Security 101: A Physical Security Primer for Transportation Agencies (2009)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

93 A P P E N D I X A A. Risk Analysis and Asset Evaluation A Guide to Highway Vulnerability Assessment for Critical Asset Identification and Protection American Association of State Highway and Transportation Officials (AASHTO) NCHRP Project 20-07/Task 151B, May 2002 Science Applications International Corporation (SAIC) http://freight.transportation.org/doc/NCHRP_B.pdf This guideline provides state DOTs, including senior officials, mid-level managers, and front- line employees, with information about how to conduct a vulnerability assessment. Three major phases of the process—pre-assessment, assessment, and post-assessment—are identified. These phases are broken into six steps described by the authors as a “straightforward method for exam- ining critical assets and identifying cost-effective countermeasures to guard against terrorism.” Information about the vulnerability assessment methods of both state and federal agencies is included along with illustrative examples. A Guide to Highway Vulnerability Assessment for Critical Asset Identification and Protection, Appendices A–F American Association of State Highway and Transportation Officials (AASHTO) NCHRP Project 20-07/Task 151B, May 2002 Science Applications International Corporation (SAIC) http://security.transportation.org/sites/security/docs/guide-VA_Appendices.pdf This companion text to the above guideline contains worksheets reproduced from the main document covering: critical asset factors values and scoring, vulnerability factors and scoring, countermeasures identification, and countermeasures cost information. The appendices con- tain a bibliography that provides state-specific vulnerability assessment information about Arkansas, California, Illinois, Iowa, Maryland, New Mexico, New York, South Carolina, Texas, Virginia, Washington, Washington D.C., and Wisconsin. The appendices also present “illustrative practices” from Iowa, Maryland, New Mexico, Oregon, Texas, and Washington, as well as the FTA, FAA, and DOJ. Bomb Threat Checklist Department of the Treasury, Bureau of Alcohol, Tobacco & Firearms ATF F 1613.1 (Formerly ATF F 1730.1, which still may be used) (6-97) http://www.state.tn.us/homelandsecurity/bomb_checklist.pdf Annotated Bibliography

This guidance document provides users with an information-gathering checklist designed to help collect as much information as possible about a threatened bomb detonation. Dirty Bombs—Fact Sheet Department of Health and Human Services, Centers for Disease Control and Prevention (CDC) July 2003 http://www.cdc.gov This 3-page guideline describes what a dirty bomb is and the actions that should be taken by people in the event of a possible or actual radiological exposure. The pamphlet also contains reference information about radiation and emergency response and the medical response to radiation exposures. Terrorist “Dirty Bombs”: A Brief Primer Jonathan Medalia, Specialist in National Defense Foreign Affairs, Defense, and Trade Division CRS Report for Congress, Order Code RS21528, April 1, 2004 This primer provides a concise overview of the technical aspects of radiological dispersion devices (RDDs). RDDs are described in brief, along with information about prevention and response. The Federal Bureau of Investigation (FBI) Terrorism Vulnerability Self-Assessment Checklist Federal Bureau of Investigation (FBI) http://www.cutr.usf.edu/security/reports.htm This vulnerability self-assessment checklist is intended to help the transportation organization determine its vulnerability to terrorism and to assist local law enforcement in assessing the over- all vulnerability of the community. The checklist provides a worksheet that can be customized to the transportation-specific organization. The worksheet is intended to be a general guide. Federal Bureau of Investigation (FBI) Guide to Concealable Weapons Federal Bureau of Investigation (FBI) 2003 http://www.cutr.usf.edu/security/reports.htm This reference document is a pictorial collection of easily concealable edged weapons collected by the Firearms and Toolmarks Unit of the FBI Laboratory. A Guide to Printed and Electronic Resources for Developing a Cost-Effective Risk Mitigation Plan for New and Existing Constructed Facilities (NISTIR 7390) National Institute of Standards and Technology February 2007 http://www2.bfrl.nist.gov/software/NISTIR7390 This extensive reference text consists primarily of an annotated bibliography of risk manage- ment information. A URL is provided whenever a reference is available in electronic format. In most cases, references are available for free as downloads. In other cases, the URL provides infor- mation on how to purchase the reference. 94 Security 101: A Physical Security Primer for Transportation Agencies

Annotated Bibliography 95 Information headings in the text include the following: Risk Assessment Resources, Guidance Documents and Software, Hazards Data and Man-made Hazards, Risk Management Resources, Guidance Documents and Software Guidance Documents for Estimating Costs and Losses, Mit- igation Costs, Event Related Losses, Economic Evaluation Guidance, Software for Estimating Costs and Losses, Economic Tools, Evaluation Methods, Industry Standards, Software for Imple- menting Industry Standards, Economic Modeling Resources and Analysis Strategies for Treat- ing Uncertainty. Appendix A provides a Three Step Protocol for Developing a Cost-Effective Risk Mitigation Plan. Appendix B presents a Clearinghouse and list of Web Portals. Appendix C presents an addi- tional annotated bibliography of Policies, Research and Theory. NCHRP Report 525: Surface Transportation Security Volume 4—A Self-Study Course on Terrorism-Related Risk Management of Highway Infrastructure National Cooperative Highway Research Program 2005 http://onlinepubs.trb.org/onlinepubs/nchrp/nchrp_rpt_525v4.pdf This guideline consists of a self-study course book designed to provide a general background in terrorism threat-related risk management for bridge, tunnel, and other highway infrastruc- ture, contained on a CD-ROM. The materials are derived from the content of workshops devel- oped by the AASHTO Task Force on Transportation Security. The methodology in this course book is based on an updated version of the approach published by AASHTO in the Guide to Highway Vulnerability Assessment for Critical Asset Identification and Protection. (It is recom- mended that users of this course book have a copy of the AASHTO Guide and its appendix avail- able as a reference). The course covers the following topics: Concepts Of Risk Management, Identification Of Crit- ical Asset Factors Through A Consideration Of Terrorism Event Consequences And Application Of These Factors To Assets To Determine The Most Critical Assets, Concepts Of Terrorist Threats And Related Weapons Of Mass Destruction, Identification Of Asset Vulnerability Fac- tors And Application Of Vulnerability Factors To Determine The Relative Vulnerability Of Each Of The Critical Assets, Plotting The Criticality And Vulnerability Scores On A Matrix To Deter- mine Assets With The Highest Priority For Countermeasure Consideration, Identifying The Range Of Potential Countermeasures And Their Applicability To Critical Assets, Identifying Countermeasure Costs, And Application Of Criticality And Vulnerability Assessment Processes To Bridges And Tunnels In Terms Of Program Development. Terrorism and Other Public Health Emergencies: A Reference Guide for Media Department of Health and Human Services September 2005 http://www.hhs.gov/disasters/press/newsroom/mediaguide/HHSMediaReferenceGuideFinal.pdf Although designated primarily as a guide for the communications media, this reference doc- ument provides good information about public health-related terrorism risks, threats, and vulnerabilities and how to take countermeasure precautions. Information is included on Biolog- ical and Chemical Agents, Radiation Emergencies, Terrorism and the Food Supply, Environ- mental Testing and Safety, the Role of the Federal Government, Risk Communications during a Terrorist Attack or other Public Health Emergency, and a history of Biological, Chemical, and Radiation Emergencies. Also contained in the guide is a ready reference table depicting the National Response Plan Emergency Support Functions (ESF) 1-15.

96 Security 101: A Physical Security Primer for Transportation Agencies B. Plans and Strategies Maintaining Strategic Direction for Protecting America’s Transportation System American Association of State Highway and Transportation Officials (AASHTO) May 2006 https://bookstore.transportation.org/item_details.aspx?=377 (available) This strategy guide defines two critical areas of homeland security for transportation agencies—Critical Transportation Infrastructure Protection and All Hazards Emergency Management Support. National Needs Assessment for Ensuring Transportation Infrastructure Security American Association of State Highway and Transportation Officials (AASHTO) NCHRP Project 20-59, Task 5, October 2002 www.transportation.org/sites/security/docs/NatlNeedsAssess.pdf Three key security-related planning areas were examined in this study: • Protecting critical mobility assets, • Enhancing traffic management capabilities, and • Improving state DOT (Department of Transportation) emergency response capabilities. The study also addresses important non-security areas, including safety improvements to bridges and tunnels and operational capabilities of the surface transportation network. Security investment guidelines and estimates are provided by the authors. A Guide to Updating Highway Emergency Response Plans for Terrorist Incidents American Association of State Highway and Transportation Officials (AASHTO) NCHRP Project 20-07/Task 151A, May 2002 http://freight.transportation.org/doc/NCHRP_A.pdf The guidelines contained in this report are designed to take advantage of the expertise of state DOTs at managing emergencies and applying time-tested practices and experiences to the handling of security-related incidents. Special emphasis is placed on the handling of WMD inci- dents. The guide “recommends building on the existing institutional relationships, roles, plans and procedures, using the all-hazards framework and modifying it when necessary to incorpo- rate appropriate WMD responses, and working closely with the state emergency management agency and others to ensure coordinated responses.” ASIS International Workplace Violence Prevention and Response Guideline American Society for Industrial Security 2005 www.asisonline.org/guidelines/inprogress_published.htm This guideline provides an overview of general policies, structures, and practices that can be used to prevent threatening misconduct and violence affecting the workplace. It contains definitions of workplace violence and the continuum of acts and behavior, from less severe to more severe, and a classification of workplace violence incidents. The guideline outlines prevention strategies and

procedures for detecting, investigating, managing, and following up on threats or violent incidents that occur in a workplace. The guideline covers the following topics: Workplace Violence— A Broad Concern for Employers; the Need for a Multidisciplinary Response; Preparedness and Prevention; Threat Response and Incident Management; Integrating the Issue of Domestic Vio- lence into Workplace Violence Prevention Strategies; and the Role of Law Enforcement. Handbook for Transit Safety and Security Certification Federal Transit Administration November 2002 http://transit-safety.volpe.dot.gov/Publications/order/singledoc.asp?docid=21 This Handbook provides step-by-step instructions for transit agencies (primary focus is on rail transit) to “self-certify” the safety and security of their systems. The material is organized into two chapters: Chapter 1—The Basics: Introduces the basic concepts of certification for safety and security Chapter 2—The Tools: Introduces three tools that support the safety and security certification process: (1) a well-defined project scope, (2) a safety and security certification plan (SSCP), and (3) a 10-step safety and security certification methodology. Appendices offer additional information on key topics including project life cycle definitions, useful safety and security resources, a resource guide, and a sample design and construction spec- ification form and direction. TSA/FTA Security and Emergency Management Action Items for Transit Agencies Transportation Security Administration December 2006 www.tsa.gov/assets/pdf/mass_transit_action_items.pdf An update to the FTA’s original Top 20 action items list, these action items cover all modes directly operated or contracted by a transit agency (e.g., bus, bus rapid transit, light rail, heavy rail, commuter rail, and paratransit). The 17 SAIs cover a range of areas, including security pro- gram management and accountability, security and emergency response training, drills and exer- cises, public awareness, protective measures for Homeland Security Advisory System (HSAS) threat levels, physical security, personnel security, and information sharing. Security and Emergency Management Technical Assistance for the Top 50 Transit Agencies (SEMTAP) Federal Transit Administration April 2007 http://transit-safety.volpe.dot.gov/Publications/order/singledoc.asp?docid=540 This report provides information and feedback regarding the FTA’s security-related tech- nical assistance program conducted over a 4-year period (2002–2006) at the top 50 transit agencies in size in the United States. The scope and purposes of the program were as follows: (1) Review the transit agency’s environment for security and emergency management; (2) Review, analyze, and make recommendations on security documents; (3) Develop methods to enhance security and emergency management procedures and training; (4) Develop and refine counter- terrorism tools; (5) Assess training needs and provide technical assistance for training; (6) Develop materials for security briefings and awareness; (7) Provide technical assistance for emergency tabletop exercises and planning for actual drills; and (8) Provide guidance on how to conduct threat and vulnerability assessments (TVAs). The report includes a program background and Annotated Bibliography 97

98 Security 101: A Physical Security Primer for Transportation Agencies summary, the methodology used, findings and results gathered during the technical assistance visits, and a description of the next-generation technical assistance program. Standard Protocols for Managing Security Incidents Involving Surface Transit Vehicles Federal Transit Administration 2002 http://transit-safety.volpe.dot.gov/Publications/order/singledoc.asp?docid=54 This guideline consists of a three-part protocol mainly focused on transit vehicle operators. Part One (Prevention) involves the inspection of transit vehicles, as part of a routine maintenance mea- sure, to prevent the placement of an explosive device or hazardous substance. Part Two (Unknown Substances and Suspicious Packages) addresses operator activities associated with the inspection of a transit vehicle for suspicious packages or devices. Part Three (Response) presents information about the measures to be taken when responding to a verified or highly suspicious event. Implementation Guidelines for 49 CFR Part 659 Federal Transit Administration March 2006 http://transit-safety.volpe.dot.gov/Publications/order/singledoc.asp?docid=504 From its authority to condition the receipt of grant funds (49 U.S.C. § 4324(c)), FTA also exer- cises regulatory authority, administering programs that place safety and security requirements on transit grantees and state agencies. Failure to comply with these requirements can result in the withholding of FTA funds. In April 2005, FTA amended 49 CFR Part 659 revising the prior rule clarifying sections, and setting forth further specification concerning what the state (State Safety Oversight—SSO) must require to monitor safety and security of rail transit systems. (Appendix A provides a copy of FTA’s revised Rule.) These implementation guidelines have been prepared to assist states and rail transit agencies in developing compliant programs based on the revised FTA Rule. The guidelines incorporate practices and recommendations from the complement of prior tech- nical assistance tools previously developed for the SSO program, including templates, reports, train- ing workshops, seminars, web-based resources, and previously published documents, such as FTA’s Implementation Guidelines for State Safety Oversight of Rail Fixed Guideway Systems (1996); Transit Security Handbook (1998); Technical Advisory for the Notification and Investigation of Accidents and Unacceptable Hazardous Conditions (1999); Critical Incident Management Guidelines (1999); Compliance Guidelines for States with New Starts Projects (2000); Hazard Analysis Guidelines for Transit Projects (2000); Keeping Safety on Track brochure series (2000 and 2001); Safety Certification Handbook (2002); Public Transportation System Security and Emergency Preparedness Planning Guide (2003); FTA’s Top 20 Security Action Items Website (2003 and 2004); and Transit Security Design Considerations (2005). FTA 49 CFR Part 659 Reference Guide, Rail Fixed Guideway Systems; State Safety Oversight Federal Transit Administration June 2005 http://transit-safety.volpe.dot.gov/Publications/order/singledoc.asp?docid=602

The 49 CFR Part 659 Reference Guide has been prepared to support implementation of FTA’s revised state safety oversight rule, published in the Federal Register on April 29, 2005. While this guide is targeted for states and oversight agencies, it can also support activities to be undertaken by rail transit agencies. The guide begins by presenting a flow chart that identifies the revised rule’s process for program development and implementation. Then, each section of the revised rule is discussed, including requirements and recommendations from FTA. Resource Toolkit for State Oversight Agencies Implementing 49 CFR Part 659 Federal Transit Administration March 2006 http://transit-safety.volpe.dot.gov/Publications/order/singledoc.asp?docid=642 This Resource Toolkit is a companion document to FTA’s Implementation Guidelines for 49 CFR Part 659. It contains a sample “oversight agency program standard and referenced proce- dures” document that can be tailored by each affected state oversight agency. It also includes sample program requirements that can be adopted by the state oversight agency to support the development of compliant System Safety Program Plans and System Security Plans at rail tran- sit agencies. A sample “certification that the system safety program plan and the system security plan have been developed, reviewed, and approved” is also provided, as well as sample checklists for use by state oversight agencies in reviewing and approving the rail transit agency plans and other submissions. The Resource Toolkit begins with the sample “Program Standard and Referenced Proce- dures,” which has nine sections: 1. Introduction and Overview 2. System Safety Program Plan Standard 3. System Security Plan Standard 4. Rail Transit Agency Internal Safety and Security Audit Program 5. Hazard Management Process 6. Accident Notification, Investigation and Reporting 7. Three-Year On-site Safety and Security Review 8. Corrective Action Plans 9. Reporting to FTA Additional references and procedures are provided as appendices: Appendix A: Authority for the State Oversight Agency Appendix B: 49 CFR Part 659 (April 29, 2005) Appendix C: Organization Charts Appendix D: Rail Transit Agency Safety and Security Points-of-Contact Appendix E: Program Requirements for Development of a Rail Transit Agency System Safety Program Plan (SSPP) Appendix F: State Oversight Agency SSPP Review Checklist Appendix G: Program Requirements for Development of a Rail Transit Agency System Security and Emergency Preparedness Program Plan (SEPP) Appendix H: State Oversight Agency System Security Program Plan Checklist Appendix I: Checklist for Reviewing Rail Transit Agency Accident Investigation Reports and Supporting Documentation Appendix J: Sample Three-Year Safety and Security Review Checklist Appendix K: Sample Certification that Rail Transit Agency System Safety Program Plan and System Security Plan Have Been Developed, Reviewed, and Approved Annotated Bibliography 99

The Public Transportation System Security and Emergency Preparedness Planning Guide Federal Transit Administration January 2003 http://transit-safety.volpe.dot.gov/Publications/order/singledoc.asp?docid=53 This document is cited in the FTA’s 49 CFR Part 659 Reference Guide as an aid to assist in com- pliance with mandatory rail transit safety and security requirements pursuant to the Code of Fed- eral Regulations. The 659 Reference Guide states, “to identify the controls in place that address the personal security of passengers and employees, FTA has prepared the Public Transportation System Security and Emergency Preparedness Planning Guide. This guide addressed procedures, plans, training, technology, and a program for reporting and investigating unusual occurrences and incidents. It includes planning templates, and offers recommendations to address new threats in the rail transit environment.” Highway Transportation Sector Security Resource Aid and Highway Transportation System Security and Emergency Preparedness Plan (SSEPP) Template Highway ISAC and Highway Watch® Program American Trucking Associations, Inc www.highwaywatch.com (available to members) This document was created under the auspices of the Highway Watch ISAC program of the American Trucking Association. It contains a “Security Plan Checklist” covering management and accountability, security problem identification, employees and training, audits and drills, document control, access control, and homeland security. The document also contains an “Employee Guide to System Security for Bus Operations.” Preventive activities, suspicious activi- ties, responding to and identifying suspicious persons, suspicious packages and devices, suspicious substances, threat and incident response, information gathering, reporting, interior and exterior vehicle inspection, a homeland security advisory system definition, and FTA-recommended HSAS measures are included in the guide. The final section is a stand-alone document “System Security and Emergency Preparedness Plan (SSEP) Template.” It is a highway-specific template developed by the Ohio Department of Transportation and the FTA that is modeled directly after the FTA’s SSEPP Guide. Survey of United States Transit System Security Needs and Funding Priorities American Public Transportation Association (APTA) April 2004 http://www.apta.com/services/security/documents/security_survey.pdf This survey reports the results of information obtained from 120 transit systems regarding their efforts after the terrorist attacks of September 11, 2001, to implement new or enhanced security measures. It includes information about needs and funding priorities, categories of tran- sit agency security personnel, transit agency security actions and expenditures, new and aug- mented transit agency security measures, security funding shortfalls, and transit agency security priorities for federal funding. Crime Prevention Through Environmental Design Principles The Peel CPTED Advisory Committee 2006 http://www.peelregion.ca/planning/cpted/CPTED-2006.pdf 100 Security 101: A Physical Security Primer for Transportation Agencies

Annotated Bibliography 101 This document is composed of both a theoretical overview and a practical concept guide. It describes the underlying objective of CPTED, which is to help businesses and industry to improve security and reduce crime and losses through the use of design principles and strate- gies. The document discusses concepts of natural surveillance, natural access control, territo- rial reinforcement, space assessment and design, signage, grounds, and building interiors and exteriors. Special attention is given to parking structures, garages, elevator vestibules and stair- wells, automated bank machines, and schools. Crime Prevention Through Environmental Design (CPTED) Guidebook National Crime Prevention Council (NCPC) of Singapore October 2003 http://ww.npc.gov.sg/pdf/CPTED%20Guidebook.pdf This guideline provides an overview of the four fundamental principles of CPTED, Natural Surveillance, Natural Access Control, Territorial Reinforcement, and Maintenance and Man- agement. It describes the methodology for applying these principles through a “3-D approach of Designation, Definition and Design.” A design guide is presented in the form of a check- list that assists users to address the security aspects of a project. The questions contained in the checklist provide the basis for initial crime prevention through environmental design review. Special attention is given to car parks, open spaces and playgrounds, public washrooms, sidewalks and walkways, underpasses and pedestrian overhead bridges, bus shelters, taxi stands, and transit stations. Immediate Actions (IAs) for Transit Agencies for Potential and Actual Life-Threatening Incidents Federal Transit Administration April 2004 http://transit-safety.volpe.dot.gov/Security/SecurityInitiatives/ImmediateActions/PDF/IAs.pdf The FTA’s “Immediate Actions” publication is designed “to assist operators and other transit agency personnel who may encounter potential or actual life-threatening events involving criminal activities or terrorism.” The guide contemplates that during emergency or heightened risk situations the transit employee may have only seconds to react to conditions. Immediate Actions (IAs) are identified as “clear procedures that may help prevent or mitigate a terrorist or violent criminal act.” There are three types of IAs contained in the guideline: 1. Suspicious Activity IAs include suspicious activities or suspicious packages/substances. 2. Imminent Threat and Attack IAs include armed (personal deadly weapons such as firearms, knives, or clubs) threat and attack, explosives threat and attack, and chem/bio threat and attack. 3. Life Safety IAs include lockdown (shelter in place) and evacuation. NCHRP Report 525: Surface Transportation Security Volume 3— Incorporating Security into the Transportation Planning Process National Cooperative Highway Research Program 2005 http://onlinepubs.trb.org/onlinepubs/nchrp/nchrp_rpt_525v3.pdf The stated purpose of this research was “to assess whether and how traditional transportation planning processes at the state and local levels of government incorporate the potential for security threats and events.” The research team conducted a review of Transportation Improve- ment Programs of 10 major metropolitan areas and detailed case studies in New York, New York; Portland, Oregon; San Francisco, California; and Washington, DC.

102 Security 101: A Physical Security Primer for Transportation Agencies Multiyear Plan for Bridge and Tunnel Security Research, Development, and Deployment Federal Highway Administration (FHWA) March 2006 http://www.tfhrc.gov/structur/pubs/06072/06072.pdf This multi-year strategy report proposes an R&D program addressing highway bridge and tunnel security. It was developed by the FHWA Office of Infrastructure Research and Develop- ment (R&D). The report presents a plan to address the agency’s objectives to “Support National Disaster Preparedness, and Response and Recovery Efforts” and to “Initiate and Facil- itate Research and Technology Development in Support of a More Secure Highway System.” The proposed FHWA program focuses on the following strategic area, “to reduce the threat of dam- age to the infrastructure so that there is minimal loss of life, the infrastructure can stay open for movement of people and goods, and there will be little or no impact on the economy.” The rec- ommended strategic focus areas for bridge and tunnel security R&D include Risk and Vulnera- bility Assessment; System Analysis and Design; Improved Materials, Prevention, Detection, and Surveillance; Post-Event Assessment; Repair and Restoration; and Evaluation and Training. C. Physical Security Countermeasures Improvised Explosive Device (IED) Safe Standoff Distance Cheat Sheet Army National Ground Intelligence Center www.ofm.gov.on.ca/english/Publications/communiques/2007/pdf/2007-26at3.pdf This table lists threat descriptions for types of high explosives and liquefied petroleum gas (LPG) both butane and propane. It provides building evacuation distances and outdoor evacua- tion distances based on explosive mass (TNT equivalent) and fireball diameter and safe distance based on LPG mass/volume. Terrorist Bomb Threat Stand-Off Card (Pocket Guide) Technical Support Working Group (TSWG) www.tswg.gov (restricted/available upon request) This chart is intended as a guide for immediate evacuation response to a suspected explosive threat. It lists threat descriptions based on explosives capacity and provides data regarding lethal air blast range, mandatory evacuation distances, and desired evacuation distances. Standard for Closed Circuit Television (CCTV) Inspection, Testing and Maintenance, Volume 6—Signals & Communications American Public Transportation Association (APTA) RT-S-SC-012-03, Copyright © 2004 This standard provides procedures for inspecting, testing, and maintaining rail transit Closed- circuit television (CCTV) systems installed in stations or at other fixed locations. It is not appli- cable to vehicle-mounted CCTV systems. Standard for Wayside Intrusion Detection System Inspection and Testing American Public Transportation Association (APTA) RT-S-SC-044-03, Copyright © 2004 This standard provides procedures for inspecting and testing rail transit wayside intrusion detection systems at the time of placement in service, or when modified or repaired.

Annotated Bibliography 103 United States Army Physical Security Manual HQ TRADOC, Department of the Army FM No. 3-19.30, January 2001 http://www.globalsecurity.org/military/library/policy/army/fm/3-19-30/index.html This physical security operations manual contains information, standards, and guidelines designed to “minimize the loss of personnel, supplies, equipment, and material through both human and natural threats.” The manual supports the development of a systems approach to security through the use of integrated protective measures. The manual is organized into a series of chapters and appendices that contain mutually supporting information designed to prevent gaps or overlaps in responsibilities and performance. The Army Field Manual (FM) covers • Physical protective measures, including barriers, lighting, and electronic security systems. • Procedural security measures, including procedures in place before an incident and those employed in response to an incident. (These include procedures employed by asset owners and those applied by and governing the actions of guards.) • Terrorism counteraction measures that protect assets against terrorist attacks. Basic Security 101—Alarm Systems Digital Security Controls, Ltd/Tyco/Fire & Security www.dsc.com http://www.alarmsbc.com/pdf/basic%20security%20101.pdf This informative PowerPoint guide provides an overview of the basic components of an alarm system, the technology behind the equipment, and communications platforms, as well as a primer on fundamental industry terminology. The functionality of input devices such as door/window contacts, glassbreak detectors, gas detectors, hold-up buttons, passive infra-red detectors; and output devices such as indoor and outdoor sirens and multi-colored strobes are described in basic terms. The Selection of Cameras, Digital Recording Systems, Digital High Speed Train-Lines and Networks for Use in Transit Related CCTV Systems American Public Transportation Association (APTA) IT-RP-001-07 V1.2, Copyright © 2007 www.asis.online.org/guidelines/CCTV_TS_document_JULY07_%20IT_RP.v1.2.pdf This guideline consists of a “technical recommended practice” for the selection of both analog and digital cameras, digital recording, and digital high-speed train lines for use in transit. The document covers CCTV use in security systems in transit-related applications, such as rail cars, buses, depots, and stations. The basic principles and recommendations of this recommended practice are generally applicable to any system using CCTV cameras, digital video recorders, and recording hard drives. Getting the Best Use Out of CCTV in the Railways New and Emerging CCTV Technologies Rail Safety and Standards Board, Kingston University, Mott MacDonald and Ipsotek Ltd Project Reference: 07-T061 (Rserv265Y), July 2003 www.rssb.co.uk This guideline describes how new and emerging technologies for CCTV systems can assist in deterring, detecting, and prosecuting acts of vandalism on the UK rail network. The review covers automatic video detection and advanced surveillance systems. Technology assessments include

104 Security 101: A Physical Security Primer for Transportation Agencies reviews of commercially available IP (Internet Protocol) cameras, wireless cameras, digital video recorders, remote viewing devices, and intelligent surveillance systems. The applicability of tech- nologies to the railway environment is also discussed, and where appropriate “ideal” specifications for a system are included. A particular highlight of this report is the inclusion of “state-of-the- art research in intelligent visual surveillance with application to the railway sector.” Automated visual surveillance is described and the automatic interpretation of scenes based on the informa- tion acquired by sensors (CCTV cameras). Handbook of Access Control Technologies Space and Naval Warfare Systems Center (SPAWARSYSCEN) Charleston February 2005 https://www.dhs-saver.info This handbook is a compendium of access control technologies. It provides basic information for any organization seeking to develop, configure, and build an access control system. The four main elements of a system: (1) access control barriers, (2) access control verification or identifi- cation equipment, (3) access control panels that control the barriers and (4) the communica- tions structure that connects these elements and connects the system to the reaction elements are described. The handbook addresses access control considerations including operational requirements, performance characteristics, system architecture, and databases of authorized per- sonnel, environmental considerations, alarm assessment, integration, communications, power supply, and costs. Categories of equipment discussed include physical control equipment, tokens and cipher systems, biometric systems, and assistive technologies. Assessing the Impact of CCTV, Home Office Research Study 292 Martin Gill and Angela Spriggs, Home Office Research, Development and Statistics Directorate February 2005 http://www.homeoffice.gov.uk/rds/pdfs05/hors292.pdf This exhaustive report evaluates 13 CCTV projects implemented in the UK in a range of con- texts, including town centers, city centers, car parks, hospitals, and residential areas. The researchers used statistics to determine the impact of CCTV on the reduction of crime in “intervention areas,” both before and after the installation of CCTV systems and in comparable “control areas.” Physical Security Concepts—Security PACE Book 2 SimplexGrinnell LP www.simplexgrinnell.com/resorcecenter/documents/PACEBook2.pdf This coursebook provides a basic set of physical security learning objectives and accompany- ing course materials covering physical security controls, security design considerations, barriers as a means of access control, preventing interruption of operations, perception as protection, protection scheme guidelines, and lighting application issues. NFPA 730 Guide for Premises Security 2006 Edition National Fire Protection Association August 2005 www.nfpa.org/index.asp (there is a charge for this publication) This edition of NFPA 730 was approved as an American National Standard on August 18, 2005. It provides a detailed description of construction, protection, occupancy features, and practices intended to reduce security vulnerabilities to life and property. NFPA 730 has a companion text,

NFPA 731, “Standard for the Installation of Electronic Premises Security Systems, 2006 edition.” There are also references in the Guidebook to other NFPA standards, guidelines, and recom- mended practices, as well as ASTM, ANSI/BHMAA, ESNA, SDI, UL, and US ARMY Corps of Engineers standards and publications. The text addresses standards and guidelines related to the following areas: Security Vulnerability Assessment, Exterior Security Devices and Systems, Physi- cal Security Devices, Interior Security Systems, Security Personnel, Security Planning, Educational Facilities, Health Care Facilities, One and Two Story Dwellings, Lodging Facilities, Apartment Buildings, Restaurants, Retail Stores, Office Buildings, Industrial Facilities, Parking Facilities and Special Events. Transit Agency Security and Emergency Management Protective Measures Federal Transit Administration November 2006 http://transit-safety.volpe.dot.gov/Publications/order/singledoc.asp?docid=439 This document was developed by the FTA, in consultation with the Department of Homeland Security’s (DHS) Transportation Security Administration (TSA) and Office of Grants and Train- ing (OGT). It is designed to provide an approach that can be used to integrate a transit agency’s security and emergency management programs with the DHS Homeland Security Advisory System (HSAS). In addition to protective measures responsive to the HSAS threat conditions, this document also provides protective measures to be implemented in the event of an attack or active incident (an actual emergency, which might include a terrorist attack, accident or natural disaster) and during the recovery phase following an incident. Technical Support Working Group (TSWG) Physical Security Guidelines Technical Support Working Group www.tswg.gov (restricted/available upon request) The mission of TSWG is to “identify, prioritize, and execute research and development, testing, evaluation, and commercialization efforts that satisfy interagency requirements for physical secu- rity technology to protect personnel, vital equipment, and facilities against terrorist attacks.” TSWG publications are “restricted use” mainly to government agencies at the federal, state and local level. TSWG physical security guidelines include research information in the following areas: Blast Mitigation, Entry Pointy Screening, Electronic Security Systems, Infrastructure Protection, and Maritime Security. Some of the products developed through the research include: Damage and Injury Card Set, Window Vulnerability Assessment and Design Software, Personnel Screening Guide, Vehicle Inspection Guide (VIG), Advanced Vehicle/Driver Identification System, Rail- car Inspection Guide (RIG), Tactical Video Surveillance System, Video Vehicle Surveillance Pro- gram, Radio Frequency Weapons Pocket Guide, Assessment of Critical Infrastructure Databases, and Securing SCADA (Supervisory Control and Data Acquisition) Systems. TSWG conducts security research in a number of additional areas. They include: Blast Effects and Mitigation, Chemical, Biological, Radiological and Nuclear Countermeasures, Explosives Detection, Improvised Device Defeat, Investigative Support and Forensics, Surveillance, Collec- tion and Operations Support, Tactical Operations Support, Training Technology Development, and VIP Protection. TCRP Report 86 Public Transportation Security: Volume 2—K9 Units in Public Transportation: A Guide for Decisionmakers Transit Cooperative Research Program 2002 http://www.tcrponline.org/bin/publications.pl?category=18 Annotated Bibliography 105

This Guide offers information about the potential deployment of K9 (canines), principally for explosives detection use in the public transportation environment. Data is reported regarding the survey of 14 transit systems that were either currently deploying K9 or had done so within the previous 5 years. The guide describes a step-by-step methodology for determining the pros and cons of a canine program. TCRP Report 86 Public Transportation Security: Volume 4—Intrusion Detection for Public Transportation Facilities Handbook Transit Cooperative Research Program 2003 http://www.tcrponline.org/bin/publications.pl?category=18 This stated objective of this research was to “develop a handbook for selecting and managing intrusion detection systems (IDS) in the public transportation environment.” It contains tech- nology based information about the applicability of IDS to the full range of transportation facil- ities including tunnels, bridges, buildings, power stations, transfer stations, rail yards, bus yards, and parking lots, as well as transit vehicles. The Handbook provides comprehensive information on application and implementation of a wide range of Intrusion Detection Systems (IDS) tech- nologies to include, Fencing Systems, Barrier Systems, Lighting Systems, Video Systems, Access Control Systems, Sensor Systems, Identification Systems, Data Fusion, Display and Control Sys- tems, Crisis Management Software, and a number of other systems. Chapter 4 of the Handbook describes the steps in applying and implementing IDS. The text makes excellent use of tables to present comparative information. TCRP Report 86 Public Transportation Security: Volume 6—Applicability of Portable Explosive Detection Devices in Transit Environments Transit Cooperative Research Program 2004 http://www.tcrponline.org/bin/publications.pl?category=18 The stated objective of this research was to “demonstrate the capabilities of existing explosive detection devices (EDDs) in a transit environment, including subways and bus station platforms.” Demonstration teams conducted tests of various portable EDDs onsite at three transit agencies across the United States, evaluating the use of these devices to check suspicious packages. This research report includes a review of the properties of explosives and the various tech- nologies both in use and emerging that are suitable for portable instrumentation for explosives detection. The technologies discussed are Ion Mobility Spectrometry (IMS), Surface Acoustic Wave (SAW), Electron Capture Detectors, Thermo-Redox Detectors, Amplifying Fluorescent Polymer and Canines. Test procedures and the results of the demonstrations are reported along with a set of conclu- sions and recommendations covering Transportability, Reliability of the Units, Throughput, Ease of Use and Training Requirements, Maintenance Costs, Consumables False Positive Alarms, and False Negative Alarms. The costs associated with the tested EDDs are included in the report along with estimated product life cycles. TCRP Report 86 Public Transportation Security: Volume 1—Public Transportation Passenger Security Inspections: A Guide for Policy Decision Makers Transit Cooperative Research Program 2007 http://www.tcrponline.org/bin/publications.pl?category=18 The stated objective of this research was to “provide guidance that a public transportation agency may use when considering whether, where, when, and how to introduce a passenger security 106 Security 101: A Physical Security Primer for Transportation Agencies

inspection program into its operations.” The report is a useful ready reference guide that iden- tifies (1) the most promising types of screening technologies and methods currently in use or being tested, (2) the operational considerations for the deployment of these technologies in land-based systems, (3) the legal precedent that either applies or that should be contemplated in connection with passenger screening activities, and (4) a passenger security inspection policy decision-making model. The report describes the potential deployment of the following inspections methods in terms of operational feasibility and based on Constitutional, Statutory and Tort Law requirements: Radiation Detection Pagers, Ticket Machine Scanners, Handheld Trace Detectors, Desktop Trace Detectors, Puffer Portals, Magnetometers, Backscatter X-ray Scanners, Z Backscatter Vans, Baggage Scanners, Explosives Detection Canines, Behavioral Assessments, and Visual/Physical Bag Inspections. The result of a survey of Public Transportation Agencies who either use or are contemplating use of passenger screening is also included in the research. Transit Cooperative Research Program Research Results Digest 58: Safety and Security Issues at All-Bus Systems in Small- to Medium-Sized Cities in Western Europe Transit Cooperative Research Program 2003 http://www.trb.org/news/blurb_detail.asp?id=1460 This research was performed under the auspices of the International Transit Studies Program (ITSP). The program arranges for teams of public transportation professionals to visit exemplary transit operations in other countries. Each study mission focuses on a theme that encompasses issues of concern in public transportation. The purpose of the mission was to learn what other agencies are doing to ensure the safety of bus riders, agency employees, and the communities served—how they deal with security threats that include firebombs, riots, hijackings, kidnap- ping, vandalism, armed assaults, and bombings. Over a 2-week period, the study team members met with staff members from nine public agencies and operating companies in Belfast, North- ern Ireland; Manchester, Liverpool, and Sheffield, England; and Lyon, Grenoble, Bordeaux, and Toulouse, France. The mission focused on the four subject areas: 1. Prevention activities—what the agency does to reduce or eliminate threats. 2. Preparation activities—how the agency develops plans to respond to crises/incidents. 3. Response activities—what the agency would do, should a crisis occur, to save lives, protect property, and stabilize the situation. 4. Recovery activities—once a crisis has been stabilized, how the agency would return their system operations to normal. Advanced Lighting Guidelines New Buildings Institute Incorporated 2003 http://www.newbuildings.org/downloads/ALG_2003.pdf This comprehensive 445-page guideline is an A–Z manual that addresses all aspects of light- ing. The text is divided into seven broad categories covering Lighting and Human Performance, Lighting Impacts and Policies, Lighting Design Considerations, Applications, Light Sources and Ballast Systems, Luminaries and Light Distribution, and Lighting Controls. The guidelines are intended for use by architects, design build contractors, lighting designers, electrical engineers, electrical designers, lighting educators, students, utility program managers, energy service project managers, government policy analysts, facilities managers, building owners, building financers, code enforcement officers, and others who make decisions about lighting. Annotated Bibliography 107

D. Personnel ASIS International Pre-Employment Background Screening Guideline American Society For Industrial Security 2006 www.asisonline.org/guidelines/inprogress_published.htm This guideline provides employers with an understanding of the fundamental concepts, methodologies and related legal issues associated with the preemployment background screening of job applicants. It contains practical information concerning the value of screening, the impor- tance of the application form, important legal issues and considerations such as the Fair Credit Reporting Act, privacy issues, as well as state laws, rules, and regulations. There is an appendix depicting a sample preemployment background screening flow chart. Additional preemployment background screening resources are listed in a References/Bibliography section of the document. ASIS International Private Security Officer Selection and Training Guideline American Society For Industrial Security 2004 www.asisonline.org/guidelines/inprogress_published.htm This guideline lists its purpose as “to provide regulating bodies in the United States with con- sistent minimum qualifications in order to improve the performance of private security officers and the quality of security services.” The Private Security Officer (PSO) Selection and Training Guideline is an in-depth research effort of the American Society for Industrial Security that rec- ommends minimum criteria for the selection and training of all private security officers. It includes definitions of terms and a reference/bibliography. As a part of the study, requirements for private security officers were identified for the following states: Arizona, California, Florida, New York, Oregon, Utah, Virginia, and North Dakota. These states were selected using ratings pro- vided by the Services Employees International Union (SEIU). The Pinkerton’s, “Internal Analysis of all State Regulations for Private Security Officers,” and Westcott Communications Inc.’s, “Private Security Television Network (PSTN) Catalog of Security Officer Training Programs” were also reviewed. Employee Guide to System Security, Observe and Report—Bus Operations National Transit Institute (NTI) http://www.safety@nti.rutgers.edu www.ntionline.com This 2-page pocket brochure consists of a pictorial guideline and text for transportation employees covering security-related topics. Information is provided to assist employees with the reporting of an incident, suspicious activity, suspicious packages and devices, suspicious sub- stances, threat and incident response, information gathering and prevention. The guide is pro- duced through funding and support from the FTA. Employee Guide to System Security, Observe and Report—Bus Maintenance National Transit Institute (NTI) http://www.safety@nti.rutgers.edu www.ntionline.com This 2-page pocket brochure consists of a pictorial guideline and text for transportation employees covering security-related topics. Information is provided to assist employees with the reporting of an incident, security sweeps, suspicious activity, suspicious packages and devices, 108 Security 101: A Physical Security Primer for Transportation Agencies

suspicious substances, threat and incident response, information gathering and prevention. The guide is produced through funding and support from the FTA. Employee Guide to System Security, Observe and Report—Commuter Bus National Transit Institute (NTI) http://www.safety@nti.rutgers.edu www.ntionline.com This 2-page pocket brochure consists of a pictorial guideline and text for transportation employees covering security-related topics. Information is provided to assist employees with the reporting of an incident, security sweeps, suspicious activity, suspicious packages and devices, suspicious substances, threat and incident response, information gathering and prevention. The guide is produced through funding and support from the FTA. Employee Guide to System Security, Observe and Report—Commuter Rail National Transit Institute (NTI) http://www.safety@nti.rutgers.edu www.ntionline.com This 2-page pocket brochure consists of a pictorial guideline and text for transportation employees covering security-related topics. Information is provided to assist employees with the reporting of an incident, security sweeps, suspicious activity, suspicious packages and devices, suspicious substances, threat and incident response, information gathering and prevention. The guide is produced through funding and support from the FTA. Employee Guide to System Security, Observe and Report—Heavy Rail National Transit Institute (NTI) http://www.safety@nti.rutgers.edu www.ntionline.com This 2-page pocket brochure consists of a pictorial guideline and text for transportation employees covering security-related topics. Information is provided to assist employees with the reporting of an incident, security sweeps, suspicious activity, suspicious packages and devices, suspicious substances, threat and incident response, information gathering and prevention. The guide is produced through funding and support from the FTA. Employee Guide to System Security, Observe and Report—Light Rail National Transit Institute (NTI) http://www.safety@nti.rutgers.edu www.ntionline.com This 2-page pocket brochure consists of a pictorial guideline and text for transportation employees covering security-related topics. Information is provided to assist employees with the reporting of an incident, security sweeps, suspicious activity, suspicious packages and devices, suspicious substances, threat and incident response, information gathering and prevention. The guide is produced through funding and support from the FTA. Employee Guide to Preventing Workplace Violence National Transit Institute (NTI) http://www.safety@nti.rutgers.edu www.ntionline.com Annotated Bibliography 109

This 2-page pocket brochure consists of a guideline and text for transportation employees cov- ering security-related topics. Information is provided to assist employees with reporting work- place violence, recognizing warning signs, dealing with people, dealing with difficult people, dealing with dangerous people, effects of workplace violence, and the recovery process. Sheltering in Place During a Radiation Emergency—Fact Sheet Department of Health and Human Services, Centers for Disease Control and Prevention (CDC) June 2003 http://www.cdc.gov This 3-page guideline describes the actions that should be taken by people in the event it is necessary for them to take shelter during a radiological emergency. The pamphlet describes the process of sheltering at home and lists the types of provisions and emergency supplies that should be stored within the designated shelter area. Biological Attack Human Pathogens, Biotoxins, and Agricultural Threats National Academy of Sciences 2005 www.nae.edu/nae/pubundcom.nsf/weblinks/CGOZ-642P3W?OpenDocument This fact sheet and summary contains a definition for biological attack and provides a concise description of bio-threat agents as listed by the Centers for Disease Control and Prevention (CDC). A table is included in the summary that identifies the “Onset, Health Impacts and Treat- ments” for bio-threat agents with categories describing “Disease, Incubation Period, Symptoms, Spread, Lethality if Untreated, Persistence of Organism, Vaccine Status and Medical Treatment.” Basic instructions are presented for what people should do to protect themselves during a declared biological emergency. Chemical Attack Warfare Agents, Industrial Chemicals and Toxins National Academy of Sciences 2004 www.nae.edu/nae/pubundcom.nsf/weblinks/CGOZ-642P3W?OpenDocument This fact sheet and summary contains a definition for chemical attack. A table is included that identifies the four categories of chemical weapons developed for military use, “nerve agents, blis- ter agents, blood agents, and choking agents.” Sarin, VX, Mustard, Lewisite, Hydrogen Cyanide, Cyanogen Chloride and Chlorine Phosgene are described in terms of “odor, persistency, rate of action, signs and symptoms, first aid and decontamination.” Examples of the toxicity levels for both chemical weapons Sarin and Hydrogen Cyanide, and some industrial chemicals including Chlorine, Hydrogen Chloride, Carbon Monoxide, Ammonia, Chloroform and Vinyl Chloride are listed by lethal concentration in parts per million (PPM). Basic instructions are presented for what people should do to protect themselves if indoors or outdoors during a chemical emergency. Radiological Attack Dirty Bombs and Other Devices National Academy of Sciences 2004 www.nae.edu/nae/pubundcom.nsf/weblinks/CGOZ-642P3W?OpenDocument This fact sheet and summary references Radiological Dispersion Devices (RDD’s aka dirty bombs). It defines “ionizing radiation” including Gamma and X-Rays, Beta Radiation and Alpha Radiation. A chart is contained in the summary that compares radiation exposures (in rems) with doses known to produce near-term health effects. Some of the common radioactive 110 Security 101: A Physical Security Primer for Transportation Agencies

materials used in society are listed including Cobalt-60, Cesium-137, Iridium-192, Strontium-90, Plutonium-238 and Americium-241. Basic instructions are presented for what people should do to protect themselves in the event of a radiological explosion. Nuclear Attack National Academy of Sciences 2004 www.nae.edu/nae/pubundcom.nsf/weblinks/CGOZ-642P3W?OpenDocument This fact sheet and summary contains a definition for nuclear attack and describes the charac- teristics of a nuclear explosion. The comparative size of explosion in terms of kiloton or megaton yield (explosive energy) is discussed along with a representation of the general patterns of damage; shockwave, thermal (heat) energy, initial radiation zone and lethality, assuming a 10 Kiloton (KT) blast. Basic instructions are presented for what people should do to protect themselves during a nuclear emergency. Cops, Cameras, and Enclosures: A Synthesis of the Effectiveness of Methods to Provide Enhanced Security for Bus Operators National Center for Transit Research, University of South Florida http://www.nctr.usf.edu/publications.htm This synthesis survey reports the results of information obtained from transit agencies describ- ing a variety of techniques used to minimize the possibilities of assault against bus operators and passengers. The survey addressed security countermeasures including the use of panic buttons, automatic vehicle locator (AVL) systems, on-board video surveillance, two-way communications, operator training, cab enclosures, transit crime reporting and police or security officers on-board. NCHRP Report 525: Surface Transportation Security Volume 1—Responding to Threats: A Field Personnel Manual National Cooperative Highway Research Program 2004 http://onlinepubs.trb.org/onlinepubs/nchrp/nchrp_rpt_525v1.pdf This manual consists of a series of draft templates that can be used by a transportation orga- nization to improve security awareness. According to the “Instructions Page” the manual was “inspired by the training material, System Security Awareness for Transportation Employees and Security Incident Management for Transportation Supervisors—Instructor Package, developed by the National Transit Institute (NTI).” The following sections are included in the text: How Terrorists/Criminals Select a Target or a Victim, Potential Targets, What the Terrorist Criminal Needs to Know, Where to Look, What to Look for, How and What to Report, When to Intervene, Potential Actions to Further Improve Security, Sample Reports, and Contact Lists. NCHRP Report 525: Surface Transportation Security Volume 7—System Security Awareness for Transportation Employees National Cooperative Highway Research Program 2005 http://www.ntionline.com (CD-ROM available upon request) This research product consists of a computer-based training (CBT) Program for Transporta- tion Employees that takes approximately two hours to complete. The course materials address employee security awareness activities; define system security, threat, vulnerability and risk; pro- vide the FBI’s definition of Terrorism; identify types of terrorists and the type of terrorist weapons deployed; provide information about the HSAS advisory system; and describe critical transportation assets at risk The training also includes a six-step process for approaching a Annotated Bibliography 111

person exhibiting signs of suspicious behavior and guidelines for handling suspicious telephone calls, persons, packages or vehicles on transportation property A “DECIDE Model” for reacting to a potential threat or incident and “Life Safety Don’ts” are used to reinforce the training objectives. There are six Modules to the training: 1. What Is System Security? 2. What Is Your Role In Reducing Vulnerability? 3. What Is Suspicious Activity? 4. What Is A Suspicious Object? 5. What Is Your Top Priority? 6. What Are You Doing To Prepare? E. Communications and Information Management Standard for Emergency Signage for Egress/Access of Passenger Rail Equipment American Public Transportation Association (APTA) SS-PS-002-98, Rev. 2, Copyright © 2002 This standard contains minimum requirements for the physical characteristics, informational content, and placement of emergency signs and markings for passenger rail car egress/access points on both the interior and exterior of said equipment. Standard for Passenger Railroad Emergency Communications American Public Transportation Association (APTA) SS-PS-001-98, Copyright © 1998 This standard establishes the minimum criteria for the provision and use of on-board com- munications systems for railroad operating personnel with particular focus on communications in the event of an emergency. ASIS International Information Asset Protection Guideline American Society For Industrial Security 2007 www.asisonline.org/guidelines/inprogress_published.htm This guideline provides information about developing and implementing a comprehensive risk-based strategy for information assets protection. Topics covered include (1) classifying and labeling information, (2) handling protocols to specify use, distribution, storage, security expec- tations, declassification, return, and destruction/disposal methodology, (3) training, (4) incident reporting and investigation, and (5) audit/compliance processes and special needs (disaster recovery). The Guideline is applicable to all sizes of organizations and all industry sectors to include non-profits, educational institutions, and government agencies. Appendices to the guide present users with a framework and principles for developing policy including an actual sample IAP policy. There is also a Quick Reference Guide and a sample flow chart for assessing infor- mation protection needs. TCRP Report 86 Public Transportation Security: Volume 5—Security-Related Customer Communications and Training for Public Transportation Providers Transit Cooperative Research Program 2004 http://www.tcrponline.org/bin/publications.pl?category=18 112 Security 101: A Physical Security Primer for Transportation Agencies

Along with the research text, this guideline consists of a “Security Training and Communica- tions Video” and “Templates of Communications Devices” contained on a CD-ROM computer disk. The materials are designed to assist transportation agencies to communicate effectively about security concerns and other emergencies with three main sets of stakeholders—their pas- sengers, their employees, and other groups. The report is organized into seven sections. Three of these are conceptual. The remaining four chapters provide examples of actual communications methods and devices that public transportation systems of all sizes will find useful in developing or organizing security related communication and/or training. NCHRP Report 525: Surface Transportation Security Volume 5—Guidance for Transportation Agencies on Managing Sensitive Information National Cooperative Highway Research Program 2005 http://onlinepubs.trb.org/onlinepubs/nchrp/nchrp_rpt_525v5.pdf This guideline provides basic information to assist DO’s in the management of sensitive information. Two elements of the process—Identifying What Kinds of Sensitive Information Needs to Be Protected and Controlling Access—are highlighted in the research. A set of key questions are provided along with a five-step methodology for developing an Information Protection Policy. F. Infrastructure Protection Guidance for Protecting Building Environments from Airborne Chemical, Biological, or Radiological Attacks Department of Health and Human Services Centers for Disease Control and Prevention National Institute for Occupational Safety and Health, May 2002 DHHS (NIOSH) Publication No. 2002-139 www.cdc.gov/niosh This guideline presents building owners and managers with a list of action steps that can be used to enhance occupant protection from an airborne chemical, biological, or radiological (CBR) attack. The intended audience includes building owners, managers, and maintenance personnel of public, private, and governmental buildings, including offices, laboratories, hospitals, retail facilities, schools, transportation terminals, and other public venues. Higher risk facilities includ- ing subway systems are identified as beyond the scope of the guide. Standard Guide for Developing a Cost-Effective Risk Mitigation Plan for New and Existing Constructed Facilities: E 2506—06 ASTM Committee on Standards, Copyright © 2006 ASTM International www.astm.org This guide describes a generic framework for developing a cost-effective risk mitigation plan for new and existing constructed facilities—buildings, industrial facilities, and other critical infrastructure. This guide provides owners and managers of constructed facilities, architects, engineers, constructors, other providers of professional services for constructed facilities, and researchers an approach for formulating and evaluating combinations of risk mitigation strategies. This guide is under the jurisdiction of ASTM Committee E06 on Per- formance of Buildings and is the direct responsibility of Subcommittee E06.81 on Building Economics. Annotated Bibliography 113

Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings FEMA 426 Department of Homeland Security (DHS), Federal Emergency Management Agency (FEMA) December 2003 http://www.fema.gov/plan/prevent/rms/rmsp426 This 420-page manual is a “how to” guide for protecting high-occupancy buildings and the people who occupy them from terrorist attacks. It is intended to provide an understanding of risk, threat, vulnerability and hazard assessment methodologies and security design considera- tions for the protection of new and existing buildings. The manual provides guidance to the “building science community of architects and engineers” to reduce physical damage to build- ings and related infrastructure. Recommendations for Bridge and Tunnel Security AASHTO Blue Ribbon Panel on Bridge and Tunnel Security September 2003 www.fhwa.dot.gov/bridge/security/brp.pdf This report consists of guidelines, tables, charts, figures and recommendations developed by a Blue Ribbon Panel (BRP) of bridge and tunnel experts from professional practice, acade- mia, federal and state agencies, and toll authorities. It contains strategies and practices for deterring, disrupting, and mitigating potential terrorist attacks against bridges or tunnels. The intent of the report is to recommend policies and actions to “reduce the probability of cata- strophic structural damage that could result in substantial human casualties, economic losses, and socio-political damage.” The BRP makes overarching recommendations: • Institutional Recommendations • Interagency Coordination • Outreach and Communication • Clarification of Legal Issues • Fiscal Recommendations • New Funding Sources for Bridge/Tunnel Security • Funding Eligibility Determination • Technical Recommendations • Technical Expertise • Research, Development, and Implementation National Institute of Standards and Technology Final Report on the Collapse of the World Trade Center Towers NIST NCSTAR 1. Gaithersburg, MD: NIST, September 2005. http://wtc.nist.gov/NISTNCSTAR1CollapseofTowers.pdf This is the final report on the National Institute of Standards and Technology investigation of the collapse of the World Trade Center on September 11, 2001. This report describes how the aircraft impacts and subsequent fires led to the collapse of the towers. “The report concludes with a list of 30 recommendations for actions in the areas of increased structural integrity, enhanced fire endurance of structures, new methods for fire resistant design of structures, enhanced fire protection, improved building evacuation, improved emergency response, improved procedures and practices, and evaluation and training.” 114 Security 101: A Physical Security Primer for Transportation Agencies

Best Practices for Safe Mail Handling DHS Interagency Security Committee September 2006 This Interagency Security Committee (ISC) document contains suggested information on government mail center operations. It provides a series of security recommendations for low, moderate, and high risk facilities, establishes mail center personnel security procedures and lists protective measures for safe handling of suspicious letters and parcels. The document also contains a quick reference guide for handling bomb, radiological, biological or chemical threats. GSA Facilities Standards for the Public Buildings Service General Services Administration March 2005 http://www.gsa.gov (available) The GSA webpage states “The Facilities Standards for the Public Buildings Service establishes design standards and criteria for new buildings, major and minor alterations, and work in his- toric structures for the Public Buildings Service (PBS) of the General Services Administration (GSA). This document contains policy and technical criteria to be used in the programming, design, and documentation of GSA buildings. The Facilities Standards is a building standard: it is not a guideline, textbook, handbook, training manual or substitute for the technical compe- tence expected of a design or construction professional.” Chapter 8 of the 365-page document is entitled “Security Design.” It includes sections addressing Planning and Cost, Architecture and Interior Design, Commissioning, New Con- struction, Existing Construction Modernization, Historic Buildings, Structural Engineer- ing, Mechanical Engineering, Fire Protection Engineering, Electronic Security, and Parking Security. DoD Minimum Antiterrorism Standards for Buildings (Unified Facilities Criteria UFC 4-010-01) Department of Defense October 2003 www.wbdg.org/ccb/DOD/UFC/ufc_4_010_01.pdf This document is issued under the authority of DoD Instruction Number 2000.16, DoD Antiterrorism Standards which requires DoD Components to adopt and adhere to common cri- teria and minimum construction standards to mitigate antiterrorism vulnerabilities and terror- ist threats. This document is mandatory for use by all DoD Components. The stated intent of the standards is “to minimize the possibility of mass casualties in buildings or portions of build- ings owned, leased, privatized, or otherwise occupied, managed or controlled by or for DoD. These standards provide appropriate, implementable, and enforceable measures to establish a level of protection against terrorist attacks for all inhabited DoD buildings where no known threat of terrorist activity currently exists.” Subjects contained in the manual address security issues such as Maximize Standoff Distance, Prevent Building Collapse, Minimize Hazardous Flying Debris, Limit Airborne Contamination, Provide Mass Notification, Controlled Perimeter, Government Vehicle Parking, Levels of Pro- tection, Minimum Standoff Distance, Enhanced Fire Safety and Training. Appendix B, DoD Antiterrorism Standards for New and Existing Buildings contains the actual standards. Appen- dix C contains additional measures that are not mandatory. Annotated Bibliography 115

116 Security 101: A Physical Security Primer for Transportation Agencies DoD Security Engineering Facilities Planning Manual (Draft) UFC 4-020-01 Department of Defense March 2006 www.wbdg.org/ndbm/DesignGuid/pdf/Final%20Draft_UFC_4-020-01.pdf This comprehensive 321 page document is a follow-on draft companion text for use with the DoD Minimum Antiterrorism Standards for Buildings. The stated purpose of the Manual is “to support planning of projects that include requirements for security and antiterrorism. Projects include new construction, existing construction or expeditionary and temporary construction.” The intended users of this manual are “engineering planners responsible for project develop- ment and planning teams responsible for developing design criteria for projects.” Designing and Operating Safe and Secure Transit Systems: Assessing Current Practices in the United States and Abroad Mineta Transportation Institute College of Business San José State University November 2005 http://transweb.sjsu.edu/mtiportal/research/publications/summary/0405.html The abstract filed with this comprehensive study states, “This study contributes to our under- standing of transit security by (1) reviewing and synthesizing nearly all previously published research on transit terrorism; (2) conducting detailed case studies of transit systems in London, Madrid, New York, Paris, Tokyo, and Washington, D.C.; (3) interviewing federal officials here in the United States responsible for overseeing transit security and transit industry representa- tives both here and abroad to learn about efforts to coordinate and finance transit security plan- ning; and (4) surveying 113 of the largest transit operators in the United States. Our major findings include: (1) the threat of transit terrorism is probably not universal—most major attacks in the developed world have been on the largest systems in the largest cities; (2) this asymmetry of risk does not square with fiscal politics that seek to spread security funding among many juris- dictions; (3) transit managers are struggling to balance the costs and (uncertain) benefits of increased security against the costs and (certain) benefits of attracting passengers; (4) coordina- tion and cooperation between security and transit agencies is improving, but far from complete; (5) enlisting passengers in surveillance has benefits, but fearful passengers may stop using pub- lic transit; (6) the role of crime prevention through environmental design in security planning is waxing; and (7) given the uncertain effectiveness of transit antiterrorism efforts, the most tan- gible benefits of increased attention to and spending on transit security may be a reduction in transit-related person and property crimes.” Identification of Cost-Effective Methods to Improve Security at Transit Operating/Maintenance Facilities and Passenger Stations (FTA-FL-26-71054-03) Center for Urban Transportation Research, University of South Florida July 2006 www.cutr.usf.edu/security/documents/UCITSS/UCITSS%20Safety%20Security.pdf This report provides information regarding the conduct of Asset and Vulnerability Assess- ment, Threat Assessment, Physical Security Review and Incident Planning and Response. Case studies of “best practices” are included for the Denver Regional Transit District, Washington Metropolitan Area Transit Authority, Charlotte Area Transit System, Massachusetts Bay Trans- portation Authority, Central Florida Regional Transportation Authority and Bay Area Rapid Transit. Each case study provides an overview of the transit system, a statement of the problem identification and need for innovative security measures, a description of the transit system’s

Annotated Bibliography 117 previous attempts to address the problem, an outline of the proposed solution, a cost-benefit analysis, performance indicators, and lessons learned. Transit Security Design Considerations Federal Transit Administration 2004 http://transit-safety.volpe.dot.gov/Publications/order/singledoc.asp?docid=356 This comprehensive 341 page report contains security design guidance for bus vehicles, rail vehicles, and transit infrastructure. The executive summary describes the document as a “com- pendium of actionable steps from which transit agency staff can select when creating a secu- rity strategy.” This document consists of nine chapters and several appendices. The first three chapters are introductory, presenting an overview of considerations associated with securing the transit environment. Chapter 4 details a process for “Developing a Security Strategy” that considers options, evaluates countermeasures, and establishes an implementable security strat- egy based on the criticality of the agency’s vulnerabilities. The remaining chapters address Access Management, Infrastructure Protection, Transit Vehicles, Communications, and Sys- tems Integration. Appendices include a (A) Chronology of Terrorist Attacks against Public Transit, (B) Case Studies of Transit Security Initiatives, and (G) Lessons Learned from Transit Communications Emergencies. Appendices also address (C) Performance Measures, (D/E) Vehicle Barriers, and (F) Codes and Standards. NCHRP Report 525: Surface Transportation Security Volume 12—Making Transportation Tunnels Safe and Secure Transit Cooperative Research Program 86/National Cooperative Highway Research Program 525 2006 http://onlinepubs.trb.org/onlinepubs/nchrp/nchrp_rpt_525v12.pdf The stated objective of this research was “to provide safety and security guidelines for own- ers and operators of transportation tunnels to use in identifying (1) principal vulnerabilities of tunnels to various hazards and threats; (2) potential physical countermeasures; (3) potential operational countermeasures; and (4) deployable, integrated systems for emergency-related command, control, communications, and information.” As discussed in the preface to the text, there are seven chapters contained in this comprehen- sive 184-page guideline: • Chapter 1, “Introduction,” introduces the problems that the project has attempted to solve and the environment of the work. • Chapter 2, “Hazards and Threats,” describes hazards and threats according to the areas or ele- ments of the tunnel that might be affected, how the hazards and threats might be introduced, the operational and physical vulnerabilities to those hazards and threats, and the damage potential of the hazards and threats. • Chapter 3, “Case Studies,” provides a chronology of past tunnel disasters that were studied for the project. • Chapter 4, “Tunnel Elements and Vulnerabilities,” gives basic descriptions of various tunnel types, both by mode of transportation and by construction methodology. The chapter then outlines specific vulnerabilities by describing how and why failures can occur under given safety- and security-related hazards and threats based on characteristics of the tunnel’s struc- ture, as well as the surrounding earth. The chapter also rates the damage potential for road, transit, and rail tunnels in conjunction with a given explosion or fire event.

118 Security 101: A Physical Security Primer for Transportation Agencies • Chapter 5, “Countermeasures,” presents tunnel owners or operators with structural and sys- tem hazard and threat directories in the form of tables. The user is instructed how to apply these directories to his or her own facility. These tables then reference a list of 50 potential physical and/or operational countermeasures that can be used to improve structural and/or system elements. • Chapter 6, “System Integration,” provides information on current and proposed integrated systems that may be used to increase the safety and security of a transportation tunnel. • Chapter 7, “Future Research,” provides recommendations for areas requiring further study and approximate funding costs. The report concludes with a list of references that were cited in the text, a list of additional sources, and a list of abbreviations. G. Homeland Security Homeland Security Advisory System (HSAS) Department of Homeland Security 2002 www.dhs.gov/xinfoshare/programs/Copy_of_press_release_0046.shtm The Homeland Security Advisory System (HSAS) was created pursuant to Executive Order— Homeland Security Presidential Directive (HSPD) 3. The most well known aspect of the system is: (1) the Color-coded Threat Level System used to communicate with public safety officials and the public at-large. The HSAS Color-coded system is made up of five graduated threat condi- tions: Severe—Red, High—Orange, Elevated—Yellow, Guarded—Blue, and Low—Green. There are two other parts of HSAS: (2) Homeland Security Threat Advisories that contain actionable information about an incident involving, or a threat targeting, critical national networks or infra- structures or key assets. This category includes products formerly named alerts, advisories, and sector notifications. Advisories are targeted to Federal, state, and local governments, private sec- tor organizations, and international partners; and (3) Homeland Security Information Bulletins that communicate information of interest to the nation’s critical infrastructures that do not meet the timeliness, specificity, or significance thresholds of warning messages. Such information may include statistical reports, periodic summaries, incident response or reporting guidelines, com- mon vulnerabilities and patches, and configuration standards or tools. It also may include pre- liminary requests for information. Bulletins are targeted to Federal, state, and local governments, private sector organizations, and international partners. The 9-11 Commission Report Final Report of the National Commission on Terrorist Attacks upon the United States, Official Government Edition http://www.gpoaccess.gov/911/pdf/fullreport.pdf The Commission’s Final Report provides a full and complete account of the circumstances surrounding the September 11th, 2001, terrorist attacks, including preparedness for and the immediate response to the attacks. It also includes recommendations designed to guard against future attacks. National Infrastructure Protection Plan—Sector Specific Plan Transportation Systems (NIPP) Department of Homeland Security May 2007 http://www.dhs.gov/xlibrary/assets/nipp-sp-transportation.pdf

The NIPP Sector Specific Plan for Transportation contains a homeland security strategy for the entire transportation network. The plan discusses a “Systems-Based Risk Management (SBRM)” approach to improve the sector’s risk management posture. The strategy focuses upon implementing multiple layers of security. A “Vision Statement for the Transportation Sector— Our vision is a secure and resilient transportation network, enabling legitimate travelers and goods to move without undue fear of harm or significant disruption of commerce and civil liberties” and “Mission Statement—Continuously improve the risk posture of the Nation’s transportation system” are highlighted in the plan. Annexes are included covering Aviation, Maritime, Mass Transit and Passenger Rail, Highway Infrastructure and Motor Carrier, and Freight Rail. H. Security Technology The Use of Technology in Preparing Subway Systems for Chemical/Biological Terrorism Anthony J. Policastro & Susanna P. Gordon APTA 1999 Rapid Transit Conference Proceedings Paper http://www.apta.com/research/info/briefings/documents/policastro.pdf Describes technologies that can be put into place in a subway system in an attempt to save lives in case of an incident of biological or chemical terrorism. Biometric Technology and Standards Reference National Science and Technology Council (NTSC) Subcommittee on Biometrics and Identity Management 2007 http://www.biometrics.gov/Documents/biofoundationdocs.pdf This comprehensive 167 page reference document is an introductory on-line downloadable text designed to improve knowledge and understanding of biometric technologies. The docu- ment includes the following information: Biometrics FAQ, Biometrics Glossary, Biometrics Overview, Biometrics History, Palm Print Recognition, Fingerprint Recognition, Hand Geom- etry, Dynamic Signature, Vascular Pattern Recognition, Iris Recognition, Face Recognition, Speaker Recognition, Cross-Cutting Topics, Biometrics Standards, and Biometrics Testing and Statistics. There is an accompanying “Biometrics Technology and Standards Overview” that summarizes the information contained in the reference document. Vulnerability Assessment of the Transportation Infrastructure Relying on Global Positioning System Final Report John A. Volpe National Transportation Systems Center, August 2001 http://www.navcen.uscg.gov/archive/2001/Oct/FinalReport-v4.6.pdf This document assesses the ways users might be affected by a short- or long-term GPS outage. It recommends steps the user community might take to minimize the impact of such outages. Annotated Bibliography 119