Passenger Rail Security:

Enhanced Federal Leadership Needed to Prioritize and Guide Security Efforts

GAO-05-851: Published: Sep 9, 2005. Publicly Released: Oct 7, 2005.

Additional Materials:

Contact:

Stephen M. Lord
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

The U.S. passenger rail system is a vital component of the nation's transportation infrastructure, carrying more than 11 million passengers each weekday. The Department of Homeland Security (DHS) and the Department of Transportation (DOT) share responsibility for ensuring the safety and security of rail systems. In this report, GAO addressed (1) DHS actions to assess the risks to the U.S. passenger rail system in the context of prevailing risk management principles, (2) federal actions taken to enhance the security of the U.S. passenger rail system, and (3) security practices that domestic and selected foreign passenger rail operators have implemented.

Within DHS, the Office for Domestic Preparedness has completed 7 risk assessments of passenger rail systems around the country, with 12 more under way. TSA has begun to conduct risk assessments and to establish a methodology for determining how to analyze and characterize risks that have been identified but has not yet completed either effort or set timelines for doing so. TSA will not be able to prioritize passenger rail assets and help guide security investment decisions until these efforts are completed. At the department level, DHS has begun developing, but has not yet completed, a framework to help agencies and the private sector develop a consistent approach for analyzing and comparing risks to transportation and other sectors. Until this framework is finalized and shared with stakeholders, it may not be possible to compare risks across different sectors, prioritize them, and allocate resources accordingly. The Federal Transit Administration and Federal Railroad Administration within DOT have ongoing initiatives to enhance passenger rail security. In addition, in 2004, TSA issued emergency security directives to domestic rail operators after terrorist attacks on the rail system in Madrid, Spain, and piloted a test of explosive detection technology for use in passenger rail systems. However, federal and rail industry officials raised questions about the feasibility of implementing and complying with the directives, citing limited opportunities to collaborate with TSA to ensure that industry best practices were incorporated. In September 2004, DHS and DOT signed a memorandum of understanding to improve coordination between the two agencies, and they are developing agreements to address specific rail security issues. Domestic and foreign passenger rail operators we contacted have taken a range of actions to help secure their systems. We also observed security practices among certain foreign passenger rail systems or their governments that are not currently used by the domestic rail operators we contacted, or by the U.S. government, and which could be considered for use in the United States. For example, some foreign rail operators randomly screen passengers, and some foreign governments maintain centralized clearinghouses on rail security technologies and best practices.

Recommendations for Executive Action

  1. Status: Closed - Implemented

    Comments: Since we issued this recommendation, the Transportation Security Administration (TSA) has integrated a public transit portal into the Homeland Security Information Network (HSIN) - a secure website that transit agencies can use to access information on a variety of topics, including security technologies. Senior TSA officials reported that they created the mass transit portal for the HSIN in part to respond to GAO's recommendation in the passenger rail report that they create a clearinghouse for transit agencies to learn about security technologies. TSA officials noted that about 65% of the top 100 transit agencies - by annual ridership - have accounts with HSIN. Additionally, TSA officials noted that they have been gathering security best practices as they conduct their Baseline Assessment and Security Enhancement reviews at transit agencies across the country. A senior TSA official commented that they will be publishing a report on these best practices - entitled Smart Security Practices - for distribution to transit agencies. This report highlights best practices from the top 50 transit agencies, and includes contact information for those agencies, so information can be shared. GAO received a final copy of this document, dated June 2008, and TSA officials noted that they planned to distribute the document at the August 2008 Transit Security Roundtable meeting.

    Recommendation: To help strengthen the security of passenger rail systems in the United States and potentially leverage the knowledge and practices employed by foreign rail operators, the Secretary of the Department of Homeland Security, in collaboration with the Department of Transportation and the passenger rail industry, should evaluate the feasibility of establishing and maintaining an information clearinghouse on existing and emergency security technologies and security best practices used in the passenger rail industry both in the United States and abroad.

    Agency Affected: Department of Homeland Security

  2. Status: Closed - Implemented

    Comments: In September 2005, the Department of Homeland Security (DHS) and the Department of Transportation (DOT) completed an annex to their broader 2004 memorandum of understanding. DHS and DOT state that the purpose of the annex is to delineate clear lines of authority and responsibility between the two departments and to specify their respective commitments with regard to mass transit and passenger rail. The two departments set forth how, among other things, they will coordinate certain transit security programs, stating that DHS shall act as the lead agency responsible for conducting risk assessments for mass transit and passenger rail, and that the departments do not intend to alter their established response procedures for information sharing during an emergency. The departments also establish that they will consult on mass transit and passenger rail security technology research that either department is conducting or sponsoring, including long-term plans or proposals to certify security technologies for mass transit and passenger rail. TSA reported in July 2009 that, to ensure the continuing viability of the annex, a joint review by DHS and DOT is projected for the second half of calendar year 2009 in order to evaluate the effectiveness of the annex in light of program advances and other factors. TSA reported that the effort is expected to produce revisions and supplements that will update the agreement.

    Recommendation: To ensure that future rail security directives are enforceable, transparent, and feasible, the Secretary of the Department of Homeland Security should direct the Assistant Secretary of the Transportation Security Administration, in collaboration with the Department of Transportation and the passenger rail industry, to set timelines for completing the memorandum of understanding modal agreements for rail, mass transit, and research and development, which both the Department of Homeland Security and the Department of Transportation have agreed to pursue.

    Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration

  3. Status: Closed - Implemented

    Comments: We reported in August 2007 that TSA has developed security action items (recommended measures for passenger rail operators to implement as part of their security programs to improve both security and emergency preparedness) for passenger rail. TSA also issued a proposed rule in December 2006 on passenger and freight rail security requirements. In April 2007, DHS provided us with updated information on TSA?s efforts to issue standards for securing surface transportation modes. According to DHS, TSA uses transit agency site visits to assess compliance with security directives and implementation of noncompulsory security standards and protective measures with the objective of ensuring a broad-based enhancement of passenger rail and rail transit security. More specifically, through the Baseline Assessment for Security Enhancement, TSA inspectors review mass transit and passenger rail systems? implementation of the 17 Security and Emergency Management Action Items (security action items) that TSA and the Federal Transit Administration jointly developed, in coordination with the Mass Transit Sector Coordinating Council. Additionally, we testified in May 2008 that DHS and other federal partners have also been collaborating with the American Public Transportation Association (APTA) and public and private security professionals to develop industry-wide security standards for mass transit systems. APTA officials reported that they expect several of the voluntary standards to be released in 2008.

    Recommendation: To ensure that future rail security directives are enforceable, transparent, and feasible, the Secretary of the Department of Homeland Security should direct the Assistant Secretary of the Transportation Security Administration, in collaboration with the Department of Transportation and the passenger rail industry, to develop security standards that reflect industry best practices and can be measured, monitored, and enforced by Transportation Security Administration rail inspectors and, if appropriate, by rail asset owners. This could be accomplished by using the rule-making process, with notice in the Federal Register and an opportunity for interested stakeholders to comment, to promulgate long-term regulations that incorporate these standards.

    Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration

  4. Status: Closed - Implemented

    Comments: In September 2005, GAO issued a report assessing federal efforts to secure passenger rail systems, which recommended, among other things, that the Department of Homeland Security (DHS) should evaluate whether the risk assessment methodology used by the Office for Domestic Preparedness should be leveraged to facilitate the completion of risk assessments for rail and other transportation modes. Examples of existing approaches and assessments include the Transportation Security Administration's (TSA) Baseline Assessment for Security Enhancement program, which is designed to evaluate the effectiveness of the security programs, procedures, and measures developed and implemented by mass transit and passenger rail agencies in response to the results of prior risk assessments. Other security assessment efforts have included assessments by FTA, the former Offices of Grants and Training and Domestic Preparedness of DHS, private sector consultants, the American Public Transportation Association, and assessments conducted by the DHS Office of Infrastructure protection on specific critical assets in higher risk areas. In June 2009, GAO reported on the range of federal efforts to assess risk to mass transit and passenger rail. Also, in July 2009, TSA reported that an ongoing effort is underway that is focused on producing a consolidated risk assessment methodology for TSA in mass transit and passenger rail. This methodology is intended integrate the most effective elements of existing approaches and assessments, including the methodology used by the former Office of Domestic Preparedness at DHS. TSA reported that a pilot program planned for later in 2009 will apply this developing concept, evaluate its effectiveness, and produce lessons learned prior to programmatic implementation. TSA reported that this effort is specifically intended to address this GAO recommendation.

    Recommendation: In order for the Transportation Security Administration to have the information needed to more fully evaluate, select, and implement risk mitigation activities, and complete its transportation sector-specific plan and other strategic risk based plans, the Secretary of the Department of Homeland Security should direct the Assistant Secretary of the Transportation Security Administration to evaluate whether the risk assessment methodology used by the Office for Domestic Preparedness should be leveraged to facilitate the completion of risk assessments for rail and other transportation modes.

    Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration

  5. Status: Closed - Implemented

    Comments: In September 2005, GAO issued a report assessing federal efforts to secure passenger rail systems, which recommended, among other things, that the Department of Homeland Security (DHS) should establish a plan for completing its methodology for conducting risk assessments that includes timelines and addresses how it will work with passenger rail stakeholders and leverage existing federal expertise. In June 2009, GAO reported on the range of federal efforts to assess risk to mass transit and passenger rail. In July 2009, the Transportation Security Administration (TSA) reported that an ongoing effort is underway that is focused on producing a consolidated risk assessment methodology for TSA in mass transit and passenger rail. This methodology is intended integrate the most effective elements of existing approaches and assessments, including the methodology used by the former Office of Domestic Preparedness at DHS. A pilot program planned for later in 2009 will apply this developing concept, evaluate its effectiveness, and produce lessons learned prior to programmatic implementation. TSA reported that this effort is specifically intended to address this GAO recommendation. Other security assessment efforts have included assessments by the Federal Transit Administration (FTA), the former Offices of Grants and Training and Domestic Preparedness of DHS, private sector consultants, the American Public Transportation Association, and assessments conducted by the DHS Office of Infrastructure protection on specific critical assets in higher risk areas. TSA also reported in July 2009 that it is conducting a Transportation Sector Security Risk Assessment (TSSRA) using a common analytical risk framework for all modes of transportation. TSA stated that the complete set of TSSRA modal assessments and a sector-wide comparative analysis of risk are scheduled for completion in January 2010. The TSSRA methodology addresses a standardized set of scenarios and values for threat, vulnerability, and consequence are applied to each scenario type. Each scenario then receives a normalized risk score based on the combination of threat, vulnerability, and consequence. TSA stated that by applying a common analytical framework, the TSSRA will yield risk values across all transportation modes that will enable a "roll up" of the risk values to create a comprehensive cross-modal baseline risk assessment. This type of cross-modal assessment is intended to better inform TSA's strategic security priorities.

    Recommendation: In order for the Transportation Security Administration to have the information needed to more fully evaluate, select, and implement risk mitigation activities, and complete its transportation sector-specific plan and other strategic risk based plans, the Secretary of the Department of Homeland Security should direct the Assistant Secretary of the Transportation Security Administration to establish a plan for completing its methodology for conducting risk assessments that includes timelines and addresses how it will work with passenger rail stakeholders and leverage existing federal expertise in Department of Homeland Security components, including the Office for Domestic Preparedness, as well as the Department of Transportation modal administrations, including the Federal Railroad Administration and the Federal Transit Administration.

    Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration

  6. Status: Closed - Implemented

    Comments: In previous reports and testimonies, we reported that the Transportation Security Administration (TSA) had not issued the Transportation Sector Specific Plan (TSSP) or supporting plans for securing all modes of transportation. We also reported that until TSA issued the TSSP and supporting plans, it lacked a clearly communicated strategy with goals and objectives for securing the transportation sector. In addition, in March 2007, we testified that as of September 2005, DHS had begun developing, but had not yet completed a framework to help federal agencies and the private sector develop a consistent approach for analyzing and comparing risks to transportation and other critical sectors. However, in May 2007, DHS issued the TSSP for transportation systems and supporting annexes for surface transportation assets, and reported taking actions to adopt the strategic approach outlined by the TSSP. The TSSP and its supporting modal implementation plans and appendixes establish a strategic approach based on the National Infrastructure Protection Plan and Executive Order 13416, Strengthening Surface Transportation Security. The TSSP describes the security framework that is intended to enable sector stakeholders to make effective and appropriate risk-based security and resource allocation decisions. In addition, during the course of our ongoing work assessing mass transit security we have identified that DHS had begun to implement some of the security initiatives outlined in the TSSP and supporting mass transit annex.

    Recommendation: In order for the Department of Homeland Security to have the information needed to fully evaluate, compare, and prioritize risk mitigation activities across sectors, the Secretary of the Department of Homeland Security should establish a timeline for completing the department's framework for analyzing sector risks and ensure that the risk assessment methodologies used by sector-specific agencies are consistent with this framework.

    Agency Affected: Department of Homeland Security

  7. Status: Closed - Implemented

    Comments: The Transportation Security Administration (TSA) reported in July 2009 that it is reviewing options to expand covert testing into exercises in the mass transit and passenger rail environment. For example, TSA has identified the Intermodal Security Training Exercise Program (I-STEP) as a venue where covert testing could be appropriate in assessing the effectiveness of security activities and measures. TSA also reported that it will explore opportunities to integrate covert testing periodically to assess the effectiveness of Visible Intermodal Prevention and Response (VIPR) teams, and that lessons-learned from doing so would inform improvements in planning and execution of VIPR activities and TSA's security enhancement programs generally. In regard to the second part of the recommendation, TSA reported that integrating security into infrastructure design falls more directly into the scope of the Department of Transportation/Federal Transit Administration's (FTA) primary responsibilities. TSA reported that FTA's Office of Safety and Security manages a multi-billion dollar capital program that annually awards grants for new system starts and infrastructure expansion and improvement. Further, under this initiative, security design considerations are a required component of the project proposals and FTA assists agencies in this process with training programs focused on security and crime prevention through system and infrastructure design. DHS's role is to maintain subject matter expertise in the assessment of critical infrastructure and security in mass transit and passenger rail. To incorporate international subject matter expertise, TSA has spearheaded an effort through the International Working Group for Land Transport Security (IWGLTS) to develop a compilation of effective security practices among the 20 participating nations, which include Australia, Canada, China, France, Germany, and the United Kingdom among others. In regard to the final part of the recommendation, TSA reported that since 2005, six mass transit and passenger rail systems have implemented random security inspections as an element of their overall security efforts. Further, additional agencies have developed contingency plans for implementing random security inspections, if necessary. TSA also provides funding for dedicated mobile screening teams as a top priority in its Transit Security Grant Program. Further, TSA deploys VIPR teams to augment security capabilities and activities. In some cases these teams have supported the conduct of random security inspections by agencies, including the addition of explosive detection canine teams and Transportation Security Officers operating mobile explosives trace detection systems.

    Recommendation: To help strengthen the security of passenger rail systems in the United States and potentially leverage the knowledge and practices employed by foreign rail operators, the Secretary of the Department of Homeland Security, in collaboration with the Department of Transportation and the passenger rail industry, should evaluate the potential benefits and applicability--as risk analyses warrant and as opportunities permit--of implementing covert testing processes to evaluate the effectiveness of rail system security personnel; implementing practices used by foreign rail operators that integrate security into infrastructure design; and implementing random searches or screening of passengers and their baggage, pending the results of an ongoing joint federal and industry review of the impact of random screening on passenger rail operators.

    Agency Affected: Department of Homeland Security

 

Explore the full database of GAO's Open Recommendations »

Dec 12, 2014

Dec 10, 2014

Nov 18, 2014

Oct 9, 2014

Sep 26, 2014

Sep 25, 2014

Sep 23, 2014

Sep 12, 2014

Looking for more? Browse all our products here