his report has been reviewed in draft form by individuals chosen for their diverse perspectives and technical expertise, in accordance with procedures approved by the National Research Council’s (NRC’s) Report Review Committee. The purpose of this independent review is to provide candid and critical comments that will assist the institution in making its published report as sound as possible and to ensure that the report meets institutional standards for objectivity, evidence, and responsiveness to the study charge. The review comments and draft manuscript remain confidential to protect the integrity of the deliberative process. We wish to thank the following individuals for their review of this report: Shawn Fenn, Ecology and the Environment Inc., James Fetzer, James Fetzer & Associates, LLC, Gerald E. Galloway, Jr., University of Maryland, Henry J. Hatch, U.S. Army Corps of Engineers (retired), Michael Hightower, Sandia National Laboratories, James H. Lambert, University of Virginia, and Terrence P. Ryan, CPP, Raytheon. Although the reviewers listed above have provided many construc- tive comments and suggestions, they were not asked to endorse the con- clusions or recommendations, nor did they see the final draft of the report before its release. The review of this report was overseen by M. Granger xi

OCR for page R1
xii ACKNOWLEDGMENTS Morgan, Carnegie Mellon University. Appointed by the NRC, he was responsible for making certain that an independent examination of this report was carried out in accordance with institutional procedures and that all review comments were carefully considered. Responsibility for the final content of this report rests entirely with the authoring committee and the institution. The committee also acknowledges and appreciates the contribution of the members of the Board on Infrastructure and the Constructed Environ- ment (BICE) of the NRC. BICE was established in 1946 as the Building Research Advisory Board. It brings together experts from a wide range of scientific, engineering, and social science disciplines to discuss poten- tial studies of interest, develop and frame study tasks, ensure proper project planning, suggest possible reviewers for reports produced by fully independent ad hoc study committees, and convene meetings to examine strategic issues. The board members were not asked to endorse the committee’s conclusions or recommendations or to review the final draft of the report before its release.

OCR for page R1
Contents SUMMARy 1 1 CONTEXT 14 Reclamation’s Security Challenges, 16 Teton Dam Failure and Reclamation’s Response, 19 History of Reclamation’s Security Program, 21 Previous Reviews of Reclamation’s Security Program, 24 Statement of Task, 26 The Committee’s Approach, 27 References, 28 2 DESCRIPTION OF RECLAMATION’S SECURITy PROGRAM 29 Security, 32 Law Enforcement, 38 Incident Response Management, 45 Information and Information Technology Security, 47 Resources and Funding, 48 References, 49 3 ASSESSMENT OF RECLAMATION’S SECURITy-RELATED PROCESSES 50 Security Assessments and Risk Management, 51 Personnel Security, 55 Facility Security Plans, 56 xiii

OCR for page R1
xiv CONTENTS Incident Response, 58 Exercises and Training, 63 Intelligence Gathering and Dissemination, 65 Working Relationships, 66 Expertise, 68 References, 70 4 FUTURE PLANS 71 Senior Management Support and Commitment, 72 Resources, 74 Performance Measurement, 75 Methods for Capturing, Disseminating, and Implementing Lessons Learned, 78 A Vision and a Long-Term Plan for a Sustainable Program, 79 References, 82 5 CONCLUSIONS AND RECOMMENDATIONS 83 Conclusions, 83 Recommendations, 84 A Risk Management Approach, 85 An Integrated Security Plan for Each Facility, 87 Policies and Operational Guidance for key Aspects of the Program, 92 A Collaborative Operating Environment, 95 Senior Management Support and Commitment, 98 Adequate Resources, 99 Performance Measurement, 101 A Method for Disseminating Lessons Learned, 102 A Vision and a Long-Term Plan, 103 References, 104 APPENDIXES A Biographies of Committee Members 107 B Briefings to the Committee and Discussions 114 C Two Approaches to Risk Assessment for Dams 120

OCR for page R1
Acronyms ASCE American Society of Civil Engineers BLM Bureau of Land Management BOR Bureau of Reclamation CAPRA Critical Asset and Portfolio Risk Analysis CFR comprehensive facility review CIO chief information officer COOP continuity of operations plan CSR comprehensive security review DHS Department of Homeland Security DOI Department of the Interior DTRA Defense Threat Reduction Agency EAP emergency action plan ECQ executive core qualification EOC emergency operations center FBI Federal Bureau of Investigation FEMA Federal Emergency Management Agency FOUO for official use only FPS Federal Protective Service xv

OCR for page R1
xvi ACRONYMS HSEEP Homeland Security Exercise and Evaluation Program HSPD Homeland Security Presidential Directive ICS incident command system IED improvised explosive device IMARS Incident Management and Reporting System JTTF Joint Terrorism Task Force LEA law enforcement administrator MC mission critical MMC major mission critical MOU memorandum of understanding MSRA Matrix Security Risk Assessment NCI national critical infrastructure NEP National Exercise Program NIMS National Incident Management System NIPP National Infrastructure Protection Plan NRC National Research Council NRF National Response Framework NRP National Response Plan OLESEM Office of Law Enforcement, Security, and Emergency Management OMB Office of Management and Budget OVI occurrence, vulnerability, importance PART Program Assessment Rating Tool PE project essential PEMO Program and Emergency Management Office PFR periodic facility review PIV personal identity verification PSR periodic security review RAM–D Risk Assessment Methodology–Dams RSA regional special agent RSO regional security officer SAT security advisory team SCADA supervisory control and data analysis

OCR for page R1
xvii ACRONYMS SSLE Security, Safety, and Law Enforcement TSC Technical Services Center USACE U.S. Army Corps of Engineers

OCR for page R1