Passenger Rail Security:
Federal Strategy and Enhanced Coordination Needed to Prioritize and Guide Security Efforts
GAO-07-459T: Published: Feb 13, 2007. Publicly Released: Feb 13, 2007.
The 2005 London subway bombings and 2006 rail attacks in Mumbai, India highlighted the vulnerability of passenger rail and other surface transportation systems to terrorist attack and demonstrated the need for greater focus on securing these systems. This testimony is based primarily on GAO's September 2005 passenger rail security report and selected program updates obtained in January 2007. Specifically, it addressees (1) the extent to which the Department of Homeland Security (DHS) has assessed the risks facing the U.S. passenger rail system and developed a strategy based on risk assessments for securing all modes of transportation, including passenger rail; (2) the actions that the Transportation Security Administration (TSA) and other federal agencies have taken to enhance the security of the U.S. passenger rail system, improve federal coordination, and develop industry partnerships; and (3) the security practices that domestic and selected foreign passenger rail operators have implemented to enhance security.
The DHS Office of Grants and Training and TSA have begun to assess the risks facing the passenger rail system. However, we reported in September 2005 that TSA had not completed a comprehensive risk assessment of passenger rail. We found that, until TSA does so, the agency may be limited in its ability to prioritize passenger rail assets and help guide security investments. We also reported that DHS had begun, but not yet completed, a framework to help agencies and the private sector develop a consistent approach for analyzing and comparing risks among and across critical sectors. Since that time, TSA has reported taking additional steps to assess the risks to the passenger rail system. However, TSA has not yet issued the required Transportation Sector Specific Plan and supporting plans for passenger rail and other surface transportation modes, based on risk assessments. Until TSA does so, the agency lacks a clearly communicated strategy with goals and objectives for securing the transportation sector, including passenger rail. After September 11, the Department of Transportation (DOT) initiated efforts to strengthen passenger rail security. TSA has also taken actions to strengthen rail security, including issuing security directives, testing security technologies, and issuing a proposed rule for passenger and freight rail security, among other efforts. However, federal and rail industry stakeholders have questioned the extent to which TSA's directives were based on industry best practices. TSA has also taken steps to strengthen coordination with DOT and develop partnerships with industry stakeholders. DHS and DOT have updated their memorandum of understanding to clarify their respective security roles and responsibilities for passenger rail. TSA also established an Office of Transportation Sector Network Management and offices for each transportation mode to develop security policies and work to strengthen industry partnerships for passenger rail and other surface modes. U.S. and foreign passenger rail operators GAO visited have also taken actions to secure their rail systems. Most had implemented customer security awareness programs, increased security personnel, increased the use of canines to detect explosives, and enhanced employee training programs. GAO also observed security practices among foreign passenger rail systems that are not currently used by U.S. rail operators or by the U.S. government, which could be considered for use in the U.S. For example, some foreign rail operators randomly screen passengers or use covert testing to help keep employees alert to security threats. While introducing these security practices in the U.S may pose political, legal, fiscal, and cultural challenges, they warrant further examination. TSA has also reported taking steps to identify foreign best practices for rail security and working to develop a clearinghouse of security technologies.