Water Utilities

Part
01
of nine
Part
01

Water Utilities and Cyber Security: Overview

The US Department of Homeland Security, the Federal Bureau of Investigation, US Environmental Protection Agency, and the American Water Works Association are some entities and infrastructure in place to protect the US water utility industry from cyber threats. The top three concerns identified by the US government threatening the cyber security of the industry are spearphishing emails, watering hole domain attacks, and credential gathering, or identity theft.

Top Cyber Concerns

  • According to the American Water Works Association and the US Department of Homeland Security, the top concerns faced by the water utility industry when it comes to cybersecurity are spearphishing emails, credential gathering, and watering hole domains, which can lead to other concerns like having the industrial control system (ICS) targeted, reconnaissance of network and opensource, and host-based exploitation.
  • Spearphishing is a cyberattack targeted towards an individual in specific, through emails that seem legitimate, and from a valid account, usually inviting the person to open a link to inject malware in the network.
    • The spearphishing email attack is one of the most common forms of cyberthreat, it affects 84% of the organizations in the US, and each attack implicated loses of up to $1.6 million in 2015, and only continues to grow.
  • Watering hole domain attacks: In this method, the attacker targets a group pf users identifying the websites they use more often, like information databases and websites of the organization.
    • The attacker adds malware to the website, so the group becomes infected when they use it or login, affecting the network, stealing their credentials, or other confidential information.
  • Credential gathering: This is one of the riskiest forms of cyberattacks that threatens the water utility industry. By getting access to internal credentials, attackers can obtain internal information, navigate the network, manipulate the system, alter various operations, and cause other issues.

Impact of Cyber Threats

  • A cyberattack in the US water utility industry can implicate negative consequences like manipulation and blocking of the ICS, affect the operations of flow and valve, malware attacks towards confidential information, manipulation of chemical treatment, attempts to destroy other operations, etc.
  • It can also implicate harm to public safety and health, loss of budget for recovery efforts, impact national security, and data loss.
  • There are also some cyber attacks dedicated to contaminate the water, create service outages, and cause operational malfunctions, which at the same time can lead to other casualties, illnesses, affect the response capacity of firefighters, food supply, health workers, and transportation systems.

Actions Taken to Protect from Cyber Threats

  • Due to the risk and costly consequences a cyberattack can have in the industry and the country, all water utility entities need to take responsibility and adopt measures that protect their networks and systems from attacks.
  • Based on the information provided by the DHS and the FBI, one of the first steps all water utility companies must take is adopting multi-factor authentication, as it requires an additional piece of information to access the system.
  • The DHS also requested all water utility companies to protect the public-facing network devices, and the ones accessed through residential connections, and by small businesses, increasing access security, and antivirus protection, keeping vendor accesses and software updated and removing any equipment that is no longer being monitored by vendors or manufacturers.
  • Additionally, to ensure all companies are creating cybersecurity plans and taking the necessary measures to respond, detect, and prevent cyber threats, the government can apply penalties of millions of dollars.
  • EPA has also assigned a committee of experts from private companies, federal, and state agencies in the water industry to develop and evaluate cybersecurity equipment to protect the infrastructure.
  • Other actions taken include the creation of regulations like the Bioterrorism Act of 2002, and official government tools to check cybersecurity, like the Blast Vulnerability Assessment (BVA) tool, the Threat Ensemble Vulnerability Assessment (TEVA), the Sensor Placement Optimization (TEVA-SPOT) tool, and the Water Network Tool for Resilience (WNTR).

Infrastructure

  • The US Department of Homeland Security and the Federal Bureau of Investigation are the government entities and part of the infrastructure in charge of monitoring cybersecurity compliance in the water utility industry and protect it from terrorism, political and financial attacks.
  • At the same time, the Department of Homeland Security works with the US Environmental Protection Agency to define the infrastructure of cybersecurity.
  • The government has also given authorization to many state and federal entities to monitor security concerns in the water utility industry.
  • The EPA Water Security Test Bed (WSTB) will be in charge of researching methods to improve the cybersecurity of the industry.

Research Strategy

A report was presented by the American Water Works Association, the US Department of Homeland Security, and the Federal Bureau of Investigation, government entities in charge of cybersecurity in the US and in the water utility industry, with details of the top concerns and official threats, as well as security actions taken and expected from companies in this industry. With this in mind, we used the official top concerns identified by the government as the top three cyber concerns for the industry.
Part
02
of nine
Part
02

Water Utilities and Cyber Security: Case Studies, Part 1

In March 2018, the Atlanta Department of Watershed Management was crippled by a ransomware cyberattack which disrupted water utilities, courts and other operations of Atlanta. In October 4, 2018, ONWASA reported experiencing a persistent cyberattacks from a virus known as EMOTET which was a polymorphic malware.

Case Study #1: Atlanta Department of Watershed Management

  • The Atlanta Department of Watershed Management manages the essential water utility operations such as drinking water, wastewater, and storm water systems in Atlanta.
  • The Department of Watershed Management is a trusted regional public water utility that serves 1.2 million customers each day.

Description of Cyberattack

  • In March 2018, the City of Atlanta was crippled by a ransomware cyberattack, which disrupted water utilities, judicial courts and other operations of Atlanta.
  • Hackers used a potent computer virus known as SamSam to encrypt large swaths of Atlanta’s water utility data in the attack and demanded a payment of six bitcoins, worth $51,000 at the time, to release the information.
  • The hackers blocked the access to databases, postponed municipal court dates, and stifled the city’s ability to collect some payments for public services.

Impact of the Attack

  • It took a few months for the Department of Watershed Management to recover from the hack. To address the attack, an estimated cost of up to $5 million was spent on recovery efforts.
  • Due to this, the employees with the Atlanta Department of Watershed Management were unable to turn on their work computers or gain wireless internet access for almost a week.
  • Later after two weeks, Atlanta completely took down its water department website "for server maintenance".

How the Company Resolved the Situation

  • The Atlanta Department of Watershed Management mails out water and sewer bills. Moreover, a paper version in the mail is sent even if the customer has registered for electronic billing.
  • In order to maintain discipline amongst customers, the department accepted payment by mail or in-person with a check or money order. Customers were allowed to make payments at Walmart, through Western Union or through their bank’s bill-pay system for the smooth functioning of the process.
  • The department also didn’t charge any late fees due to the inconvenience faced by customers.
  • The Atlanta Department of Procurement lists eight emergency contracts initiated between Match 22 and April 2 with a total value of $2,667,328.
  • The bulk of the expenditures related to incident response & digital forensics, extra staffing, and Microsoft Cloud infrastructure expertise, was spent to get back the system to normal.
  • The city also spent $50,000 on crisis communications services from the firm Edelman, and a further $600,000 on incident response consulting from Ernst & Young to recover the scare.

Plans by the Company to Prevent Future Cybersecurity Issues.


Case Study #2: Onslow Water and Sewer Authority (ONWASA)

  • Onslow Water and Sewer Authority provides water utility services in the state of North Carolina.
  • Onslow Water and Sewer Authority is the 10th largest public water utility in the state of North Carolina that serves over 140,000 customers.

Description of Cyberattack

  • On October 4, 2018, ONWASA started experiencing persistent cyberattacks from a virus known as EMOTET which was a polymorphic malware.
  • Initially, the virus was under control but when it persisted ONWASA brought outside security specialists to work with the Information Technology staff of ONWASA.
  • But then suddenly on October 13, the malware launched a sophisticated virus known as RYUK.
  • The staff took immediate measures to curb the problem but the cryptovirus spread so quickly along with the network that encrypted all databases and files.
  • Ryuk ransomware began attacking the system and destroying all its files.

Impact of the Attack

How the Company Resolved the Situation

  • ONWASA worked with several departments including the Federal Bureau of Investigation, Department of Homeland Security, and the State of North Carolina, and other cybersecurity companies to restore the utility and bring the cyber attackers to justice.
  • ONWASA undertook the painstaking process of rebuilding its database and computer system from the ground up.
  • ONWASA ensured that water and wastewater services to homes and businesses would not be affected in the future.
  • Customers were asked to make credit card payments by phone or at ONWASA’s kiosk locations.
  • Service orders, account creation, connections, disconnections, development review, backflow program, engineering, and human services were all manually done so that any flow of process would not be hampered.

Plans by the Company to Prevent Future Cybersecurity Issues.

  • ONWASA mentioned focusing on the regular upgradation of its database to be more secured from such attacks in the future.
  • ONWASA in collaboration with FBI, Department of Homeland Security, the State of North Carolina, and several cybersecurity companies initiated some preventive measures to mitigate such attacks from happening in the future.

Part
03
of nine
Part
03

Water Utilities and Cyber Security: Case Studies, Part 2

On 29th May 2019, Riviera Beach Water Utility was hit by a devastating ransomware attack that crippled its operations. On 11th February 2019, Fort Collins-Loveland Water and South Fort Collins Sanitation Districts experienced a cyberattack that blocked access to their technical data.

Case Study #1: Riviera Beach Water Utility

  • Riviera Beach Water Utility supplies clean and safe water to over 35,000 residents of Riviera Beach.

Description of the Cyberattack

  • On 29th May 2019, Riviera Beach was hit by a devastating ransomware attack. The attack occurred after an employee in the police department opened an email infected with ransomware. Hackers had released ransomware that paralyzed the computer systems of the police department as well as other local government offices.
  • The ransomware also affected the city’s water utility, thus paralyzing its operations. As a result of the attack, all data was encrypted and operations went offline. The hackers demanded a 65 bitcoin ransom, worth about $600,000 at the time, to restore operations.

Impact of the Attack

  • Riviera Beach Water Utility's computer systems that control pumping stations and water quality systems were compromised, hence affecting all customers. All payment operations were also disrupted.
  • As a result, the utility's pump stations went offline. Further, payments could only be accepted in person or through snail mail.

How the Company Resolved the Situation

  • Initial efforts to resolve the attack involved plans to acquire computers worth $942,000. However, the plans were shelved.
  • A few days after the attack, the city's council unanimously decided to pay the ransom demanded through its insurer. The total amount paid as ransom was $600,000. The city also had to pay an additional $25,000 from its budget to cover for its policy deductible.
  • Two weeks after the attack, the IT department restarted the city’s website and email services. However, the water utility operations were only partially available.

Plan to Prevent Future Cybersecurity Issues

  • To guard against future attacks, Riviera Beach acquired the services of a security contractor and bought a new system.
  • On 4th June 2019, the council authorized the purchase of 310 desktops and 90 laptops and other hardware valued at $941,000. The insurance covered $300,000 of the total cost.
  • It was noted that the existing hardware was at least six years old, making it vulnerable to possible malware attacks.

Case Study #2: Fort Collins Loveland Water and South Fort Collins Sanitation Districts

  • Fort Collins-Loveland Water and South Fort Collins Sanitation Districts provide a full spectrum of water treatment and distribution to citizens and businesses in parts of Loveland, Fort Collins, Windsor, Timnath, and Larimer County in Colorado.
  • The districts supply water and provide water reclamation services to over 45,000 customers in Northern Colorado.

Description of the Cyberattack

  • On 11th February 2019, employees of the Fort Collins-Loveland Water and South Fort Collins Sanitation districts fell victim to a ransomware cyberattack, which denied them access to technical data.
  • They demanded a ransom to restore access. However, the amount of ransom demanded was not disclosed to the public.

Impact of the Attack

  • Fort Collins-Loveland Water and South Fort Collins Sanitation Districts' employees were unable to access the technical data for three weeks. Within this period, the 40 employees could not access the technical information held hostage by the hackers.
  • Matkins also noted that although the attack made life difficult, it did not affect the districts' ability to execute their mandate. Thus, billing and customers’ queries were adequately addressed during the period of the attack.

How the Company Resolved the Situation

  • Fort Collins-Loveland Water and South Fort Collins Sanitation Districts did not pay the ransom demanded. Instead, they sought external assistance from Interpol. Eventually, the Interpol provided a decryption tool that helped unlock the data.
  • After the decryption tool was provided, unlocking the affected files took four days.

Plan to Prevent Future Cybersecurity Issues

  • After the attack, the districts took several measures to prevent future attacks. For example, they acquired the services of a new technology firm, which was charged with the responsibility of checking and strengthening their computer security. They also upgraded staff training on internet and password security as well as other threats such as malware and phishing.
  • The districts also invested in new hardware and software worth over $100,000 to help detect, prevent, and recover from similar future attacks. Matkins said, "We have to make sure we are not only taking care of the hardware and software, but also the people and the behavior side."








Part
04
of nine
Part
04

Water Utilities and Cyber Security: Largest Companies, Part 1

The top 10 largest water utilities in the United States by revenue are the American Water Works Company Inc., Aqua America Inc., California Water Service Group, EPCOR Utilities Inc., Utilities Inc., SJW Group, Golden State Water Company, Middlesex Water Company, Artesian Resources Corporation, and the York Water Company.

1. American Water Works Company Inc.

2. Aqua America Inc.

3. California Water Service Group

4. EPCOR Utilities Inc.

5. Utilities Inc.

6. SJW Group

7. Golden State Water Company

8. Middlesex Water Company

9. Artesian Resources Corporation

10. York Water Company

Research Strategy

We first started our search by looking through various industry reports including Zion Market Research, Research and Markets, and others, where we wanted to find a precompiled list of key players in the United States water utilities industry, but most of these reports provided information about the global market key players. Next, we scanned industry organizations including the National Association of Water Companies (NAWC), American Water Works Association and others, where we wanted to locate a list of water utilities in the United States. We found information about regulated water companies on the NAWC website which states that they are governed by the U.S. Environmental Protection Agency (EPA) and "also highly regulated by state public utility commissions". Since the list of NAWC active members includes around 50 company names, we decided to try to narrow it down, so we scanned various databases such as Hoovers and news articles including GlobeNewswire, WaterWorld, The Business Journals, and others. One of the news articles notes that American Water is the biggest water utility in the United States. We also reviewed The Motley Fool, MarketWatch and other sources that provide financial information about companies where we hoped to find if they published a list of water utilities with their revenue data. Next, we checked which of the previously identified companies are headquartered in the United States and are members of the NAWC. Finally, we found revenues for each water utility and added the top 10 largest companies.
Part
05
of nine
Part
05

Water Utilities and Cyber Security: Largest Companies, Part 2

An overview of what the executive leadership for the top 5 US water utilities is saying about cyber security issues has been provided below, where available.

American Water Works Company Inc.

  • In October 2019, Cheryl Norton, the president of New Jersey American Water reported that "all New Jersey American Water systems that meet the criteria for the standards set by the Water Quality Accountability Act are in compliance. The company is compliant with the cyber security provisions of the act because it "has a robust cyber security program and has submitted it in accordance with the requirements of the law."
  • Effective March 1, 2018, Jeffrey N. Edwards and Admiral James Stavridis were appointed as independent members of American Water Works Company's board of directors. " According to Susan Story, the president and CEO of American Water, Jim would "assist the board with navigating cybersecurity and infrastructure issues as they relate to customer service, strategic planning and business growth."

Aqua America

  • According to a report by Christopher H. Franklin, the Chairman and CEO at Aqua, the company has implemented NIST Cybersecurity Framework in order to "continue to improve, collaborate and stay ahead of any threats to customer security." The framework consists of best practices, guidelines and standards to manage cyber security-related risk, and has proved successful because the company has not had any compromises to customer data.

California Water Service Group

EPCOR Utilities Inc.

Research Strategy

We were not able to find information on what Utility Inc's executive leadership is saying about cyber security issues. We started our research by looking through news sites such as Big Canoe News, Seminole Business and Texas Electric News, among others. However, we could not find any relevant information from these sources. The only information we found was that regarding the services provided.

Next, we checked the company website, specifically the 'Media Room' section, which usually contains any recent news on statements made by company executives. Once again, this effort proved futile as the media room only contained information on recent investments and services, tips offered to customers and recent news in the water industry.

Lastly, we checked the company's social media pages such as Twitter and Facebook, which usually contain recent company developments including statements by executives. However, this strategy did not bear any relevant information because the pages only contain recent developments, holiday announcements and tips to customers.

Part
06
of nine
Part
06

Water Utilities and Cyber Security: Largest Companies, Part 3

Amidst an extensive search through media releases, company annual reports, profiling database sites, and news articles, details about the largest US water utilities talking about cybersecurity do not appear to be available in the public domain. However, the research team was able to gather helpful findings detailed below.

Useful Findings

SJW Group

  • Peter Fletcher is the Senior Director, Cyber-Security, and Networking at San Jose Water or SJW group.
  • In one of his LinkedIn article, Peter Fletcher opines that the CISO (chief information security officer) and Cyber-security team needs to be empowered to protect the business. That empowerment is achieved when they are in a position where they can have input to the decision-making process of the C-suite to ensure that security is part of that process.
  • He also says, members of the C-Suite need to view the CISO and Cyber-Security team as on a par with them, so that company executives take their instructions seriously and act quickly to respond to requests.

Golden State Water Company

  • Wade Heisen, CISSP, and Craig Saffell are the Senior Cybersecurity analyst at Golden State Water Company.
  • American States Water Company is the parent of Golden State Water Company. American States Water Company states that it has implemented security measures and will continue to devote significant resources to address any security vulnerabilities to prevent cyber-attacks.
  • Despite its efforts, the company can not assure that a cyber-attack will not cause wastewater or electric system problems, disrupt service to its customers, compromise relevant data or systems, or result in the unintended release of customer or employee information.

Middlesex Water Company

  • Dennis W. Doll, is the Chairman, President, and CEO of Middlesex Water Company. In June 2019, he served on a CEO Roundtable discussing “Physical Security, Aging Infrastructure and Diversity” at the 2019 Mid-Atlantic Conference of Regulatory Utilities Commissioners (MACRUC).
  • The discussion was around the critical issues impacting the grid of the future and the evolution of the traditional utility business model.
  • He was to address the nexus between physical/cyber-security and infrastructure investment, among other topics.
  • In 2018, Middlesex Water Company participated in Cyber Storm VI, a national-level cyber exercise presented by the Department of Homeland Security, which simulated a cyber crisis of national consequence with impact to water infrastructure.
  • In 2019 the company declared that Strategies and resources to improve resilience, physical and cybersecurity were part of its 'Emergency Response Plan.'

Artesian Resources Corporation

  • Pierre Anderson is the Vice President, Information Technologies at Artesian Resources Corporation.
  • Raymond Kelly is the Director of Information Technology at Artesian Water Company.
  • In its 2018 filing, the company said that it has implemented security measures and will continue to devote resources to address any security vulnerabilities to prevent cyber-attacks.
  • However, the company also anticipated that despite its efforts, a cyber-attack, if it occurred, could cause water or wastewater system problems, disrupt service to its customers, compromise relevant data or systems or result in an unintended release of customer information.

York Water Company

  • In its annual report for the fiscal year ended December 31, 2018, the company believed that it has implemented processes, procedures, and controls to prevent or limit the effect of these possible events, and maintains insurance to help defray costs associated with cybersecurity attacks.
  • It also stated that it had not experienced a material impact on business or operations from these attacks, and the Company does not believe its systems are at materially more significant risk of cybersecurity attacks than other similar organizations.
  • However, the company anticipated that despite the implementation of robust security measures, it could not assure that the insurance will fully cover the costs of a cybersecurity event.

Research Strategy

To find the information about the most extensive US water utilities talking about cybersecurity and the executive leadership of the companies, we first started our search to look into profiles of the person responsible for cybersecurity. Among others, we searched from credible sources, including LinkedIn, PR Newswire, and Business Wire. We located 4 out of 5 companies and tried to examine if there was a discussion about any seminar, event, or panel discussion about cybersecurity. The only information found was relating to Dennis W. Doll, Chairman, President, and CEO of Middlesex Water Company, who had taken part in a roundtable titled "Physical Security, Aging Infrastructure and Diversity." However, no information found on what Mr. Doll might have said as the event did not publish any reports covering the discussion.

Next, we looked into the filings of the company that included shareholder presentation, investor briefing, annual filing, sustainability report, among others. This search included looking at the company website, its investor section, news, and media release section extensively, as well as news sites such as Seeking Alpha, Bloomberg, and Reuters, among others. However, we did not find the specific information, except information about how the companies used some standard statements in their filings. They stated that they had taken mandatory steps to prevent cyber-attacks and also said that they could not assure that cyber-attacks won't ever hurt the company.

Lastly, we looked into the interview, or any report on these companies implementing cyber prevention measures and the writings of these executives on places such as LinkedIn articles and Medium, CISO Mag, SecurityMagazine.com, United States Cybersecurity Magazine, and Cyber Defense Magazine, among others. However, no relevant information could be found presumably because these were companies that were not focused on cybersecurity as a solution and were not providers of any kind.



Part
07
of nine
Part
07

Industrial Water Procurement

After an extensive search, there was no information regarding the internal procurement processes of major industries in the United States. In 2018, the estimated water use by industries in the US was 4.6%. Agricultural and industrial sectors accounted for approximately 90% of direct water withdrawals.

USEFUL INFORMATION

  • According to the U.S. Geological Survey Circular, the estimated water use by industries in the US was 4.6% in 2018.
  • According to the Carnegie Mellon University report, the agricultural and industrial sectors accounted for approximately 90% of direct water withdrawals. The textile industry is one of the most water-intensive industries in the US and worldwide, wherein IHE Institute for Water Education states that creating a single pair of jeans requires about 2,866 gallons of water.
  • The other major industries that require the most commercial water supplies include automotive, manufacturing, beverage sector, and meat production.
  • The General Services Administration which performs under the Federal Energy Division of the US government shares the procurement guide for public utility services stating that there are 54,000 water service providers in the country. The guide offers a guideline to assist applicable Federal Agency personnel in procuring utility services for federal facilities.
  • The US water utility industry consists of, domestic companies responsible for the safe and timely distribution of water and other related services, such as wastewater treatment. Most water systems are local or regional, but some companies under our review have operations across many states.
  • The California Department of Water Resources under the State Water Project (SWP), delivers water to 29 water contractors in the state. These water contractors, in turn, sell water to their customers. The SWP supplies water to almost 27 million Californians and about a million acres of farmland.
  • The largest publicly traded water utility companies in the US — California Water Service Group provides high-quality water and wastewater services to about two million people in more than 100 communities through four subsidiaries including CWS Utility Services and HWS Utility Services.
  • HWS Utility Services as part of California Water Service Group provides non-regulated water and wastewater services through operations and maintenance contracts along with offering range of services and expertise to help other water providers, including municipalities and privately owned utility companies, provide their customers with reliable water supplies that meet increasingly stringent federal and state water quality standards.

ADDITIONAL INFORMATION

  • Large manufacturing firms, Unilever follow sustainable water use in their manufacturing operations as it acknowledges the fact that around 40% of their manufacturing sites are located in areas classified as water-stressed in the US and are utilizing initiatives to reducing water use in factories.
  • Nike follows the ZDHC Wastewater guidelines to improve wastewater discharges to implement sustainable and efficient sourcing and manufacturing standards.
  • The sourcing and purchasing of materials, goods, or services necessary for internal use including utilities (gas, electric, water, and others) are termed under indirect procurement.
  • According to the indirect Procure-to-Pay survey, conducted to gather insights on the indirect procurement (including utilities such as gas, water etc for in house operations) states that most organizations in North America including the US operate with one procurement department — 64% but offers less attention — 12% towards data accuracy and contract compliance — 8% leading to following less standardized procedures when procuring services.

Research Strategy

To locate the required information on the overview of how major industries in the US typically procure / source water for their manufacturing/production process, we began by combing through market reports on the water industry and water utilities in the United States. We utilize Value Line report, Blue Field research, American Water Work Association reports, and others. We were able to locate information regarding industries in the US utilizing 4.6% of the total water consumption in the US amongst which major industries consuming commercial water supply for their operations and production purposes include textile, automotive, manufacturing, and beverage industry. Our research team went further to explore industry reports related to procurement standards in these industries individually through reports from thomsent.net along with survey reports from Paramount. Information found reference indirect procurement process (which includes utility sourcing for water) and large companies following a single procurement department to undertake this responsibility, but no further details on the standard/customized process or responsible person for undertaking water procuring negotiations, agreements or any commitments were not available.

Next, we scoured federal regulatory agencies in the United States like Energy.gov, water.ca.gov, gsa.gov, and others for information regarding the standard procurement process to be followed by industry-wide while sourcing/procuring water for commercial purposes through registered water agencies/suppliers/contractors. We were able to locate information regarding procurement guide by the GSA for Public Utility Services including water supply which stated that there are 54,000 water service providers in the United States along with California Department of water resources under the state water project (SWP), delivers water to 29 water contractors in the state which further suppliers to their customers in the state and other regions. Information regarding the process of procurement of commercial water supply instructed/followed further by these suppliers/contractors was not available publicly.

Lastly, we leverage information on major water utility companies websites in the United States which offer water supply and utility services including California Water Service Group, Aqua America, HWS Utility Services, and others. We hope to locate customer base records and check upon their available agreement/document resources to find information on their water supply procedures. Information found referenced water services rendered by these companies. Our research team went further to combed key companies in the textile, automobile, and manufacturing like Nike, Unilever, Coca-Cola, and others for information regarding the indirect procurement process. Information found referenced the sustainable procurement strategies being applied by companies such as Nike, Unilever for controlled water utilization and reducing water waste. There was no information regarding their internal procurement processes including procuring/sourcing water supply for industrial usage, the person responsible, agreements/contracts followed in the public domain.
Part
08
of nine
Part
08

US Water Treatment Market: Overview

The US water and wastewater treatment market comprises highly advanced technology. Its revenue is estimated to register a CAGR of 1.28%, caused by advancements in water recycling technologies and an increase in awareness of sustainability, water pollution, and environment conservation.

Description

  • The US water and wastewater treatment market comprises highly advanced technology with innovative processing capabilities. It is highly inclined towards economic and sustainable solutions.
  • It is segmented into three treatments: primary, secondary, and tertiary. Tertiary treatments, such as nanofiltration, microfiltration, membrane bioreactors, reverse osmosis, and disinfection, contribute to a significant revenue share in the US water treatment industry. It is followed by secondary treatments that include organic matter and chemical filtration using bio-towers, activated sludge systems, and rotating biological contractors.
  • The industry is trending towards membrane separation technology and increasing R&D investments over microfiltration and ultrafiltration.

Growth Drivers

  • The US water and wastewater treatment equipment market revenue is estimated to register a CAGR of 1.28% from 2019 to 2025.
  • Advancements and sustainability in the water recycling process technologies is aiding the growth of the industry.
  • Stringent regulations by federal governments on wastewater emissions in both residential (municipal) and commercial (industrial) sectors are another growth factor for the US water treatment industry.
  • The Safe Drinking Water Act, which demands safe potable water, is also a significant driver for growth in this industry. Also, the raise in awareness of sustainability and environment conservation has increased the demand for water reuse.

Key Players

3M Co.

  • 3M Co. is a US based pioneer in water filtration equipment and solutions which serves both residential and commercial sectors. It has 75 years of experience in the water filtration market.
  • The company offers its products across different markets, such as reverse osmosis systems, water softeners, whole house water filters, etc. for residential, commercial, and industrial sectors.

Danaher Corp

  • Danaher Corp. is a leader in the water treatment industry and offers a wide range of optimization solutions to maintain water quality.
  • This company claims to treat both municipal water and wastewater from lakes and oceans.
  • ChemTreat, Danaher Corp's brand, has 40 years of experience in industrial water treatment with advanced water treatment programs and outstanding service.

Ecolab Inc.

Relevant Insights

  • In the US, there are around 14,748 publicly owned treatment works which serve 238 million people in the country.
  • Ultraviolet (UV) disinfection and chlorination are the most common methods of water disinfection in the US.
  • The US is investing around $500 to $550 billion in developing water treatment infrastructure.
  • In North America, the industrial application of water and wastewater treatment market was $38.25 billion in 2017, and is expected to grow at a CAGR of 1.8% by 2025.

Research Strategy:

In order to provide insights on the US water treatment (water technology) market, we scoured through multiple water and wastewater treatment market reports, US water board websites, water treatment articles, and websites of prominent companies in the water treatment market such as 3M, Ecolab, Xylem Inc., DowDuPont Inc., Businesswire, Globenewswire, Hexaresearch, Grandviewresearch, Bloomberg, etc. Most of the reports found have a global or North American scope, with no specific information on the US water treatment market. Hence, we deep dived into multiple sources and garnered all the relevant insights specific to the US.

The key players were identified from multiple water treatment market reports. All of them are headquartered in the US.


Part
09
of nine
Part
09

US Water Treatment Market: TAM

The total available market (TAM) for the water and waste treatment market in the United States is estimated to be $100.05 billion in 2019. This market was used as it was the same market that was described in the previous report in this project, US Water Treatment Market: Overview.

U.S. Water and Waste Treatment Industry

  • According to the Corporate Finance Institute, TAM "is the overall revenue opportunity that is available to a product or service if 100% market share was achieved." Since TAM is based on an assumption that 100% market share is achieved, another way to look at TAM for an industry is to find the market size, or total revenue.
  • The 2019 market size, or TAM, for the U.S. water and waste treatment market is estimated to be $100.05 billion. The calculations used for this estimate are provided in the research strategy below.

Research Strategy

We began our search for the TAM for the U.S. water and waste treatment market by examining market reports on sites including Grand View Research and Hexa Research, and water treatment magazines and journals including Opflow and the International Journal of Environment and Pollution. While these searches allowed us to find the global market size for the water treatment equipment industry, as well as the annual growth rate of the North American market, there was no data publicly available on the size of the U.S. market.

Since we had found the 2017 North America market size and the annual growth through 2025, we knew we could estimate the total North American market size for 2019. In order to see if we could triangulate the U.S. portion of the market, we decided to determine the total water consumption for the United States and Canada. Our thought was that if we could determine the U.S. share of water consumption in North America, we could make an assumption that their share of the water treatment market would be the same. This strategy was successful and the calculations used are provided, and explained, below.

To estimate the TAM for the U.S. water and waste treatment market, we first found the total revenue for North America in 2017. Since we also found the annual growth rate for the market, we were able to estimate the TAM in North America for 2019 as follows:
$103.59 billion (2017 TAM) * 1.8% (CAGR)^2 (# of years till 2019) = $107.35 billion

In order to determine the portion of the TAM that was attributable to the United States, we determined the ratio of the amount of water consumed in the U.S. compared to the total amount consumed in North America (Only the U.S. and Canada were included as the report suggested that they were the only two countries included in the report):
  • Water consumed in the U.S. per year: 1,582.5 cubic meters (per capita water consumption) x 329.45 million (estimated 2019 population) = 521.35 billion cubic meters
  • Water consumed in Canada per year: 1,016.9 cubic meters (per capita water consumption) x 37.41 million (estimated 2019 population) = 38.04 billion cubic meters
  • A screenshot of the Statista source has been included as the source itself may be paywalled.
  • Since the water consumption data found was from 2015, we made the assumption that the consumption would be the same in 2019. Although this is unlikely to be exactly true, the large numbers we are dealing with means that small errors would not have a major impact on our final calculation.
  • U.S. share of North American water consumption: 521.35 (U.S. annual consumption)/(521.35[U.S.] + 38.04 [Canada])*100 = 93.2%
  • We then assumed that the U.S. share of the water treatment market would be equal to its share of water consumption as the more water there is, the more water that needs to be treated.
  • U.S. TAM for water and waste treatment industry: $107.35 billion (North America 2019 TAM) * 93.2% (U.S. market share) = $100.05 billion
Sources
Sources

From Part 02
From Part 03
From Part 04
Quotes
  • "American States Water Company is the parent of Golden State Water Company and American States Utility Services, Inc. Through its utility subsidiary, Golden State Water Company, the company provides water service to customers located within more than 80 communities in Northern, Coastal and Southern California. "
Quotes
  • "Regulated water companies are regulated at the federal level by the U.S. Environmental Protection Agency (EPA) and at the state level by various state health and environmental agencies for compliance with the Clean Water Act and Safe Drinking Water Act. "
  • "They are also highly regulated by state public utility commissions, which set the rates regulated utilities can charge customers for water and wastewater service."
From Part 06
Quotes
  • "The top 10 largest water utilities in the United States by revenue are the American Water Works Company Inc., Aqua America Inc., California Water Service Group, EPCOR Utilities Inc., Utilities Inc., SJW Group, Golden State Water Company, Middlesex Water Company, Artesian Resources Corporation, and the York Water Company."
Quotes
  • "Peter Fletcher is the Senior Cyber Security Director for San Jose Water Company and has been working in Physical and Cyber Security for 15 years."
  • "Converted the Cyber Security program from an ad-hoc dispersed function to a central governed process. Created the 5 year Cyber-security Strategy Developed Cyber-security Policies"
  • "Implemented a Cyber-security Committee merging this with the Privacy committee"
Quotes
  • "The director of Cyber-security at PwC stated “A CISO should report to the role in the organization that allows them the budget and influence necessary to integrate effectively into the business,” To achieve this level of influence the role of CISO should be outside of the IT/IS organization and should report to a more business focused role."
  • "The CISO and Cyber-security team needs to be empowered to protect the business. To do this they need two things. Firstly they need to be in a position where they can have input to the decision making process of the C-suite to ensure that security is part of that process. Secondly members of the C-suite need view the CISO and Cyber-security team as on a par with them, so that company executives take their instructions seriously and act quickly to respond to requests."
Quotes
  • "American States Water Company is the parent of Golden State Water Company and American States Utility Services, Inc. Through its utility subsidiary, Golden State Water Company, the company provides water service to customers located within more than 80 communities in Northern, Coastal and Southern California. The company’s Bear Valley Electric Service, a division of Golden State Water Company, distributes electricity to customers in the City of Big Bear Lake and surrounding areas in San Bernardino County, California. "
  • "We have implemented security measures and will continue to devote significant resources to address any security vulnerabilities in an effort to prevent cyber-attacks. Despite our efforts, we cannot be assured that a cyber-attack will not cause water, wastewater or electric system problems, disrupt service to our customers, compromise important data or systems or result in unintended release of customer or employee information. "
  • "Moreover, if a computer security breach affects our systems or results in the unauthorized release of sensitive data, our reputation could be materially damaged. We could also be exposed to a risk of loss or litigation and possible liability. In addition, pursuant to U.S. government regulations regarding cybersecurity of government contractors, we might be subject to fines, penalties or other actions, including debarment, with respect to current contracts or with respect to future contract opportunities."
  • "GSWC has security systems and infrastructure in place intended to prevent unlawful intrusion, service disruption and cyber-attacks. GSWC utilizes a variety of physical security measures to protect its facilities. GSWC also considers advances in security and emergency preparedness technology and relevant industry developments in developing its capital-improvement plans. GSWC intends to seek approval of the CPUC to recover any additional costs that it incurs in enhancing the security, reliability and resiliency of its water and electric systems."
Quotes
  • "Dennis W. Doll, Chairman, President and CEO of Middlesex Water Company (NASDAQ: MSEX), will serve on a CEO Roundtable discussing “Physical Security, Aging Infrastructure and Diversity” at the 2019 Mid-Atlantic Conference of Regulatory Utilities Commissioners (MACRUC) 24th Annual Education Conference on June 24, 2019 at the Omni Homestead in Hot Springs, VA. "
  • "Mr. Doll will join in a discussion about the critical issues impacting the grid of the future and the evolution of the traditional utility business model. He’ll address the nexus between physical/cyber-security and infrastructure investment, policy issues related to grid modernization and the training and recruitment efforts needed to attract and retain a diverse workforce well into the future. Joining Mr. Doll on the panel will be several industry experts reflecting operating utility and regulatory perspectives."
Quotes
  • "MWC participated in Cyber Storm VI, a national-level cyber exercise presented by the Department of Homeland Security, which simulated a cyber crisis of national consequence with impact to water infrastructure. "
Quotes
  • "There have been an increasing number of cyber-attacks on companies around the world, which have caused operational failures or compromised sensitive corporate or customer data. These attacks have occurred over the internet, through malware, viruses or attachments to e-mails or through persons inside the organization or with access to systems inside the organization. We have implemented security measures and will continue to devote resources to address any security vulnerabilities in an effort to prevent cyber-attacks. "
  • "Despite our efforts, a cyber-attack, if it occurred, could cause water or wastewater system problems, disrupt service to our customers, compromise important data or systems or result in an unintended release of customer information. We feel we have adequate cyber-security insurance coverage to mitigate the cost of any such cyber-attack, however, a possible cyber-attack could affect our operations and have a material adverse effect on our results of operations."
Quotes
  • "The Company has implemented processes, procedures and controls to prevent or limit the effect of these possible events, and maintains insurance to help defray costs associated with cyber security attacks. The Company has not experienced a material impact on business or operations from these attacks. Although the Company does not believe its systems are at a materially greater risk of cyber security attacks than other similar organizations and despite the implementation of robust security measures, the Company cannot provide assurance that the insurance will fully cover the costs of a cyber security event, and its robust security measures do not guarantee that reputation and financial results will not be adversely affected by such an incident. "
From Part 08
Quotes
  • "An estimated 14,748 POTWs provide wastewater collection, treatment, and disposal service to more than 238 million people.6 Use of reclaimed water for consumption is becoming more common, particularly in the fast-growing southwest region of the U.S"
Quotes
  • "The U.S. accounted for one of the largest market shares in 2017 and is estimated to remain dominant in the upcoming years. The growth in this region is attributed to the advancements in the water recycling technologies coupled with the less energy utilized in the water recycling process. "
  • "Such factors are considered to drive the market growth in this region during the forecast period. "
Quotes
  • "U.S. water and wastewater treatment equipment market revenue is projected to register a CAGR of 1.28% over the forecast period. Membrane separation technology gaining more importance in the region owing to increasing R&D towards microfiltration and ultrafiltration."
Quotes
  • "3M Co. is headquartered in the US and operates the business under various segments such as Industrial, Safety and Graphics, Health Care, Electronics and Energy, and Consumer. The company offers a wide-range of residential and industrial water filtration products and solutions."
  • "Danaher Corp. is headquartered in the US and operates under various business segments, namely Life Sciences, Diagnostics, Dental, and Environmental & Applied Solutions. The company offers a diverse portfolio of water quality optimization solutions."
  • "DuPont de Nemours Inc. is headquartered in the US and offers products through the following business segments: Agriculture, Performance Materials & Coatings, Industrial Intermediates & Infrastructure, Packaging & Specialty Plastics, Electronics & Imaging, Nutrition & Biosciences, Transportation & Advanced Polymers, Safety & Construction, and Corporate."
  • "Ecolab Inc. is headquartered in the US and offers products through the following business segments: GLOBAL INDUSTRIAL, GLOBAL INSTITUTIONAL, GLOBAL ENERGY, and OTHER. The company offers programs, services, equipment, and products for wastewater treatment to various end-users."
Quotes
  • "The U.S. wastewater treatment industry is more inclined towards cost-effective and sustainable solutions."
  • "There are more than 16,000 Publicly Owned Treatment Works (POTWs) catering to approximately 75% of the U.S. population. These plants treat more than 32 billion gallons of wastewater every day. For instance, Stickney Water Reclamation plant in Chicago is the largest water treatment plant in the world."
  • "For instance, U.S. has the largest plants in the world, such as the Detroit Wastewater Treatment Plant, Stickney Water Reclamation Plant, and Deer Island Wastewater Treatment Plant. The advancement in technologies is expected to drive the industry growth in the future."
  • "More than 20% of total water usage in the region is from the industrial sector. Continuous optimization in industrial operations is expected to generate potential demand for treated and reused water."
  • "Rising need for sustainable practices for greater water reuse, which will help conserve the environment, results in growth of the market. Moreover, demand for safe potable water along with government regulations, such as Safe Drinking Water Act, is expected to drive the market growth over the next few years."
  • "There are 51,356 community systems that provide potable water, out of which, 8,674 systems serve 92% of the population. Small systems, which serve remaining 8% of the population, lack both financial and economies of scale and managerial and technological advancements."
Quotes
  • " Stringent government regulations for wastewater emission in municipal and industrial sectors have augmented the demand."
  • "U.S. is among the largest markets for wastewater treatment equipment owing to its highly developed technology industries and advanced processing capabilities. "
  • "stringent regulations aimed at controlling water pollution in manufacturing and municipal levels through the utilization of eco-friendly means in developed markets including the U.S."
Quotes
  • "Quality water is crucial for many operations within the residential, OEM refrigerator, industrial and commercial food service markets. With over 75 years of experience as a leader in providing water filtration products, 3M Purification Inc. delivers technology that improves water quality."