Security 101: A Physical Security Primer for Transportation Agencies (2009)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

51 Developing and maintaining an effective security posture depends on the security expertise, diligence, and level of training of the employees of the transportation agency’s workforce. Chap- ter 4 begins with an explanation of the myriad issues associated with fielding a security force and the types of data that can be used to determine the best coverage options available. A transporta- tion security force planning flowchart that clarifies the decision points leading to a decision to deploy a dedicated police force is included. The pros and cons of hiring security consultants or security contractors is then discussed, followed by commentary on the importance of involving the agency’s non-security personnel in the security effort. The chapter concludes with an overview of security training, starting at the awareness level and proceeding through to the con- duct of full-scale exercises and drills. Security Forces The costs associated with deploying personnel are the most expensive security countermeasure a transportation agency can undertake. The labor costs associated with the agency’s operating budget for security can exceed 90 to 92% of total annual expenditure. However, depending on the threats and unresolved vulnerabilities facing the organization, security personnel are often the most critical and significant resource available to reduce security-related risk. Security personnel provide a vital capability for which there is no substitution—the ability to comprehend and apply reason. Security personnel can perceive the nature of a threat and recognize ongoing aggressor tactics. When adequately armed or reinforced, they can repel or overcome the use of deadly force by responding with equal or greater force to neutralize the threat or activity. This factor alone is predominating in both the homeland security and public safety context. Absent a response, aggressors or criminals would quickly disregard other security countermeasures as irrelevant. Deciding on the necessity for security personnel or the extent to which forces should be deployed can be a significant challenge for security decisionmakers. The answers depend on the threats facing the agency and issues such as size, population served, and operating locale. For example, transportation systems operating in high-density population areas probably are at higher risk of attack than more rural systems. Other external factors can affect security person- nel decisions (e.g., the availability of public safety response personnel in the operating area, what users or customers expect to see in terms of security, or whether other organizations in the indus- try use security personnel). Internal factors such as the agency’s history of deploying security forces or whether the organizational culture is tolerant of security restrictions will also have bearing. In general, transportation agency decisionmakers have an initial—spend or no spend—hurdle to clear in thinking about security personnel deployment. To do so will require significant inter- action with local authorities to establish the level of protection and response to security incidents that can be expected. C H A P T E R 4 Security Personnel and Training

52 Security 101: A Physical Security Primer for Transportation Agencies Once accomplished and tested, the response must be balanced against the agency’s risk assess- ment. Assuming there is budget, spending operating money on security labor can be an easy deci- sion for the agency to make at the outset, but a much harder decision to amend or withdraw. Those agencies who have previously deployed a security force can attest to the difficulties asso- ciated with eliminating a security presence, even when that presence is no longer warranted. For this reason, any agency that has not yet invested in a security force should strive to ensure that the rationale for security personnel staffing is objective and consistent with both an estab- lished threat profile and other organizational needs and requirements. If the agency deter- mines that a security force is not required, a periodic review of this decision should be made in conjunction with ensuing risk assessments performed. The agency should also work toward achieving a written plan of security operations that documents the public safety service level and response contemplated. When the transportation agency objectively determines that a security presence, beyond that available from the locale’s public safety community, is necessary to pro- tect the system and its users, several planning options should be analyzed. Figure 4-1 depicts the decision points that should be considered. Questions include • Is a part-time or full-time security presence needed? • Is a dedicated security force needed? • Should the security force be proprietary or contracted? • Should the security force be armed? • Does the security force need arrest powers? The tradeoffs associated with these options affect the transportation agency’s overall security posture significantly. At one end of the spectrum of available choices is the deployment of unarmed, part-time security officers, with no arrest authority. At the other end is the fielding of a full-time, armed police department with powers of arrest. What the agency selects will affect the capabilities of not just the security labor force but also the performance and effectiveness of all other integrated system security countermeasures. Regardless of what underlying qualitative factors drive the decision about fielding security per- sonnel, the best way to make accurate staffing level determinations is through the use of quanti- tative analysis. Two different sets of quantifying data are available: • Information based on security breaches or crime incidents, including calls for service and self- initiated incident responses; and • Policy and procedure supported staffing deployment based on activities and scenarios. This latter data set depends heavily on the capture of baseline response data obtained through actual security incidents, drills, and exercises. Using crimes information and related data for security analysis is common in both police departments and security organizations. The needs of normal police work and those of transportation agencies differ. For example, police work may focus on combating the use of guns and drugs and on civil strife, while trans- portation agencies focus on quality-of-life issues. Often, coordinating transportation security forces with community policing forces will be beneficial; however, written agreements and clar- ification of jurisdiction are needed when organizations share resources and expertise. Statistics on the occurrence of specific types of crimes or incidents typically is used to plan future crime control, security management, and risk reduction efforts. From the quality-of- service perspective, most transportation agencies experience a low level of serious criminal incidents. Known as “Part 1 Crimes” in conformance with FBI Uniform Crime Reporting (UCR) characterization criteria, crimes such as homicide, rape, robbery, aggravated assault, and arson occur so infrequently that the rate is often statistically insignificant from a crimes

Security Personnel and Training 53 TRANSPORTATION SECURITY FORCE PLANNING FLOW CHART Security Presence Required? Local Authorities Can Provide Coverage? Is a Dedicated Security Force Required? Should the Security Force be Armed? Arrest Powers Required? Review Decision Periodically Operations Plan Mutual Aid Agreement Drills & Exercises Part-time Off- Duty Police Officer(s) Part-time Security Officer Unarmed Security Officer(s) Armed Security Officer(s) Contract Security Force Unarmed Contract Security Force Armed and Bonded Transportation Agency Security Force Unarmed Transportation Agency Security Force Armed Transportation Agency Police Department Armed? No No No No NoNo No No No Yes Yes Yes Yes Yes Yes Figure 4-1. Transportation security force planning flowchart.

54 Security 101: A Physical Security Primer for Transportation Agencies Trespass Incidents at Location ÷ Num- ber of Security Officers = Response Time Officers on Duty Trespass Incidents Response Time (in minutes) 10 50 30.0 15 50 22.5 20 50 15.0 30 50 7.5 Table 4-1. Sample staffing level for trespass incidents. analysis standpoint. When the situation exists where quantifying serious crime data is inade- quate to assist in establishing staffing levels, officer productivity data, including total calls for service and self-initiated security or police officer activities, should be used. For example, calls for service to respond to complaints of trespassers on agency property can be totaled for a specific period. The calls can be broken down by location, time of day, day of week, and other criteria. Then the information is measured against existing staffing levels and response times for responding security forces as a means to identify an acceptable security operating condition where risk is maintained within tolerable limits. Assuming the agency establishes a 15-minute response to a trespass incident as acceptable risk, Table 4-1 indicates that a staffing level of 20 offi- cers would be required. Self-initiated patrol activity associated with the security of parking lots, rest stops, mainte- nance facilities, or other agency areas can be similarly documented and measured as a percent- age using a ratio of patrol activity time calculated against total shift time. This data can then be aggregated to establish the agency’s acceptable risk goal as a total number. (Assuming data col- lection shows that 50% of officer time is spent performing patrol activity, if the agency estab- lishes a goal of 200 hours of shift time as acceptable risk, then a staffing level of 50 officers would be required.) By extending this concept of data collection productivity quantification to those security- related issues most important to the agency, security planners can approximate how large the security force should be. Other factors such as prior existing assignments of security or police to a given location will also affect staffing decisions; however, these subjective criteria should be recognized as an inefficient, albeit sometimes necessary, method of allocating security forces. By assimilating threat assessment information into the productivity-driven quantification method discussed above, security planners can merge risk data with security operations data to minimize security vulnerabilities while obtaining a reasonable approximation of security force workflow. For example, knowledge by the transportation agency that aggressor tactics may include attempts to place IEDs at critical infrastructure points such as tunnel entrances can result in periodic patrol checks at such locations. Similar to the above trespassing checks, security force response times can be measured by location, time of day, day of the week and so forth simply by treating the tunnel infrastructure check as a call for service. Assuming the agency establishes a 15-minute response to a tunnel check as acceptable risk, Table 4-2 indicates that a staffing level of 20 officers would be required. The time ratio data on self-initiated vulnerability reduction activities to protect critical assets and infrastructure would be measured as well. Assuming data collection shows that 50% of offi- cer time is spent performing vulnerability reduction activity, if the agency establishes a goal of 200 hours of shift time as acceptable risk, then a staffing level of 50 officers would be required. The response to trespass calls or performing tunnel checks as cited in the examples would not be mutually exclusive with patrol activities or vulnerability reduction activities. In fact, the transportation security force would integrate these activities together to optimize total security effectiveness. Patrol Activity Time ÷ Total Shift Time = % Patrol Activ- ity per Officer Critical Infra- structure Tunnel Checks ÷ Number of Security Officers = Response Time Officers on Duty Tunnel Checks Response Time (in minutes) 10 50 30.0 15 50 22.5 20 50 15.0 30 50 7.5 Table 4-2. Staffing level for tunnel checks. Vulnerability Reduction Activ- ity Time ÷ Total Shift Time = % Vulnerability Reduction Activ- ity per Officer

Security Personnel and Training 55 Security Experts, Consultants, and Contractors In previous sections of this report, express recommendations have been made to transportation agencies regarding the need to use security professionals to help in certain aspects of risk assess- ment, security planning, and countermeasures identification. It is specifically recommended that security consultants be contracted to assist in the performance of security vulnerability assessment (SVA) and security plan development. Obtaining professional help in security workforce planning may also be appropriate. Security contractors should be retained to assist in security systems integration, particularly in connection with the selection and implementation of hardware and electronics such as intrusion detection, alarm systems, access control, and CCTV. Frequently, an organization will hesitate to formalize a consulting arrangement with a security practitioner or firm; this hesitancy does not always make good business sense. Even the most professional in-house security departments, as expert as they may be in all phases of security risk manage- ment, processes and procedures, and security technologies, use independent outside contrac- tors. Competent security consultants are available to perform research, analyze conditions, and develop comprehensive security programs that can reduce the risks associated with con- ducting transportation operations. Of course, this assumes that the agency has identified the right consultant or consulting service. The two main factors to be evaluated when selecting professional security consulting assis- tance are • Review of the documented qualifications of the security firm and • The backgrounds of the individuals who will perform the security work. Ideally, the agency will be able to identify a security firm with a successful record of past con- tracted employments performing work in the specific transportation sector and discipline (e.g., rail, port, airport, pipeline, highway, or transit). In addition, the security firm’s leading experts will be available and on the team assigned to conduct the security work contemplated. Hiring an inde- pendent security consultant is not the same as accepting security “recommendations” from a manufacturer or retailer’s representative. Independent consultants can be called on to provide objective opinions without bias or predetermination. Salespersons, especially those with high tech- nology products, are usually limited in approach and biased toward the company they work for. Out of loyalty to their companies and sometimes their commissions, the sales pitches of security contractors may propose security staffing or technology that does not fit the risk profile or operat- ing environment of the agency. Overemphasis on guards, alarms, or surveillance systems can drain operating and capital budgets unnecessarily when the proper solution is the integrated balancing of security policy and procedure with the other countermeasures in the agency’s toolkit. Security Committees and Employee Watch Programs As with safety, security in a transportation agency is a “top-down” organizational activity. This is because executives, by necessity, must support cross-disciplinary functions in order for the activities to succeed. By lending support to important agency functions, leadership drives the pri- oritization of work to comport with the direction provided. Unfortunately, security as a function within an agency is often deemphasized until an incident occurs. Managers, many times because of their lack of familiarity with the subject matter, can be reluctant to broach the issue of security. Then when an incident happens, impromptu crisis thinking can intrude on disciplined manage- rial decisionmaking, causing “knee jerk” reactions that defeat security planning and preparedness. To overcome this tendency, senior management of an organization must be active in determin- ing the course of the security-related activities of the agency. It is recommended that the chief executive establish a senior advisory group consisting of executives from various departments who are designated oversight authority for systemwide security. This senior committee should meet regularly to establish direction and develop strategic-level security policies and guidelines.

56 Security 101: A Physical Security Primer for Transportation Agencies The agency should also involve front-line and mid-management level employees in security. Rep- resentative individuals from across the agency should be selected to serve as security coordinators and as participants in security committees. Where the agency maintains a dedicated security force, department coordinators should be responsible for day-to-day security interface and liaison. In those agencies without a dedicated security force, a committee of department security coordina- tors should be empowered with the authority to manage security activities systemwide. The key objectives of program coordination are as follows: • Deploy a broad-based systemwide security management process that identifies, tracks, and responds to all security threats, vulnerabilities, and occurrences; • Maintain a workplace where security incidents are routinely reported and contributions to improve security are received from every staff and operating department; and • Ensure that front-line and mid-management employees promote security awareness and com- munications throughout the organization. Employee watch programs have long been recognized as an important security tool available to employers. However, most of these programs fail or are moderately effective because of a lack of guidance and support. It is not sufficient for an agency to enlist participants and then send them out to “do security.” The agency’s security planners must work aggressively to define the security awareness roles, responsibilities, and criteria for such programs. This includes a basic security issues assessment, formulation of either step-by-step implementation plans or fresh start “invigorators,” and creation of calendar initiatives designed to keep employee watch participants actively engaged in security. Participants should also receive priority enrollment for attendance at security training. Security Training The employees of transportation agencies are a critical resource for maintaining a safe and secure operating environment. They represent an omnipresent team of experienced people who are knowledgeable and insightful about the work of the agency, as well as the operating norms and environmental conditions that affect the workplace day to day. Because of their continued presence in and on agency properties or conveyances employees are uniquely positioned to identify issues, problems, and deviations from what is usual. In security, this capability takes the form of recognizing suspicious activities and identify- ing dangerous or hazardous conditions. For example, in response to a bomb threat in an administrative area, an office worker is better equipped to find a suspicious item or package in his workplace than first responders who are unfamiliar with the surroundings. Employees are also at the forefront of organizational activities, performing work in stations, on vehicles, in plants and warehouses, and on roadways and rights of way. As such, they are often the first to observe that something is wrong. But transportation agencies cannot assume that employ- ees will focus on security issues without training. Employees need to receive security awareness orientation to prepare them for their security roles. Thereafter, employees must be able to practice what they have been taught to reinforce a security awareness culture at the agency. Establishing a security culture for all employees is mandatory for maximizing the security effectiveness of an organization. The responsibility for development, oversight, and enhancement of security awareness pro- grams and activities should be given to a specific individual or function. This assignment can be full- or part-time, depending on agency size and operations balanced against security risk. But similar to safety, regardless of size or risk, transportation agencies at minimum should imple- ment a security awareness program that enables all personnel to contribute to the security of the operating environment.

Security Personnel and Training 57 The main objective of a security awareness program is the creation of sustainable processes and methods to indoctrinate and educate employees, contractors, and other agency stakehold- ers about workplace security requirements. Program elements include the following: • Centralized security information dissemination of policy and procedures reminders, security alerts, and updates; • Promulgation of employee security handbooks and tip cards; • Design of coherent, multi-phased, security awareness training curricula, including use of “train the trainer,” self-directed, computer-based, and multi-media methodologies; • Scheduling of security awareness training; • Promotion and distribution of security-related training products; • Identification of employee security training needs; • Systemwide research to identify security weaknesses; • Creation of training solutions to overcome vulnerabilities and deficiencies; • Documentation of training activities and accomplishments; • Maintenance of training records and materials; • Support for security planning and initiatives and vetting of proposed security policies and procedures; • Support for staff and operating division security leadership in the creation of performance- driven security components; • Acquisition of feedback to determine the effectiveness of programs; • Terrorism threat recognition and suspicious activity reporting; • Bomb threat and unattended item management; • Chemical, biological, and radiological threats; • Computer and cyber security; • Mail and delivery handling; • Theft prevention; • Vendor and contractor security; • Employee travel, both domestic and international; and • Workplace violence. The transportation industry, its associations such as AASHTO and APTA; research organiza- tions; educational institutions; and government agencies such as DOT, DOJ, TSA, FHWA, FTA, and CDC have developed a significant body of security awareness information important to the transportation sector. Available information resources include the following: 1. Responding to Threats: A Field Personnel Manual NCHRP Report 525: Surface Transportation Security Volume 1, National Cooperative Highway Research Program 2004 www.trb.org/ TRB/publications/Publications.asp 2. System Security Awareness for Transportation Employees NCHRP Report 525: Surface Trans- portation Security Volume 7—System Security Awareness for Transportation Employees, National Cooperative Highway Research Program 2005 www.trb.org/TRB/publications/ Publications.asp 3. Employee Guide to System Security Commuter Rail, (Pocket Guide) National Transit Insti- tute http://www.safety@nti.rutgers.edu www.ntionline.com 4. Employee Guide to System Security Bus Operations, (Pocket Guide) National Transit Institute http://www.safety@nti.rutgers.edu www.ntionline.com 5. Employee Guide to System Security Light Rail, (Pocket Guide) National Transit Institute http://www.safety@nti.rutgers.edu www.ntionline.com 6. Employee Guide to System Security Commuter Bus, (Pocket Guide) National Transit Institute http://www.safety@nti.rutgers.edu www.ntionline.com 7. Employee Guide to System Security Bus Maintenance, (Pocket Guide) National Transit Insti- tute http://www.safety@nti.rutgers.edu www.ntionline.com

58 Security 101: A Physical Security Primer for Transportation Agencies 8. Employee Guide to System Security Heavy Rail, (Pocket Guide) National Transit Institute http://www.safety@nti.rutgers.edu www.ntionline.com 9. Employee Guide to System Security Workplace Violence Prevention, (Pocket Guide) National Transit Institute http://www.safety@nti.rutgers.edu www.ntionline.com 10. System Security Awareness for Transit Employees Student Guide, National Transit Institute 2003 http://www.safety@nti.rutgers.edu www.ntionline.com 11. System Security Awareness for Transit Employees—Warning Signs, National Transit Institute 2003 http://www.safety@nti.rutgers.edu www.ntionline.com 12. Security Incident Management for Transit Supervisors Student Guide, National Transit Insti- tute 2003 http://www.safety@nti.rutgers.edu www.ntionline.com 13. Federal Bureau of Investigation (FBI) Guide to Concealable Weapons, Federal Bureau of Inves- tigation (FBI) 2003 http://www.cutr.usf.edu/security/reports.htm 14. ATF Bomb Threat Checklist ATF 1613.1, Bureau of Alcohol Tobacco and Firearms June 1997 http://www.state.tn.us/homelandsecurity/bomb_checklist.pdf 15. Improvised Explosive Device (IED) Safe Standoff Distance Cheat Sheet, US Army National Ground Intelligence Center 16. Terrorist Bomb Threat Stand-Off Card, (Pocket Guide) Technical Support Working Group 17. Best Practices for Safe Mail Handling, DHS Interagency Committee September 2006 18. Biological Attack Human Pathogens, Biotoxins, and Agricultural Threats, National Academy of Sciences 2004 www.nae.edu/nae/pubundcom.nsf/weblinks/CGOZ-642P3W?OpenDocument 19. Chemical Attack Warfare Agents, Industrial Chemicals, and Toxins, National Academy of Sci- ences 2004 www.nae.edu/nae/pubundcom.nsf/weblinks/CGOZ-642P3W?OpenDocument 20. Nuclear Attack, National Academy of Sciences 2004 www.nae.edu/nae/pubundcom.nsf/ weblinks/CGOZ-642P3W?OpenDocument 21. Radiological Attack Dirty Bombs and Other Devices, Academy of Sciences 2004 www.nae.edu/ nae/pubundcom.nsf/weblinks/CGOZ-642P3W?OpenDocument 22. Worker Training in a New Era: Responding to New Threats, Department of Health and Human Services NIOSH October 2002 23. Dirty Bombs Fact Sheet, United States Nuclear Regulatory Commission March 2003 24. Dirty Bombs—Fact Sheet, Department of Health and Human Services, Centers for Disease Control and Prevention (CDC) July 2003 PDF http://www.cdc.gov 25. What You Should Do To Prepare For and Respond to Chemical, Radiological, Nuclear and Biological Terrorist Attacks, RAND Corporation 2003 26. Suicide Bombing Awareness Guide, DHS 27. Highway Security Awareness, Transportation Security Agency, www.tsa.gov/what_we_do/ tsnm In addition to security awareness training, transportation agencies should consider provid- ing transportation managers and employees with a working knowledge of security concepts, guidelines, nomenclature, and processes. The emphasis of such follow-on security training pro- grams should be to help personnel to understand the following: • The nature of threats against the agency, • The methods and strategies available to minimize or reduce those threats and, • The implementation process for improving security. Employee knowledge of the underlying rationale for deploying security countermeasures will go a long way toward ensuring that an appropriate level of risk reduction becomes a part of the agency’s operations. Security practitioners are aware that to be competent in their profession the extent of required knowledge, expertise, and experience in security management is increasing. So too must managers and employees improve their grasp of the security function. Mainstream- ing security into the organizational culture ultimately demands greater understanding by more

Security Personnel and Training 59 and more employees of what is at stake. By providing security training, the agency will broaden the perspective and exposure of employees to security thinking while improving the capabilities of the workforce. Resources to conduct employee security training can be acquired from either in-house train- ing departments or externally from security training contractors. However, in most agencies in- house trainers lack the specific instructional background necessary to teach security courses effectively. External security courses are available that can be attended by agency employees. Usually agencies can also contract for delivery of these courses at agency-selected locations. In many instances, courses are free. Federal grant monies are also available for use in paying for any resultant training costs. Tables 4-3 and 4-4 list some of the authorized training courses pub- lished by the Department of Homeland Security in the 2007 Transit Security Grant Program (TSGP). From this list, agencies can select courses covering topics such as terrorist threat recog- nition, transit system security design, and managing transit emergencies. They can use monies obtained through the grant program to conduct the security training. (Similar grant programs exist covering other transportation sectors.) Ensuring that agency personnel can perform a security role requires repetitive reinforce- ment of information obtained through training. An important aspect of accomplishing this requirement is the use of training exercises, such as “tabletops” and “full scale.” Tabletops are discussion-based exercises while “full scale” is a training method in the “operations-based exercises” group. Figures 4-2 and 4-3 illustrate the array of exercise types and briefly describe the purpose as iden- tified by DHS in the Homeland Security Exercise and Evaluation Program Guidance Documents (HSEEP Vol# I, II, III, IV and V). The significant differences between discussion-based and operations-based exercises are size and scope. For example, a tabletop exercise is a facilitated desktop discussion during which key person- nel discuss scripted hypothetical scenarios in a classroom setting or perhaps at some other station- ary location such as a command or operations center. Full-scale exercises are multidisciplinary, multiagency field simulations that use role players, controllers and other forms of logistical support to actively work through mock hypotheticals designed to resemble one or more actual conditions. TCRP Report 8, Volume 9: Guidelines for Transportation Emergency Training Exercises includes the Full-Scale Exercise Checklist (provided as Figure 4-4). Regardless of the training exercise used, it is the design and development of well-conceived hypothetical scenarios that determines the effectiveness of the training regimen. Such scenarios must be drawn individually to address the types of security threats that face the specific trans- portation agency conducting the training. HSEEP recommends that scenario planning objec- tives be “simple, measurable, achievable, realistic, and task-oriented (SMART).” A scenario provides the storyline that drives an exercise. The first step in designing a scenario is determining the type of threat/hazard (e.g., chemical, explosive, cyber, or natural disaster) to be used in an exercise. The hazards selected for an exercise should realistically stress the resources an entity is attempting to improve through its exercise program. The scenario should also be a realistic representation of potential threats and hazards faced by the exercising entity. The next step in designing a scenario is to determine the venue (i.e., facility or site) in which exercise play will take place. Venue selection should reflect the hazard selected, allowing for realistic, exercise-based simulation of the hazard. Effective use of scenario-developed data sets can help the agency to develop policy and pro- cedure and even make staffing-level deployment decisions. The importance of such security planning strategies cannot be overstated.

60 Security 101: A Physical Security Primer for Transportation Agencies Table 4-3. Training matrix: basic mass transit security training program. Source: Department of Homeland Security in the 2007 Transit Security Grant Program (TSGP) BASIC MASS TRANSIT SECURITY TRAINING PROGRAM Training Description Focus Standard Categories of Employees to Receive Front-Line Employees Station Managers Administrative and Support Staff Maintenance Workers Mid-Level Management Senior Management Operations Control Center Staff Law Enforcement Officers Security Guards Law Enforcement Security Awareness 2 Hours Annually (minimum) Recurring 2 Hours Annually (minimum) Recurring 4 Hours Annually (minimum) Recurring X X X X X X X X X X X X X X X X X X X X X X X X X Behavior Recognition X Immediate Emergency Response X National Incident Management System (NIMS) Train on NIMS once; reinforce in drills and exercises X X Operations Control Center Readiness Train for OCC readiness once; reinforce in drills and exercises X Enhance capability to identify, report, and react to suspicious activity and security incidents Recognize behaviors associated with terrorists' reconnaissance and planning activities, including the conduct of surveillance. Applies lessons learned from the Israeli security meeting. Prepare passenger rail train operators to deal with explosive detonations, incendiaries, released chemical hazards, and similar threats in the confines of trains and system infrastructure. Ensure transit agency emergency preparedness and response personnel gain and retain the knowledge and skills necessary to operate under NIMS in accordance with the National Response Plan (NRP). Identify security vulnerabilities. Understand and exercise role of OCC personnel in preventing terrorist attacks. Distinguish characteristics of improvised explosive devices (IEDs) and weapons of mass destruction. Specify priorities during a terrorist attack and manage incident response. Apply transit agency's operational plans for response to IED and WMD scenarios, directing and coordinating activities in the system.

Security Personnel and Training 61 Source: Department of Homeland Security in the 2007 Transit Security Grant Program (TSGP) MASS TRANSIT SECURITY FOLLOW-ON COURSES Training Description Focus Front-Line Employees Station Managers Administrative and Support Staff Maintenance Workers Mid-Level Management Senior Management Operations Control Center Staff Security Guards Law Enforcement Management of Transit Emergencies I (4-day course) Ensure employees throughout the transit agency understand individual roles in emergency response and the transit system's role in emergencies or disasters in the system and the broader community. X X X X X X X X X Management of Transit Emergencies II (1-day course) Ensure employees throughout the transit agency understand individual roles in emergency response and the transit system's role in emergencies or disasters in the system and the broader community. X X X X X X X X X Coordinated Interagency Emergency Response Advance interoperability of the transit agency with multiple responding entities in emergency response. X X X X X Managing Counterterrorism Programs Enable transit agency management officials to develop and manage a counterterrorism program in a transit system. X X X X Prevention and Mitigation - IEDS and WMD: T4 3-day course Enhance capabilities to identify threats from improvised explosive devices and weapons of mass destruction (chemical, biological, radiological, nuclear) to identify, report, and react to suspicious activity and security incidents X X X X X X Prevention and Mitigation - IEDS and WMD: CBRNE Incident Management 1-day course Enhance capabilities to identify threats from improvised explosive devices and weapons of mass destruction (chemical, biological, radiological, nuclear) to identify, report, and react to suspicious activity and security incidents X X X X X X Transit Vehicle Hijacking Prevention and Response Enable employees to develop and implement plans and procedures to respond to transit vehicle hijackings and workplace violence X X X X X X Integrated Anti- Terrorism Security Program Enhance capabilities of transit agency security officials, law enforcement personnel, and others with interaction with passengers to detect, deter, and prevent acts of terrorism. X X X X Transit System Security Design Expand integration of security considerations into designs of new transit systems and improvements of existing systems. X X Table 4-4. Training matrix: mass transit security follow-on courses.

Source: DHS Homeland Security Exercise and Evaluation Program Guidance Documents (HSEEP Vol# I, II, III, IV, and V) Figure 4-2. Security exercise types by planning/training requirements. Source: DHS Homeland Security Exercise and Evaluation Program Guidance Documents (HSEEP Vol# I, II, III, IV, and V) Figure 4-3. Security exercise description of purpose.

Security Personnel and Training 63 Full-Scale Exercise Checklist Participants: Controller(s)—sufficient to manage all event sites Actors (mock victims)—different age groups, body types, physical characteristics Players (most functions, all levels—policy, coordination, operation, field) Evaluators Simulators—to convey messages and actions for agencies or individuals who could not participate in the exercise Safety Officer Site Selection: Adequate space for number of victims, responders, and observers Space for vehicles and equipment As realistic as possible without interfering with normal traffic or safety Credible scenario and location Scene Management: Logistics (who, what, where, how, when) Believable simulation of emergency Realistic victims Preparation of simulators to realistically portray roles Number of victims consistent with type of emergency, history of past events Types of injuries consistent with type of emergency, history of past events Victim load compatible with local capacity to handle Props and materials to simulate injuries, damage, other effects Personnel and Resources: Number of participants Number of volunteers for scene set-up, victims, etc. Types and numbers of equipment Communications equipment Fuel for vehicles and equipment Materials and supplies Expenses identified (wages, overtime, fuel, materials and supplies) Response Capability Sufficient personnel kept in reserve to handle routine nonexercise events Safety Safety addressed through development Each design team member responsible for safety in own discipline Hazards identified and resolved Safety addressed in pre-exercise briefing, simulator, and evaluator packets Each field location examined for safety issues Safety officer designated, given authority Legal Liability Legal questions of liability researched by local attorney Emergency Call-Off Call-off procedure in place, including code word or phrase Call-off procedure tested                                              Media Role of media addressed in planning, used as a resource Media and observers considered in logistical planning Source: TCRP Report 86, Volume 9, Guidelines for Transportation Emergency Training Exercises, 2006 Figure 4-4. Full-scale exercise checklist.