3
Establishing a Research and Development Strategy

At this early stage in the establishment of an R&D program for surface transportation security, building a solid strategic basis for the program, including a clearly thought out process for conducting it, is more important than identifying a detailed agenda of R&D topics. It may be tempting, given the importance of the problem, to rush into efforts to find near-term solutions. Nevertheless, because the security of the surface transportation infrastructure is a continuing, long-term concern, and the appropriate R&D responses to it are not yet well defined, a general strategy should be established and clarified first.

The surface transportation system and its security needs are so wide ranging and diverse that creating and maintaining a balanced, systematic R&D strategy will be a continuing challenge. The approach taken should be dynamic and able to evolve over time as the situation changes. Its perspective should encompass the surface transportation system as a whole, not transportation modes individually. The strategy should include both near-term and long-term efforts and should address both point vulnerabilities and system-wide strategic vulnerabilities.

This chapter presents the study's recommendations for such a strategy. Rather than choosing among the many promising R&D topics, it describes a process for making those choices—how to define DOT's role, how to maintain a balanced and systematic program, how to set priorities, how to make sure that the technologies and processes developed are appropriate for the intended users.



The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement



Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 28
3 Establishing a Research and Development Strategy At this early stage in the establishment of an R&D program for surface transportation security, building a solid strategic basis for the program, including a clearly thought out process for conducting it, is more important than identifying a detailed agenda of R&D topics. It may be tempting, given the importance of the problem, to rush into efforts to find near-term solutions. Nevertheless, because the security of the surface transportation infrastructure is a continuing, long-term concern, and the appropriate R&D responses to it are not yet well defined, a general strategy should be established and clarified first. The surface transportation system and its security needs are so wide ranging and diverse that creating and maintaining a balanced, systematic R&D strategy will be a continuing challenge. The approach taken should be dynamic and able to evolve over time as the situation changes. Its perspective should encompass the surface transportation system as a whole, not transportation modes individually. The strategy should include both near-term and long-term efforts and should address both point vulnerabilities and system-wide strategic vulnerabilities. This chapter presents the study's recommendations for such a strategy. Rather than choosing among the many promising R&D topics, it describes a process for making those choices—how to define DOT's role, how to maintain a balanced and systematic program, how to set priorities, how to make sure that the technologies and processes developed are appropriate for the intended users.

OCR for page 28
The recommended approach, a standard methodology used in systems engineering,1 consists of five fundamental steps: 1.   Defining the problem, the objectives, and the criteria for evaluating success or failure 2.   Identifying ways to meet the objectives, namely potential R&D projects 3.   Evaluating the alternatives identified in Step 2 against the objectives defined in Step 1 4.   Deciding on a course of action 5.   Implementing the decision DOT itself is best placed to decide how to organize these steps internally, assign responsibilities for managing the various elements, and ensure their coordination with other agencies and with owners and operators throughout the transportation sector. As noted elsewhere in this report, no matter what approach is adopted, the crosscutting problem of improving security should not be divided up according to transportation modes. Rather, part of DOT's strategy should be to assign lead responsibility for security R&D to a single person or office. Other changes in organization or approach may also be necessary to implement certain elements of the strategy, such as the involvement of owners and operators. Beyond these recommendations, however, it would be outside this study's charge to take a position on organizational or procedural matters that are internal to DOT. Defining the Problem and Objectives The first step, defining the problem and objectives, is critical for everything that follows because it determines the criteria for evaluating potential R&D projects and making decisions. Because this is also the most difficult step, it should be given high priority and undertaken with great care. A common error is to pay insufficient attention to this step, or even ignore it completely, and jump directly to the identification of possible solutions. Perhaps thinking up potential solutions gives one a sense that rapid progress is being made and appears to provide more scope for creativity, but making that error can have serious consequences. That is why the main focus of this study is on developing a strategy for R&D rather than providing a specific agenda of R&D projects. Defining the problem begins with identifying the needs that generated it, such as the need to prevent attacks or mitigate their impact, and describing the circumstances in which the problem exists. (The categorization of security needs will be used later to categorize R&D responses. See Box 3-1.) In general terms, 1   The field of systems engineering has developed an extensive body of literature and experience over the past 50 years or so. For readers unfamiliar with the field, Appendix A briefly summarizes some key points and provides references for further reading.

OCR for page 28
BOX 3-1 A Matrix for Categorizing R&D Topics in Surface Transportation Security   Type of Attack Response Area Biological Chemical Cyber/C3 Explosive General Prevention . . . . . Mitigation . . . . . Monitoring . . . . . Recovery . . . . . Investigation . . . . . Systems Responses . . . . . This matrix is a framework for identifying and evaluating possible R&D topics. The columns represent the major types of attack and the rows the major categories of R&D response to improve security against those attacks. Note that transportation modes are intentionally not separated from each other. The following definitions of the response categories are explained further, with examples, in Chapter 4:   Prevention: preventing an attacker from carrying out an attack.   Mitigation: reducing the harmful impact of an attack as it occurs and in its immediate aftermath.   Monitoring: recognizing that an attack is taking place, identifying its type and magnitude, and predicting and monitoring its development.   Recovery: returning to normal operation after an attack is over.   Investigation: identifying what happened in an attack, how it happened, and who was responsible.   Systems responses: ensuring that elements of the system function together properly and learning more about the problem to improve overall system effectiveness. Crosscutting needs, such as education, training, and technology transfer, do not appear in the matrix as separate categories. They should be integral components of all responses in all categories. the problem under consideration here is to construct a program of R&D that will improve the security of the surface transportation system. Describing this problem will require identifying technological and procedural security needs that are not currently being met. It will also require identifying a variety of other factors: the available funding, the nature of the threat, the relevant R&D already being conducted elsewhere, competing transportation goals such as openness and

OCR for page 28
accessibility and efficiency, societal and legal constraints on approaches to security, and so on. Clear and accurate descriptions of these factors will provide useful limits on both the problem and its solution. The nature of the threat is an important aspect of the problem. Planning and carrying out an attack are costly to an attacker, both financially and in the risk of discovery. The size, complexity, and expense of each potential attack correspond to the attacker's risk and the resources required. One cannot necessarily predict an attacker's sensitivity to cost and risk or his level of motivation and resolve, but nevertheless, potential security countermeasures should be characterized according the level of attack they address and the level of risk that would remain after they have been deployed. The analysis should then proceed to establish objectives that will later serve as criteria for evaluating potential solutions. It may be helpful to picture these objectives as a hierarchical tree, with an overall system goal at the root of the tree, midlevel objectives branching out from it, and quantifiable measures of performance as the leaves. A key element should be a clear definition of what DOT seeks to accomplish by its R&D activities in surface transportation security. DOT's answer to this question should include the following system-level goals: a comprehensive understanding of the surface transportation system's point and systemic vulnerabilities to hostile attack a comprehensive understanding of existing security technologies and processes and how to apply them effectively to surface transportation the development of new security technologies and processes in response to specific, clearly identified vulnerabilities that are unique to surface transportation the implementation of effective security technologies and processes by surface transportation owners and operators in such a way that vulnerabilities to attack are reduced without significantly compromising other transportation goals Note that these objectives are likely to lead to a diverse program that includes many types of R&D: hardware, software, and system development; technology evaluation and testing; pilot programs; paper studies; and technology transfer. Implementing the R&D results will present many challenges, including cost, potential delays to passengers or cargo, privacy concerns, the balance of perceived benefits and perceived risks, and the balance between protecting against attacks and disrupting ongoing activities. Some of these factors, particularly cost and effectiveness, may be difficult to determine in advance—that is the nature of R&D—but objectives for them should nevertheless be considered as carefully as possible. For example, most people will never experience an actual incident, so it is highly desirable to build security measures into everyday operations as ''just

OCR for page 28
a good way of doing business." Moreover, some security measures can have positive side effects on everyday operations, such as reducing thefts of cargo or losses of passenger baggage. The value of such dual-use benefits—which serve a business purpose, as well as promoting security, and thus turn security from a cost to an asset—should be recognized explicitly in setting objectives. Defining the Department of Transportation's Role An important factor in defining the objectives is a clear understanding of DOT's proper role. The federal government already conducts extensive R&D on counterterrorism and related aspects of infrastructure protection. This work is spread among a variety of agencies. The R&D resources of some of these agencies, such as the Departments of Defense and Energy, are much greater than those that DOT is likely to devote to security R&D for surface transportation. Nevertheless, DOT has an important role to play. Clearly identifying that role, a niche that capitalizes on other agencies' efforts without reinventing the wheel, will be critical to the effectiveness of DOT's program of R&D for surface transportation security. For each potential R&D project the question must be, Is DOT the right agency to address this particular aspect of the problem? Even in some important areas, where surface transportation is clearly vulnerable, the answer to this question will be No. For example, many elements of the surface transportation system are becoming increasingly automated and reliant on computers and communications for their continuing operation. As this trend continues and even accelerates, the transportation infrastructure will become increasingly vulnerable to a cyber attack on the telecommunications system. For example, many traffic operations centers in urban areas transmit control information and traffic data over ordinary telephone lines, so the security of the telephone network is certainly an important concern for surface transportation. But its importance is by no means unique to surface transportation, and so it would make little sense for DOT to take on this challenge. Similarly, hardening the structure of railway or bus stations against bomb blasts is probably not very different from hardening the structure of other public buildings, so general R&D on structural hardening may be best left to others. The objectives that DOT establishes, against which potential R&D projects in surface transportation security will be evaluated, must be able to identify such situations, which will not always be as clear cut as these examples. DOT does have a vital role to play. Within DOT, since the early 1970s the Federal Aviation Administration has conducted a significant and valuable program on weapon and explosives detection and other techniques to protect air transportation. Moreover, DOT has a long history of responding effectively to natural disasters, which are in many ways a similar problem to intentional attacks, though the emphasis of the response may be different. (For example, mitigation and rapid recovery are important in both cases, but security measures may also

OCR for page 28
include prevention and forensic investigation.) DOT has a similarly valuable R&D role in protecting surface transportation against hostile attacks. One likely niche for DOT is evaluating transportation applications of technology developed elsewhere and helping to transfer promising technology to the transportation sector. For example, the Department of Defense, the Department of Energy, and others have already developed a number of systems for detecting chemical agents, but many challenging problems arise when these systems are used in enclosed spaces, such as subways. The rate of false alarms must be much lower in a subway than in many other places, even other large civilian facilities such as office buildings, because in those facilities alarms and evacuations cause only localized disruption. In contrast, even if only one subway station is affected directly, operations are likely to be disrupted system-wide. At the same time, the confined air in an urban subway is likely to be a very difficult background against which to identify hazardous chemicals. Thus perhaps DOT has an important role to play in evaluating the available products for subway use—are their false-alarm rates acceptably low despite the heavy chemical and biological background contained in ordinary subway air? This is just one example of the useful role DOT could play in collecting and disseminating guidelines on security best practices for surface transportation operators. DOT's role will also be influenced by the fact that some special characteristics of surface transportation systems may not be adequately addressed elsewhere. In the case of subways, for example, the piston action of trains as they pass through tunnels could provide attackers with a uniquely effective means of dispersing a chemical or biological agent throughout a city. DOT might therefore consider a variety of subway-specific R&D responses, such as developing airflow barriers, modeling aerosol dispersion in tunnels and ventilation systems (which is already being done at DOT and elsewhere), or measuring the baseline levels of chemical species and microbes already present in ordinary subway air. In the case of railway and bus stations, even though they may present no transportation-unique security issues in structural design, the potential for a bombing to disrupt the rest of the transportation system may suggest some important R&D topics for systems modeling. Or if there are aspects of R&D on bomb protecting structures that focus specifically on bridges and tunnels, two elements that are essentially unique to transportation, it might make sense for DOT to focus R&D in those areas. Setting Priorities A final vital aspect of setting objectives is the establishment of criteria for prioritizing R&D outcomes. A huge variety of security R&D projects can be imagined that would all be desirable and appropriate for DOT if infinite resources were available. How should DOT select from such a list? There are many possible criteria.

OCR for page 28
One obvious approach is to give the most likely threats the highest priority. This would require an assessment of risk, beyond the assessment of vulnerability discussed in Chapter 2. For example, domestic "patriot" or "militia" groups have specifically advocated attacks against the rail infrastructure. If that threat is considered credible and serious, perhaps an emphasis on protecting rail transport might be appropriate. But this approach is not enough. In many cases, if not most cases, reliable threat information is simply not available. Even the best intelligence efforts have trouble identifying threats from lone individuals, and in any case, the greatest threat is likely to be unanticipated. Moreover, a security R&D program must look toward future needs. Threats change much more quickly than vulnerabilities. Because R&D results take time to produce and implement, DOT's program must provide for the likelihood that today's threat will not be the same as tomorrow's. This suggests a bias toward solutions with broad applicability. Yes, it is essential to continue the ongoing efforts by various agencies to develop better threat information, and any threat information that is available would certainly be an important input to the process of R&D prioritization, but other approaches are also needed. The objectives of an R&D strategy should include factors based on the answers to such questions as these: If a threat does materialize, how serious is its potential impact on people, property, and society? Would the consequences be so disastrous that we must not ignore the threat even if it appears highly unlikely? Where can additional R&D resources result in the most improvement per dollar? Is the rate of progress in this area limited by the state of technology or the availability of funding? Is this an area where a modest R&D investment could make a significant advance toward solving a problem completely? Would R&D in this area have other benefits (such as improving security against theft or robbery, or preventing accidents) even if the threat of a hostile attack never materialized? Dual-use results might have a significantly greater chance of being accepted and implemented by transportation owners and operators. Would R&D in this area respond to just one type of vulnerability, or many? What related R&D topics are other agencies investigating that DOT could use to increase the return on its own (probably modest) R&D resources? What R&D topics are other agencies not investigating, and do they include transportation-specific needs that will be ignored if DOT does nothing? Are there useful technologies, already developed by other agencies, that require integration before being transfered to the transportation sector?

OCR for page 28
Based on the answers to the first question, DOT might choose to prioritize R&D opportunities by the magnitude of the vulnerability they would address. Or based on answers to the second and third questions, DOT might choose to prioritize R&D projects according to inherent "ripeness for progress," perhaps as determined by peer review in the R&D community. Choices such as these are part of the process of defining the problem and setting objectives. Identifying Potential Alternatives The second step of the recommended strategy is to examine as wide a range of potential solutions as possible. This study has intentionally avoided dividing its subject matter up according to the various modes of transportation. The process DOT chooses for identifying potential R&D projects should do the same. Although most transportation-related R&D is organized and funded according to transportation mode, there is so much synergy and overlap among the security concerns of the different modes that such a division in this case would be artificial and deleterious. Instead, DOT should categorize potential R&D topics according to a matrix like the one shown in Box 3-1, with each element of the matrix representing a combination of a particular type of attack (without regard to the type of target) and a particular type of response. This approach has several attractions, both for considering processes and strategies and for considering individual R&D projects. First, it ensures completeness; because each column describes a threat and each row a response, one can quickly evaluate the coverage of threats with research in each response area. Second, it provides a flexible way to define both programs (strategic plans) and projects (tactical plans). Third, it can be used to assess quickly the technological status of existing responses to various threats. Fourth, it provides a convenient communications vehicle because of its simple two-dimensional structure. Finally, it is both stable and robust; the row and column categories will remain relevant for defining research strategies and tactics for the foreseeable future, and when changes do occur they can be easily accommodated by adding rows or columns, with no need to reorganize what was there before. Each proposed alternative must be described in sufficient detail that it can be evaluated against the objectives. Essentially this means that, for each potential R&D project, all relevant consequences should be described concretely—not only security consequences, but also more general consequences, such as the cost and practicality of implementation, the effect on travel time and convenience, potential legal or privacy concerns, and so on. At a minimum, potential projects should be described in sufficient detail that they can be understood clearly by whoever would ultimately have to implement them. (Too much detail, of course, could delay the whole exercise and increase its cost and complexity. Striking an appropriate balance, however, should not be too difficult.)

OCR for page 28
Evaluating Alternatives In the evaluation step of the strategy, each alternative should be formally measured against the objectives defined at the beginning of the process. That is, once DOT has systematically identified a wide variety of potential R&D projects, it must assess the impact each would have if it were successful and its results were implemented. Here again, impact means not only the impact on security, but also the broader impact on the transportation system and society as a whole. For example, the evaluation in this step should include trade-offs such as the balance of security against cost and inconvenience. A sensitivity analysis should be included to identify how changes in assumptions would change the evaluation. Establishing the capability to conduct such an evaluation is not a simple task. For example, one of the criteria developed during the problem definition phase is sure to be the specificity of the project to DOT's unique role and responsibilities. Evaluating projects against this criterion will clearly require effective coordination and information sharing between DOT and other federal and state agencies. Because of the wide range of work being done and the variety of agencies involved, this will be a significant challenge. The Critical Infrastructure Coordinating Group's interagency working group on R&D is one important mechanism for coordination, and DOT should continue to place a high priority on its participation in that group. In addition, the coordinating role of the Technical Support Working Group should be very useful, although that organization is not involved in all projects. The committee understands that the Federal Aviation Administration and the DOT Office of Intelligence and Security participate regularly in Technical Support Working Group subgroups. That participation should continue, and if possible, other DOT agencies involved in security R&D for surface transportation should also participate. There are a variety of ways DOT can improve its capability to evaluate the priority-setting criteria discussed above. For example, it might choose to intensify its efforts to develop threat intelligence. Or (as suggested in Chapter 2) it might conduct more analysis of past incidents of various types to assess the effectiveness of various alternatives. Or it might convene workshops to elicit expert technical input on the probable success or effectiveness of various R&D approaches. (These workshops could also be a good way to involve owners and operators.) Some form of modeling or simulation is often used in evaluating complex situations. Evaluation has received more attention in the systems engineering literature than any other step of the recommended strategy, and that attention has generated considerable controversy because sophisticated techniques have often been applied to problems with poorly specified or inconsistent objectives. Sophisticated evaluation techniques do not guarantee good results unless the basic description of the problem is clear, consistent, and complete.

OCR for page 28
Deciding on a Course of Action The fourth step, deciding on a course of action, means more than just selecting a portfolio of R&D projects. For example, a potential project might be evaluated as important and likely to succeed but not appropriate for DOT. In that case, the right course of action would involve coordinating with other agencies to make sure they are addressing the problem and are aware of its transportation-specific aspects. DOT must be able to tell other agencies that "this needs to be done, but we aren't the ones to do it." DOT's overall R&D strategy for surface transportation security should include planning for this situation as well as planning for DOT itself to conduct R&D. Decision making has received considerable attention in the systems-engineering literature. Although the evaluation process involves rating each alternative against each objective, these ratings usually do not produce a unique solution. Usually multiple objectives compete with each other, and no single alternative is dominant on every scale. A decision model is therefore necessary to rank the alternatives. Theoretically, the soundest approach is based on utility functions (Keeney and Raiffa, 1976), but this approach is too expensive and time-consuming for most organizations. The simplest alternative is to provide managers with graphical displays of the ratings of each alternative against each objective and allow them to make the final selection. Other approaches assign a simple weight to each objective and provide a single overall score for each alternative. Clearly DOT's choice of a decision model should depend on the resources available and the importance attached to each decision. Implementing the Plan The final step is implementation, which may involve communicating decisions at various levels inside and outside the government, developing budgets and schedules, obtaining resources, and assigning responsibilities. Note that for surface transportation security, implementation means much more than instituting the R&D program. The real goal, of course, is to ensure that security solutions are implemented in the surface transportation system, not just to develop technologies and processes for their own sake. Thus implementing the R&D plan will have to include ensuring the implementation of R&D results. Accomplishing that goal will require commitment by high-level management, incorporation of R&D results into ongoing agency programs, and user acceptance of the technologies and processes developed. It will also depend on raising the transportation community's awareness of how new approaches and techniques can improve security. Buy-in within DOT, both by top-level officials and by program managers throughout the department, will be essential for R&D investments to be made wisely and their results widely disseminated. Buy-in by state and local transportation agencies will be equally important. Finally, and

OCR for page 28
perhaps most important, success will depend on ensuring that transportation system owners and operators endorse and help shape DOT's R&D program. Involving Owners and Operators Involving owners and operators in the R&D process is essential to achieving their acceptance of its results and is therefore critical to the success of the strategy's implementation step. DOT should place considerable emphasis on this involvement. Owners and operators can provide a critical, real-world perspective on the balance of costs and benefits, on issues involving human factors, on the dynamics of the industry, on how these factors may influence a technology's acceptance, and on how new technologies can be managed successfully in the context of the existing infrastructure. All these considerations are important elements in defining R&D priorities and determining a concept's potential for successful implementation. One mechanism for involving owners and operators is to hold regular workshops, review panels, and other meetings. A model for this approach could be the workshop on chemical and biological threats to transportation held in September 1998 at the DOT Volpe Center in Cambridge, Massachusetts, and the planned follow-on symposium with broader participation. Similar activities could be undertaken in other technical areas, such as cyber security or protection against bomb blasts. Another model could be the Gordon Research Conference on Illicit Substance Detection, held in August 1998, which also focused on chemical and biological attacks. A valuable feature of that meeting was the opportunity it provided for leading researchers to come together with those whose main concerns are policy making and implementation. Interactions like these build a strong foundation for future information sharing and improve researchers' understanding of government and industry needs. Strong industrial participation is particularly important for outcomes to be in owners' and operators' best interests, as well as the national interest. Strong participation by state departments of transportation would help convince owners and operators of the seriousness of the issues and thus encourage implementation. Technology transfer should be a consideration from the very beginning of each project. Potential technology users should be involved in all phases of the program, from the planning and development of fundamental strategy to the selection and continuing oversight of individual projects. This bottom-up approach will help ensure that the projects selected reflect a realistic view of the operational situation in the real world of surface transportation. For example, in a major ferry operation the turnaround time is often very rapid, with hundreds of vehicles and people being unloaded and loaded in a period of perhaps 15 minutes. A vehicle or baggage scanning system designed to detect explosives would be impractical for such an application if it introduced even a small delay in the time required to board each vehicle or passenger. Involving someone with direct

OCR for page 28
experience of ferry operations would help to identify such problems early in the process. Similarly, transit systems and parking facilities have ticket turnstiles and control gates that single out individual travelers or vehicles. Perhaps chemical sensing systems could be incorporated into this equipment to alert security personnel, but unless operators were involved in the development process, it would be easy to develop a product that no one would use. (Would maintenance be practical? Would the system cause delays for travelers? What should the response be in the event of an alarm, and would the false-alarm rate be acceptably low ?) Examples can easily be imagined for each mode of transportation and each type of potential R&D response. DOT should undertake an aggressive, ongoing campaign to educate transportation owners and operators about threats, vulnerabilities, and R&D results. The outreach effort could be generic, or separate teams could be assembled to specialize in the concerns of urban transit, say, or pipelines or railroads. Incidents particularly relevant to the target audience (such as the sarin attack in the Tokyo subway, for a transit audience) could be used to motivate operators to participate. Feedback from the campaign would help DOT identify technological and procedural security needs and useful areas for further R&D, as well as how operator perceptions and attitudes are likely to affect implementation. This would help DOT keep its R&D strategy dynamic and responsive in the long term. Moreover, the resulting heightened awareness of security issues could encourage operators to increase their security efforts using existing techniques, even before any R&D came to fruition. Active outreach would have several side benefits. First, by creating a group of interested stakeholders out in the field, it would establish a pool of likely early adopters or beta-testers of new systems resulting from R&D. Second, by building relationships with owners and operators, it would facilitate the provision of other security-related support, such as new equipment or training. Last but not least, by building wider awareness and support, it could strengthen DOT's argument for increasing the resources allocated to security R&D. DOT should also consider outreach and education directed toward users of transportation services. Ultimately, travelers and shippers will be the ones who decide whether to pay higher prices so that owners and operators can recover the cost of added security measures. Outreach to users would have to be designed carefully to avoid either undermining public confidence in the safety and security of the current surface transportation system or desensitizing users to security concerns by "crying wolf" when actual incidents are admittedly infrequent. Involving owners and operators in the R&D process may also build acceptance of the reality of the threat that the R&D results are designed to protect against. Many surface transportation operators believe that hostile attacks against their facilities are unlikely, and at least for most of them, this perception is probably correct. Persuading them that security should be a real concern and that

OCR for page 28
security measures will be cost-effective for their facilities will be a challenge (see Box 3-2). Increased dissemination of intelligence information to major players in the surface transportation industry could increase their acceptance of the need for new technologies and processes, but direct involvement is key. All these efforts to involve owners and operators must be taken seriously as a fundamental part of the R&D strategy. Stakeholders should be considered more than just a source of input and ideas. They should have a real say in which R&D projects are undertaken and how they are conducted. Only genuine, two-way communication will ensure that security concerns become an integral part of system design and day-to-day operations. Protecting Sensitive Information As DOT builds up its R&D in surface transportation security, it will encounter a growing need to protect information that is sensitive, but not classified. For example, increased dissemination of intelligence to transportation operators, as recommended above, may be problematic unless access to that intelligence can be controlled. This concern is not reflected directly in the recommended five stage strategic process, but resolving it is vital so that the process can have full access to relevant information sources and result in effective implementation. Indeed, this issue arose several times just during the course of this study. Existing guidelines for the release of information provide no mechanism for solving this problem. For example, DOT might wish to provide sensitive information to a variety of people with legitimate and constructive reasons to use it, such as individuals responsible for security in major transportation companies—or for that matter, the committee that prepared this report. Currently, however, unless the information is actually classified, there is no legal means to do this without also making it available to the public at large under the requirements of laws such as the Freedom of Information Act. Some agencies have already resolved this dilemma. For example, the Federal Aviation Administration, which has been struggling with security issues for much longer than have DOT's surface transportation components, has recourse to a regulation known as 14 CFR 191, which protects information resulting from R&D on aviation security. Agency officials can disseminate "191" information to appropriate individuals within airlines, airports, security equipment manufacturers, local law enforcement and emergency services organizations, security policy analysts, and so on without rendering it subject to general public disclosure. As DOT expands its R&D activities in surface transportation security, information protection is likely to become increasingly worrisome. DOT should consider urging the Congress to provide legal authority for a regulation similar to 14 CFR 191.

OCR for page 28
BOX 3-2 Operators' Perceptions of Threats The committee visited several surface transportation facilities during the course of this study. A common characteristic of these sites was their low level of security against hostile attacks. This is generally the situation except at ports of entry, where the Immigration and Naturalization Service and the Customs Service have placed terrorism higher on their agenda. The infrastructure operators with whom the committee spoke during the site visits perceived a low level of threat. They were primarily concerned about theft or robbery of cash, personal property, and cargo. Where the committee did encounter airport-style security equipment—at the passenger embarkation point for a cruise ship—it was applied inconsistently. Passengers were made to walk through metal detectors and their hand luggage was x-rayed, but their checked luggage was not examined at all, even though it would be freely available to them once they were on board. The gap between today's level of security and even a modest level of protection against hostile attack appears to be wide indeed. Based on this experience, it appears that operators' perceptions of threat are likely to have a major impact on the deployment of any products of the R&D described in this report. Governments may mandate security measures, but these requirements have historically followed incidents rather than anticipated them. In the absence of legislation, operators will deploy only the security measures they believe to be cost effective. The importance of cost effectiveness for owners and operators cannot be overstated. This is not an abstract or hypothetical concern. For example, throughout the 1980s, sponsors of research on computer and network security funded and encouraged the development of technologies that were intended to be highly effective against hostile attacks on computers and networks. However, the funding agencies were unable to convince private-sector suppliers and users of computers and networks that the threat justified integration of these technologies into high-volume products or their application to commercial or government systems. As a result, the research funds expended had little direct impact on the security of real systems (NRC, 1998). DOT should not follow the same path by funding security solutions that are not supported by owners and operators and thus are never deployed. One way to help ensure that R&D expenditures ultimately yield real security improvements is to support dual-use technologies that can address both hostile threats against infrastructure and other disruptions, such as robberies, accidents, or natural disasters. An example of this effect is the experience of commercial airlines, for which the expense and complication of security-driven requirements for baggage tracking and passenger identification have resulted in less luggage lost and fewer illegal transfers of nontransferable tickets.

OCR for page 28
Summary Building a solid strategic basis is the most important task at this early stage in DOT's establishment of an R&D program for surface transportation security. That strategy should be a systematic process consisting of five fundamental steps: 1.   Defining the problem, the objectives, and the criteria for evaluating success or failure 2.   Identifying ways to meet the objectives, namely potential R&D projects 3.   Evaluating the alternatives identified in Step 2 against the objectives defined in Step 1 4.   Deciding on a course of action 5.   Implementing the decision The implementation of this strategy should incorporate the following key features: Because improving security is a crosscutting problem, DOT should not break up its efforts in this area according to transportation modes. DOT should clearly identify and understand its role in security R&D and how that role meshes with work being done by other agencies. As a framework for identifying and evaluating potential R&D topics, DOT should categorize topics according to the type of attack to which they respond and the type of response to which they are directed: prevention, mitigation, monitoring, recovery, investigation, or systems. DOT should make strenuous efforts to increase the involvement of transportation owners and operators. Their serious involvement in all stages of the program will be critical to successful implementation. To meet the growing need to protect information that is sensitive, but not classified, DOT should consider urging the Congress to provide legal authority similar to the regulation 14 CFR 191, which protects information on aviation security.