INTRODUCTION AND OVERVIEW
Transport vehicles and facilities, from airliners to rail terminals, are recurrent targets of terrorist attacks, hijackings, and sabotage.1 The September 11 hijackers added a new dimension to this linkage by turning four jet airliners into guided missiles targeted on large buildings. Only a few weeks later, the mailer of anthrax capitalized on the anonymity and reach of the postal system to deliver this bioweapon to targeted persons in the national media and federal government (and to random individuals along the way). Given their prominence in past acts of terrorism, there is good reason to believe that the nation’s transportation systems will be exploited again in attacks of equal or greater consequence.
The characteristics of transportation systems make them especially vulnerable—and therefore attractive—to terrorists. Passenger vehicles and facilities often contain large numbers of people in enclosed spaces. Vehicles moving fast—whether in the air, on the surface, or below ground—are in precarious and fragile positions; much damage can be done by introducing a relatively small but well-placed force. Certain elements of the transportation infrastructure, such as U.S.-flag carriers and landmark bridges and tunnels, are symbolic to Americans, adding further to their appeal as terrorism targets.
Many transportation facilities and structures are strategically important, serv-
ing as key nodes in networks and corridors that handle the movement of large volumes of people, goods, and services, including military transports. Moreover, transportation systems are international in scope and intertwined in economic and social activities. For instance, a few seaports handle a major share of the goods moved in international trade, and commuter and rapid rail transit systems are the circulatory systems of urban environments, critical to the functioning of some of the country’s largest cities. Hence disruptions to these systems can have potentially far-reaching and long-lasting economic and social effects.
To be sure, transport vehicles and containers can be tempting weapons in and of themselves, as most vehicles are powered by flammable fuels and some carry bulk shipments of extremely hazardous chemicals. By their very nature, they are highly mobile and thus capable of being used to access a range of targets quickly. And they are ubiquitous, moving unnoticed within industrial locations and major population centers and across borders. Their mobility, range, and omnipresence make transportation vehicles a ready means of delivering terrorist weapons, from conventional explosives to unconventional chemical, biological, and radiological agents. And in the case of mail and express package services, the weapons could be carried into nearly every household, business, and government office in the country.
In the following sections, the committee describes the characteristics of transportation systems, security systems that take these characteristics into account, and the kinds of research that will be required to support the development and deployment of such security systems. After the September 11 attacks, President Bush created the Office of Homeland Security. Congress soon afterward passed the Aviation and Transportation Security Act, which established an Under Secretary for Transportation Security and a Transportation Security Administration (TSA) within the Department of Transportation.2 Civil aviation security had previously been overseen and regulated by the Federal Aviation Administration (FAA), but operational and financial responsibilities rested with the private airlines and the airports owned by state and local governments. Security in other modes of land and maritime transportation had been, and largely remains today, the responsibility of state and local law enforcement authorities, the many public and private entities that own and operate the transport systems, and various federal agencies responsible for port and border security. The committee urges the new TSA to take the lead in identifying coherent security systems for each mode of transportation, to work with the private and public sectors in this country and abroad in deploying these systems, and to further the development of supporting expertise and technologies.
TRANSPORTATION SYSTEM CHARACTERISTICS
Security strategies must relate to the systems to be secured and defended. Transportation systems’ common characteristics include the following:
Openness and accessibility. Designed and organized for the efficient, convenient, and expeditious movement of large volumes of people and goods, transportation systems must have a high degree of user access. In some cases—highways, for example—access is almost entirely open. Many transportation facilities, such as train stations, are public places, open by necessity. In other cases, access is more limited, as in commercial aviation—but still not fully closed. Even in the case of the latter, it is notable that access to most airport lobbies, ticket lines, and baggage check-in areas remains unrestricted. Moreover, much of the transportation infrastructure, from airports to highway and rail bridges, was designed and built long before concerns over security and terrorism. Fully integrating security will take many decades, as assets are gradually modified and replaced.
Extent and ubiquity. Transportation systems require vast amounts of physical infrastructure and assets.3 The U.S. highway system consists of 4 million interconnected miles of paved roadway, including more than 45,000 miles of interstate freeway and 600,000 bridges. The freight rail networks extend for more than 300,000 miles, and commuter and urban rail systems cover some 10,000 miles. Even the more contained civil aviation system has some 500 commercial-service airports and another 14,000 smaller general aviation airports scattered across the country. These networks also contain many other fixed facilities such as terminals, navigation aids, switchyards, locks, maintenance bases, and operation control centers.
Most of this infrastructure is unguarded and sometimes unattended. Distributed over the networks are millions of vehicles and containers, which are repeatedly moved from one location to another, complicating the task of monitoring, safeguarding, and controlling them.
Emphasis on efficiency and competitiveness. Although much of the transportation infrastructure in the United States is owned by the public sector, the development of this infrastructure is driven largely by the demands of private users. Widespread use of private cars and motor carriers, for instance, spurred greater investment in the highway system relative to public transportation and railroads. Likewise, travel by motor vehicle and airliners displaced demand for intercity passenger rail service in the second half of the 20th century, prompting increased government spending on airports and freeways. The economic deregu-
lation that swept through the transportation sector during the last quarter of the 20th century led to even greater emphasis on efficiency as a criterion for transportation investments and, to a certain degree, led to a loss of redundancy and excess capacity in the sector as a whole. The dynamism of the U.S. transportation sector is unmatched in the world, and a major reason for the country’s high productivity and mobility. Another consequence of the emphasis on efficiency, however, is that costly security measures that promise unclear benefits or that impede operations are likely to be resisted or eschewed, whereas those that confer economic benefits are apt to be deployed and sustained.
Diversity of owners, operators, users, and overseers. Much of the physical infrastructure of transportation—from highways and airports to urban rail networks—is owned and administered by the public sector. But while the federal government helps fund construction, it owns and operates very little of this infrastructure.4 Most of it is controlled by thousands of state and local governments. While private companies and individuals own some fixed infrastructure (as with freight railroads), they function mainly as service providers and users, controlling most of the vehicles and containers that ply the networks.
These public and private owners and operators are largely responsible for policing and securing the system, with the help of state and local law enforcement authorities and, for movements outside the country, foreign governments and international organizations. In addition to providing financial support for infrastructure (and now security for commercial aviation), the federal government’s main role is in promoting and regulating safety and environmental performance; supporting research and system planning; and monitoring and regulating transportation activity at border crossings and international gateways.5
Entwinement in society and the global economy. Trucks of all sizes distribute to retail outlets nearly all the products purchased by consumers and many of the goods and supplies used by industry and government. The rail, pipeline, and waterborne modes, along with large trucks, move products and commodities long distances among utilities, refineries, suppliers, producers, and wholesalers, as well as to and from ports and border crossings. In recent years, these transport modes have increased their efficiency to the point where just-in-time inventorying and manufacturing are commonplace. At the same time, the airlines have become indispensable in connecting cities all over the United States, and passenger airline service is essential to many areas of the country that depend on tourism and business travel.
At the more local level, a quarter or more of the workers in some large cities commute by public transportation, which has come to shape some urban centers, most notably on the East Coast. The U.S. Postal Service delivers mail to every household in the United States and most businesses, totaling some 135 million addresses. The highway system pervades the lives of Americans, who use motor vehicles for most daily activities and for much of their longer-distance vacation travel.
Highways are also used by emergency responders, and both the highway and public transportation systems are vital security assets to evacuate people in a crisis and move critical supplies and services. Consequently, disruptions to transportation networks can have far-reaching effects not only on transportation operations but on many other interconnected functions and activities.
IMPLICATIONS FOR SECURITY STRATEGIES
Certainly, undermining the ability of terrorists to attack in the first place is a national imperative. Should these efforts fall short, however, the transportation sector must be prepared to defend itself. The above characteristics reveal the great difficulty, indeed impossibility, of defending each potential target or perceived vulnerability one by one. The transportation sector is simply too spread out, diverse, and open—by necessity—for such a defensive approach to work. This does not mean that little or nothing can be done to counter terrorism. Sound security measures can do a lot; for instance, they can confound and deter terrorist operations, increase the likelihood of the terrorists being detected and intercepted, keep casualties and disruptions to a minimum, and reduce panic and reassure passengers in a crisis.6
What the characteristics of the transportation sector do suggest is the need for a coherent and systematic approach to security. In particular, such an approach should be shaped by (1) well-designed, layered security systems, (2) the adaptive, opportunistic, and dual use of security technologies and techniques, and (3) broad-based and unconventional thinking on terrorist threats and responses.
Layered Security Systems
Transportation security can be best achieved through well-designed security systems that are integrated with transportation operations. The concept of a layered security system, in which multiple security features are connected and provide backup for one another, has a particular advantage. Perfect execution by each element in the system is not crucial, because other elements can compensate
for human, technological, or other shortcomings, and, correspondingly, enhancements to one element can boost the performance of the system as a whole. Such systems, long used to secure communications and information systems, cannot be breached by defeating a single layer. Because the terrorist can find it difficult to calculate the odds of defeating multiple layers, some randomly interleaved, such a system can deter as well as impede terrorist acts.7
The dangers of not taking a coherent systems approach to security were manifest in the aviation sector on September 11. Commercial aviation has been the subject of hostile attacks for more than 30 years. Each new attack has prompted the advent of more technologies, procedures, and rules—each superimposed on the last, designed mainly to prevent a recurrence of similar attacks. Aviation security was provided not through truly systematic means, but rather through a collection of mostly unrelated measures that hinged on a very high and sustained level of performance from each, with little or no backup and redundancy. By overcoming a single perimeter defense, such as a metal detector, an attacker could, in effect, overcome the entire security regime.
The design of the security systems themselves must relate closely to the characteristics and functions of the transportation systems they are intended to defend. Technologies and methods developed for one transportation environment that are modified and applied in an incidental manner to another may yield little more than a patchwork regime.
The prevention of future airline attacks, for instance, may be made possible by systematically identifying and defending against all or most vulnerabilities; for instance, access to airfields and aircraft can be closely guarded, passengers and their luggage can be screened with great care, and airline and airport workers can be monitored. By comparison, the much more open and decentralized maritime and land transportation systems are far less amenable to such a defensive, or protective, approach. The intensive inspection and screening methods used for air transportation security, for instance, are likely to be impractical for transportation modes that require more convenient user access and have myriad points of entry. Means of deterrence in those systems are therefore critical, as are means to contain and respond to attacks that do occur. Indeed, it is possible that good mitigation, response, and recovery preparations will themselves dissuade terrorists from attacking these targets since ensuing damage and disruption may be limited.
The importance of understanding the characteristics of each type of transportation system in designing layered security systems is illustrated by the security-system concept for shipping containers presented in Box 7.1.
A few large seaport hubs, or megaports, around the world—such as Los
Intermodal shipping containers carry more than 80 percent of the cargo (as measured in value) moved by ocean liners in international trade. A key virtue of these standardized containers is that they allow for mechanized and automated container handling at transfer points and can be moved readily among modes. The sealed containers are also less vulnerable to cargo pilfering and theft. These virtues have vastly improved the efficiency of ship, train, truck, and terminal operations, reducing the time required for international shipping and enabling more businesses to reduce their warehouse and inventory costs through just-in-time logistics.
In the United States, some 50 ports can handle containers, but only a handful have built a significant business around them because of the large investment required for handling equipment, the need for good connections with highway and rail services, and the economies of scale of warehousing and terminal operations. The three megaports of Los Angeles, Long Beach, and Newark-Elizabeth handle about half of all containers entering and exiting the country. Each of these ports can handle as many as 10,000 containers in a single day.
The U.S. Customs Service maintains inspectors at each port. Their main job is to classify and appraise goods and collect applicable customs duties, although their ancillary functions include the interception of contraband and assistance in enforcing other laws and the regulations of some 40 federal agencies. In most cases, entering containers are cleared with a limited review of documents. Most regular, or “known,” shippers are precleared, and their shipments and documents are not examined by Customs until up to 30 days later, which may be at the end point of their line-haul inland journey by truck or rail. Only about 2 percent of containers are opened and physically inspected at some point in the process. Such inspections are time consuming—they usually delay shipments for several days—and add to the costs of shippers and receivers, who often depend on just-in-time service.
A Threat Scenario
A terrorist purchases a foreign exporter that has a long-standing relationship with U.S. importers. The exporter routinely loads containers at its own facilities. In one of the containers, the terrorist loads a nuclear, chemical, or explosive device that is timed to activate or that can be activated remotely. The container is transported unopened through a foreign transshipment port and is then placed along with thousands of other containers on a large container ship destined for a major U.S. port that handles thousands of containers each day. Recognizing the known shipper, U.S. Customs preclears the container with minimal review of documents. Along with thousands of other containers, it is transferred to line-haul rail for inland transportation to the port of entry into the U.S. economy. The full documentation for the container shipment is scheduled to arrive at the U.S. Customs office within 30 days of the container’s entry into the country.
At any point during this 30-day interval, the deadly device inside can be detonated. Even if intelligence uncovers the plot, there may be no ready way to identify
and locate the container, and there is additional concern about other containers possibly in place around the country already or on the way. The federal government is probably compelled to halt the movement of all containers and isolate thousands of suspect ones. Even if the device is not detonated, commerce is severely affected by the disruption of trade and the public’s confidence in the system of deterrence and interception is eroded.
A Layered Security System to Lessen the Threat
Security cannot begin and end at the port but must be integrated into the entire logistics chain. And it must be part of an overall system that can address multiple threats, rather than an unintegrated series of tactics aimed at addressing one vulnerability at a time. Megaports offer a point of leverage for developing such a systems approach. Containers of most shippers will pass through one or more of these large hub seaports in the United States and abroad. The corresponding port authorities and their governments, therefore, are in a position to impose standardized requirements on shipment security, reporting, and information-sharing that will have a near-universal effect on practice throughout the industry. Industry trade associations may be employed to certify compliance with these standards; for instance, a shipper that does not maintain the prerequisites could be denied membership in the association, and nonmember shippers could be denied access to the megaport or have their access severely restricted.
One prerequisite might be that containers be loaded in sanitized facilities that are certified and subject to recertification after a change in ownership. Such facilities, whether at shippers’ own locations or those of the freight consolidators, might be secured from unauthorized entry, monitored with surveillance cameras, and equipped with cargo and vehicle scanners. Images from these scanners could be stored with other documentation on the shipment and forwarded to transshipment points or destination ports for comparisons when the shipment arrives or during randomized inspections along the way. A tamper-resistant mechanical or electronic seal might be placed on the container at the certified loading facility. Light or temperature sensors might also be placed in the container and set to transmit a signal or sound an alarm if activated by an unexpected opening.
Drivers of vehicles that deliver the containers to the ports might have their identities confirmed through biometric cards and be subject not only to periodic checks on their background but to scrutiny, using data mining techniques, for discerning unusual patterns of work and behavior. Microcomputers with transponders might be attached to the motor system to track its route and shut down the engines if it veers from the approved course. Meanwhile, manufacturers, importers, and shipping companies could be required to provide authorities with advance notice of the details of their shipments. Such early notification would give inspectors time to assess the validity of the data, using artificial-intelligence and data-mining capabilities, and to check for anomalies that warrant closer examination.
These capabilities might be provided through a central facility with the necessary expertise and resources; its analysts could then advise inspectors and other enforcement officials on the handling of suspect shipments. Those singled out for closer scrutiny, including shipments from uncertified facilities, could be subject to a variety of nondestructive examinations, from simple reweighing to vapor and radi-
ation sampling to radiographic imaging. The container’s original scanned image, taken at the original loading facility, could be compared with subsequent scans.
None of these coordinated measures and associated technologies, if fully developed and implemented, would guarantee success in eliminating all of the many vulnerabilities associated with the shipping-container logistics system, nor have the practicality and total costs of such an approach been fully evaluated. However, a layered system—even with several imperfect elements—would greatly increase the chances of deterring and intercepting threats. It would also allow enforcement authorities with intelligence about a threat to take quicker and more effective actions to identify suspect containers. Such a systematic and credible security system, which could be improved continually through the adoption of new technologies and techniques, would help reassure the public in the event of an incident and help contain disruptions in the critical logistics system by precluding the need for a complete shutdown.
SOURCE: Flynn (2000a, 2000b, 2001) and Leeper (1991).
Angeles, Long Beach, Newark-Elizabeth, Rotterdam, Hamburg, and Singapore—offer points of leverage for designing a security system that encourages shippers to load containers in secured facilities and take other related steps to expedite the movement of their cargoes through the megaports and the logistics stream. Because these ports are so critical to the container shipping industry, such requirements may become the de facto standard in short order. Shippers that choose not to comply may be denied access to the megaports or be subjected to greater scrutiny and its resultant delays.
The narrowing of the higher-risk traffic in this manner, supported by such capabilities as data mining and artificial intelligence (as described in more detail in Box 7.1), will allow authorities to make better use of their limited inspection, screening, and enforcement resources. In fashioning such a layered security system that begins early in the logistics stream, the prospects of a containerized weapon being intercepted before reaching the United States, and the chances of the act being deterred in the first place, are likely to be greater than under the current system of infrequent container inspections at destination ports and other border crossings. Moreover, it is quite possible that the side benefits of such a system, such as a decline in the use of shipping containers for the movement of contraband and the efficiency-related benefits of a sound shipment tracking system, would by themselves provide strong incentives for participants to continually maintain and enhance the system. A multilayered means of securing shipping containers, which will require considerable international and private-sector
collaboration, is now being considered by the U.S. Customs Service8 and other government agencies.
In a different and more varied context, the experience with ensuring aviation safety over the past 30 years demonstrates how such a layered approach can indeed be pursued with much success. In commercial aviation, it is noteworthy that one agency has a dominant role in ensuring safety through multiple, coordinated means. FAA is responsible for everything from establishing pilot training requirements to regulating the design and manufacture of aircraft and their components. Safety is assured through a multipronged process aimed at reducing risks through rigorous standards for flight crew qualification and training; testing and certification of aircraft designs and materials; quality assurance in aircraft production processes; detailed schedules for aircraft maintenance and engine overhauls; a coordinated system for air-traffic management; standardized operating procedures; and minimum requirements for runway maintenance and airport rescue and fire services.
Coincident failures of all these elements are rare, as evidenced by the excellent decades-long safety record of commercial airlines. When failures (or even near failures) do occur, the safety system is evaluated as a whole and adjustments made (possibly to multiple elements) to remedy the problem.9
Given the outstanding performance of the aviation safety system, it is notable that aviation security, also regulated by FAA until recently, was not handled in a similarly holistic fashion. By and large, aviation security tactics and techniques emerged piecemeal, in reaction to a series of individual security failures, beginning with the deployment of magnetometers and x-ray screeners for carryon luggage following a rash of handgun-enabled hijackings during the 1960s and early 1970s. In this case, the screeners were viewed foremost as protective measures, intended to intercept firearms before they could be brought on board an aircraft. Indeed, year after year, thousands of firearms were intercepted and confiscated by airport screeners.10 Yet, while the screeners did intercept many guns, they also deterred the use of guns by hijackers. Certainly, the September 11 hijackers were reluctant to use handguns. Such deterrence effects, however, were not evaluated explicitly.
In April 2002 the U.S. Customs Service launched the Customs-Trade Partnership Against Terrorism (C-TPAT), which “requires importers to take steps to assess, evolve and communicate new practices that ensure tighter security of cargo and enhanced security throughout the entire supply chain. In return, their goods and conveyances will receive expedited processing into the United States” (U.S. Customs Service press release of April 16, 2002). More details about C-TPAT are available on the U.S. Customs Service Web site at <http://www.customs.gov/enforcem/tpat.htm>.
The importance of a systems approach to aviation security was emphasized in the 1997 White House Commission on Aviation Safety and Security, which was chaired by Vice President Gore.
According to FAA statistics, 13,459 handguns and 1,151 other firearms were detected and confiscated by airport screeners from 1994 to 2000 (personal communication, FAA Office of Civil Aviation Security Operations, May 3, 2002).
More systematic evaluations of security approaches surely would have been helpful in understanding the influence of deterrence and opportunities for strengthening it. Indeed, in seeking to regain public confidence in aviation security after September 11, federal policy makers did not have a coherent system in place that could be readily fixed, prompting Congress to take dramatic and hurried measures, from the federalizing of airport screeners to ambitious deadlines for the deployment of costly and potentially unready explosive detectors.
Deterred from one target, the terrorist may well seek another. But if such deflection is indeed what happens, then it is all the more important that deterrence measures are deliberate and well-placed to ensure that the most sensitive potential targets are the ones that are the least appealing to attack.
Security Methods and Techniques That Are Dual-Use, Adaptable, and Opportunistic
Transportation is a diverse and dynamic enterprise. Transportation operations today, from passenger to cargo systems, are fundamentally different from what they were just 20 years ago, when hub-and-spoke systems, express package delivery, just-in-time logistics, and intermodal container operations were in their infancy. Nearly all modes of transportation have experienced sharp increases in traffic volumes and changes in their methods of providing services. It is important, therefore, to ensure that security approaches are capable of adapting to evolving circumstances.
Perhaps the best way to foster such adaptability is to mesh security with other operational tasks and objectives, such as curbing crime, dispatching and tracking vehicles, monitoring the condition of infrastructure, and assuring safe operations.11 Indeed, providing economic incentives for transportation users and operators to build security into their operations will be critical; simply urging greater security consciousness will not be enough, nor will it have lasting effect in such a competitive and cost-sensitive sector. First, before investing in new technologies and procedures, it is important that consideration be given to how those already at hand may be put to another use. Grounding of aircraft by the FAA’s air traffic controllers after the September 11 attacks and the use made by forensic experts of tracking codes imprinted on U.S. mail after the anthrax attacks show that such dual-use opportunities exist and can be integrated into security planning. As a corollary, security-related technologies and procedures themselves can have wider utility; for example, the matching of airline passengers with their bags may also reduce the incidence of lost luggage, and closed circuit television surveillance and undercover patrols by security personnel may reduce
ordinary crimes in public places such as transit stations.12 Such opportunities must be sought out systematically, recognizing as well that multiuse, multibenefit systems have a greater chance of being maintained and improved over time.
The potential cost and magnitude of the security task in the evolving and expansive transportation sector means that it must be approached not only systematically but resourcefully. Making a long-term commitment to costly security technologies developed and deployed outside a systems context runs the risk of early and prolonged obsolescence as technologies, transportation operations, and security threats change. A more efficient, adaptable, and system-oriented approach might suggest such tactics as the randomization of security screening, the setting of traps, and the masking of detection capabilities—all to allocate security resources most effectively and to create layers of uncertainty that can inhibit terrorist activity through what have been called “curtains of mystery.” To minimize costly disruptions to transportation services, it may be desirable to narrow the security task to target the highest-risk actors and activities. To do so will require a better understanding of normal patterns of behavior and activity, allowing for the preidentification and filtering out of legitimate and low-risk travelers and shippers, so as to devote more security resources to the scrutiny of anomalies.
It makes sense, for example, to integrate information gleaned from computerized airline reservations systems with passenger and baggage screening procedures, rather than treating each as a discrete and unconnected process.13 Information from ticketing that suggests an air traveler poses a risk could be conveyed to personnel at all security checkpoints—guards at the entries to secure concourses, baggage screeners, and airline gate attendants who examine and collect boarding passes.14 In more open transportation systems, where it can be difficult to identify and track high-risk traffic, information and communications tools may offer a means to create a “virtual” closed system. Large trucks, for instance, may be required to have an identifier tag affixed to the windshield and scanned at critical points along the highway. The tracking information could be used to ensure that higher-risk trucks—that is, those without tag identifiers or with unusual routings—are scrutinized more carefully at border crossings, tunnels, and major bridges down the road. As an added layer of deterrence and protection, trucks may be subjected to random checks of the validity of the tag, as well as the legality of the driver, vehicle, and cargo.
Perhaps the most open of all transportation systems are the public transit systems of large urban areas. Indeed, transit systems around the world have become recurrent terrorist targets because of their openness, concentrations of people, and potential for attacks to cause mass disruption and alarm. Many opportunities exist for using information generated by operations (e.g., ticket reservation records, shipment manifests, passenger identification) to devise layered security systems in air and maritime transportation. Similar information is not available for many of the land transportation modes, such as public transit, where users are often anonymous. Nevertheless, security in other surface modes can be layered through other means, while also capitalizing on dual-use applications.15 When certain opportunities arise, such as during the design of new stations or the remodeling of existing ones, many cost-effective protective features can be added, such as good lighting, blast-resistant structures, air filtration systems, emergency evacuation routes, and open spaces that provide broad fields of vision. And certainly in areas where free access is not required, such as at railcar and bus storage yards, fences, police patrols, and other perimeter protections can be added—not only to provide security against terrorist attacks, but also to help prevent vandalism and other crimes. The well-placed application of certain technologies, such as surveillance cameras and sensors that detect chemical and biological agents, can further strengthen the overall security system by adding an element of deterrence as well as an early diagnosis and response capability. As they mature, facial-recognition technologies may have strategic application in some public transportation settings, thereby strengthening deterrence and detection capabilities.
But to be effective in such a ubiquitous and expansive mode of transportation, security must be approached holistically. Explicit consideration must be given, for instance, to the important security function of civilian staff, such as bus and train operators and station attendants. Their visible presence alone can serve as a deterrent, and they are in the best position to recognize and report situations that are out of the ordinary before they become full-blown incidents. Attention must given to making on-site staff more visible and training them on how to react and respond appropriately—a critical responsibility, since transit operators and attendants are most likely to be the first personnel at the scene of an attack. Similarly, riders themselves can be an important resource. Active public cooperation and vigilance may be encouraged through such means as recurrent messages and public announcements to be alert for and report unattended articles. Indeed, it is in the most crowded locations, where terrorists are most likely to strike, that the chances are greatest that a passerby, if prompted to be attentive, will quickly notice a suspect package and notify authorities.16 All of these
elements together—from blast-resistant designs and well-lit spaces to the strategic placement of guards and fences and deliberate means of enhancing situational awareness by personnel and passengers—can provide a multitiered security system that both deters and protects. And, of course, these elements must be backed up by well-devised and well-rehearsed plans for incident response and restoration of service. Public transit systems that are prepared for response and recovery are less desirable targets for attackers banking on mass confusion and disorder to amplify the harm.17
Capability to Engage in Unconventional Thinking on Threats and Responses
The size, scope, and ubiquity of the transportation sector, coupled with its myriad owners, operators, and users, means that many opportunities exist for terrorists to exploit components of transport systems in many different, and novel, ways. After all, terrorists may not view individual transportation assets, infrastructure, and services in isolation and in traditional function-oriented ways but rather as tools that can be exploited for other objectives—much as jet airliners and mailed letters were used as weapons delivery systems last fall. Similarly, terrorists may view the components of other systems, such as the electric power grid, as a means to disrupt or impair critical transportation services. Indeed, it is likely that even the perpetrators of an attack might not realize the full array of economic and societal consequences that could arise as the wave of disruptions moves through many complex and interrelated systems.
Given the broad spectrum of possibilities, the institutions traditionally responsible for securing transportation systems are unprepared to counter the unprecedented means by which they can be exploited for terrorist purposes. Yet it is critical that such possibilities and their risks are anticipated and understood in order to devise precautions and countermeasures. Effective security planning and preparation will require a continuous means of engaging in unbiased and nontraditional thinking about vulnerabilities and threats, their consequences, and appropriate planning and policy responses. This needed analytic capability—from scenario-based threat assessments and red teaming to systems modeling—does not exist today.
RESEARCH AND TECHNOLOGY NEEDS
Many technological capabilities, new or enhanced, will be needed to support well-designed, layered security systems in the transportation sector. But success
will not occur without systems research to help establish the big picture within which the individual efforts—some of them novel ideas and innovations, others the adaptations of technologies developed elsewhere with different primary aims—each play their separate but interconnected parts.
Post-September 11, scientists, engineers, and technologists in the public and private sectors alike will be paying a great deal of attention to airline security and transportation security in general; hence, a strategy that helps guide their efforts is crucial. At the moment, numerous expert groups are offering R&D advice to transportation agencies at the federal, state, and local levels. Missing, however, is more enduring advice on how to go about establishing, implementing, and sustaining these priorities. The approach taken in this chapter is to provide strategic counsel on how to go about identifying and establishing these priorities, rather than offering a highly specified research agenda. The specific research ideas offered next, and summarized in Box 7.2, are illustrative and by no means exhaustive.
Understanding normal patterns of transportation activity and behavior
Identification of anomalous and suspect activities
Opportunities to leverage security in operations
Ability of security personnel to recognize context and patterns
Design of security devices, facilities, and procedures that are efficient and reliable
Understanding how to obscure the risk of getting caught
Understanding how technology can complement and supplement humans
Creation of security institutions that are performance-driven
Legal and Ethical Issues
Acceptability of surveillance systems
Use of biometrics for identify verification
Use of prescreening systems and means to collect and protect personal information
Psychological studies to model terrorist types
Deterrent effects of tactics to create uncertainty (e.g., “curtains of mystery”)
Deterrent effects of layered countermeasures
A fundamental need is a more thorough understanding of the operations, institutions, and other functions and characteristics of the transportation and logistics enterprises. Such an understanding is necessary to identify candidate security systems—for instance, to determine where the megaport-like “linch-pins” may lie for new security approaches. Such systems research and analysis will also provide an understanding of normal patterns of transportation activity and behavior, which is essential for developing security programs that filter out trusted passengers and shippers and for designing and deploying networks of sensors in ways that enhance their accuracy and reduce the incidence of missed and false alarms.
Moreover, an understanding of the operations and economics of transportation systems is crucial for finding ways to integrate security with other transportation system objectives. For example, shippers and other commercial users of
Data mining and other data-evaluation techniques to filter out lower-risk users
An understanding of the markers of risk associated with travelers
Explosives detection systems able to detect a wider range of materials
Means to network and combine sensors into “sensor fusion”
Standoff and accurate field sensors with low rates of false alarms
Biometrics and other means of verifying travelers and operators
Monitoring and Mitigation
Real-time chemical sensors that are effective in complex environments
Construction methods to harden transportation facilities
Dispersal models for various agents in transportation environments
Ways to use dispatch and control systems for consequence management
Means of protecting traffic-control systems from physical and cyberattacks
Response and Recovery
Neutralizing agents and robots that can test areas and perform decontamination
Communications capacity for emergency responders
Regional emergency-response plans that coordinate highways and public transportation
Investigation and Attribution
Integrating investigative capabilities into transportation operations and control systems
transportation may be willing to accept the outlays for blast-resistant containers, electronic tamperproof seals, and real-time recording of shipment manifests if they facilitate the general movement of cargo and better secure it against theft and loss.18
It will also be important to recognize that certain security approaches are practical and acceptable under some circumstances and impractical and unacceptable under others. For example, in the wake of the September 11 attacks, airline passengers have demonstrated a willingness to endure time-consuming and invasive security procedures. For many travelers, airline trips are long any-way and not a daily occurrence, and extra time can thus be spared for additional security measures. To be sure, similar inconveniences would not be so well tolerated by passengers in the more time-sensitive modes used for daily commuting, and air travelers’ impatience with burdensome security procedures can be expected to grow over time, especially if the public views security procedures as more symbolic than substantive.
The advent of effective security initiatives therefore depends not only on good research pertaining to transportation operations but also on an understanding of human factors. Such insight is needed for everything from designing airport security checkpoints that are more efficient and less error-prone to developing means of deterring terrorists through the aforementioned “curtains of mystery.” Indeed, human factors are integral to all security initiatives, whether they entail technologies, procedures, or organizational structures.
It is especially important that the role of people in operations and security not be determined by default, simply on the basis of what technology promises, but rather as a result of systematic evaluations of human strengths and weaknesses that can be complemented by and supplemented by technology. Human strengths, such as sensitivity to context and pattern recognition, may be difficult or unnecessary to replicate. Indeed, it may turn out that some technologies do not hold promise because they are inferior to, or incompatible with, the performance of human users—for instance, they might interfere with the performance of flight crews, bus drivers, or screeners.19
Many other nontechnical issues also loom large in the development and deployment of effective security systems. Privacy and civil rights controversies, for example, dominate the debate over data mining and biometric technologies for passenger prescreening, identification, and surveillance—a debate that goes beyond the transportation sector, extending to other technology-based realms as well.20 Though technological advances will undoubtedly continue to offer many
new capabilities, some will raise new legal and ethical issues that must be addressed long before they are used. Sound systems research and analyses—involving operational, institutional, and societal dimensions—will better bring these issues to light.
To be sure, the restructuring of transportation security technologies, techniques, and procedures to form coherent systems will not be easy. It will require an ability and willingness to step back and define security goals and performance expectations, to identify the layered systems best suited to meeting them, and to work with many public, private, and foreign entities to implement them. Security planners must be willing to question many existing security rules, institutional relationships, tactics, and technologies. This will require much strategic planning, supported by well-targeted, systems-level research and analysis.
As noted earlier, the impracticality of eliminating all transportation vulnerabilities means that efforts to deter must be a key part of transportation security strategies. That reality, together with the likelihood that over the past decade deterrence has probably stopped many hostile acts against aircraft in the first place, put it early in the line of defense against transportation terrorism. But in such a large and open transportation sector, deterrence (or deflection of the hostile act to a less damaging or less protected target) may not be achieved simply by traditional means—guards, guns, and gates. Instead, it will require sound intelligence information related to transportation security and the innovative use of resources and capabilities, which together create high degrees of uncertainty among terrorists about the chances of defeating the system (that “curtain of mystery”).
The extent to which uncertainty can deter a terrorist from a specific target is a potentially important avenue of inquiry. How does the fear of getting caught influence actions? Even a terrorist intent on suicide does not want to be stopped before achieving his or her goals. Psychological studies have sought to model criminal attitudes by interviewing perpetrators, and similar studies could presumably be directed to terrorist types in order to better understand the factors influencing their decisions to attack or avoid targets. Such knowledge could prove useful in assessing the deterrent effects of specific tactics such as the use of chemical-sniffing dogs, the randomized deployment of surveillance cameras, and
the publicizing (but not the identification) of new but unspecified passenger screening procedures.
If deterrence is unsuccessful, the next line of defense is prevention, whether by denying access through physical means—guards and fences, for example—or by other methods of interception, such as passenger profiling, baggage inspection, and explosives detection.
A topic likely to generate much research and debate in the years ahead is how best to filter out the lower-risk users of transportation systems in order to focus security resources on anomalies and the higher-risk traffic. Advanced information technologies offer some promising tools for such identification and prescreening. What is needed, however, is a better understanding of the markers of risk, the kinds of data useful for identifying those markers, and how to interpret and use the results for detection and control purposes.
For example, the application of automated passenger prescreening systems may depend less on advances in biometrics, artificial intelligence, statistics, and computer hardware than on the kinds and quality of data that can be employed in these systems. Not only must the multiple, heterogeneous databases involved be accurate and compatible (both criteria present major challenges), but the right information must be extracted and combined. As an example, how can data on a traveler’s financial records, immigration status, legal history, demographic characteristics, and matches to traveling companions on the same flight be used to evaluate his or her security risk, and who will act on the results? Will new databases be created by the linking of various private and public data sources? And if so, how will the information be stored and protected, and who will have access to it and for what purposes? Research on numerous such issues is clearly required to help policy makers evaluate preventive measures.21
Yet another prevention-related need is for explosives detection systems that are sensitive to a wider range of materials. At the moment, many threats are not detectable; for instance, a pouch sealed in plastic and taped on a person’s body may not register with available screening devices. But new and emerging techniques could augment existing detection capabilities. For example, three sensor technologies that appear to hold promise for explosives detection are x-ray diffraction, which detects several types of explosives; microwave/millimeter-wave scanners, which penetrate denser substances; and nuclear quadrupole resonance, which identifies the chemical compositions of selected materials.22
What is clear, however, is that no single sensor technology can be expected to find all threats with acceptable accuracy, so an array of sensor technologies will need to be developed and used together in a reliable, networked (“sensor fusion”) manner whereby each sensor can crosscheck the validity of others. Such crosschecking can help reduce false alarms and the need for inconvenient and costly follow-on searches, such as manual baggage inspections.
In general, all detectors—whether they sense explosives, say, or radiological materials—need to be made more accurate for use in transportation modes, where an excessive rate of false alarms can wreak havoc. They must also be made smaller, more affordable, and capable of operating at greater range. These latter requirements are particularly important if detectors are to be deployed strategically in the surface transportation modes.
Monitoring and Mitigation
Knowing when a hostile attack is under way, diagnosing it quickly and accurately, predicting its course, and mitigating its harmful effects are crucial capabilities that research and development can help provide.
Monitoring is essential to all these crisis-management functions. Indeed, the use of FAA’s air-traffic management system to ground aircraft on September 11 demonstrated how existing traffic operations and control systems can be used to detect terrorist attacks in progress and help manage the crisis. The fast and decisive actions taken by local traffic control centers to prevent commuter and subway trains from passing under the World Trade Center may have saved hundreds of lives.
Another example of monitoring capabilities that are not yet available but that could prove crucial in transportation settings is the development of real-time sensors to rapidly detect a wide variety of chemical agents. In a busy transportation environment, rapid recognition of a threat is critical to ensure appropriate response. A prerequisite for the development of such sensor systems is baseline information on the background chemicals in facilities such as subway systems and airport terminals, especially to ensure that sensor systems are designed to balance the risks associated with false positive and false negative readings. On the one hand, excessive false alarm rates are a major concern for transportation operators, lest localized service disruptions regularly propagate across an entire network, eventually causing the alerts to be ignored and alarm systems to be turned off. On the other hand, a single missed or neglected alarm runs the risk of exposing thousands of people to deadly agents and postponing effective emergency response. An appropriate balance must be struck between such risks, requiring risk modeling and human factors assessments.
Research on architectural features, materials, and construction methods to harden transportation facilities has the potential to mitigate the effects of blasts. Research on mitigation could also be useful in protecting structures from earth-
quakes and other natural disasters, although such correlations warrant further study. Similarly, the design of blast-resistant containers for aviation may be helpful for other modes of transport. The DOD has conducted much research on blast resistance materials, designs, and structures, some of which may be applicable to transportation.
There is a great deal of interest in the transportation community not only in mitigating the effects of explosions but in containing the release of chemical and biological agents. Specialized research on the dispersal of various agents within transportation environments is needed—for instance, on understanding how trains moving in subway tunnels may push contaminants within the underground system and through external vents into the streets above.23 In addition to helping devise sensor networks, such knowledge could help in the development of mitigation equipment such as ventilation barriers and filters and in informing emergency response plans.
Response and Recovery
A key to effective postevent response is the capability to communicate and coordinate the actions of firefighters, police, elected officials, and transportation agencies across numerous jurisdictions. Communication paths, equipment, and protocols must be established in advance, as part of emergency response plans, and sizeable capacity must be made available quickly without having to disrupt basic communications links. Research and development on ways to enhance emergency decision making and communications protocols and capabilities is important to the transportation community, as it is to other participants in incident response.
As noted earlier, the ability to quickly recover and reconstitute transportation services is crucial for limiting the cascading effects of terrorist attacks. This may require a range of capabilities, from the specific means to reroute traffic around the disrupted areas to well-rehearsed, regional emergency response plans that coordinate highway and public transportation systems. Restoring transportation services following an attack will also require a range of technological capabilities—for example, neutralizing agents and robots that can survey affected areas and perform decontamination, as well as tools for the rapid repair of key infrastructure elements to render them at least minimally functional.
Investigation and Attribution
To deter and prevent further attacks, technologies and techniques to investigate and attribute past attacks will also be needed. Catching the perpetrators
before they can do harm again is, of course, one reason to investigate and seek attribution. Another is to learn from the attack in order to prevent future ones. Following the September 11 attacks, data were gathered from the air traffic control system and used to reconstruct the timing and pattern of the four airline hijackings. These analyses could prove helpful in improving the monitoring of traffic and recognizing the early signs of an attack. How best to develop such investigative capabilities—much as cockpit voice recorder and flight data boxes are critical for reconstructing airline crashes—is a potentially important avenue of inquiry.
ADVICE TO THE TRANSPORTATION SECURITY ADMINISTRATION ON STRATEGIC RESEARCH AND PLANNING
The Aviation and Transportation Security Act of 2001, which created TSA, set forth a series of responsibilities and deadlines for the agency, from the assumption of airline passenger and baggage screening functions to the deployment of air marshals and explosives detection systems at commercial airports. Whereas most of the act’s provisions deal exclusively with civil aviation, it also gives TSA a broader security mandate—affecting all transport modes—that includes the following statutory responsibilities:
Receive, assess, and distribute intelligence information related to transportation security;
Assess threats to transportation;
Develop policies, strategies, and plans for protecting against threats to transportation, mitigating damage from attacks, and responding to and recovering from attacks;
Make other plans related to transportation security, including coordination of countermeasures with appropriate departments and agencies;
Serve as the primary liaison for transportation security to the intelligence and law enforcement communities;
Enforce security-related regulations and requirements;
Inspect, maintain, and test security facilities, equipment, and systems;
Ensure the adequacy of security measures for the transportation of cargo; and
Identify and undertake research and development activities necessary to enhance transportation security.
The many new and challenging operational and implementation requirements laid out in the act are understandably consuming much of TSA’s financial and organizational resources, and they are likely to continue to do so for some time. Nevertheless, the overarching mission responsibilities listed above are essential to TSA’s success and cannot remain neglected for long. The following
three recommendations are offered to DOT and TSA for assuming this strategic role. The first recommendation stems from a recognition that the transportation sector is so large, dynamic, and fragmented that no single agency can be responsible for day-to-day security tactics and technologies. If TSA is to have a meaningful role in securing all the modes of transportation, it must be prepared to offer advice and assistance at a strategic level. The second and third recommendations recognize that TSA is the only national entity with responsibility for security in the transportation sector as a whole. It is therefore in the best position to ensure research is undertaken that is useful to all transportation modes and that good information on security technologies and methods is provided to the many public- and private-sector users and providers of transportation services.
Creating a Strategic Research and Planning Capacity
Recommendation 7.1: TSA should establish a strategic research and planning office—attuned to, but distinct from, the agency’s operational and enforcement responsibilities—that can work with DOT, the modal agencies, other federal entities, state and local governments, and other elements of the public and private sectors on security system research, planning, and deployment.
Having a strong analytic capacity, the office could undertake the following:
Explore and evaluate alternative security system concepts for the different modes of transportation through collaboration with the public- and private-sector owners, operators, and users and through the application of operations research and human factors expertise.
Ensure that there are no gaps in security planning and preparation because of the narrow purview, perspectives, and knowledge of individual modal agencies and owners, operators, and users of transportation systems.
Encourage the explicit inclusion of security goals in the transportation planning process and in the design of vehicles, facilities, and operating systems by seeking out dual-use opportunities and by identifying design standards for new transportation systems and facilities that fully integrate security considerations.
Advise metropolitan governments and transportation agencies on the need to develop integrated regional emergency response plans; and advise local and state transportation agencies, public transportation authorities, and related entities on how to reshape their administrative structures so as to give security prominence in their planning and decision making.
Explore ways in which security enhancements can be encouraged, and how market and institutional barriers to the deployment of security measures can
be overcome—for example, through balanced roles for regulation, subsidy, education, and standard setting.
Work with other countries and international standard-setting bodies to exchange information about international shipments, coordinate security measures and overall system strategies, and collaborate in research and development activities.
Develop a research agenda in support of transportation security systems.
Multimodal in its orientation, such a strategic office will require a systems planning and engineering expertise and the capability to conduct risk assessments. To obtain this expertise, TSA can make effective use of DOT’s Volpe National Transportation Systems Center and other resources that TSA and Volpe can bring to bear. It will also need to interact closely with other federal agencies in domains of responsibility integral to transportation (such as the Coast Guard, the Customs Service, FEMA, and the Immigration and Naturalization Service), with international standard-setting bodies (such as the International Civil Aviation Organization, the World Customs Organization, and the International Maritime Organization), and with state and local agencies at the level of implementation.
To be effective and trusted, TSA must be more than a regulatory and enforcement arm of DOT; it must find ways to share needed expertise and information and to work constructively with those parties—from modal agencies to public- and private-sector transportation system operators—entrusted with fielding the security solutions. A strategic research and planning office within TSA, unencumbered by rulemaking, enforcement, and operational responsibilities, could offer these needed services.
Marshaling R&D in Support of Transportation Security
The committee has identified a number of important systems analysis and technology needs for transportation security, and it believes that TSA is uniquely positioned to undertake, encourage, and guide much of the R&D that will meet these needs. To devise coherent security systems and to procure and recommend supporting technologies, TSA must have its own analysis and research capacity. But it also must have the ability to draw on the rich and varied R&D capabilities within the transportation sector as well as those of the federal government and the science and technology community at large.
The modal agencies in DOT, as well as other federal agencies with responsibility for security functions related to transportation (such as Customs and INS), have missions ranging from safety assurance to revenue collection and drug interdiction. Most have small R&D budgets to support these missions; hence, one can expect these agencies to seek a maximum return on their R&D investments by sponsoring research that meets their own mission-oriented needs first,
while offering security advantages as an added benefit. Such duality of use can be beneficial, but approaching security as a side benefit may result in research gaps and a tendency for comprehensive, systems-level research to be neglected because it does not have a lead sponsor.
In viewing the R&D activities of the modal agencies in their totality and from a broader systems perspective, TSA can help fill these research gaps by offering agencies guidance on the allocations of their R&D investments. From this vantage point, TSA can monitor progress on security-related R&D, observe where modest additional investments might yield large benefits, and orchestrate ways to encourage such investments.
To be sure, much of the R&D that will be needed must take place outside the transportation realm, in the nation’s universities and research institutions and with support of much larger R&D sponsors such as the DOD, NIH, and NSF. By making the needs and parameters of transportation security systems more widely known, however, TSA can tap this relevant research from outside the transportation field and help to identify and shape those R&D efforts that are most relevant to transportation applications.
Recommendation 7.2: TSA should collaborate with the public and private sectors to build a strong foundation of research on human factors and transportation operations and to make the evaluation of security system concepts a central element of its collaborative research program. TSA must establish an in-house research capacity to undertake such concept evaluations and to support its own large security operations and technology acquisition programs. At the same time, it must adopt a broader, architect-like role in promoting and marshaling R&D to advance these security systems, especially by tapping into the security-related R&D of other government agencies, the broader transportation community, universities, research institutions, and the private sector.
A Technology Guidance and Evaluation Capacity
Academia and the private sector are eager to contribute creative ideas and technologies to the task of enhancing transportation security. At the same time, transportation system owners and operators are eager to hear advice from universities and companies and use the results of good research and technology development. Currently, however, many of the ideas and technologies being proposed for security purposes have only limited potential for application—not only because of inadequate incentives to invest in them but also because technologies and techniques that seem promising in isolation do not fit well in a security system or are incompatible with the transportation operating environment.
TSA could play a catalytic role here by providing scientists and technologists with clearer targets for their research and innovation efforts. In conjunction with commercial developers and transportation system owners and users, TSA
could help develop product evaluation standards and methods, sponsor prototype demonstrations, and conduct field trials. Precedents for such clearinghouse and evaluation services can be found in the transportation sector and elsewhere, and they could be useful as models.24
Recommendation 7.3: TSA should create a guidance, evaluation, and clearinghouse capacity that provides technology developers with performance goals for their products and advises transportation system operators on security-related technologies that are available and being developed.
The nascent Transportation Security Administration provides a new, and rare, opportunity to approach transportation security in a strategic manner based on sound science and technology application. It is essential that this opportunity not be lost. The Department of Transportation, and particularly TSA, should take steps now to build this strategic capability and ensure its permanence. In the same manner, others have urged the Office of Homeland Security to adopt such a strategic and architect-like role on a broader scale for the federal government as a whole.25
TSA’s security mission does not extend beyond the transportation sector, but as the events of September 11 revealed, vulnerabilities to terrorist acts may not be limited to components within particular transportation modes and systems. In fact they may exist in the interactions among modes or between transportation modes and other domains such as energy and computer systems. Someone should be thinking about vulnerabilities that exist at these intersections, the threats that may be associated with them, and appropriate strategies for response.
A broader-based understanding of terrorist threats is therefore needed to inform the transportation community and others on the front lines of defense as they formulate security plans and take precautions. To provide this capability, the committee sees a need for an entity unencumbered by operational, oversight, and regulatory responsibilities, whose mission would be to explore and systematically assess the broad spectrum of vulnerabilities to terrorist attacks, probable responses to these attacks, and ensuing consequences. By involving and informing TSA and the transportation community, as well as parties in other domains, the work of this analytic entity could provide valuable guidance to transportation
owners, operators, and overseers as they prioritize and make security preparations. (The Homeland Security Institute recommended in Chapter 12 could be such an entity.)
The panel is indebted to the earlier work of other National Research Council committees, including reports by the National Materials Advisory Board’s Panel on Assessment of Technologies Deployed to Improve Aviation Security, led by Thomas Hartwick.26 In addition, the 1999 NRC report Improving Surface Transportation Security: A Research and Development Strategy, by a committee chaired by H. Norman Abramson, is cited repeatedly and helped shape the panel’s discussion on R&D strategies and opportunities.27 A key member of the committee that produced Improving Surface Transportation Security, Fred V. Morrone, Director of Public Safety and Superintendent of Police for the Port Authority of New York and New Jersey, died on September 11, 2001, while responding to the World Trade Center attacks. This panel’s effort was undertaken in memory of Superintendent Morrone.
Badolato, E. 2000. “Cargo Security: High-Tech Protection, High-Tech Threats,” TR News, No. 211, November-December, pp. 14-17.
Boyd, A., and J.P. Sullivan. 1997. Emergency Preparedness for Transit Terrorism: Synthesis of Transit Practice 27, Transportation Research Board, National Research Council, Washington, D.C.
Bureau of Transportation Statistics. 2000. National Transportation Statistics 2000, U.S. Department of Transportation, Washington, D.C.
Computer Science and Telecommunication Board (CSTB). 2002. IDs—Not That Easy: Questions About Nationwide Identity Systems, National Academy Press, Washington, D.C.
Carter, Ashton B. 2002. “The Architecture of Government in the Face of Terrorism,” International Security, Vol. 26, No. 3, pp. 5-23.
Flynn, S.E. 2000a. “Beyond Border Control,” Foreign Affairs, Vol. 70, No. 6, November-December.
Flynn, S.E. 2000b. “Transportation Security: Agenda for the 21st Century,” TR News, No. 211, November-December, pp. 3-7.
Flynn, S.E. 2001. “Bolstering the Maritime Weak Link,” testimony before the Committee on Governmental Affairs, U.S. Senate, Washington, D.C., December 6.
Jenkins, Brian M. 1997. Protecting Surface Transportation Systems and Patrons from Terrorist Activities: Case Studies of Best Security Practices and a Chronology of Attacks, Report 97-4, Norman Y. Mineta Institute for Surface Transportation Policy Studies, San Jose State University, San Jose, Calif.
Jenkins, Brian. M. 2001. Protecting Public Surface Transportation Against Terrorism and Serious Crime: An Executive Overview, Report No. MTI-01-14, Norman Y. Mineta Institute for Surface Transportation Policy Studies, San Jose State University, San Jose, Calif.
Leeper, J.H. 1991. “Border Interdiction: The Key to National Security,” presented before the Seventh Annual Joint Government-Industry Symposium and Exhibition on Security Technology, Norfolk, Va., June 12.
National Research Council, National Materials Advisory Board. 1996. Airline Passenger Security Screening: New Technologies and Implementation Issues, NMAB-482-1, National Academy Press, Washington, D.C.
National Research Council, National Materials Advisory Board. 1999a. Assessment of Technologies Deployed to Improve Aviation Security: First Report, National Academy Press, Washington, D.C.
National Research Council. 1999b. Improving Surface Transportation Security: A Research and Development Strategy, National Materials Advisory Board, Transportation Research Board, and Computer Science and Telecommunications Board, National Academy Press, Washington, D.C.
National Materials Advisory Board, National Research Council. 2002. Assessment of Technologies Deployed to Improve Aviation Security: Second Report. Progress Toward Objectives, National Academy Press, Washington, D.C.
Policastro, A.J., and S.P. Gordon. 1999. “The Use of Technology in Preparing Subway Systems for Chemical/Biological Terrorism,” Proceedings of the 1999 Commuter Rail/Rapid Transit Conference, Toronto, American Public Transportation Administration.
Policastro, A.J., F. O’Hare, D. Brown, M. Lazaro, and S. Filer. 2002. Guidelines for Managing Suspected Chemical and Biological Agent Incidents in Rail Tunnel System, Federal Transit Administration, U.S. Department of Transportation, Washington, D.C., January.
President’s Commission on Critical Infrastructure Protection. 1997. Critical Foundations: Protecting America’s Infrastructures, October.
U.S. Customs Service. 2002. Customs-Trade Partnership Against Terrorism (C-TPAT). Available online at <http://www.customs.gov/enforcem/tpat.htm>.
White House Commission on Aviation Safety and Security. 1997. Final Report to President Clinton, Executive Office of the President, Washington, D.C., February 12.