General Methodology

The DOT vulnerability assessment explicitly avoids assessing the probability of any given type of attack occurring. Instead, it examines a variety of scenarios for possible attacks and assesses the damage that could be caused in each scenario, including both human casualties and economic losses. A key finding of the assessment is a categorization of each scenario as to the likelihood of success if the attack were attempted and the resulting impact if the attack succeeded. The likelihood of success is rated as improbable, moderately probable, highly probable, or certain. The potential impact is rated as not serious, moderately serious, very serious, or catastrophic.

The assessment process used a nine-step methodology:

    1.  

    Identification of assets, such as facilities, vehicles, and equipment, based on the expert knowledge of DOT and industry personnel

    2.  

    Screening of the criticality of assets and selection of key assets for further evaluation based on the high impact their loss would have (as determined by expert opinion) on people or system operations or both

    3.  

    Identification of threats to critical assets based on historical data and expert opinion;

    4.  

    Formulation of scenarios by pairing the critical assets identified in Step 2 with the threats identified in Step 3

    5.  

    Assessment of the vulnerability of assets in each scenario, i.e., assessment of the characteristics (such as ease of access or presence of security measures) that make an asset easy or difficult to attack

    6.  

    Assessment of the impact of an attack in each scenario, focusing on deaths, injuries, property damage, and loss of service

    7.  

    Categorization of scenarios by likelihood of loss and severity of impact

    8.  

    Review of consistency by a panel of experts to ensure that scenarios involving different modes of transportation were assessed on comparable scales

    9.  

    Identification of potential countermeasures

DOT acknowledges that the scenarios are illustrative, not exhaustive, but they cover a wide range of possible targets and attacks (see Table 2-1).

The vulnerability assessment states clearly that it analyzes only the vulnerabilities of surface transportation assets, without regard to the likelihood of any particular threat. (Presumably, though, the threats identified in Step 3 above are considered at least plausible. Just selecting scenarios for consideration implicitly constitutes a first-order assessment of their likelihood.) The methodology used is appropriate and adequate for such an analysis, and for the most part, the selection of scenarios is comprehensive and illustrates the methodology well. In addition



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement