Security 101: A Physical Security Primer for Transportation Agencies (2009)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

64 C H A P T E R 5 The transportation operating environment creates significant challenges for security planners charged with determining which of the agency’s assets require protection. This chapter frames the question for decisionmakers and then summarizes some of the methods used to rate and pri- oritize critical assets. Later sections address the specifics of building and facility security, bridges and tunnels, and rolling stock. Critical Infrastructure Designation The critical infrastructure of a transportation agency includes the people, property, and infor- mation assets required to enable the organization to execute its primary responsibilities, activi- ties, and functions. Deciding what assets or infrastructure are critical is not always as easy as it might seem. The initial sets of questions that must be answered are definitional. Should the agency use operational importance as its criteria? If so, what does that mean—importance to business continuity, quality of service, or maybe the bottom line? What about the contribution of the asset to the mission? If alternatives to using the asset are available, does that make the asset non-critical? What about the time or cost to repair assets? If the asset can be replaced quickly or at low cost, does that affect its criticality? Other questions that need answering are about perspective. Should the agency decide what is critical based on threat assessments or target attractiveness? Are the adversaries or aggressor’s eyes the right viewpoint? What about customer perceptions of security? Or perhaps even gov- ernment agencies? Is national significance or the symbolic value of an asset an appropriate fac- tor for consideration by transportation officials? These questions and many more confront security planners attempting to balance the actual security needs of an organization against the wide array of sometimes countervailing opinions. Ultimately, most transportation agencies should take the “ownership view” which “examines information on ownership of assets, including the owner/operators decision structure, policies, and procedures, and recognizes those assets owned by the same entity as an integrated system.” Taking this approach to critical infrastructure identification yields the following list of assets for transit and rail as identified in Figure 5-1. Similar infrastructure categories exist for highway infrastructure. The AASHTO Guide to Highway Vulnerability Assessment for Critical Asset Iden- tification and Protection, May 2002 contains the following chart, provided as Figure 5-2, listing critical transportation assets. Critical infrastructure should be identified during the preliminary stages of risk assessment. However, the transportation agency would be well served to conduct criticality reviews continu- ously to become better informed about ongoing security needs. Questioning assumptions about definition and perspective can be beneficial in terms of security efficiency and performance. Infrastructure Protection

Infrastructure Protection 65 Garages, Yards, and Maintenance Facilities Utilities Administrative Facilities Rolling Stock Stations, Stops, Terminals and Intermodal Facilities Operational Facilities/OCC Bridges and Tunnels Systems and Data People Right of Way Construction Sites Transit Agency Assets Source: Adapted from FTA Transit Security Design Considerations, 2004 Transit Stations—used for boarding and alighting of transit passengers and for fare collection; they can be below-grade, at-grade, or elevated. Their high-profile, large-volume pedestrian traffic and central locations integrated with surrounding uses make them likely targets for terrorist attack. Transit Stops—usually smaller and more open than transit stations. Typically on public land where passengers can board buses and light rail vehicles, the category includes everything from elaborate shelters to mere signposts. Transit agencies often lack control over these sites, which, combined with their high level of accessibility, makes them difficult to secure against attack. Operations Control Centers (OCCs)/Administrative Facilities—used for operating and administering the transit system, they may be co-located on a site with non-transit uses. Although most administrative facilities are not open to the public and can, therefore, maintain stricter access control, they are critical to the transit system and have value as strategic targets. Garages, Yards, and Maintenance Facilities—used for the repair and storage of transit vehicles; they include vehicle garages, yards, and repair facilities. They often contain many assets to be protected, including high-risk elements such as fuel storage areas or containers. Maintenance facilities can be designed to allow transit vehicles and maintenance staff to enter and exit free, while preventing access by unauthorized vehicles and people. Bridges and Tunnels: 1. Elevated Structures—all above-grade bridges and track structures, including pedestrian bridges and overpasses. Their high visibility and structural complexity present particular challenges to securing them against terrorist attack. 2. Tunnels—used for the passage of transit vehicles underground and, in limited cases, underwater. They are more secure when designed to prevent unauthorized access from passenger platforms and at-grade entrances, while allowing transit vehicles to pass freely. Proper design can also facilitate evacuation in an emergency. Right-of-Way, Track, and Signals—includes all land and equipment dedicated to the movement of transit vehicles between stations. Like tunnels, a design goal is to allow transit vehicle movement while preventing access by unauthorized people or vehicles. Remote and Unmanned Structures—all other physical assets. This category includes power substations and communications relays, and the like, which are not necessarily located on rights-of-way or in stations. These may be owned or controlled by other agencies or companies. Design features that take into account their remote locations and lack of consistent or continuous staff presence can improve their security. Figure 5-1. Transit security assets.

66 Security 101: A Physical Security Primer for Transportation Agencies Methods to Rate and Prioritize Critical Assets There are as many different approaches to performing the criticality analysis as there are avail- able risk and vulnerability assessment methodologies. But regardless of the method undertaken, the basic steps remain the same—inventory, factor, valuate, rank, order, and prioritize. Critical infrastructure identification begins with developing an inventory, an “all-inclusive list” that describes the character of the agency’s assets sufficiently. Care should be taken to ensure that the assets are properly delineated into distinct individual elements of infrastructure rather than divi- sion into component parts, systems, or subsystems. For example, according to the FHWA Recommendations for Bridge and Tunnel Security, AASHTO Blue Ribbon Panel on Tunnel and Bridge Security, many component parts, systems, and subsystems are associated with a suspension and cable-stayed highway bridge (e.g., suspender ropes, stay cables, tower leg, orthotropic steel deck, reinforced and prestressed bridge decks, cable saddle, approach structures, connections, anchorage, and piers). Even though some parts of the bridge structure may be more important for structural stability than others, ergo more critical, breaking critical infrastructure into these subparts will confuse rather than clarify critical assets. Once each asset has been delineated, the categories of personnel (human), property (physical), or information (cyber) can be used to group the individual elements so that the second “factor- ing” aspect of critical infrastructure identification can be accomplished. Factors can refer to any number of important issue areas so long as they are relevant to the agency performing the analy- sis. Sample areas include • Casualty impact—the potential for loss or serious injury to human life; • Business continuity—the extent to which loss or serious damage to the asset would impair the ability of the agency to continue to operate; • Economic impact—the extent to which loss or serious damage to the asset would affect the viability of business going forward; • Replacement cost—the capital investment required to replace the asset; • Replacement downtime—the length of time before the asset can be returned to service; Source: AASHTO Guide to Highway Vulnerability Assessment for Critical Asset Identification and Protection, May 2002 Figure 5-2. Critical transportation assets.

• Redundancy—the availability of alternatives for use if the asset is lost; and • Symbolic importance—the national significance of the asset. The third part of the identification process is the establishment of relative “values” that indi- cate the importance of the assets to the operations of the agency. Generally, a numerical scale is used to compare the relative values. Table 5-1 illustrates relative value in the center column. This table also provides an overview of Steps 1 through 3 in critical infrastructure identification. The final step is the rank ordering and prioritization of critical assets. Table 5-2 provides the FHWA Recommendations for Bridge and Tunnel Security, AASHTO Blue Ribbon Panel on Tunnel and Bridge Security example of bridge and tunnel critical asset prioritization. Note the inclusion of a “risk reduction score,” achieved through a form of algebraic analysis of the factoring and rel- ative value steps of the process. Table 5-2 contains a rough order-of-magnitude (ROM) cost col- umn that presents the security designer with an economic cross reference. Building Security A vast body of knowledge and information is available from federal government departments and agencies about the protection of buildings. The government has gone a long way toward establishing comprehensive building security standardization requirements and criteria for fed- eral facilities. The work began in earnest on April 20, 1995, one day after the bombing of the Alfred P. Murrah Building in Oklahoma City, when the President directed the Department of Source: AASHTO Guide to Highway Vulnerability Assessment for Critical Asset Identification and Protection, May 2002 CRITICAL ASSET FACTOR VALUE DESCRIPTION Deter/Defend Factors A) Ability to Provide Protection 1 Is there a system of measures to protect the asset? B) Relative Vulnerability to Attack 2 Is the asset relatively vulnerable to an attack? (Due to location, prominence, or other factors) Loss and Damage Consequences C) Casualty Risk 5 Is there a possibility of serious injury or loss of life resulting from an attack on the asset? D) Environmental Impact 1 Will an attack on the asset have an ecological impact of altering the environment? E) Replacement Cost 3 Will significant replacement cost (the current cost of replacing the asset with a new one of equal effectiveness) be incurred if the asset is attacked? F) Replacement/Down Time 3 Will an attack on the asset cause significant replacement/down time? Consequences to Public Services G) Emergency Response Function 5 Does the action serve an emergency response function and will the action or activity of emergency response be affected? H) Government Continuity 5 Is the asset necessary to maintaining government continuity? I) Military Importance 5 Is the asset important to military functions? Consequences to the General Public J) Available Alternate 4 Is there a substitute that is designated to take the place of the asset, if necessary, to perform the same or similar duties? (i.e., Is there another bridge that crosses the river in a nearby location that could be used if the main bridge is damaged or destroyed?) K) Communication Dependency 1 Is communication dependent upon the asset? L) Economic Impact 5 Will damage to the asset have an effect on the means ofliving, or the resources and wealth of a region or state? M) Functional Importance 2 Is there an overall value of the asset performing or staying operational? N) Symbolic Importance 1 Does the asset have symbolic importance? Table 5-1. Critical asset value. Infrastructure Protection 67

68 Security 101: A Physical Security Primer for Transportation Agencies Justice (DOJ) to assess the vulnerability of federal office buildings in the United States, particu- larly to acts of terrorism and other forms of violence. Within 2 months, DOJ completed the study and published its report, Vulnerability Assessment of Federal Facilities, containing minimum security standards intended for use in all federally occupied facilities. The standards were based on DOJ security-level criteria that basically considered occupancy, volume of public content, building size, and agency mission (see Table 5-3). The standards addressed four general areas of security and supplied 52 minimum compliance requirements for countermeasures in the following: • Perimeter Security—Parking, Lighting, Physical Barriers; • Entry Security—Receiving/Shipping, Access Control, Entrances/Exits; Source: FHWA Recommendations for Bridge and Tunnel Security, AASHTO Blue Ribbon Panel on Tunnel and Bridge Security, 2003 Table 5-2. Bridge and tunnel critical asset prioritization.

• Interior Security—Employee/Visitor ID, Utilities, Occupant Emergency Plans; and • Security Planning—Intelligence Sharing, Training, Admin Procedures. In October of 1995, Executive Order (E.O.) 12977 was signed by the President “to establish poli- cies for security in and protection of federal facilities and to provide a permanent body to address continuing government-wide security for federal facilities.” The E.O. established the Interagency Security Committee (ISC) with member agencies including DOJ, DOS, DOL, DOT, GSA, DOD, DOE, HHS, and EPA. Since 1995, the ISC, as well as other federal agencies, has published numer- ous building security standards documents. Available information resources follow (in some cases, a specific request for the documents must be made to the respective federal agency): 1. Vulnerability Assessment of Federal Facilities, DOJ 1995 2. ISC Security Design Criteria for New Federal Office Buildings and Major Modernization Projects, ISC May 2001 3. ISC Security Standards for Leased Space, ISC 2004 4. GSA Lease Security Standards, GSA November 2005 5. Standard Guide for Developing a Cost-Effective Risk Mitigation Plan for New and Existing Constructed Facilities: E 2506—06 ASTM Committee on Standards, Copyright © 2006 ASTM International www.astm.org 6. GSA Facilities Standards for the Public Buildings Service General Services Administration March 2005 http://www.gsa.gov 7. DoD Minimum Antiterrorism Standards for Buildings (Unified Facilities Criteria UFC 4-010- 01) Department of Defense October 2003 www.wbdg.org/ccb/DOD/UFC/ufc_4_010_01.pdf 8. DoD Security Engineering Facilities Planning Manual (Draft) UFC 4-020-01 Department of Defense March 2006 www.wbdg.org/ndbm/DesignGuid/pdf/Final%20Draft_UFC_ 4-020-01.pdf Summarizing the available standards and other building security guidelines suggests that the following potential areas of vulnerability should be reviewed for possible implementation of security countermeasures: • Air Intakes • Computer Rooms LEVEL CRITERIA I • 10 Federal employees • 2,500 sq ft • Low volume of public contact II • 11 to 150 Federal employees • 2,500 sq ft – 80,000 sq ft • Moderate volume of public contact • Routine operations similar to private sector and/or facility shared with private sector III • 151-450 Federal employees • 80,000 – 150,000 sq ft • Moderate/high volume of public contact • Contains agency mix such as o Law enforcement operations o Court functions o Government records IV • More than 450 Federal employees • Multi-story facility • More than 150,000 sq ft • High volume of public contact • High risk law enforcement intelligence agencies • District Courts V • Level IV profile and agency/mission critical to national security Source: Adapted from DOJ Vulnerability Assessment of Federal Facilities, 1995 Table 5-3. Criteria for security levels. Infrastructure Protection 69

70 Security 101: A Physical Security Primer for Transportation Agencies • Dining Facilities • Elevators • Equipment and Maintenance Spaces • Fuel Storage Areas • General Office Space • Loading Docks • Lobbies and Waiting Areas • Mailrooms • Parking Garages • Pedestrian Entranceways • Public Corridors • Public Toilets and Service Areas • Refuse Collection Sites • Retail Areas • Roofs • Shipping and Receiving Areas • Stairwells • Utility Feeds • Vehicular Access and Circulation • Water Supply In addition the following systems or sub-systems should be considered for protective measures: • Command and Control • Communications • Electrical • Electronic Security • Emergency Power • Engineering • Entry Control • Fire Protection • Information Technology • Lighting • Mechanical • Physical Security • Structural • Ventilation FEMA 426 Reference Manual to Mitigate Potential Terrorist Acts against Buildings further illus- trates the concept of security levels in determining the appropriate security countermeasures foot- print. Building directly on the DOJ criteria, countermeasures solution sets are presented in table format in the manual. The listed security countermeasures are to be based on the performance of an on-site risk assessment (see Table 5-4). Transportation agencies have unique types of buildings and facilities that will demand vulner- ability reduction solutions that are atypical. For example, if deemed a priority target, a toll facil- ity on an interstate highway will likely require an extensive level of structural hardening, shielding, stress-bearing systems, and anti-ram barriers either to protect the toll plaza, collectors, and vehicle occupants from an explosives blast, or to mitigate its effects. Similarly, a transit or com- muter train that enters the building envelope of an underground train station creates risk vulner- ability and exposure elements for building occupants through any number of different threat scenarios. As has been recommended throughout this text, agencies must specifically address such

Source: FEMA 426 Reference Manual to Mitigate Potential Terrorist Acts Against Buildings, 2003 Table 5-4. Security levels for determining security countermeasures. uniqueness in their operating environment when making security improvements. Buildings such as warehouses, car shops, maintenance facilities, plants and industrial areas, dispatch centers and fuel depots may all demand specialized security countermeasures or solution sets. Bridge and Tunnel Security The U.S. surface transportation sector is a vast and open series of roadways, skyways, tracks, rails, pedestrian walkways, bike paths, and other routes that facilitate the travel of people and goods throughout the country. These routes are connected and interconnected by a system of Infrastructure Protection 71

72 Security 101: A Physical Security Primer for Transportation Agencies bridges and tunnels engineered to traverse difficult terrain or geography, shorten travel distances, or simply improve the journey of system users. Although the infrastructure of the entire route is an important part of transportation agency security planning, bridges and tunnels, by virtue of their engineering, placement or cost, often are among the most critical assets of the agency. Land-based bridges are also integral to the maritime sector because these bridges cross the Nation’s waterways thereby affecting the movement of ships and other vessels, particularly on inland rivers. Protecting bridges and tunnels can be complicated. In the FHWA Recommendations for Bridge and Tunnel Security, AASHTO Blue Ribbon Panel on Tunnel and Bridge Security the following comment was made: Among the 600,000 bridges in the United States, preliminary studies indicate that there are approxi- mately 1,000 where substantial casualties, economic disruption, and other societal ramifications would result from isolated attacks. Additionally, the U.S. transportation system includes 337 highway tunnels and 211 transit tunnels; many are located beneath bodies of water, and many have limited alternative routes due to geographic constraints. Such a vast number of bridge and tunnel structures interspersed throughout the Nation’s landscape points out the difficulty associated with creating a workable security protection scheme; particularly when the remoteness, inaccessibility, and reduced visibility of many of these structures has been factored in. However, looking at the extent of the assets “makes the case” that rigorous critical infrastructure identification processes are justified. The panels’ estimation of 1,000 bridges (1 out of every 600) that meet critical infrastructure criteria creates a much more manageable number for consideration. Regardless, the security planning tasks in this regard are daunting and exacerbated by the various types of bridge or tunnel structures, each having unique engineering design characteristics. Figure 5-3 illustrates four different types of transportation tunnels, each with unique engineer- ing characteristics that likely would call for individual countermeasures or countermeasures solution sets. A discussion of bridge and tunnel security issues is an excellent opportunity to further explain concepts of security strategy in terms of goals and objectives. In Making the Nation Safer, several overarching goals for countering terrorism were identified: • Predict: Intelligence and surveillance of targets and means • Prevent: Disrupt networks, contain threats • Protect: Harden targets, immunize populations • Interdict: Frustrate attacks, manage crisis • Response & Recovery: Mitigate damage, expedite cleanup • Attribute: Identify attacker to facilitate response These overlapping goals have been drawn differently in other publications, e.g., prevention, detection, deterrence, response and mitigation, or the four Ds—deter, detect, deny, and defend. Nonetheless, a significant part of the purpose and underlying message of these goals is that cer- tain tactics can either prevent an attack against a given target, positively influence the target selection of an aggressor, or perhaps disrupt such an attack in progress. In fact, because of the catastrophic potential of a successful attack against some key bridge or tunnel assets, front-end efforts to defend against the loss can become an even higher priority. Primarily, vulnerability reduction countermeasures focused on the defense of bridges and tun- nels should include visible signs of security, such as fencing, lights, surveillance systems, and rapid response by security forces. The objective is to present a potential adversary with a perception

Source: NCHRP Report 525: Volume 12 – Making Transportation Tunnels Safe and Secure, 2006 Type Description Sketch Immersed Tube Tunnel • Employed to traverse a water body • Preconstructed sections are placed in a pre- excavated trench and connected • Typical materials include steel and concrete immersed tunnel sections • After placement, tunnel is covered with soil Cut-and- Cover Tunnel • In urban areas • Excavated from the surface, then constructed in place and backfill placed to bury structure • For subway line structures, subway stations, and subsurface highway structures • Typically concrete cast-in-place or precast sections • Steel framing and concrete fill Bored or Mined Tunnel • In urban or remote locations in land, on mountains, or through water bodies • Bored using a variety of techniques • Supported by initial and final support systems • Soft ground or rock tunneling • Structure may have various liner systems, including rock reinforcement, shotcrete, steel ribs and lattice girder, precast concrete segment, cast-in-place concrete, and fabricated steel lining Air-Rights Structure Tunnel • In urban areas • Created when a structure is built over a roadway or trainway using the roadway’s or trainway’s air rights • The limits that an air-rights structure imposes on the emergency accessibility and function of the roadway or trainway that is located beneath the structure should be assessed Figure 5-3. Transportation tunnel types. that his attack will be unsuccessful or that he will be captured. More important, the absence of such visible signs of security may induce target selection by an adversary. In particular, the approaches to critical bridges or tunnels and the undetected opportunity time or “time on target” that an aggressor can acquire are factors that deserve thoughtful security plan- ning. For example, the approach on both sides of a critical underwater tunnel portal entrance could be lined with high security anti-ram fencing for an extended distance (e.g., one-half mile) to pre- vent vehicle breach. Lighting, audible alarms, surveillance, and intrusion detection systems could be deployed in tandem so that any attempted access to the portal on foot would require the aggres- sor to walk or run for an extended time just to reach a mission-sensitive location. Responding secu- rity forces or officers on directed patrol capable of disrupting or interdicting the attack would add a final layer of protection for the asset. Time on target has additional ramifications for bridge and tunnel security. For example, an aggressor with sufficient time can improve the payload and blast effect of an IED by attaching or even drilling into a bridge’s critical structural elements (e.g., cable anchors, box girders, and cable towers). Notwithstanding the stated requirement that transportation agencies must perform rigorous critical asset identification, it is accurate to presume that a recommendation for extensive security countermeasures for bridges and tunnels is somewhat incongruous with preceding Infrastructure Protection 73

74 Security 101: A Physical Security Primer for Transportation Agencies commentary about the vast and expansive number of such assets in the United States. An addi- tional recommendation, maximizing portability in bridge and tunnel security countermea- sures deployment, may help overcome this security planning dilemma. By establishing one or more portable countermeasures solution sets containing deployable sensors, cameras, alarms, and other perimeter protection devices, security designers can prioritize security equipment use through temporary placements at critical bridge or tunnel locations. A deployment of this type would serve as a temporary security force multiplier capable of alerting responders of a poten- tial security breach. The placement decision would be based on threat information/intelligence or tactical or strategic considerations. Rolling Stock and Vehicle Security Transportation vehicle security today comprises two main areas: • The safety and protection of vehicle passengers or occupants and • Avoiding the use of the conveyance as a weapon of destruction or mass destruction (WMD). Regarding the safety and protection of vehicle passengers or occupants, the major potential threats include • Improvised explosives devices (IEDS), • Armed assault against the driver or passengers, and • Chemical, biological, or radiological attack. The second area (avoiding the use of the conveyance as a WMD) has assumed much greater importance since the terrorist attacks of September 11, 2001, and the anthrax attacks that fol- lowed. (Chapter 1 discussed the threat of VBIEDs as a significant area of transportation agency security that deserves prioritization by security planners). Not only must agencies protect against aggressor use of their own supplied vehicles, but also against the commandeering of a vehicle transporting hazardous loads or the conversion of the transportation agencies’ own rolling stock. According to the FTA, lessons learned from prior events suggest that the following security strategies will help protect the vehicle fleet: • Limit the ability to place or hide explosives on or under vehicles, • Improve the ability to see into and out of vehicles, • Reduce the damage that would result from an explosion, • Reduce the damage that would result from a fire, • Reduce the damage that would result from contaminants, • Enhance emergency egress through doors and windows, • Protect the driver from physical threat, • Network the vehicle with the Operation Control Center, • Enable communications between the vehicle operator and passengers, and • Secure the vehicle from theft/unauthorized operations. In recognition of these issues, transportation agencies and homeland security professionals from government and industry have sought to improve the security of conveyances while in-transit or when housed or stored at facilities. For example, the short-line freight railroad industry is conducting vulnerability assessments and security planning focused on preventing,

eliminating, reducing, or mitigating the potential use of the freight rail system as a target for terrorism or criminal attack or as a delivery system for a weapon of mass destruction. The pro- gram is partially funded by DHS grants under the FY08 Freight Railroad Security Plan (FRSP). The planning is intended to address the presence of Toxic Inhalation Hazards (TIH) materials within high population density areas as well as the following: • Establishment of secure storage areas for railcars carrying TIH such as chlorine or anhydrous ammonia; • Expedited movement of railcars carrying TIH materials • Positive and secure handoff of TIH railcars at points of carrier interchange and points of orig- ination and delivery; and • Minimization of unattended, loaded tank cars carrying TIH materials. In regard to passenger safety and security, in 2004 APTA conducted a security-related survey of transit agencies. According to the report, the 120 agencies who participated represented a cross section of transit operators in all modes of transit service, in communities of all sizes, and in all areas of the United States. The agencies surveyed carried 73.2 percent of all transit passenger trips in 2001, provided 71.7 percent of all transit passenger miles of service, and operated 46.8 percent of all transit vehicles. The most important needs for capital improvement security upgrades identified in the survey were in the following five priority areas: Radio Communications Systems Including Operational Control Redundancy: • Security Cameras On-Board Vehicles, • Controlled Access to Facilities and Secure Areas, • Security Cameras in Stations, and • AVL Systems. Table 5-5 provides more detail. Source: Adapted from APTA Survey of Transit Agencies, 2004 Capital Funding Security Measure or Investment Very Important Important Somewhat Important Not Important Number Percent Number Percent Number Percent Number Percent Automated Vehicle Locator Systems 76 21 13 11.6 2 Radio Communications Systems 96 12 2 1.8 2 1.8 Passenger-Operator Intercoms 22 44 24 23.5 12 11.8 Security Cameras On-Board Vehicles 82 23 5 4.4 2.7 Security Cameras in Stations 78 17 7 6.7 2 1.9 Public Address Systems On-Board Vehicles 46 40 19 17.4 4 3.7 Public Address Systems in Stations 42 62 38 14 14.1 5 5.1 Security Fencing Around Facilities 37 12 10.5 3 2.6 Chemical/Biological/Radiological Detection Devices 21 36 35 33.0 14 13.2 Intrusion Detection Devices 48 38 22 19.3 6 1 5.3 Controlled Access to Facilities and Secure Areas 91 67.9 85.7 21.6 72.6 75.0 42.2 42.4 54.4 19.8 42.1 71.1 27 18.8 10.7 43.1 20.4 16.3 36.7 38.4 32.5 34.0 33.3 23.7 5 4.4 0.9 1.8 3 Table 5-5. 2004 survey of transit agency on capital funding needs. Infrastructure Protection 75

76 Security 101: A Physical Security Primer for Transportation Agencies The need for improved radio communications was the highest rated requirement in the sur- vey, receiving 96.4% in the “very important” and “important” categories. Controlled access to facilities was slightly lower at 94.8%. Although the need for security cameras in stations was listed higher in the “very important category” at 75%, security cameras on board vehicles came in third overall at 93% in the two highest rated categories. All three of the highest rated needs listed pertain in whole or in part to rolling stock and con- veyance security: • Radio communications with the fleet; • Controlling access to transit vehicles while in depot, yards, or maintenance facilities; and • Surveillance capabilities on board vehicles. One additional highly rated security upgrade requirement listed was AVL systems which scored 86.7% in the survey. As discussed in Chapter 3 (under the category of duress alarms): The State Transit Authority of Australia has a fleet of 1800 buses in the Sydney and Newcastle area. Every bus is outfitted with Automatic Vehicle Locator (AVL) technology, a driver duress alarm and a microphone that allows Authority central station personnel to hear what is transpiring on-board the vehi- cle when the driver activates the system. A 2002 International Transit Studies research effort sponsored by the TRB’s Transit Cooper- ative Research Program (TCRP) provides further information about security countermeasures currently deployed on passenger buses. The study of Western European systems disclosed the following: • Widespread use of CCTV cameras, • Shadowing of en-route buses by security forces, • Security awareness training for employees, • Two-way radio communications or mobile phones, • Emergency alarms, • Internal and external displays, • Anti-assault partitions for drivers, • Double-glazed side windows, • Driver escape hatches, and • GPS/AVL systems. FTA’s Security Design Considerations expands on this information and provides additional rec- ommendations, breaking out vehicle types into bus and train. Table 5-6 displays some of this information.

Design Consideration State of Technology Maturity Scale of 1 (least mature) to 5 (most mature) Cost Scale of 1 (low) to 10 (high) Retrofit: New Buses / Overhaul / All 1. Networking of bus to operations control center Install automatic vehicle locator (AVL) system to allow bus operations to monitor bus location 3 – Has been deployed to various degrees widely. Multiple technologies used to determine location and transmit messages Range of 6 to 10 – Requires significant investment and support infrastructure. High increment of system maintenance required All Install mobile data terminals (MDT) to allow for electronic transmission of messages 3 – Can be integrated into AVL systems. Wide variety of commercial technologies Range of 4 to 8 – Wide variety of commercial technologies available. Less infrastructure and management All Utilize GPS to allow bus operations to track the vehicle location 4 – GPS is widely used and commercially viable. Communication technologies for data transfer must be integrated for command and control Range of 3 to 10 – Varies based on functionality requirements. From stand-alone units to full system integration All Install silent alarm system (panic button) with connection to bus operations, bus destination sign, and police department 5 – Silent alarm features triggered manually are incorporated in most transit system radio systems. Typically linked to on-board exterior signage for emergency alert Range of 1 to 5 – Has been done in a variety of ways. Simple to do on vehicle; compatible with most communication systems All Install CCTV cameras. Cameras can either record for later viewing or broadcasting of sample images live to a control center 5 – Mature technology widely available. Real time transmission of video information is not widely available. Concerns are data management and evidence chain of custody Range of 3 to 5 – CCTV technology has a relatively low cost if information does not require wireless communication All Real time transmission of CCTV data 2 – Currently a number of communication approaches are being used to provide real time transmission of on-board video images to command and security personnel Range of 8 to 10 – Cost is high since technology is new and firm commercial processes are still under development All Table 5-6. Bus security countermeasures. (continued on next page)

Design Consideration State of Technology Maturity Scale of 1 (least mature) to 5 (most mature) Cost Scale of 1 (low) to 10 (high) Retrofit: New Buses / Overhaul / All 2. Limiting ability to place or hide explosives/Securing compartment doors Design compartments (fuel, storage areas, engine, and others) to be protected against unauthorized access 5 – Mature; already available for most applications Range of 1 to 3 – Various technologies and solutions can be employed New Design compartments to be locked by specialized wrench 5 – Commonly used in current production vehicles Range of 1 to 2 – Cost is nominally different than standard hardware All Design compartments to be locked by key 5 – Can be specified on production vehicles Range of 1 to 3 – Minimal cost differential All Reduce or fill spaces that could be used to hide foreign objects 5 – Traditionally included in bus 1 – No cost New, Overhaul Install radiological, biological or chemical detector pagers inside bus to detect presence of these materials. The pager could be connected with the OCC 1 to 3 –New technology for this application. Not widely deployed; however, a number of projects and field evaluations are underway Range of 5 to 10 – Acquisition cost of ownership for these technologies will be significant All 3. Reducing the damage resulting from a threat (explosion, hijacking, fire, etc.) Review fire resistant and fire retardant standards (ASTM E162-02a and E662- 03) for interior fixtures 3 – Can be done easily in new vehicles Range of 1 to 4 – Materials meeting these standards generally have moderate cost increase vs. non-compliant materials New Harden exposed wiring and fuel lines 4 – Requires very little development investment Range of 2 to 6 – Wide range of cost based on various strategies to limit access New, Overhaul Install silent alarm system (panic button) with connection to bus operations, bus destination sign, and police department See item below See item below All Design so that external destination signs and lights are integrated with silent alarm to issue alert of an emergency situation 5 – Already incorporated in base design of electronic signage 1 N/A Place vehicle number on roof of vehicle to enhance identification from above 5 – Commonly done 1 All Table 5-6. (Continued).

Source: Adapted from FTA’s Transit Security Design Considerations, 2004 Harden windows to prevent shattering 5 – Typical bus glazing is safety glass or polycarbonate Range of 1 to 3 New Provide video surveillance system 4 – Widely available Range of 6 to 10 – Systems without wireless communications are in wide use; integration with communication system adds significant cost All Ensure windows are free from any coverings and provide clear view in/out 5 – Many agencies have banned covering windows with advertising wraps 1– Low All 4. Isolating the driver from physical threats Enclose driver compartment 3 – Deployed to varying degrees 5 All Provide operator shield 3 – Deployed to varying degrees 5 All 5. Hardening fuel storage compartments Harden fuel tanks of alternative fuel vehicles against intentional attack 4 – Most gaseous fuels are contained in roof-mounted storage vessels with limited access 3 New 6. Enhancing emergency egress through doors and windows Install emergency door release to allow for manual operation of doors 4 1 All Improve window release to facilitate easier emergency egress 5 1 New Strengthen window to be more shatterproof in case of onboard explosion 5 3 New 7. Securing the vehicle from unauthorized operation Design ignition system to require a keyed switch in addition to master run switch to start bus 5 1 All Design ignition system to operate with a smart card technology that only allows permitted users to start and operate bus 5 Range of 3 to 5 – Easily integrated in current vehicle designs All