Transit Security Update (2008)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

40 CHAPTER SIX CASE STUDIES Massachusetts Bay Transportation Authority (Boston, Massachusetts), 40 Bay Area Rapid Transit (San Francisco, California), 45 Capital District Transportation Authority (Albany, New York), 52 Capital Metro (Austin, Texas), 55 Washington Metropolitan Area Transit Authority (Washington, D.C.), 58 60 CHAPTER SEVEN CONCLUSIONS Project Findings, 60 Transit Security Practices, 60 Problems and Obstacles, 63 Research Needs, 64 66 ABBREVIATIONS AND ACRONYMS 68 REFERENCES 71 BIBLIOGRAPHY 74 GLOSSARY 84 APPENDIX A SUPPORTING MATERIAL 87 APPENDIX B LITERATURE REVIEW 114 APPENDIX C SURVEY QUESTIONNAIRE 132 APPENDIX D LIST OF SURVEY RESPONDENTS 133 APPENDIX E SUMMARY OF SURVEY RESULTS

SUMMARY TRANSIT SECURITY UPDATE This report, an update of the original TCRP Synthesis of Transit Practice 21: Improv- ing Transit Security (1997), addresses terrorism, which was not included in the original study along with ordinary crime. Counterterrorism and anticrime security measures and practices, crime and security incident trends, and other related issues are covered in this report. Major issues and obstacles to security and policing management, as well as further research needs, have been identified and presented. The key elements of this Synthesis study include a survey of 120 transit agencies, with a 38% response rate, case studies, and a literature review along with input from industry experts and National Transit Database (NTD) analysis. Since the publication of the last report in 1997, significant improvements have been made to mitigate ordinary crime, and significant progress has been made to secure transit systems from terrorism. After September 11, 2001 (9/11), securing public transportation systems against the terrorist threat became an important and complex issue for U.S. transit operators and continues to be a prime concern of both domestic and international transit operators. For many decades, transit systems outside of the United States have been a target of terrorist activity, which has resulted in significant losses of life, injuries, infrastructure damage, disruptions to transit service, and economic losses to the affected regions. With almost 10 billion public transportation trips taken in 2006, U.S. transit systems offer many important benefits to their ridership, the community and its residents, regional and state economies, and the environment. The following characteristics of transit systems and their assets—vehicles, infrastructure, communications, and personnel—make them especially vulnerable to terrorist attacks: Large numbers of passengers contained within enclosed spaces, • Ease of access to the general public, • Symbolic nature of transit terminals,• Economic significance to a region, and • Psychological impact on a community and even the nation. • Synthesis survey results revealed that the terrorist threats of primary concern to mul- timodal, rail-only, and ferry systems were explosives, chemical and biological threats, hijackings and shootings, and sabotage. The terrorist threats of primary concern to bus agencies were hijackings, shootings, explosives, and sabotage. Transit agencies are well aware of many other possible terrorist threats, such as radiological attacks, cyber crime, and transit vehicles used as weapons, but these threats are considered to be of secondary importance. To counter these threats and better protect their transit systems, transit agencies have invested more than $2.5 billion on security and emergency preparedness programs and technologies to better protect their customers and systems, and have made changes to their security and policing management techniques to address terrorism as well as ordinary crime. The primary post–9/11, changes in security practices include the implementation

2 of Transit Watch, or a similar employee and passenger awareness and outreach program; provision of security training to frontline employees and counterterrorism training to police and security personnel. Transit agencies have increased the number and hours of security personnel; conducted threat and vulnerability assessments; received intelligence informa- tion from federal agencies; and increased local and regional coordination and outreach efforts through counterterrorism committees and intelligence information sharing with local responders and neighboring transit agencies. Human resource practices have changed, par- ticularly regarding background checks. The guidance on background checks most recently issued by the TSA helps transit agencies conduct more robust background checks and makes the process more consistent across agencies by identifying the factors to consider and the recommended scope of the checks and procedures. In terms of planning, many transit agen- cies have up-to-date security and emergency management plans, including a Continuity-of- Operations Plan. According to survey respondents, post-9/11 security investments have had a positive impact on terrorism deterrence and detection capabilities, general crime mitigation, and the public, passenger, and employee perception of security. Agencies report that their public outreach efforts have contributed to increased passenger and employee awareness, improved employee preparedness, and increased security in terms of both deterrence and detection. The greatest obstacle in security and policing management was reported to be the lack of resources to implement desired security measures. The following effective counterterrorism practices, anticrime practices, and practices applicable to both counterterrorism and anticrime were identified by the Synthesis survey, case studies, literature review, and input from industry experts. Counterterrorism Practices• Identity management – prevents unauthorized physical access of sensitive transit facility areas or virtual access to agency networks and its databases. Intelligence information – is an important security practice and includes gathering and identifying agency-specific, actionable information; analyzing intelligence information to determine its reliability and relevance to a particular agency; and sharing information. Intelligence sharing between the agencies and their federal, state, and local partners is further facilitated through TSA’s Mass Transit Security Information Network’s interagency communication and information-sharing proto- cols. The Homeland Security Information Network Public Transit Portal has been integrated into this network to provide a one-stop security information sources and outlets for security advisories, alerts, and notices. Passenger Security Inspections – (PSIs), including random baggage inspections, canine patrols, and behavioral assessment, are practiced by several agencies. Behavioral assessment practiced by both transit officers and transit employees is a relatively cost-effective PSI method that is readily deployable and effectively expands the reach of the police force. Public education and outreach campaigns – inform passengers about the importance of reporting suspicious activities, persons, or items, and enlist them to become the eyes and ears of the agency. Public education and outreach efforts are being enhanced further by such programs as Play Your Part through which TSA, in joint efforts with mass transit and passenger rail agencies, advances security awareness among the traveling public as well as public and private partners. TSA Transportation Security Inspectors–Surface, supported by the Mass Transit Division, form part- nerships with the agencies in high-visibility public awareness campaigns, altering the normal activities at terminals or stations and enhancing passenger awareness of and vigilance for suspicious activities and items as possible indicators of terrorist preparations for, or execution of, an attack.

3 Regional coordination – among transit agencies, emergency responders, local departments of transportation, and other relevant agencies enhances security ini- tiatives and agency preparedness. Training transit police and security personnel – enhances the preparedness of tran- sit systems. Initially, a range of security training materials for transit workers was developed through programs sponsored by the FTA to assist transit agencies. To further assist these agencies, TSA, in consultation with FTA and other public and private security partners, developed and published the Mass Transit Security Training Program. This program presented on TSA’s website provides detailed guidelines for mass transit and passenger rail agencies to develop and implement security training programs, and specifies the subject areas in which particular categories of employees should receive training. These guidelines are imple- mented under the Transit Security Grant Program. Course options include pro- grams funded by FTA/TSA (transit-specific terrorism prevention and response) and the Federal Emergency Management Agency (general terrorism prevention and response). Trace detection technology – detects residues from explosives and is available in portable devices suitable for transit environments. Radiological pagers are used by transit agencies to detect nuclear threats. Chemical detectors are being tested at major transit systems. Biological threat detectors are also being developed for use in transit systems. Anticrime Practices• Codes of conduct – are rules that passengers must follow within the transit system. Enforcing codes of conduct can assist agencies in detecting and deterring crime and in enhancing the perception of security within their transit systems. Crime statistics maps – are valuable visual tools for transit police and are useful for the strategic deployment of officers. Providing passengers with access to up-to- date crime data through interactive, user-friendly crime statistics maps increases their perception of control over their transit trip. Plainclothes officers – within the transit system are used to catch perpetrators in the act of committing a crime. The use of unmarked vehicles is also an effective practice in transit park-and-ride or other parking facilities. School outreach – programs enlist the assistance of schools to enforce passenger codes of conduct and discourage disorderly behavior in juvenile populations. Training bus drivers – in customer relations, conflict mitigation, and gang-related violence provides bus drivers with increased confidence and knowledge in dealing with the public. Counterterrorism and Anticrime Practices• Crime Prevention through Environmental Design – principles enhance security by hardening transit facilities and vehicles and making the transit environment less conducive to criminals. The Collaborative Transportation Imagery Project – is a joint endeavor by TSA and its partner agencies to produce detailed mapping and interactive imagery of key assets and systems. The project informs and enhances the quality of operational activities and addresses threats and security incidents, security plans, training programs, and exercises. The product, provided on digital disc, incorporates mul- tiple types of imagery, satellite maps, schematics, and related materials to provide a comprehensive view of the transit system, detailing significant infrastructure and security apparatus. Transit police and security personnel – , which include high-visibility patrols and specialized counterterrorism teams, perform sweeps of transit terminals, stations, and trains and buses. These efforts enhance the visibility of transit employees, which is an effective security practice.

TSA’s Visible Intermodal Prevention and Response – teams have been deployed at hundreds of transit systems throughout the country. These teams augment security in the systems, expanding the agencies’ capabilities to implement random, unpre- dictable security activities to deter both terrorism and crime. Video technology – has multiple uses, and its scalable, analytical capability has been rapidly increasing. Recordings of incidents and accidents can be used to identify perpetrators, verify crime occurrences, and provide postincident analysis. Criminal or atypical behaviors can be identified by intelligent video technology. Video cam- eras can be linked with other detection systems such as intrusion detectors and chemical detectors. Other Findings• Crime trends – : According to the Bureau of Justice Statistics, a nationwide decline in crime and a concomitant decrease in transit crime were seen in the United States starting in the mid-1990s. Transit crime dropped significantly from 1997 to 2002 and then began to plateau. Concerns were raised by industry experts about the reliability and accuracy of NTD data; however, the following conclusions can be made based on the NTD data analysis: There were many more minor than serious crimes within public transit systems, and the numbers of the most violent crimes—homicide and rape—were extremely low. For serious Part I offenses, the most problematic was theft, and for less serious Part II offenses, the most predominant was fare evasion, with a majority of the citations occurring on light rail systems. Major incidents, suspicious activity, and threats – : Transit agencies report an increase in suspicious activities, persons, and items in the period after 9/11. In general, these reports have diminished and have plateaued over the past few years. Passenger perception of crime and terrorism – : Although violent crimes in transit systems are generally low in actual numbers, public perception is different. Media coverage and the entertainment industry intensify public fears. Minor crimes and disorder (e.g., unruly juveniles) affect passenger perceptions even if the actual con- sequences of these incidents are minimal. These findings may influence how agen- cies measure security, because of the disparity between actual and perceived levels of crime. Regarding the perception of terrorism, public perception differs greatly between the east and west coasts, with east coast passengers more aware of the threat of terrorism and tolerant of terrorism-related security measures. Performance metrics – : Performance metrics are important in monitoring the perfor- mance of security systems, practices, and measures as well as the overall security of a transit system. Metrics can be used to communicate the benefits of security to management and the general public and convince decision makers as to the value and relevance of security investments.

5 Transit agencies, with the technical assistance provided by DHS/TSA and FTA, have been striving to meet these challenges and have, in varying degrees, enhanced the preparedness of their police force and security personnel, educated their passengers, and hardened their transit sys- tems as terrorist targets. Immediately after September 11, counterterrorism efforts were implemented in a reactive and piecemeal manner, but more recently transit agencies have been incorporating security practices into their core mis- sion, strategic plans, and daily operations. Although transit agencies have invested more than $2.5 billion to enhance security and preparedness, transit security needs, according to APTA, are approximately $6 billion (Hull 2007). Transit agencies have had to balance security needs with the innate attributes of public transportation—accessibility to the public, reliability of service, convenience, and smooth operations—and address difficult issues such as privacy, tort law and constitutionality, and employee and public acceptance. THE TERRORIST THREAT Terrorists justify and even glorify violence against innocent civilians. Significant harm can be inflicted with relatively minor expenditure by terrorists. For instance, improvised explosive devices (IEDs), one of the primary threats to transit systems, can be assembled with commonly available items. The principal international terrorist threat is from the al-Qaeda network, which has been evolving constantly in response to the counterterrorism efforts initiated by the United States and other nations. In 2006, authorities uncov- ered a plot by eight al-Qaeda terrorists to plant explosives on a Port Authority Trans-Hudson Corporation (PATH) train connecting New Jersey and Manhattan and hoped to blow up the underwater tunnel under the Hudson River (CNN 2006). In India, on May 13, 2008, bicycles and rickshaws were attacked in a well-planned series of explosions that killed at least 60 people and wounded 150 others in a top tourist destination. Although bicycles and rickshaws are not typical modes of public transportation in the United States, this type of attack illustrates the adaptability of terrorists and their capacity for planning and successfully executing simultaneous attacks. CHAPTER ONE INTRODUCTION Before September 11, 2001 (9/11), a foreign terror attack on U.S. soil was deemed unlikely by many and unimaginable by others. On 9/11, transportation vehicles were turned into weapons that killed thousands of innocent civilians and emer- gency responders. 9/11 became the defining moment when the face of transit security changed and counterterrorism became one of the highest priorities of transit management. U.S. transit agencies, with FTA support, took immediate measures to enhance the security of their systems. The key actions taken by the United States after 9/11—to establish the TSA and DHS, reorganize the intelligence com- munity and create a Director of National Intelligence—have strengthened interagency collaboration and the government architecture against terrorism. Before 9/11, the FTA and the FRA had the primary federal responsibility for transit security. In response to the 9/11 attacks, TSA was created by Congress through an enactment of the Aviation and Transportation Security Act. Upon its creation in November 2001, TSA undertook primary responsibility for protecting all modes of transportation, including public transportation systems. Although originally within the U.S.DOT, TSA and other agencies were transferred to DHS after passage of the Homeland Security Act of 2002. Countering terrorism threats has been a major challenge for transit agencies, because it requires a transfer of skill sets and a knowledge base along with specialized counterterrorism knowledge. Terrorists have different objectives and motives than criminals. They seek to maximize deaths, injuries, and property damage. The frequency and consequences of criminal and terrorist activity are disparate as well. Less serious crimes such as fare evasion and theft occur daily, pervade the entire system, and increase passenger perception of fear. Terrorist attacks occur infrequently and unpredictably but, when suc- cessful, can have a catastrophic impact on the transit system, a region’s economy, and the psychology of entire nations. Unfortunately, transit systems are attractive targets for terrorists: Large numbers of passengers are contained within enclosed spaces; transit terminals and stations are often vis- ible, symbolic expressions of a city or a region; and transit, especially in urban areas, is central to regional commerce. Significant psychological trauma to a community or even the entire nation can be inflicted by a terrorist attack on a transit system.

6 attack in the United States has occurred since 9/11, these events reflect the continued persistence and desire of terror- ists to inflict harm on innocent civilians and their proclivity to choose transit systems as targets. Transit Vehicles Transit vehicles are primary targets because they contain large numbers of passengers and also can damage surround- ing or nearby infrastructure. A series of attacks on a train proceeding through an underwater tunnel potentially can cause the destruction of the tunnel along with the death of the occupants of the tunnel and the train. An attack on a bus traveling under a building can not only destroy the bus along with its passengers and driver but also potentially cause the collapse of the building. The extensive and open nature of many commuter and light rail systems and their infrastruc- ture make the assurance of passenger security particularly challenging. Vehicle-carrying ferries and high-capacity ferries are considered to be especially vulnerable. During emergencies, ferries may be the only viable mode of trans- portation for both victims and emergency responders and an important evacuation mode as well. Transit Infrastructure Transit infrastructure includes passenger terminals, sta- tions, and stops; tunnels, bridges, and elevated structures; ferry terminals; rail yards and bus depots; rail right-of-way (ROW), tracks, and signals; control centers and communica- tions; administrative facilities; and parking lots and struc- tures that may or may not be owned by the transit authority (see Figures 1 and 2 for examples of a station and terminal). All of these transit infrastructure elements are potential tar- gets (FTA 2004). Passenger terminals such as Union Station in Washing- ton, D.C., and Grand Central Terminal in New York City are typically large intermodal stations with high passenger and pedestrian volumes, provide critical links within a region’s transit network, and hold symbolic significance to a city or region. Transit tunnels allow the passage of transit vehicles along with passenger and commercial vehicles and may be located underwater or underneath various structures, mak- ing them attractive targets. These tunnels are essential for goods and people movement, and repairing tunnels is costly and time-consuming. Because control centers and commu- nications systems are essential for transit operations, they are vulnerable to physical or cyber attack. Rail yards and bus depots are susceptible to attack because they contain many transit vehicles, maintenance areas with exposed vehicles, fuel storage, and revenue col- lection and storage mechanisms. Rail ROW, tracks, and sig- nals can be targets because damage to these elements can Some of the other new challenges include a more dispersed network in multiple locations and nations; an increased and more sophisticated use of the Internet to communicate, recruit, proselytize, raise funds, and gain access to and dis- rupt government sites; and an increasing interest in weapons of mass destruction (WMD) (National Strategy for Combat- ing Terrorism 2006). A variety of international terror groups have been target- ing U.S. assets and citizens, and homegrown terrorists have also exacted loss of life and psychological damage on inno- cent civilians on U.S. soil; however, the primary focus has been and continues to be on the al-Qaeda threat. Multimodal, rail-only, and ferry operators naturally con- sider a greater range of threats to be applicable to their systems than bus agencies. Synthesis survey results revealed that the terrorist threats of primary concern to multimodal systems, including rail-only and ferry operators, were as follows: Explosives• Chemical and Biological (tied)• Hijacking and Shootings (tied)• Sabotage.• The terrorist threats of primary concern to bus agencies were as follows: Hijackings• Shootings• Explosives• Sabotage.• Cyber crimes have been on the rise in the United States with frequent hackings of government sites and databases, and large amounts of sensitive information being compromised. The potential for sophisticated hackers to damage or disrupt the computer network, communications systems, operations of control centers, and Intelligent Transportation Systems (ITS) technologies of transit systems is indisputable. Potential Transit Targets Transit targets include transit vehicles, transit and related infrastructure, communications systems, and transit person- nel. Internationally, all modes including ferries have been the target of terrorist attacks, with attacks on rail systems being the most severe in terms of casualties and injuries. The attacks on Madrid’s commuter rail system took the lives of 191 persons in 2004, and 200 persons died in the attack on Mumbai’s commuter rail system in 2006. In 2005 in Lon- don, 52 people were killed on London trains and buses. On Israeli buses, IED attacks often carried out by suicide bomb- ers have been less severe in terms of lives lost but the attacks have been much more frequent. Although no major terrorist

7 cause accidents and derailments. Parking lots and struc- tures are potential targets, especially when they are located beneath or above a transit terminal or station. FIGURE 1 Heavy Rail Station (Source: Dr. Yuko J. Nakanishi). ! FIGURE 2 Grand Central Terminal (Source: Dr. Yuko J. Nakanishi). Transit Personnel Transit personnel, essential to a system’s safe and secure oper- ation, are viewed as an important first line of defense against terrorism and are vital during emergencies. Transit personnel are vulnerable to theft of their uniforms, theft of their identifi- cation, and impersonation; they are also vulnerable to hijack- ings and blackmail. The potential also exists for a terrorist to gain access to a transit system as an employee, contractor, or vendor to use a vehicle as a weapon or to commit other types of sabotage. Disgruntled employees are a concern because they can easily access transit vehicles and facilities. TSA Security Initiatives TSA’s efforts to assist public transit agencies and passen- ger rail carriers to deter terrorism and reduce the effects of terrorist attacks continue to be guided by five principles (TSA 2008): Expanding partnerships for security enhancement 1. through regional coordination and liaison, notably engagement with federal and mass transit and pas- senger rail security partners through the Govern- ment Coordinating Council and Sector Coordinating Council framework, the Transit Policing and Security Peer Advisory Group and multiagency coordination forums in regional areas throughout the country: To address the first principle, TSA has been conduct- ing regional security forums and workshops, collab- orative efforts with public and private partners, and international outreach. Elevating the security baseline through the Base-2. line Assessment for Security Enhancement (BASE) program and the analysis and application of results to drive the development of security programs and resource allocations that most effectively produce security enhancement: The BASE program assesses and aims to elevate the TSA’s security posture in 17 Security and Emergency Management Action Items. Also, numerous security assessments have been con- ducted. Particular attention is paid to the transit agen- cies posture in five fundamental areas: Protection of other high-risk assets that have been • identified through systemwide risk assessments; Use of visible, unpredictable deterrence;• Targeted counterterrorism training for key front-• line staff; Emergency preparedness drills and exercises; and• Public awareness and preparedness campaigns.• TSA has produced a compilation of Smart Security Practices derived from the BASE results, with the implementing mass transit or passenger rail agency and a point of contact identified, to enable mass transit and passenger rail security officials to network and discuss how the particular practice has been developed and implemented and to consider how it may be adapted to the operational circumstances of other systems. Building security force multipliers through security 3. training of employees and law enforcement, terror- ism prevention and response exercises and drills, and public awareness campaigns: Well-trained employ- ees are a force multiplier for security efforts imple- mented by transit agencies. To assist transit agencies in improving their training, in 2007, TSA developed and published the Mass Transit Security Training Program and is creating a national counterterrorism exercise program. The Visible Intermodal Prevention and Response (VIPR) program augments security by sending TSA teams to selected transit systems. The TSA teams provide random security activities as a terrorism deterrent.

8 Technical Approach to the Project The objectives of the project were met by the following tasks: Conducting a literature review of relevant materials, • Developing and distributing a survey to 120 large and • small transit agencies in various geographic regions of the United States, Conducting case studies, • Seeking and receiving input from industry experts, and • Analyzing National Transit Database (NTD) security • and incident data. Literature Review A literature review of relevant materials on security and policing practices and transit counterterrorism strategies was performed by consulting FTA reports, TSA products, TCRP and NCHRP studies, books, journal and magazine articles, and online sources. The literature review is located in Appen- dix B of the report, and the key portions of the review were synthesized into the report text. Survey The objective of the survey was to obtain information about post-9/11 crime-prevention and counterterrorism measures; effective or innovative security and policing practices; and information about crime, incidents, threats, and suspicious activity trends. In addition, the survey sought to identify issues and obstacles to security and policing management. The expanded objectives of the survey necessitated a longer questionnaire format. The survey was distributed through the online sur- vey site, electronically, or by mail to 120 multimodal and modal transit operators. The goal of the selection process of the survey recipients was to ensure diversity in terms of agency size, geography, and service area as well as modes operated. Of the 120 operators contacted for the survey, 45 (or 38%) responded. Because there was variability in terms of responses to individual questions, this was taken into account in the data reporting process. The survey question- naire, list of survey respondents, and the survey results are presented in Appendixes C, D, and E. The categories of questions included in the survey were security and policing management; primary threats to tran- sit systems; security measures being used or planned for use; the most effective measures and innovative practices; threats or incidents including cyber breaches; post-9/11 changes in security practices and changes in threats and suspicious activity, criminal offenses, and incidents; system security data and analysis; customer outreach; and employee security and policing training. Leading information assurance by building informa-4. tion-sharing networks integrating federal security partners with mass transit and passenger rail agencies and state and local entities to facilitate timely exchange of intelligence products and security implications at both classified and unclassified levels: TSA’s Mass Transit Security Information Network ensures timely development and distribution to mass transit and pas- senger rail security officials and federal government decision makers of security information products, recommendations, and guidelines during periods of heightened threat or security incidents. Joint DHS/ TSA and Federal Bureau of Investigation (FBI) threat and analysis briefings are held for mass transit secu- rity partners and other stakeholders quarterly. Protecting high-risk assets and systems through 5. development, testing, and deployment of new tech- nologies and targeted application of security grants to achieve the most substantial mitigation of risk: Protecting high-risk underwater and underground assets and systems in mass transit is a top priority. The tunnel security working group formed by DHS and department of transportation (DOT) continued to bring together subject matter experts from a range of relevant fields to identify, assess, and prioritize the risk to mass transit systems with underwater tunnels. The National Explosives Detection Canine Team Pro- gram (NEDCTP) has continued to augment the explo- sives-detection capability of critical transit agencies by providing partial funding, training, certification, and management assistance. TSA’s Office of Security Technologies, Transportation Sector Network Man- agement (TSNM) Mass Transit is developing multi- ple technologies to advance capabilities to detect and deter terrorist activity and prevent attacks. PROJECT BACKGROUND AND OBJECTIVES This report is an update of TCRP Synthesis of Transit Prac- tice 21: Improving Transit Security (Needle and Cobb 1997). The report incorporates terrorism-related issues, up-to-date information on security measures and practices, perception of crime and terrorism, and other related issues. The primary objectives of the updated Synthesis study were to identify (1) the state of the practice and the many security-related changes made by transit agencies since September 11, 2001; (2) the nature and perception of crime, incidents, and suspi- cious activity since 9/11; (3) counterterrorism and anticrime security measures and practices implemented by transit agencies; and (4) effective or innovative measures and prac- tices. Secondary objectives included the identification of issues and obstacles to security and policing management and the identification of further research needs.

9 National Transit Database Security and Incident Data NTD security and incident data were analyzed for the years 2002 to 2007, although much of the analysis results were not incorporated into the report because of concerns about the reliability and accuracy of the data. REPORT ORGANIZATION This report is organized into seven chapters, including this introductory chapter. Chapter two focuses on the passenger perception of crime and terrorism along with performance metrics and data issues. Chapters three and four cover the security measures and practices being used or those that are available for use by transit agencies. The information for these chapters is based on the survey analysis and litera- ture review. Conflict mitigation strategies are presented in chapter five. Chapter six presents the results of the four case studies and an agency profile. The concluding chapter, chap- ter seven, summarizes the findings of this project, provides highlights of transit security practices, describes obstacles to transit policing and management, and presents recommen- dations for further research. Supporting material on secu- rity awareness, emergency evacuation, and rules and codes of conduct literature examples are provided in Appendix A. The literature review is presented in Appendix B. Because many transit agencies expressed significant con- cern regarding the provision of highly sensitive information and requested complete anonymity, agencies were afforded the opportunity to submit survey responses by fax without their contact information. Case Studies The objectives of the case studies were to obtain in-depth coverage of both crime and terrorism-related security chal- lenges faced by the selected transit agencies and to take a closer look at the security practices and measures used by the agencies to address those challenges. The case study question categories included post-9/11 changes in security, policing, policy, and practices that had been made by the agency; the technologies and other security measures that were implemented and details regarding the implementation; changes in crime, incident, and suspicious activity trends; training and personnel issues; security data collection and analysis practices and concerns; and other information rel- evant to the study. Input from Industry Experts In addition to the Synthesis study’s panel members, relevant input was received from industry experts, including the TSA, FTA, other federal agencies, and the private sector.

10 CHAPTER TWO PASSENGER PERCEPTION OF CRIME AND TERRORISM Within transit systems, both serious and minor crimes affect passenger perceptions of security. Serious crimes are exag- gerated by the media and intensify passenger fears. Minor offenses and disorder are also disconcerting to passengers and provoke the perception that the transit agency is not in control of its transit system. Perceptions of passenger and sys- tem vulnerability could embolden criminals and terrorists. PASSENGER PERCEPTION OF CRIME A study performed by the Metropolitan Transportation Authority (MTA) showed that the majority of its passen- gers overestimated the number of felony crimes committed within the subway system (Johnson 1988). Industry experts agree that this phenomenon is a widespread problem that persists in the transit industry. Although violent crimes within transit systems are gen- erally low in actual numbers, public perception is different. When a violent crime does take place within transit systems, media coverage is intense and has a significant impact on pub- lic perceptions about their transit system. McDonald noted that “for some passengers, fear evoked by media coverage of a single violent event was sustained for a long period of time” (2001, p. 7). The media and the entertainment industry have exaggerated the dangers of public transportation systems and have compounded public fears about mass transit. According to Nelson, “crimes that might barely merit mention otherwise become headline news if they occur on a mass transit system. Selective media coverage perpetuates the myth that public transportation is unsafe” (Nelson 1997). The landmark effect also has a negative impact—even though a crime did not occur within the transit system, the media may refer to a crime as having occurred near a specific transit station because it serves as a readily recognizable land- mark. Furthermore, public fears generally increase when any violent crime occurs in or in proximity to the transit system, even though a crime such as one originating from a domestic dispute may have little to do with the transit system itself. Nontransit crimes occurring outside of one’s own community do not have a similar psychological impact on the public. Minor crimes and disorder have a greater impact on the perception of security when it occurs within the transit sys- tem environment. For instance, an aggressive panhandler blocking a narrow hallway invokes more fear in passengers than the same panhandler on a public street. In addition, the unruly behavior of juveniles can be disconcerting to transit customers even though no crime is committed. This is par- ticularly true when large numbers of youths congregate in the system, as cited in the Massachusetts Bay Transporta- tion Authority (MBTA) Youth Study. The study found that 75% of afternoon riders were intimidated or unnerved by the overwhelming presence of school-age children within the transit system (MBTA 2000). PASSENGER PERCEPTION OF TERRORISM In terms of passenger perceptions of terrorism, Synthe- sis findings concurred with the TCRP Report 86, Volume 13 (2007), which revealed that the mentality of east coast transit customers is thought to be different than those on the west coast and other parts of the nation because of the tragic events of 9/11, which took place in New York City, Washington, D.C., and Boston. Transit agency interviewees from agencies serving large metropolitan areas along the east coast reported that their customers take the threat of terrorism more seriously and are more tolerant of terror- ism-related security measures, whereas smaller agencies reported that generally their customers do not demand secu- rity-related improvements to reduce the threat of terrorism and instead are more concerned with routine acts of crime and lawlessness. PERFORMANCE MEASURES Transit agencies have developed and implemented perfor- mance measures to improve their transit operations; to insti- gate changes in policy, planning, and procedures; to conduct performance comparisons; and to communicate and report results. Performance measures are usually aligned with the agency’s mission, goals, and objectives. In addition to the agency perspective, performance measures can reflect the perspectives of the transit customer, the transit vehicle or driver, and the community (TCRP Report 88 2003). Perfor- mance measures can reflect outcomes or outputs. Outcomes are the actual results that are visible or experienced by the agency, its customers, its personnel, and the community.

11 Risk of attack—although terrorism risk and deterrence level are difficult to calculate, testing the security system can determine the decrease in the detection rate after the measure or system is installed; for locations with many incidents of a certain type, the pre- and postimplementation assessment can determine whether and to what extent a specific security measure succeeds in meeting its security objectives. Cost-related performance is important in demonstrating the cost-effectiveness and cost-related benefits of security investments (Campbell 2008). The following are possible cost-related measures: Cost of security incidents, including costs associated • with lawsuits, Cost of compliance with regulations and insurance,• Security cost as a percentage of overall agency budget • or expenses, Audit findings from security defects,• Downtime in transit service, • Labor intensity of security activities owing to technol-• ogy, and Overall costs of security operations.• Only a few survey respondents indicated that they use security performance measures. These respondents stated that they use the following measures: crimes per 100,000 passen- gers or crimes per 100,000 unlinked trips; security personnel per 1 million unlinked passenger trips; and percent of front- line personnel who have completed transit security training. The MBTA Transit Police Department publishes detailed Part I and Part II crime statistics by subway line and produces an interactive online map that displays crime statistics for each station. The San Francisco Bay Area Rapid Transit District (BART) Police Department provides data on crimes against persons, vehicle-related crimes, and police emergency-re- sponse times that are published in a quarterly report to the transit agency’s board of directors. Additional information on MBTA and BART’s crime statistics are included in the case studies (see chapter six). The New York Police Department (NYPD) website also contains information about its perfor- mance measures and the results. Information about CompStat (computer-driven crime statistics), the NYPD’s crime control model, has been provided in the literature review in Appendix B. Transit agencies that did not report the use of performance metrics, however, did report the collection and use of the fol- lowing security data: threats, suspicious activity, persons, and items; results of threat and vulnerability assessments; number of security personnel by location; number of secu- rity checks by location and average response time of security personnel; ingress and egress at all facilities; calls for service data by location; and training data. To determine progress toward goals and objectives, appropriate targets should be set for performance measures. Sources of information on performance measures include Outputs are the intermediate steps or products generated to produce the outcomes. Comparing changes in outputs to changes in outcomes can help determine whether a specific tactic is useful in producing a desired outcome. Security metrics and targets can be established for all aspects of transit security. Crime outcome metrics can address a system’s overall crime rate and the crime rate for specific stations, routes and lines, or parking facilities. Terrorism metrics reflecting outcomes are more difficult to develop because terrorist events are rare and deterrence levels cannot be measured. However, performance metrics related to the results of system testing (e.g., the detection rate of a particular security measure) and relevant incidents (e.g., response time) may be useful. Also, output measures such as the number of vulnerability assessment recommendations implemented or coverage and deployment metrics (e.g., the ratio of patrols to the number of transit vehicles) may be used to assess different aspects of a transit agency’s counterter- rorism efforts. Passenger perceptions about their agency’s ability to control the transit environment are an important indicator of the level of passenger security. Customer perceptions of security about their transit ride can be obtained through cus- tomer surveys. The specific attributes that influence passen- ger perceptions of security can be identified through analysis of customer survey or focus group data. Evaluation of these critical attributes could highlight weak attributes that then may be targeted for improvement. In addition, output mea- sures can be established for specific security measures and practices. Security performance measures can be used for multiple purposes, including the following: To evaluate overall system security,• To compare present versus past performance,• To identify trends,• To determine progress toward performance goals,• To identify vulnerabilities and security needs, and • To motivate police and security personnel.• The BASE program assesses the TSA’s security posture in 17 Security and Emergency Management Action Items. The assessments results have produced timely action to address identified weaknesses in different areas and can be used effectively in the development of performance measures. The benefits and value of security investments and mea- sures can be conveyed to the agency management, transit police, security personnel, and the public using these met- rics. The benefits of specific security measures and practices can be determined by performing pre- and postimplementa- tion evaluations. A primary benefit of security investments is believed to be the reduced risk of attack:

12 exceeding $25,000, an evacuation owing to life safety rea- sons, or a mainline derailment. Although homicide is always considered a major incident, other Part I and Part II offenses may or may not be “major” depending on the severity of the offense. Nonmajor incidents are defined as those incidents not already reported on the Major Incident Reporting form. In addition to Part I and Part II data, the FTA collects infor- mation about bombings, bomb threats, chemical or biologi- cal releases, sabotage, and cyber incidents. The glossary provides definitions of major and nonmajor incidents and offenses. Data on the characteristics of crime victims and offenders are not available from the NTD, and few responses were provided for questions related to this topic on the survey. Therefore, national crime data were consulted to obtain data about the attributes of victims and perpetrators. The following are Part I offense categories and defini- tions in the NTD: Homicide—always categorized under major incidents, • is defined as the killing of one or more human beings by another, including the following: Murder and nonnegligent manslaughter—the will- – ful (nonnegligent) killing of one or more human beings by another. Negligent manslaughter—the killing of another – person or persons through gross negligence. Rape—the carnal knowledge of a person forcibly and • against that person’s will. Aggravated Assault—an unlawful attack by one per-• son upon another wherein the offender uses a weapon in a threatening manner or the victim suffers obvious severe or aggravated bodily injury. Robbery—the taking or attempting to take anything • of value under confrontational circumstances from the care, custody, or control of another person by force or threat of force or violence or by putting the vic- tim in fear of immediate harm. The use or threat of force includes firearms, knives or cutting instruments, other dangerous weapons (clubs, acid, explosives), and strong-arm techniques (hands, fists, feet). Larceny/Theft—the unlawful taking, carrying, lead-• ing, or riding away of property from the possession or constructive possession of another person. This includes pocket picking, purse snatching, shoplifting, thefts from motor vehicles, thefts of motor vehicle parts and accessories, theft of bicycles, theft from buildings, theft from coin-operated devices or machines, and all other theft not specifically classified. Motor Vehicle Theft—the theft or attempted theft of a • motor vehicle. A motor vehicle is a self-propelled vehi- cle that runs on the surface of land and not on rails. Arson—to unlawfully and intentionally damage, or • attempt to damage, any real or personal property by fire or incendiary device. TCRP Report 88: A Guidebook for Developing a Transit Per- formance-Measurement System (2003), the Royal Canadian Police Departmental Performance Report (2007), and Camp- bell’s Measures and Metrics in Corporate Security (2006): TCRP Report 88: A Guidebook for Developing a • Transit Performance-Measurement System contains relevant information about effective performance mea- sures and how they may best be implemented within transit systems as part of a performance-measurement system (2003). Guidelines for setting up an effective performance • measurement program are described in chapter 4 of the Royal Canadian Police Departmental Performance Report (2007), which explains how the Royal Canadian Police Department’s performance measurement sys- tem is linked to its strategic priorities and outcomes, and the specific metrics within its measurement system that reflect these outcomes. Campbell’s • Measures and Metrics in Corporate Security workbook provides 375 real examples of secu- rity metrics aggregated into 13 categories, covers how to start a security metrics program, explains how to present findings to senior management, and contains many examples of presentation techniques (2006). CRIME AND SECURITY DATA The FBI’s Uniform Crime Reporting (UCR) Program, initi- ated in 1929 by the International Association of Chiefs of Police, collects offense data categorized into serious or Part I offenses and minor or Part II offenses (FBI-Uniform Crime Reports, published annually). Transit agencies categorize crime data similarly and often further parse the data into more specific categories. The transit industry’s centralized reporting mechanism for transit data is the FTA’s NTD. The NTD contains data on UCR offenses and other major and nonmajor incidents. Beneficiaries of FTA formula funds are required to report these incidents to the FTA through a secure online reporting method. Although safety and other NTD data are considered to be more reliable, industry experts raised concerns about the accuracy and completeness of NTD crime and security- related incident data and agreed that these data issues need to be addressed. The FTA expanded its collection of transit crime statis- tics in 2002 and has been categorizing incidents into major and nonmajor incidents: major incidents involve fatalities and injuries and are much fewer in number than nonmajor incidents. Major incidents are defined as those incidents and offenses involving a fatality other than a suicide, inju- ries requiring immediate medical attention away from the scene for two or more persons, property damage equal to or

13 Sabotage—sabotage or tampering with transit facili-• ties’ assets may be a means to achieve any of the above events, such as starting a fire or spreading an airborne chemical agent, or it may be a stand-alone act, such as tampering with track to induce derailment. CRIME TRENDS The general U.S. crime rate according to the Bureau of Jus- tice Statistics (BJS) has been on a downward trend since 1996. In the 1996–2005 period, a 37% decrease was seen, with much of the decline (33.7%) having occurred in the 1996–2001 period and, in particular, violent crimes and thefts decreased markedly. In 2001, the decline slowed and then began to plateau. Researchers have noted several possible causes of the nationwide decline in crime (Blumstein and Wallman 2000; McDonald 2001; Conklin 2003): Better and increased police intervention• Rise and decline of the cocaine trade• Aging of the population • Enhanced economic conditions• Higher incarceration rates• Improved quality of medical care.• Transit crime incidents generally have followed national trends, declining by 45% from 1997 to 2002 (BJS 2000, 2003). New York City Transit experienced an even more pronounced decline in crime rates: In 1990, NYC Transit Police initiated a comprehensive crime control process considered a precursor to NYPD’s CompStat. Serious crime declined significantly in the 1990–1995 period—robbery offenses diminished by 80% and all other crime by 72%. The process involved targeting serious and minor crimes, and quality of life issues, systematically tracking offenders, and sending a clear message to the public and would-be offenders that the transit system was under control. When CompStat was implemented in New York City, it is believed to have spurred a dramatic improvement in city-wide crime rates (McDonald 2001). To identify transit crime trends and offense types for the 2002–2006 period, NTD data were analyzed. The results of detailed analysis did not reflect the experiences of some tran- sit agencies and concerns were raised with the reliability of the data. However, the following general conclusions can be made from the data analysis: Serious crimes, including the most violent crimes, are • infrequent compared with minor crimes: Many more Part II than Part I offenses (6 to more than – 11 times) occurred for each year from 2002 to 2006. The following are Part II offense categories and defini- tions in the NTD: Fare Evasion—the unlawful use of transit facilities by • riding without paying the applicable fare. Nonviolent Civil Disturbance—nonviolent public dem-• onstrations that may or may not be disruptive. Other Assault—an unlawful attack or attempt by one • person upon another where no weapon was used or that did not result in serious or aggravated injury to the victim. Trespass—to unlawfully enter land, a dwelling, or • other real property. Vandalism—the willful or malicious destruction, • injury, disfigurement, or defacement of any public or private property, real or personal, without consent of the owner or person having custody or control by cut- ting, tearing, breaking, marking, painting, drawing, covering with filth, or any other such means as may be specified by local law. The following are other security incident categories in the NTD: Bombing is the unlawful and intentional delivery, • placement, discharge, or detonation of an explosive or other lethal device. Bomb Threats: Credible written or oral (e.g., telephone) • communication to a transit agency threatening the use of an explosive or incendiary device for the purpose of disrupting public transit services or to create a public emergency. Chemical, biological, or nuclear release is the unlaw-• ful and intentional delivery, placement, discharge, or detonation of a biological, chemical, or nuclear lethal device. Cyber Incident—involves the targeting of transit facili-• ties, personnel, information, computer, or telecom- munications systems associated with transit agencies. Proscribed activities include the following: Denial or disruption of computer or telecommuni- – cations services, especially train control systems; Unauthorized monitoring of computer or telecom- – munications systems; Unauthorized disclosure of proprietary or classified – information stored within or communicated through computer or telecommunications systems; Unauthorized modification or destruction of computer – programming codes, computer network databases, stored information, or computer capabilities; or Manipulation of computer or telecommunications – services resulting from fraud, financial loss, or other criminal violations. Hijacking—seizing control of a transit vehicle by • force.

14 tion, crime data analysts and researchers believe that although homicide statistics are the most accurate and well-reported of all crime data, issues with the other crime statistics include crime categorization and changes in reporting rates. National Transit Database Issues The results of detailed analysis performed for this study revealed abnormalities and inconsistencies in the NTD data, and did not reflect the experiences of some transit agencies. Not all transit agencies required to report crime and incident data have been reporting them to the NTD, and the num- ber of transit agencies reporting to the NTD has not been consistent. Therefore, year-to-year comparisons and trend analysis may be inaccurate. Data entry errors also occur. For instance, a data entry error caused the analysis to show a sig- nificant increase in burglaries, when this was not the case. Although hijackings, sabotage, and other incidents had been reported each year from 2002 to 2005, none had been reported in 2006 and 2007, raising questions about the reli- ability of the data. Also, contrary to the fact that no terror- ist attacks involved transit since 9/11, the database indicated that security incidents had occurred, such as bombings and chemical/biological releases. Details of these incidents were not available, but it may be assumed that these incidents were insignificant—a prank involving dry ice placed within a plastic bottle would still be classified as a “bombing,” but may unnecessarily be alarming to the public. Crime Categorization In terms of crime categorization, although definitions of homicides and robberies have remained stable over the years, more discretion may be used to categorize assaults; namely, whether an assault is considered aggravated or not. This, in turn, can affect aggregate Part I and Part II numbers. Reporting Rates The BJS determines reporting rates by using the National Crime Victimization Survey, which is a household survey, ongoing since 1972, that includes data from interviews of about 80,000 people age 12 and older in 43,000 households each year about their victimizations from crime. BJS then compares the National Crime Victimization Survey data with UCR and other national crime reports. A BJS study for the period 1992–2000 revealed that all homicides were reported, 90% of any type of violence involving a shoot- ing was reported, and about 81% of motor vehicle theft was reported; however, only 57% of robberies, 55% of aggra- vated assaults, and 31% of rapes were reported to the police. About half of the crimes were reported by the victims them- selves, whereas the rest were reported by relatives, house- hold members, friends, bystanders, and officials. Violence against the elderly and against females was more likely to The numbers of the most violent crimes, homicide – and rape, were extremely low: Homicide accounted for 0.01% of 2002–2006 • Part I offenses. Rape accounted for 0.2% of 2002–2006 Part I • offenses. The most problematic Part I offense was • theft: Theft accounted for 50%–60% of Part I offenses for – every year in the 2002–2006 period. Aggravated assault accounted for 10%–15%; – motor vehicle theft for 8%–13%; and robbery for 10%–18% of Part I offenses. Bus and heavy rail modes accounted for much of – the Part I offenses, followed by commuter rail and light rail. The most frequent Part II offense was • fare evasion: Fare evasion citations accounted for more than 90% – of Part II offenses for every year in the 2002–2006 period. The majority of the fare evasion citations occurred on • light rail systems, which typically have no turnstiles and operate on the honor system. Because the number of fare evasion citations recorded by an agency typically corre- spond to the transit agency’s enforcement level at a par- ticular time, changes in the citation statistics are difficult to interpret—for example, it is not possible to determine whether an increase in the number of citations was the result of an actual increase in the number of fare evaders or the result of increased enforcement activity. SUSPICIOUS ACTIVITY Transit agencies reported that reports of suspicious activi- ties, persons, and items increased in the immediate period after 9/11, and none reported a decrease. In general, reports of suspicious activity, although higher than in the period before 9/11, have diminished and plateaued over the past few years. An increase in suspicious activity incidents does not necessarily mean that the threat of terrorism against an agency is rising, because the increase may be the result of better reporting. For example, Washington State Ferries had 157 suspicious incidents in the three years after 9/11. Seven had an “extremely” high likelihood of being preoperational planning, 11 had a “high” likelihood, and 49 had “medium” likelihood. From spring 2004 to fall 2005, the FBI reported 247 suspicious incidents for the Washington State Ferries; however, they believed that the increase was because of bet- ter reporting and not because the actual likelihood of an attack had changed (Blumenthal 2006). DATA ISSUES Industry experts have raised concerns about the accuracy of the NTD crime and security-related incident data. In addi-

15 of vehicles; contact information for personnel; public com- ments; accident data; and landscaping information. Although crime mapping is not performed by many agen- cies, crime trend analysis by location (e.g., transit station or stop) is used more often by transit agencies for resource allo- cation purposes. Data-related needs and concerns cited by survey respon- dents included the following: Changes in federal transit security funding allocation • procedures, Notification and documentation on all relevant inci-• dents from frontline personnel, Development of security metrics,• Development of a more consistent way to compare • crime and security incidents, and Verification of more accurate data (e.g., data can be • categorized incorrectly) CHARACTERISTICS OF CRIME VICTIMS AND OFFENDERS Data on the characteristics of crime victims and offenders are not available from the NTD, and few responses were pro- vided for questions related to this topic on the survey. How- ever, the characteristics of crime victims and offenders for crime committed on a national level are collected by the FBI and Department of Justice. An analysis of 1976–2005 homi- cide data revealed that males and blacks, and the 18 to 24 age group, were disproportionately represented as victims and offenders. The male victimization rate was three times higher and the offending rate was eight times higher, with males accounting for 77% of homicide victims and 90% of offenders. The victimization rate for blacks was six times higher and the offending rate was more than seven times higher than for whites (BJS Homicide Trends in the U.S. and FBI 1976–2005). While violent crime rates have declined for all age groups since their height in the mid-1990s, the rates for younger age groups remain far greater than that of older age groups. The violent crime rate for those 65 and older was 2.4 per 1,000 persons while the rate for those in the 20–24 age group was 20 times greater and those in the 12–15 and 16–19 age groups were 18 times greater (BJS Trends in Victimization Rates by Age and FBI 2005). be reported (BJS, March 9, 2003). However rape is a cat- egory that is significantly underreported because of the stigma attached to the crime. In general, underreporting of less serious crime is believed to occur on a more wide- spread basis (Blumstein and Wallman 2000). Even more underreporting of transit crime may be the result of several factors: Local law enforcement may receive reports directly • from the public and not share the data with the transit agency. Transit workers may receive a report from a passenger • and may fail to report it to transit police or security. Crimes committed against juveniles and minorities • may be underreported because of the antipolice culture cultivated within these subgroups. Those who have had prior involvement in the criminal justice system are more likely to be victims themselves and therefore are reluctant to report crimes (Blumstein and Wallman 2000; Conklin 2003). Passengers know what to do if they see suspicious • activity thanks to effective public outreach campaigns conducted by many transit agencies, but they may be unaware of what steps to take if they witness a crime or if they are the victim of a crime. If security or transit personnel are not present, the victim of a minor crime may decide not to file a report, particularly if they need to travel to a different location or do not know how to make a report. Although overreporting may not be a widespread issue, the possibility of overreporting exists and should be consid- ered in data analysis issues. For instance, overreporting can occur if the same incident is reported by more than one party and the duplication is not flagged. Other Data and Data Analysis Issues The primary security data sources included system reports and police reports; one agency indicated that it obtains crime data from online news as well. In addition to Part I and Part II crime data, other security data collected by agen- cies included threats, suspicious activity, persons, and items; results of threat and vulnerability assessments; number of security personnel by location; the number of security checks by location and average response time of security personnel; ingress and egress at all facilities; calls for service data by location; training data; location of transit centers; number

16 CHAPTER THREE SECURITY MEASURES Before September 11, 2001, transit agencies were focused on crime along with quality-of-life issues. Since then, transit agencies have been challenged with countering terrorism as well. The threat of terrorism brought forth an expanded set of security-related objectives that includes the following, as listed in the National Academy of Science report, Making the Nation Safer (National Research Council 2002): Predict: Intelligence and surveillance of targets and • means Prevent: Disrupt networks, contain threats• Protect: Harden targets, immunize populations• Interdict: Frustrate attacks, manage crisis • Response and Recovery: Mitigate damage, expedite • cleanup Attribute: Identify attacker to facilitate response.• Protective measures for transit systems can be people- based, technology-based, or a mix of the two. Because every transit agency faces unique challenges and operates under differing institutional, political, economic, and legal constraints, no single set of countermeasures is appropriate for every agency. Each transit agency needs to assess these issues within their own operating environment and consider numerous factors, such as the agency’s budget, threat assess- ments including expected future threat level and expected nature of the future threat, and vulnerability assessments by asset type and mode. Cost and value of security investments are important and necessary considerations for agency management. Cost- effectiveness or cost-benefit analysis and the use of per- formance metrics can determine the overall value, specific benefits, and effectiveness of a protective measure. To maxi- mize limited resources and address natural disasters that can exact a significant toll in terms of human life, property, and economic effects, the “all-hazards” approach to emergency planning and incident management is being promoted by federal, state, and local governments. According to FTA’s Transit Agency Security and Emer- gency Management Protective Measures report (Batelle, TotalSecurity US, and Transportation Research Associates 2006), general measures can be taken at specific Homeland Security Advisory System (HSAS) threat levels to address the additional two response conditions shown in Figure 3. FIGURE 3 HSAS Threat Condition Connectivity (Source: Batelle et al. 2006). As the threat level increases, the type and intensity of rec- ommended countermeasures increase as well. Transit agen- cies can modify and fine tune these generic measures for use within their own system to address their specific threats and security needs; note that some agencies have developed their own threat-level identification system, which may be somewhat different from the HSAS. The following are the recommended countermeasures: Low or Green threat condition: • Focus on completing security and emergency pre- – paredness-related plans, Ensure existence of capabilities to address higher – threat conditions, Conduct inventory of all needed resources to exe- – cute the plans, Conduct needed training, and – Implement Security Vulnerability/Risk Assessment – process. Guarded or Blue threat condition, the first level of • potential threat: Review all plans and procedures, – Identify steps that need to be undertaken in manag- – ing an incident, Test equipment and systems and address problems, – Recheck inventories, – Design and execute drills and exercises, – Develop and disseminate public awareness infor- – mation, and

17 Chemical/Biological Program for Mass Transit• Explosives Testing and Assessment of Rail Car • Vulnerability Mass Transit Tunnels Entry Denial Systems• Rapid Response to Extreme Events in Tunnels.• The measures intended to deter one type of threat address others as well. The indicators of an incident and the required response, however, may vary significantly based on the threat (Batelle, TotalSecurity US, and Transportation Research Associates 2006). For instance, to detect a biological threat, explosives detectors or radiological pagers would be futile. Furthermore, many measures address one or more of the fol- lowing three key transit security concerns: terrorism, crime, and quality of life. Survey respondents were asked the purpose(s) for which measures had been implemented—crime, terrorism, and/ or quality of life. Almost three-quarters of respondents reported that crime prevention was the purpose, slightly more than half indicated counterterrorism, and about half of the respondents indicated improvement of quality of life. With regard to years of deployment, respondents stated that some of the measures had been implemented long before 2001, whereas others had been recently implemented. The key measures used by transit agencies or available for their use are discussed further in this chapter. They are Access Control and Identity Management; Crime Prevention through Environmental Design (CPTED); Patrols, Plainclothes, and Manual Surveillance; Video Surveillance; Passenger Security Inspections; Operational Strategies; Threat Detection Tech- nologies; Cyber Security; and Communication Security. TECHNOLOGY ISSUES Although security technologies are becoming increas- ingly sophisticated, they cannot replace the judgment and experience of transit police officers and security person- nel. Whether or not they are dominated by technological solutions, all measures require human input and judgment. Technologies do provide transit police officers and security personnel with additional tools to assist them in carrying out their responsibilities safely, effectively, and efficiently. Technologies, before implementation, should undergo appropriate testing and evaluation to ensure that they are feasible as well as effective within the environment of a spe- cific transit system. In addition to operational issues, cus- tomer acceptance, potential health-related effects, and cost (unit/maintenance/life cycle) need to be considered in the technology implementation and selection process. Furthermore, any applicable standards should be con- sulted when planning and implementing security technolo- Prepare security awareness messages for higher – threat conditions. Elevated or Yellow threat condition, a significant risk • for terrorist activity or attack: Increase surveillance, – Coordinate emergency plans and procedures, and – Initiate contingency activities. – High or Orange threat condition, a high risk of terrorist • activity: Coordinate security efforts at the transit agency, – local, state, and federal levels; Address security for scheduled public events; – Tighter access control to facilities; and – Place higher priority on activation of emergency – and contingency plans. Severe or Red threat condition, the highest level of • readiness: Activate and deploy the maximum security and emergency preparedness processes, procedures, and activities available, which can require resource redirection or facility closings. Attack or Active Incident: Certain protective measures • should be implemented at the time that an attack, active incident, or another major emergency (e.g., natural disaster) has occurred or is occurring against a specific transit agency or within its service area, and during the recovery phase. Protective measures implemented may respond to casualties, assisting in evacuations, inspect- ing and securing transit facilities and infrastructure, or helping with other tasks as directed by an emergency management authority. An attack or active incident may occur at any time, even while the transit system is at any of the other lower threat conditions. Recovery: During the recovery phase, restoring ser-• vice, repairing or reopening facilities, adjusting employee work schedules and assignments, respond- ing to customer inquiries about services, and other activities are required to fully restore transit service. Recovery will be accomplished while maintaining the prevailing threat level readiness status in other parts of the transit system’s operations. In coordination with the DHS Science and Technology Directorate (DHS/S&T) and TSA’s Office of Security Tech- nologies, TSNM Mass Transit pursues the development of multiple technologies to advance capabilities to detect and deter terrorist activity and prevent attacks. Project priorities are informed by input from security partners in the mass transit and passenger rail community. Particular priority is given to the development of capabilities to mitigate the risk to underwater infrastructure. Ongoing development projects include the following: Anomalous Explosives Detector for Surface • Transportation Intelligent Video Monitoring at Mass Transit Sites• Bus Command and Control•

18 centralized identity management combined with access con- trol. Transit agencies issue some type of employee ID card; as smart cards, they may also be used for other purposes such as fare payment. Transit agencies reported that they have some type of admission control system in place: encoded cards, manual verification, memorized code, mechanical lock, and electronic locks. They also reported having access control in place for vehicles within their facilities. Transit agencies often require employees to display their ID cards on transit agency property and have a policy of revoking the cards when an employee has been discharged; strict adherence to this policy is important because dis- charged employees may forget or be reluctant to return their ID cards. Some agencies practice selective access so that only employees who need to access a sensitive area of the agency or a particular database are able to access it. New post-9/11 identity management measures include background checks—survey respondents reported that they perform background checks on new hires; some reported that they already had this practice in place before 9/11. A few agencies reported that they initiated the fingerprinting of all employees after 9/11. Although background checks on contractors and vendors are important, some states disallow agencies from conducting these checks. The guidance on background checks most recently issued by the TSA helps transit agencies conduct more robust background checks and makes the process more consistent across agencies by identi- fying the factors to consider and the recommended scope of the checks and procedures. Access control to transit vehicles and facilities is another issue. For instance, most bus fleets do not have access con- trol systems, revealing a vulnerability that still needs to be addressed: if a driver is assaulted or is simply on a break, the bus is vulnerable to theft and vandalism, and terrorists may use the vehicle as a weapon. Automated Vehicle Location (AVL) systems in use by some agencies can determine the location of individual buses and alert a central dispatcher if a bus is off-route. For these agencies, the risk is somewhat mitigated, but access control for all transit vehicles would still be recommended. Biometrics Biometrics uses physical features and behaviors for identifica- tion and verification purposes. Identification, a one-to-many process, determines who a person is; the person’s identity need not be known at the onset. Verification, a one-to-one process, confirms (or denies) a person’s claimed identity. Behavioral biometrics such as keystroke or speaker recognition is gener- ally used for verification, whereas physical biometrics such as fingerprint analysis, hand geometry, facial recognition, and iris scan can be used for either identification or verification (Nakanishi and Western 2005a). gies. APTA working groups develop security standards for emergency management, infrastructure security, and risk management. APTA also established a Technical Standards Working Group to create standards for developing and pro- curing video systems and associated software and analytics. The standards will address all aspects of the systems, includ- ing camera location, resolution, frame rates, compression, and recording elements. Currently, the following standards are being finalized by the APTA working groups: Closed-Circuit Television (CCTV) Camera Coverage • and Field of View Criteria for Passenger Facilities Continuity of Operations Plan (COOP) • First Responder Familiarization of Transit Systems • General Guidance on Transit Incident Drills and • Exercises Security & Emergency Management Aspects of Special • Event Service Trash/Recycling Container Placement to Mitigate the • Effects of an Explosive Event Development and Implementation of a Security and • Emergency Preparedness Plan. Other resources for security-related standards are pro- vided in Appendix B. ACCESS CONTROL Access control measures are designed to ensure that only autho- rized individuals enter a transit facility or premises. Access control may be used in conjunction with identity management techniques described in the following subsection and can be as basic as manual identification (ID) checks by security person- nel or the use of locks and keys. Technologies such as intrusion detection and presence sensors, video surveillance, and bio- metric systems can also be used. Physical barriers and locks may or may not be electronic and may or may not be linked with an alarm and video system. Most transit agencies have implemented access control measures to varying degrees. The TCRP Report 86, Volume 4: Intrusion Detection for Public Transportation Facilities Handbook (2003) provides information about intrusion detection systems and technolo- gies, and is a useful reference for agencies considering the selection and installation of these systems. Identity Management Terrorists, criminals, and cyber criminals may seek to infil- trate their target agency’s assets by impersonating transit employees. It is vital that only authorized transit employees and contractors have access to sensitive locations, transit vehicles and equipment, and the system’s computer network, software programs (especially control programs for safety- critical functions), and databases. This access is addressed by

19 figuration strategies can be used to slow vehicular traffic in areas surrounding a transit station or facility. CPTED strate- gies for security of facilities are discussed in the Station/ Terminal and Transit Facility sections later in this chapter. Access control techniques can be used to enhance secu- rity for transit facility parking lots. Manual checking would be feasible when a limited number of vehicles need to be searched. Electronic methods such as automated license plate readers may be considered for use in higher-volume facili- ties or unattended parking areas. Automated license plate readers read plate numbers of vehicles entering a checkpoint and automatically compare them against a list of authorized numbers. If there is a match, the vehicle will be allowed to enter the premises. License plate and vehicle images along with driver images and times and dates for highly secure facilities may be stored for future use (Nakanishi and West- ern 2005b). The use of biometric readers, electronic card readers, or specially issued stickers or placards are alterna- tive access control methods. CRIME PREVENTION THROUGH ENVIRONMENTAL DESIGN Transit systems supply criminals not only with targets, but also cover in dark passageways and hidden corners of the systems. Isolated areas of the system during off-peak periods allow criminals to target passengers who already may have a heightened level of fear. Situations that otherwise are not threatening may be threatening when they take place within a transit system environment (e.g., an aggressive panhandler blocking a narrow passageway) or onboard a transit vehicle. The theoretical basis of Situational Crime Prevention (SCP) is rational choice. The offender decides to commit a crime based on risks, efforts, and rewards. SCP attempts to make the risks and efforts greater than the rewards. The five key categories of SCP techniques are increasing per- ceived effort, increasing perceived risks, reducing antici- pated rewards, reducing provocations, and removing the excuses (Clark 1997). (CPTED) used by many transit agen- cies to address security issues is “a method of situational crime prevention that is based on the premise that the proper design and effective use of the built environment can lead to a reduction in crime and an improvement in the quality of life” (FTA 2004) and is believed to have a significant impact on crime rates and the customer perception of security (Reed et al. 2000). CPTED strategies include enhancing visibility of passen- ger terminals and rail stations by the use of bright lighting and mirrors, eliminating hiding places such as dark corners, eliminating unnecessary columns, and strategically placing vendors such as newsstands. These strategies are effective in countering terrorism by eliminating hiding spaces that pro- A biometric identification credential is being imple- mented in federal agencies: Homeland Security Presidential Directive-12 required all government agencies and depart- ments to implement a standard for secure and reliable forms of identification for employees and contractors, for access to federal facilities and information systems. The Transpor- tation Worker Identification Card (TWIC) Program, which uses biometric systems and is compliant with much of Fed- eral Information Processing Standard 201, was mandated by the Maritime Transportation and the Aviation and Transpor- tation Security Act to create a common credential for work- ers in the transportation industry and has been initiated at 28 sites across the United States. It is expected that TWIC eventually will be used in conjunction with physical access control by all 12 million transportation workers, including transit employees. Transit agencies do not report the use of biometric systems for physical access control purposes. Perimeter Security A security perimeter demarcates public and semi- or non- public areas. Once a perimeter is crossed, transit agency rules apply and passengers should be informed of this by the use of proper signage. Access control systems can secure the perimeter to ensure that only authorized persons are allowed access. For heavy rail systems, for instance, automated fare collection systems that utilize electronic turnstiles are used to ensure that only fare-paying passengers enter the system. For bus depots and rail yards, fencing is used. Electronic fencing has sensors that can alarm and identify the location of a distur- bance. Free-standing sensors can be used without fencing. Buried sensors are appropriate for uneven terrain. These perimeter detection systems when accompanied by a CCTV system allow visual assessment of a situation should the system alarm (Nason 2008). With advances in video tech- nology, intrusion detection capability can be integrated into video analytics. Specific guidelines for fences and gates are provided in FTA’s Transit Security Design Considerations report (FTA 2004). For administrative and other facilities, authorized transit workers along with contractors and ven- dors need to be allowed easy access, although visitors may receive additional scrutiny by security personnel. Identity management discussed in the preceding section facilitates this process. Vehicular Security Transit assets may be vulnerable to vehicular threats when nontransit vehicles can access areas near or underneath tran- sit infrastructure, vehicles, stations and stops, and entrances to transit facilities. Vehicle barriers protect against bombs in a moving vehicle, bombs in a stationary vehicle, or forced entry and also can protect against theft and contribute to pedestrian safety. Traffic calming devices and traffic con-

20 Passenger alarm buttons with a voice link to train – operators on rail cars; Silent alarms for train operators linked to control – center, dispatch, or police; and Public address systems with battery backup. – Improve visibility:• Use bright lighting, colors, and materials; – Eliminate potential hiding spaces; – Help train operator see inside the rail cars (video or – mirrors); Install emergency lighting; – Modularize components (as noted in the FTA • Transit Security Design Considerations report, modular compo- nents such as seating have fewer parts and will create less shrapnel in case of explosions; replacement of these com- ponents is easier so future upgrades will be affordable). Secure components:• Harden fuel, engine, and electrical compartments; – Harden fuel tanks, electrical wiring and fuel lines; – Comply with appropriate safety design and materials • standards. Install video technology.• Other:• Encourage passengers to ride in the same subway – car as the conductor during off-peak hours; Install radiological pagers inside and outside of – train cars; Perform blast analysis for all applicable train – components; Install power kill switch; and – Place car number on roof. – Bus Following are the bus CPTED design and SCP measures: Improve visibility • Use bright lighting, colors, and materials – Eliminate wrap-around advertisements – Eliminate potential hiding spaces. – Install access control (e.g., key ignition system). • Modularize components.• Secure components• Secure bus operator compartments – Harden fuel, engine, and electrical compartments – Harden fuel tanks, electrical wiring, and fuel lines. – Comply with appropriate safety design and materials • standards. Deploy video technology. • Install communications, vehicle location, and alarm • systems Install AVL systems on buses to track and monitor – buses Install silent alarms connected to bus signage, bus – control center/dispatch, or police Install mobile data terminals to exchange messages – with the control/dispatch center vide cover for terrorists and for explosives. Clear signage, easy-to-remember timetables, and any other measure that lessens confusion will hinder the efforts of criminals to take advantage of lost or confused passengers (Nelson 1997). Although older systems may not be able to implement some of the CPTED strategies, transit stations and facilities can be retrofit and redesigned during renovation efforts. Metropolitan Atlanta Rapid Transit Authority (MARTA) has been upgrading lighting in its rail stations, parking lots, and other special-use facilities. The lighting program, which is expected to be complete in 2010, has a budget of approximately $15 million. Design considerations included color rendering and vertical luminance, expected foot-candle readings in critical areas, and computer photometric analy- sis (Goodfellow 2005). The Washington Metropolitan Area Transit Authority’s (WMATA’s) heavy rail stations have been designed to enhance sightlines and minimize hiding places. Transit vehicle design measures are a subset of CPTED measures. Typically, newer rail cars are designed with CPTED principles to enhance visibility within the train cars. Because clear and audible communications systems are important during regular transit operations and during emergencies and incidents, many transit agencies use pub- lic address systems to communicate with their passengers. Many transit vehicles also have silent alarms and emergency call buttons for their employees. These results reflect the findings of an Advanced Public Transportation Systems (APTS) deployment report that indicated that more than 80% of agencies in the 78 largest metropolitan areas and 45% of agencies in the rest of the United States had deployed or were planning to deploy silent alarms (Radin 2005). Silent alarm and emergency call buttons can be linked with covert micro- phones, which allow dispatchers and responders to listen in during emergency situations, or with AVL systems, which allow dispatchers and responders to identify the location of the vehicle in distress. The following are rail car and station, bus and bus stop, and transit facility CPTED design and SCP measures based on the project findings. Some of these measures such as improving visibility enhance both actual security and pas- senger perception of security. Rail Car Following are the rail car CPTED design and SCP measures: Install access control to operate the train.• Install communications, vehicle location, and alarm • systems: Train location system (e.g., Communications Based – Train Control); Radios for train personnel; –

21 Install Drive Cams (event-triggered cameras – focused on drivers). Other• Place bus vehicle numbers on roof of the bus – Install chemical detection sensors. – Station/Terminal Some of these station and terminal design strategies can be implemented in existing stations, but others may be too costly or otherwise infeasible and would be more appropri- ate for incorporation into the design of new stations. These strategies include the following: Improve perimeter security• Strategically locate structures (away from roads and – parking areas) Install physical or natural barriers for vehicles and – setbacks to prevent use of vehicles as weapons Minimize number of vehicle entrances and access – points. Improve visibility• Clear sightlines surrounding the station – Locate operator booth for maximum visibility – Improve lighting, colors, materials, and mirrors – Minimize hiding places. – Secure critical assets• Locate critical assets and nonpublic areas away – from the public and from any vulnerable locations Secure critical equipment. – Deploy clear, appropriate signage and indicate public • versus nonpublic areas. Install new or better communication and alarm • systems Install communication links and backup communi- – cations for transit police and personnel Install call boxes in passenger waiting areas to pro- – vide passengers with a voice link to transit police or personnel Install or upgrade public address system – Install intrusion detectors/alarms on vehicle entrances, – entrances to sensitive areas, and to rail ROW. Comply with appropriate safety design and materials • standards. Install video technology.• Secure trash receptacles (explosive-proof or • transparent). Bus Stop Bus stops and some light rail stops that are similar to bus stops fall under this category. The results of a 2001 research study indicated that the bus stop shelter should not be fully enclosed to provide customers a quick escape in an emer- gency and should have good visibility with unobstructed sightlines (Lusk 2001). Shelters should be located a certain minimum distance from the roadway. Other design mea- sures include the following: Deploy signage to deter nontransit vehicles from the • stop area. Anchor structures and street furniture to prevent being • dislodged. Choose materials to minimize flying glass and debris. • Install emergency call boxes for passengers. • Use appropriate lighting. • Transit Facility Many of the transit facility measures are similar to tran- sit station and terminal measures, such as those related to perimeter security and the use of special materials. Specific facility location measures may be useful for agencies consid- ering relocation of their facilities (FTA 2004). They include the following: Choose inconspicuous facility location. • Colocate with facilities having similar security needs. • Ensure securable perimeter with unobstructed • sightlines. Secure strategic location of structures (away from • roads and parking areas). Minimize number of access points. • Secure and locate critical assets and equipment within • the core of multiple layers of security. Each activity zone should have a different purpose, • with outer layers reserved for the public and visitors. Ensure ability to isolate critical areas and maintain • operations. In addition to FTA’s Transit Security Design Handbook, the Federal Emergency Management Agency (FEMA) pub- lishes references on building protection that are applicable to transit facilities including stations and administrative buildings. A compelling account of the Port Authority Bus Terminal Turnaround (Felson et al. 1996) is provided in Pre- venting Mass Transit Crime and has been summarized in the literature review. In the late 1980s, the large and busy bus transit transfer facility was plagued with both major and minor crimes that had escalated to an uncontrollable level. Once CPTED and SCP strategies were implemented, there was a significant decrease in crime and an increase in cus- tomer perceptions of security within the bus terminal. Other CPTED resources and training sources include the following: ASIS International (www.asisonline.org).• The National Institute of Crime Prevention (www.nicp.• org). The National Crime Prevention Council (www.ncpc.• org).

22 existing security resources, provide deterrent presence and detection capabilities, and introduce elements of ran- domness and unpredictability to disrupt potential terrorist planning activities. To enhance the effectiveness of VIPR teams, TSA and the representatives of the Transit Policing and Security Peer Advisory Group worked cooperatively to improve coordination, preparation, planning, execution, and after-action review of VIPR deployments in mass transit and passenger rail systems. This cooperation culminated with the completion of mutually agreed-on operating guidelines for “Effective Employment of VIPR Teams in Mass Transit and Passenger Rail.” The guidelines have been distributed to Federal Security Directors (FSDs), Assistant Federal Secu- rity Directors (AFSDs) (Surface), and Federal Air Marshals Special Agent in Charge (FAMSACs) around the country by the Joint Coordinating Committee to improve the effective- ness of the VIPR program. A follow-on product, developed and distributed in February 2008, details the roles and capa- bilities of the multiple TSA resources available to partici- pate in VIPR deployments and provides recommendations on effective deployment in antiterrorism activities. Plainclothes officers are used by transit police to combat crime and terrorism. For rail systems operating on the honor system, fare-checking efforts act as a security measure as well. Several respondents reported that they practice behav- ioral assessment by transit staff or security staff. VIDEO SURVEILLANCE FIGURE 4 Video Technology (Source: TCRP Report 86, Volume 4). Video surveillance, which has been widely used by transit agencies for a number of years to protect their systems and infrastructure, is believed to deter both crime and terrorism, and enhance transit customer perception of security. Newer video technology uses digital systems with digital video recorders or network video recorders, and this new technol- PATROLS, PLAINCLOTHES, AND VISUAL SURVEILLANCE The composition of a transit agency’s security personnel affects the agency’s policing and security management. For instance, having many in-house sworn officers may be more effective in combating recurring violence within a multi- modal transit system serving urban areas. At the same time, having part-time contracted officers versus full-time in- house security personnel may give a small agency with bud- get constraints more flexibility. Most transit agencies have some combination of full-time and part-time, sworn and nonsworn, and in-house and contracted security personnel. Nineteen of the FTA’s top 50 transit agencies have in-house sworn officers. The agencies that had in-house sworn officers were more likely to be multimodal or rail-only agencies. According to the survey respondents and case studies, multimodal and rail-only agencies have moderately or signifi- cantly increased either the number of their security person- nel or security staff hours after 9/11. The typical bus agency, however, increased either the number of its security personnel or security staff hours after 9/11 only by a small or moderate percentage, and some bus agencies made no changes. Patrols such as foot patrol are a conventional and effective tactic used by agencies to combat crime on transit vehicles. Bicycle patrols are conducted by BART police as noted in the BART case study (see chapter six). A survey respondent noted that at the agency’s park-and-ride facilities, surveil- lance by plainclothes officers in unmarked vehicles suc- ceeded in significantly reducing motor vehicle crimes. In response to 9/11, high-visibility patrols were initiated by transit agencies, mainly multimodal agencies and rail systems, to enhance security and increase passenger percep- tion of security. High-visibility patrols are made highly vis- ible through the saturation of specific locations with multiple specially uniformed officers and the use of visible tactical vests. Officers may arrive as a team at stations unscheduled to perform highly visible station or train sweeps. Train Order Maintenance Sweeps (TOMs) or a similar method are used by some of the rail systems—TOM teams also arrive unan- nounced and alert the conductor that they will be perform- ing a sweep of the train. They spread out on the platform and each officer steps onto a train car and performs a visual screening of the car. Regular aerial surveillance performed by a commuter rail system can also ensure the security of rail infrastructure. TSA’s VIPR teams may consist of federal air marshals, transportation security inspectors, transportation secu- rity officers, explosives-detection canine teams, behav- ioral detection officers, explosives security specialists, and necessary supporting equipment. VIPR teams work with local security and law enforcement officials to supplement

23 ogy is easier to network and integrate with other technolo- gies (see Figure 4). Bus agencies use video technology to deter crime and investigate criminal incidents, traffic accidents, and passen- ger injury claims. In Albany, New York, the Capital District Transportation Authority (CDTA) is installing digital video cameras in its bus fleet to deter assaults, vandalism, other crimes, and terrorism. In New Orleans, when cameras were installed on buses, criminal incidents including fare eva- sion and false injury claims decreased (“Cameras on Buses” 2002). Subway systems use cameras to deter and detect crime and terrorism—the MBTA has cameras in every sub- way station. Commuter rail systems are installing security cameras at bridges and tunnels so that stopped vehicles and other suspicious activity may be identified and addressed. Com- muter rail systems also use cameras to detect unauthorized entry onto their tracks because damage to rail infrastructure can cause train derailments. The Chicago Transit Authority (CTA) is planning the installation of cameras in its new rail cars; when a passenger pushes an emergency call button, the cameras will deliver real-time video feed to the train opera- tor, CTA command center, and police, and an audio connec- tion between the passenger and train crew will be enabled (Conry-Murray 2007). Unveiled in August 2005, The Integrated Electronic Security System, Command, Communication and Control Program is planned for implementation by New York City Transit (NYCT) to enhance security throughout its transpor- tation network and to provide incident management response and recovery capabilities. The system will enhance moni- toring, surveillance, access control, intrusion detection, and response capabilities, and calls for the installation of more than 1,000 cameras and 3,000 motion and perimeter sen- sors. Command, communication, and control centers will be established and integrated into the agency’s response and recovery management system and the Police Department’s Mobile Command Center (MTA 2005). Recorded video is used to determine the causes of acci- dents and to identify the perpetrators of assaults and other crimes committed within the transit system. In addition, false liability claims can readily be identified and disputes between passengers and drivers can be more speedily and equitably resolved. In addition, video surveillance systems are scalable and can be installed in stages. For example, one bus system, CDTA in Albany, New York, installs video surveillance with new bus procurements and is considering the implementation of software that can transmit images wirelessly onto a laptop in a police vehicle that is within a certain distance from the bus (see chapter six, CDTA case study). CTA’s $2.4 million Mobile Security Network project will use a network of cameras and digital video recorders in CTA’s bus fleet and rail stations to transmit video wirelessly to CTA and Chicago police vehicles that are within 600 ft of a bus (Conry-Murray 2007). A majority of agencies in the 78 largest metropolitan areas and about half of the agencies in the rest of the United States had deployed or were plan- ning to deploy surveillance cameras within transit vehicles (Radin 2005). Intelligent video surveillance offers transit agencies the ability to automatically identify suspicious activity, aban- doned items, and unexpected movements. Intelligent video may be useful to detect potential terrorist activities as well as impending or real-time assaults, larcenies, burglaries, vandal- ism, drug-dealing, car thefts, and ROW intrusion. Some sys- tems are able to track the movement of a suspect in a crowded environment. Also, linking these systems with chemical or other threat-detection systems can allow real-time images to be automatically sent to a control center if the detection sys- tem alarm sounds. Automated surveillance is believed to be more accurate than conventional surveillance because of the inability of humans to constantly monitor numerous screens. After only 20 minutes, the ability of the operator to concen- trate on a monitor decreases by as much as 90% (Gomersall n.d.). Intelligent video saves personnel hours and is more scalable because it is possible to expand the systems without having to hire and train additional personnel. Video analytics, preset algorithms built into the software to identify specific behaviors or conditions, are able to work with multiple camera types as long as images are recorded onto a video recorder (Gomersall n.d.). Houston Metro uses intelligent video surveillance at their park-and-ride facilities to prevent vehicle thefts, burglaries, and vandalism and to ensure the security of their passengers. The cameras can be controlled from a central operations center at TranStar; at the center, Metro police officers are able to turn, pan, and zoom the camera images in to specific areas of the facility. They can control the lot’s electronic gates and speak to the drivers when necessary from TransStar (On-Net Surveillance Sys- tems, Inc. n.d.). The Maryland Transit Administration and DHS developed an intelligent video surveillance system that is being installed in the Maryland Transit Administration’s Baltimore metro subway, the Maryland Area Regional Com- muter (MARC) rail service, and Baltimore light rail stations with a $12.7 million state and federal grant. The cameras will focus on rail station platforms, surrounding areas, and valuable equipment. The video analytics software will scan images and detect unusual movement and activity such as intrusions, suspicious activity, and abandoned items. The surveillance system allows viewing of a map of the tran- sit systems and selection of desired camera views to moni- tor (“Maryland Transit Deploys Intelligent Video” 2006). MBTA is also planning to implement intelligent video soft- ware capable of identifying suspicious behavior and objects (for additional details about the MBTA’s video surveillance and monitoring system, see chapter six).

24 Audio analysis is able to detect gunshots and screaming and to estimate the location of a shooting or some other inci- dent through triangulation techniques; it is now being used in some urban crime response and prevention applications. Transit agencies may consider the combined use of both video and audio analytics for an even more effective surveil- lance solution. One survey respondent reported using audio technology as a security measure. Currently, intelligent video and audio analytics are not widely used by transit systems, but many systems are con- sidering implementation. Other future applications of intel- ligent video include the use of facial recognition analytics, which would enable transit agencies to scan crowded ter- minals and stations for wanted terrorists or criminals, and the use of radiological detection sensors in conjunction with intelligent video (if the sensor detects a threat, intel- ligent video cameras may be able to track the source of the radiation). Although, generally, video is an excellent, scalable secu- rity solution and addresses multiple security needs, issues such as desired image quality, compatibility with legacy systems, and maintenance and storage requirements should be considered in the planning process. Transit systems that have older analog video equipment from different manufac- turers, and systems that use video systems without record- ers may experience increased complexity in upgrading their technology. PASSENGER SECURITY INSPECTIONS Passenger Security Inspections (PSIs), described in detail in TCRP Report 86, Volume 13: Public Transportation Passenger Security Inspections: A Guide for Policy Deci- sion Makers (TRB 2007b), are suspicionless inspections of transit passengers by transit security or staff. PSIs are believed to both deter and detect terrorist activity and are being used by larger multimodal agencies and by ferry systems. A benefit of PSIs is the relative ease with which screening intensity (rates), method, and location can be altered based on the threat level and other intelligence information. Because the Fourth Amendment requires warrants or individual suspicion to conduct inspections, PSIs are legally permissible only if they can be justified. Therefore, legal and other issues need to be carefully con- sidered by transit agencies before implementation. The PSI decision-making model recommended in TCRP Report 86, Volume 13, is an excellent way for transit agencies to deter- mine whether to use PSI, which PSI to use, and how to implement it. Random Bag Inspections Random bag inspections conducted manually or with the aid of portable trace detectors are a form of PSIs currently being performed by large multimodal agencies within their rail systems and by ferry operators. In Boston, the MBTA began conducting PSIs during • the Democratic National Convention in 2004. The PSI program was suspended until October 6, 2006, when the program resumed on a systemwide basis for MBTA’s subways, buses, ferry boats, and commuter rail systems. In the NY/NJ metropolitan area, MTA (subways and • rail) and NJ Transit (rail) initiated the PSI program of random passenger bag inspections immediately after the second London transit bombing in July 2005. Ferry operators initiated PSI programs in response to • the Maritime Transportation Security Act of 2002 man- date of a number of security measures, including PSIs. Amtrak started a PSI program involving the random • screening of carry-on bags in February 2008. Canine Teams FIGURE 5 MBTA Transit PD Canine Team (Courtesy: MBTA). Canines with explosives-detection capability as part of regu- lar or high-visibility patrol teams are considered an excellent PSI option because of their ability to detect explosives and their source, unobtrusiveness, and adaptability to the tran- sit environment (see Figure 5). Their drawbacks are their inability to work for long periods and their need for continu- ous training.

25 and training of the team through other sources that meet the TSA standard. Highly trained and certified canine teams continue to be one of the more effective and highly mobile explosives-detection methods in the mass transit and pas- senger rail environment. Behavioral Assessment Behavioral assessment consists of training security offi- cers and transit personnel to identify suspicious behavior. The assessment is cost-effective because it does not require capital investment or the hiring of additional personnel. Israel experienced success with their program at airports and shopping malls, which was aimed at identifying poten- tial suicide bombers. Boston’s Logan Airport, the first U.S. airport to start using the behavioral assessment technique, implemented the system soon after 9/11, and MBTA Tran- sit officers have been trained in the technique. Some ferry operators have trained their ferry employees in the tech- nique to enhance the security at ferry terminals. In the nor- mal course of selling tickets or providing information, ferry workers come into contact with potential ferry passengers and can continually perform behavioral assessment to spot suspicious individuals during their work day. Several survey respondents reported that they practice behavioral assess- ment by transit staff or security staff. THREAT DETECTION TECHNOLOGIES Currently, the threat detection technologies in use by tran- sit agencies include portable trace detection equipment and radiological pagers. An Innovations Deserving Exploratory Analysis (IDEA) project has produced a working prototype to detect dangerous levels of radioactivity in rail transit sta- tions. The fully developed product will be able to detect dirty bombs using digital cameras as the radiation detector and can be connected with appropriate software to disseminate alerts to responders (Rubenstein 2006). Chemical and biological threat sensors have been tested and continue to be tested by MBTA, NYCT, and other large transit systems. According to industry experts, chemical sensors are three to five years from off-the-shelf availabil- ity to transit agencies. These threat detection systems can be linked to event-triggered video cameras; if the detection system alarm sounds, video cameras would automatically transmit images of the relevant location to a central com- mand center. Although airport-style explosives-detection passenger screening equipment has been tested at selected transit systems, transit agencies are not convinced of their opera- tional feasibility within their transit settings. Other equip- ment being tested does not cause delays to passengers and may be more promising: For instance, portable heat-sensing FIGURE 6 MTA Customer Awareness Poster for New York City subways, buses, and rail cars (Courtesy: MTA). TSA’s NEDCTP was expanded in 2005 to encourage the use of canine teams for explosives detection on transit and commuter rail. Previously, canine teams have been used primarily at airports by the TSA. The canines are screened to ensure an acceptable temperament and excellent sensory ability. By the end of 2007, 62 TSA-certified explosives-de- tection canine teams were deployed in a risk-based approach to 14 transit systems across the country. These teams provide a visible and effective detection and deterrence capability in the public transportation system and can be surged to other venues as threats dictate. Their mobility enables deployment randomly and unpredictably in patrols throughout passenger rail and mass transit systems and postings at key junctions or points within systems, stations, terminals, and facilities. Agencies selected for the program included MBTA, BART, Southeastern Pennsylvania Transportation Author- ity (SEPTA), WMATA, PATH, CTA, LACMTA (Metro), Maryland Transit Administration, San Francisco Municipal Railway (Muni), and San Diego Trolley, Inc. (TSA 2008). Other agencies using canine teams include NYCT (see Figure 6), New Jersey Transit (NJT), MARTA, Houston METRO, Niagara Frontier Transportation Authority, and Tri-County Rail (TSA 2005). The NEDCTP established protocols for other agencies and departments to request the temporary use of TSA-cer- tified canine teams during National Special Security Events and level 1 and 2 stolen explosive and recovery events. Addi- tionally, the Transit Security Grant Program guidance has been revised to allow eligible agencies to procure the canines

26 such as enhanced surveillance and detection capabili- ties, antiterrorism operational teams integrating dedicated law enforcement officers with explosives-detection canine patrols for enhanced deterrence, and bolstered detection capabilities through antiterrorism training, drills, and exer- cises and multimedia public awareness activities. In New York City, security checkpoints have been cre- ated at MTA and Port Authority Bridge and Tunnel crossings where vehicles are randomly inspected. Because bus and rail transit vehicles share ROW and infrastructure with other traffic, this is an important security measure. Terrorists have been known to use trucks as weapons or to transport threat materials; in a 10-year period, there have been 150 attacks worldwide using trucks (Kilcarr 2003). BART has alarms on key access points to the underwater tunnel, including vent structure and portal intrusion alarms. MBTA has designed a motion-detection system that is connected to cameras in underwater tunnels; if the system detects an unauthorized person(s), an alarm is triggered and images are sent from the camera to a control center. Installation of the system is scheduled to begin in 2008. TCRP Report 86, Volume 12: Making Transportation Tunnels Safe and Secure provides a detailed look at the vul- nerabilities of tunnels and a description of the various coun- termeasures that may be taken by the tunnel operator (TRB 2007a). OTHER MEASURES Station Managers and Agents At BART, station agents are responsible for performing security sweeps and reporting suspicious activity or items. A station manager program implemented in 1990 by NYCT created a highly visible position of station manager for selected stations. The manager “owned” their stations and was responsible for coordinating all aspects of transit ser- vice and operations, including passenger security and safety. They were physically present in various areas of the sta- tion, constantly communicated with transit customers, and reported suspicious activity (Kelling and Coles 1997b). Operational Strategies The survey respondents indicated that they have imple- mented the following operational strategies. No particular strategy dominated the responses. Fleet Management and Vehicle Tracking AVL systems use Global Positioning Systems and other tech- nologies to determine the location of transit vehicles. Half of agencies in all areas of the United States and 66% of agen- equipment using millimeter waves can detect explosives strapped to suicide bombers at a maximum distance of 20 yards and currently is being tested at rail and bus stations (Frank 2007). Trace detection technology focuses on detecting vapors or particles given off by explosives. A fingertip trace detec- tion scan for integration with transit ticket vending machines is being developed. SEPTA uses portable trace explosives- detection devices enclosed in a suitcase-style container along with its canine units to rapidly and safely screen unattended or suspicious packages, reducing service delays caused by false alarms (TRB 2007b). TUNNEL SECURITY Protecting high-risk underwater and underground assets is a high federal priority. The National Tunnel Security Initiative is an interagency working group formed by TSA, DHS, and U.S.DOT that brings together subject matter experts from a range of relevant fields to identify, assess, and prioritize the risk to mass transit systems with underwater tunnels. The effort assists transit agencies in planning and implement- ing protective measures to deter and prevent attacks, miti- gate blast effects, and enhance prevention and emergency response capabilities. Through regular meetings, this initia- tive has produced tunnel-specific risk-mitigation strategies, engaged security partners from passenger rail systems that operate in underwater tunnels, analyzed and applied the results of risk assessments, prepared statements of work for testing and modeling programs, and integrated the overall risk-mitigation effort for a cohesive, coordinated, and effec- tive approach. Accomplishments completed to date include the following: Identified and assessed risk to underwater tunnels, • Prioritized tunnel risk mitigation based on risk to drive • DHS Transportation Security Grant Program funding to most pressing areas, and Produced and disseminated recommended protec-• tive measures that transit agencies may implement to enhance security with available resources or through targeted grant funding. The working group has developed strategies to fund future technology research and development aimed at pro- ducing novel approaches to this challenging problem. For example, TSA is forming a partnership with the DHS/S&T on a new program called “Resilient Tunnel.” This program aims to address post-9/11 concerns that terrorists will target vulnerable tunnels causing catastrophic damages. Resilient Tunnel is a High Impact Technology Solutions project that specifically is pursuing novel solutions to protect critical transportation tunnels. The working group has developed priorities for tunnel-related transit security grant projects,

27 operations, storage, and emergency response procedures for different types of emergencies involving natural gas (Murphy 2005). CYBER SECURITY The E-Government Act of 2002 (Public Law No. 107-347, Sections 301-305) recognized the importance of information security to the U.S. economy and national security (“Evalu- ation of DHS’ Information Security Program for Fiscal Year 2007” 2007). In addition to having a standardized informa- tion technology (IT) policy to protect employee data and sensitive information, the primary cyber-security measures recommended by the IT literature are restricting access to devices (PCs, laptops, mobile) that are linked to the network; firewalls at all public–private network transit points; virus protection software; complex passwords; and centralized authentication of user identity. Additional measures include turning off unneeded ports, centralized security updates, and monitoring for suspicious activity. Because mobile devices and remote connections are especially vulnerable, data encryption and other additional measures are recom- mended (Leidigh 2005). Firewalls to prevent unauthorized network access and access control using passwords were the most frequently mentioned cyber-security measures by survey respondents. Other measures in use included physical access control to the server room, power backups and redundancy, and constant data backups. A few agencies reported using biometric tech- nologies. Recent introductions of portable biometric systems that remain in the possession of the user alleviate some of the privacy-related issues associated with biometrics. Additional cyber-security information can be found from the National Cyber Security Alliance at http://www. cies in the 78 largest metropolitan areas report implement- ing or planning to implement this technology, according to FTA’s APTS deployment report (Radin 2005). WMATA replaced its legacy pushbutton control panel at its Falls Church yard with a Domain Operator Controller System (see Figure 7), which allows WMATA to track all of its train car movements through the yard from a central control center (Judge 2007). Other operational measures reported by survey respon- dents included the following: Inventory Control• Limiting Station Access• Modifying Hours of Service• Modification of Dispatcher Responsibilities• Modifying Pretrip Inspections• Parking Lot, Vehicle Flow/Placement Reconfiguration• Strategic Location of Bus Stops.• Other security measures also include the following: Forming a graffiti task force to address graffiti • problems. Offering rewards to the public and employees for crime • tips. Placing report cards stating burglary risk on vehicles • parked [this has been effective within the Utah Transit Authority park-and-ride facilities to encourage pas- sengers to take additional precautions regarding their vehicles]. FIGURE 7 WMATA’s Domain Operator Controller System Screenshot (Courtesy: RailComm). The specialized topic of how to handle natural gas transit vehicle emergencies is studied in TCRP Synthesis 58: Emer- gency Response Procedures for Natural Gas Transit Vehi- cles. The Synthesis report provides information about the special considerations necessary for natural gas fuel usage,

28 platform for first responder agencies; and enhance public safety communications technology within the PATH system (“$34 Million for NYC Metro Area” 2008). NJT is imple- menting an emergency response system integrating dis- patch, records, and mobile field reporting capabilities and enabling NJT personnel and responders to access real-time intelligence. The system will feature a transit system map showing the locations of incidents and will have the capa- bility for cross-agency information sharing (Starcic 2008). WMATA has had a great deal of success in communications interoperability; the agency’s successes are profiled in chap- ter six. DHS/S&T’s Command, Control and Interoperability Division actively promotes communications interoperabil- ity through the provision of grants, technical assistance, standards formation, and the creation of programs such as SafeCom. SafeCom continues to improve interoper- ability by producing a Statement of Requirements, which describes the steps needed to achieve full interoperability and a Statewide Communications Interoperability Planning Methodology. SAFECOM’s RapidCom initiative ensured that a mini- mum level of emergency response interoperability would be in place in 10 high-threat urban areas (“SafeCom Program” n.d.). COLLABORATIVE TRANSPORTATION IMAGERY PROJECT TSA and its partner agencies are working jointly on the Collaborative Transportation Imagery Project to produce detailed mapping and interactive imagery of key assets and systems to inform and enhance the quality of operational activities and address threats and security incidents, secu- rity plans, training programs, and exercises. The product, in digital video format, incorporates multiple types of imagery, satellite maps, schematics, and related materials to provide a comprehensive view of the transit system, detailing signifi- cant infrastructure and security apparatus. These may include overhead imagery, architectural draw- ings on the physical layout of the facility, and access modes to the facility (i.e., roadways, rail links, water frontage, utili- ties, sidewalks, vents, and so on). The product is produced at the sensitive security information (SSI) classification level to permit controlled distribution among an agency’s manage- ment, security, and operating officials; local law enforcement agencies; fire and emergency medical service personnel; and TSA Federal Security Directors (FSD) and their staffs. staysafeonline.info/, as well as in the FTA’s Transit Agency Security and Emergency Management Protective Mea- sures report (Batelle, TotalSecurity US, and Transportation Research Associates 2006). COMMUNICATIONS SECURITY AND REDUNDANCY Communications security and cyber security are interre- lated. Cyber attacks can disable communications systems that are crucial in daily transit operations and in emergency situations. Most survey respondents stated that they have network security measures in place, most have power sup- ply backups, and many have redundant communications systems. Respondents noted that these measures had been implemented during the post-9/11 period. Maintaining the functionality of a security system includ- ing communications during an attack is critical, especially if one part of the system has been disabled (FTA 2004). Redundancy is also important for continuity of operations. The extent to which agencies practice redundancy differs: Some agencies continuously back up their data and store the backups in a separate location. One agency maintains a separate command center in the event the primary command center is destroyed or otherwise rendered unusable. INTEROPERABLE COMMUNICATIONS Interoperable communications facilitates the ability of per- sonnel and equipment from different agencies and entities to share and communicate information and data, including video feeds, and is vital during emergency response and recovery efforts. Wireless communications interoperability, the ability of personnel to share information through voice and data signals on demand, in real time, when needed, and as authorized is especially significant during emergencies (“SafeCom Program” n.d.). Communications interoper- ability, including wireless communications, requires the resolution of many operational and technical problems and remains a difficult challenge for transit police departments. Many have serious problems with tactical communication with the local police agencies within their service area. In the NYC metropolitan area, $34 million in DHS Public Safety Interoperable Communications Grant Program funds were released as part of the Urban Area Security Initiative. The NYC Urban Area Security Initiative region covers New York City, Yonkers, Westchester, Nassau, and Suffolk coun- ties, and the Port Authority of New York and New Jersey. The funds will be used to enhance communication within the MTA tunnel system; create a shared communication

29 CHAPTER FOUR SECURITY PRACTICES however, practices varied across agencies because of differ- ing agency policies, TVA results, needs and constraints, and operating environments. SECURITY AND POLICING MANAGEMENT The “Broken Windows” theory links minor crimes, disor- der, and quality-of-life problems with more serious crime. Addressing minor disorder is believed to mitigate and pre- vent serious crimes from occurring (Kelling and Coles 1997a). Those who commit minor offenses often have out- standing warrants or criminal records, and they will go on to commit more serious crimes. The public perception of security also diminishes as minor disorders increase. This poor perception will cause the ridership to decline and “sets in motion an inevitable cycle of deterioration spurred by the decline in revenues and the migration of potential middle- class and affluent riders to other modes of transportation” (Nelson 1997). At the same time, for a significant impact on crime to occur, the focus should not only be on minor crimes but also on serious crimes. In 1989, the NYC subway system was experiencing problems with both serious and minor crimes such as “visible homeless people on the system, ubiquitous pan- handling and begging, and roving banks of uncontrolled youths riding the subways” (Widawsky 1989, p. 3). At the time, even the NYC passenger advocacy group—Perma- nent Citizens Advisory Committee—believed that “crime happens,” stating that the “incidence of crime is steady and somewhat predictable” and that efforts by the transit police to reduce crime would be “self-defeating” (Widawsky 1989, p. 4). MTA’s “total commitment to order restoration” led by NYCT Police Chief William Bratton was a com- prehensive policy that targeted all types of crime—both serious and minor. The policy directing transit police to enforce subway rules implemented in the NYC subway system in 1990 was a phenomenal success. In the four-year period after 1990, felonies decreased by 75% and robber- ies by 64% (Kelling and Coles 1997c). (In 1995, a merger between the NYPD and the NYC transit police took place, establishing the NYPD Transit Bureau.) The model was further developed by Bratton who had become NYPD’s 38th Police Commissioner in 1994, and Jack Maple Deputy Security practices presented in this chapter include those relevant to both terrorism and crime. They include secu- rity and policing management; security resource allocation; risk management and security planning; regional coordina- tion, cooperative relationships, and intelligence informa- tion; customer outreach, education/training, and awareness; employee security and policing training; evaluation proce- dures, drills, and covert testing; and ferry security. Youth outreach strategies are also discussed in this chapter. These and other security practices are described further for each case study agency in chapter six. Transit agencies, according to Synthesis findings, have made numerous changes and enhancements to their security practices as a response to the attacks on September 11, 2001. The primary changes were the implementation or enhance- ment of the following: Transit Watch or similar employee and passenger • awareness and outreach program; Security training for employees, and increased coun-• terterrorism training for security personnel and transit police officers; Threat and vulnerability assessments (TVAs) as part of • a stronger overall risk management effort; Increases in security personnel or hours, including the • addition of security personnel where there were none; Plainclothes efforts;• Background checks;• Security drills and exercises;• Cooperative relationships and regional coordination • including participation in local and regional counter- terrorism committees; Receipt of intelligence, and intelligence and informa-• tion sharing; and Additional investment in security programs and mea-• sures and their incorporation into the budgeting and planning processes. In line with these findings, FTA’s Security and Emergency Management Technical Assistance for the Top 50 Transit Agencies reports that the largest 50 agencies demonstrated “significant strengths in critical areas of importance” (Bahr et al. 2007). Synthesis results indicate that smaller agencies also have implemented core security practices. In other areas,

30 disorder and minor crimes are prevented or mitigated and serious crimes are deterred by enforcing these rules (Kelling and Coles 1997a). SECURITY RESOURCE ALLOCATION Security resource deployment decisions are complex and are based on a variety of factors such as intelligence informa- tion; crime and incident statistics and trends; information about suspicious activity; available budget, personnel, and technologies; and results of planning and budgeting tools. The FTA’s Security Manpower Planning Model is a flexible decision support tool created to run within Microsoft Excel 2003. The model enables transit security planners to assess the impacts of strategic decisions on resources and staffing. Based on the data input, the model identifies staffing levels and budgeting. The model can be used by any transit agency with existing or planned security resources, regardless of operating mode(s) or size. Furthermore, the model can help security planners assess the impacts of various scenarios on resource and deployment strategies (Security Manpower Planning Model May 2008). Almost all responding agencies (30 of 33) stated they were currently making moderate to high investments in CPTED, which was followed closely by technology and employee training, and customer outreach and education. Fewer agencies reported additional investments in secu- rity personnel, perhaps because investments were made in the few years immediately following 9/11. All respond- ing agencies reported that security investments have had a positive impact on crime mitigation, terrorist deterrence and detection capabilities, and public and passenger perception of security. RISK MANAGEMENT AND SECURITY PLANNING TSA works with mass transit and passenger rail agencies to elevate their security posture through the BASE program. The BASE program assesses the security posture in 17 Secu- rity and Emergency Management Action Items. Developed through a joint effort of TSA, DHS, DOT, and agency secu- rity officials, the Action Items encompass activities and mea- sures that are fundamental to an effective security program. Security assessments commenced during fiscal year 2007 (FY07) with an initial focus on the 50 largest mass transit and passenger rail agencies. In 2007, BASE assessments were conducted in 46 of the nation’s 50 largest transit agen- cies. To date, 64 BASE assessments have been completed in total, covering 47 of the largest 50 agencies, second assess- ments on two of the top 50 agencies, 10 on agencies ranked in the 51–100 size range, and five smaller agencies. Three key areas for which assessment results produced timely action Police Commissioner for Crime-control Strategies, when they joined the NYPD. The NYPD model, CompStat, systematized informa- tion sharing among units and among different levels of the NYPD. At the core of the model was up-to-date crime statis- tics that were mapped and used to forecast crime and evaluate crime-reduction practices. Commanders were accountable for results within their precincts and were empowered to initiate staffing and resource deployment recommendations and plans to reduce and prevent crime. Commander profiles, which included each precinct commander’s background and training, performance, demographics, crime statistics, response time, and absences, were created and provided to senior management for promotion and transfer decisions. Also, officers at all levels of the organization were expected to contribute to the development of crime-fighting tactics and problem-solving efforts (McDonald 2001). See Appen- dix B for additional information about CompStat. Currently, transit agencies outside of New York City that have implemented CompStat or portions of the model include MBTA, NJT, MARTA, and MTA (P.P. McDonald personal communication, Feb. 19, 2008). Since the 1995 merger of the NYC transit police with NYPD, the transit police depart- ment is now situated within the NYPD. Community Policing The community in transit systems includes transit passengers and transit workers who are the eyes and ears of transit police; the community also includes vendors within the system or in the surrounding neighborhoods. The constant presence of the same officers will establish a rapport between the officers and the community, and will allow transit police to obtain useful information and garner their cooperation during emergen- cies. Community policing is practiced by transit police forces because the effectiveness of security and crime-prevention measures is often associated with the willingness of the public to provide information about crimes and suspicious persons or activities, and relies on citizens to set limits on disorderly behavior. Community policing also supports decentralization of police forces, allowing flexible responses to local problems (Kelling and Coles 1997d). Additional information about community policing is provided in Appendix B. Rules and Codes of Conduct Unlike in public places, transit systems have set clear bound- aries and have established specific codes of conduct or rules by which passengers must abide. These codes can contrib- ute to conflict mitigation and prevention of assaults. Transit agencies have a passenger code of conduct in place, includ- ing all 22 transit agencies responding to the survey question. Because many persons arrested for code-of-conduct infrac- tions have outstanding warrants or carry illegal weapons,

31 REGIONAL COORDINATION, COOPERATIVE RELATIONSHIPS, AND INTELLIGENCE INFORMATION Actionable information such as who will be carrying out an attack and intended target(s) is essential for agencies to formulate an effective counterterrorism strategy. The National Counterterrorism Center, now within the Office of the Director of National Intelligence, has the primary federal responsibility for all terrorism-related intelligence and information analysis. The Center also has a knowledge bank and provides intelligence support on terrorists and ter- ror groups. The National Strategy for Information Sharing “provides the vision for how our Nation will best use and build upon the information sharing innovations which have emerged post-9/11 in order to develop a fully coordinated and integrated information sharing capability that supports our efforts to combat terrorism” (National Counterterrorism Center 2007). The Strategy’s core principles are as follows: Information sharing must be woven into all aspects of • counterterrorism activity. The procedures, processes, and systems that support • information sharing must draw on and integrate exist- ing technical capabilities and must respect established authorities and responsibilities. State and major urban area fusion centers represent • a valuable information-sharing resource, should be incorporated into the national information-sharing framework, and operate in a manner that respects indi- viduals’ privacy and other legal rights. Joint Terrorism Task Forces (JTTFs) have been created in major cities to improve state and local information-shar- ing efforts. All agencies responding to Questions 25 or 26 reported that they have cooperative relationships with exter- nal agencies and many reported that their policing and secu- rity units have cooperative relationships with other units within their own agency. Specific intelligence can guide the agency regarding the nature of the threat against each of its modes and may pro- vide specific information on how, when, and where to imple- ment security measures. Transit agencies receive frequent periodic intelligence from DHS/TSA, FBI, U.S.DOT, FTA, and local law enforcement agencies. Some agencies engage in intelligence and information sharing with other transit agencies and first responders, and participate in regional counterterrorism committees or other regional security- related groups. A few survey respondents indicated that the intelligence they receive is often too general and that they would like the intelligence to be more focused to their sys- tem and region. The largest agencies, such as MTA in New York City, reach out to both domestic and international peer agencies (R. Masciana, MTA Police, personal communica- tion, Dec. 30, 2007). to address identified weaknesses included (1) security train- ing in which TSA produced focused training guidance and revised and streamlined processes under the Transit Secu- rity Grant Program to expand training opportunities; (2) approval of the Transit Security Grant Program funding of antiterrorism teams (Op-Packs) in high-risk locations; and (3) development of the national exercise program mandated in the 9/11 Act, which is being pilot tested in the National Capital Region. Transit agencies are using the results of TVAs to address vulnerabilities, allocate resources, and mitigate crime as well. The majority of responding agencies indicated that they have up-to-date security related plans, including COOPs, emer- gency plans, or incident response plans, and have integrated an Incident Command System (ICS) into these plans. Additionally, TSA has produced a compilation of Smart Security Practices derived from the BASE results and has identified the implementing mass transit or passenger rail agency and its point of contact. This compilation enables mass transit and passenger rail security officials to network and discuss how the particular practice has been developed and implemented, and to consider how it may be adapted to the operational circumstances of other systems. TSA has expanded its BASE program to assess security among the largest 100 mass transit and passenger rail agencies by rid- ership volume. TSA surface inspectors have also assessed smaller agencies, meeting a direction of the Implementing Recommendations of the 9/11 Commission Act of 2007 (Public Law No. 110-53). As of May 2008, TSA inspectors have conducted BASE reviews of more than 20 bus-only systems. This figure will increase through TSA’s partner- ship with the FTA in the Bus Safety and Security Program. Collectively, this effort helps mass transit and passenger rail agencies to identify security gaps and update their COOPs and their security and emergency plans. Additional information about how to create, update, and execute COOPs can be found in TCRP Report 86, Volume 8: Continuity of Operations Planning Guidelines for Trans- portation Agencies (TRB 2005). For agencies developing or updating an emergency response or security plan, TCRP Report 86, Volume 10: Hazard and Security Plan Workshop: Instructor Guide (TRB 2006b) is a useful reference. Rel- evant information is also found in the FTA’s Transit Agency Security and Emergency Management Protective Mea- sures report (Batelle, TotalSecurity US, and Transportation Research Associates 2006). NCHRP Project 20-59(17) has produced “A Guide to Risk Management of Multimodal Transportation Infrastructure” (2006), which addresses multimodal risk by focusing on the consequences of particu- lar threats. One of the products of the project was an Excel tool that assists multimodal agencies in prioritizing security measures to address relevant threats.

32 Transit employees and customers are important sources of intelligence, typically in the form of threat information, but the information can be variable in terms of timeliness and accuracy. As noted in TCRP Report 86, Volume 1, pre- incident indicators such as propaganda, vandalism, direct threats, thefts, and surveillance attempts should be identi- fied, closely monitored, and shared with other agencies on a frequent basis (TRB 2002). Regional coordination and cooperative relationships are important among transit agencies and first responders in information and resource sharing; developing drills and exercises; effective emergency response; establishing com- munications interoperability; and avoiding duplication of work. Additional information about how transit agencies can address cooperative relationships within their region, including their participation in regional emergency response plans and conducting regional drills and exercises, and information about intelligence-gathering, including threat and vulnerability information collection and analysis and information-sharing techniques, are found in the Transit Agency Security and Emergency Management Protective Measures report (Batelle, TotalSecurity US, and Transpor- tation Research Associates 2006). Another way in which agencies address cooperative relationships is through Con- necting Communities Emergency Response and Prepared- ness Forums, a successful FTA/TSA partnership project. These two-day workshops enhance security and safety by sharing transit policies, procedures, resources, and best practices with local first responders to transit emergencies. The program uses realistic scenarios, including terrorism, to focus discussion on emergency preparedness, management, and response. A key objective is expanded understanding and effective integration of the roles of federal, state, and local emergency management offices and response entities to facilitate efficient planning, preparedness, and response coordination. In 2007, eight Connecting Communities Forums were held across the country. TSA, FTA, and FEMA cosponsor the biannual Security and Safety Roundtable. These roundtables bring together security coordinators and safety directors from the nation’s 50 largest mass transit and passenger rail agencies with federal security partners to discuss security challenges and develop effective risk-mitigation and security-enhance- ment initiatives. The roundtables also provide a forum for agency safety and security officials to share effective prac- tices and develop relationships to improve coordination and collaboration. Intelligence-sharing between the agencies and their fed- eral, state, and local partners is further facilitated through TSA’s Mass Transit Security Information Network’s inter- agency communication and information-sharing protocols. The Homeland Security Information Network Public Transit (HSIN-PT) Portal has been integrated into this network to provide one-stop security information sources and outlets for security advisories, alerts, and notices. Additionally, TSA is actively involved in regional security forums and supports these collaborative efforts by sharing intelligence products and related security information. Another key ini- tiative is the joint classified threat and analysis briefings pro- vided by intelligence professionals in DHS, TSA, and the FBI to mass transit and passenger rail security officials and their federal partners. These briefings occur on a quarterly basis, with additional sessions as threat developments may warrant. They engage regional mass transit and passen- ger rail security professionals and their TSA and FBI col- leagues in metropolitan areas simultaneously through the FBI’s secure video teleconference system maintained in the JTTF network. CUSTOMER OUTREACH, EDUCATION, TRAINING, AND AWARENESS Customer outreach, education, training, and awareness pro- grams inform transit customers on what to do in emergencies and how to identify suspicious activity, persons, or items. Examples of security awareness literature are presented in Figure 8 and Appendix A. Many transit agencies have insti- tuted Transit Watch, and some agencies provide evacuation instructions to their rail and subway passengers. WMATA conducts training for selected commuters within its subway tunnels to help themselves and other riders navigate them in case of an emergency (Layton 2004). NYCT provides its customers with a web-based video on how to safely evacuate trains in case of an emergency. FIGURE 8 Example of a Security Awareness Poster (Courtesy: BART). Some agencies such as WMATA and TriMet collaborate with Community Emergency Response Teams (CERTs) to enlist the assistance of neighborhood CERT members to be

33 The agencies do not incur additional expense to par- ticipate in the program. TSA funds the cost of the public awareness materials distributed during the joint campaigns. These materials include a bookmark-size flyer, with a pho- tograph from the transit system; the participating agency’s logo and emergency contact number(s); security awareness and vigilance tips for passengers; and a plastic key-ring light promotional item. The light is imprinted with the words “Transportation Security Administration” and “Play Your Part,”, linking the promotional item to the public awareness campaign. Transit customer education is important in crime preven- tion, because many transit crimes are crimes of opportunity. Many agencies distribute educational literature on crime pre- vention and advise passengers on steps that can be taken to deprive criminals of the opportunity to commit crimes (e.g., not displaying jewelry). This information is more valuable for infrequent transit patrons who may forget to take these precautions. Passengers should be educated about secu- rity features of transit vehicles in all modes, and the transit system should clearly identify those features for the riding public. TCRP Synthesis 68 on Methods of Rider Communi- cation (Schweiger 2006) describes the state of the practice in effective transit agency communication methods. “Effec- tiveness” is defined as providing accurate, clear, accessible, understandable, and timely information. Regarding security communications, the Synthesis study reported that nearly all survey respondents provided some type of security-related information to their customers, with reminders about suspi- cious activities and packages being the most common (Sch- weiger 2006). EMPLOYEE SECURITY AND POLICING TRAINING Transit agencies strongly emphasize security training of their transit officers, security personnel, and frontline transit personnel and supervision. To assist these agencies further in improving training, TSA, in consultation with the FTA and other public and pri- vate security partners, developed and published the Mass Transit Security Training Program. This program provides detailed guidelines for mass transit and passenger rail agen- cies to facilitate development and implementation of security training programs, specifying the subject areas in which par- ticular categories of employees should receive training. The guidelines are implemented under the Transit Security Grant Program. Course options include programs funded by FTA/ TSA (transit-specific terrorism prevention and response) and FEMA (general terrorism prevention and response). The FTA, through the NTI, issues publications that are available to all domestic transit agencies for use in employee their eyes and ears. The CERT program educates the pub- lic within a specific community about disaster prepared- ness and trains them in disaster response skills, such as fire safety, light search and rescue, team organization, and disaster medical operations. During an emergency, CERT members can assist others if professional responders are not immediately available. Some agencies provide toll-free numbers or hotlines for their passengers to report suspicious activity, and some have implemented a crime-prevention program. Some agencies encourage the general public as well as their customers to be alert and report any suspicious activity. For example, a catchy television, radio, and in-vehi- cle transit campaign stating that in 2006 1,944 New Yorkers “saw something and said something” reminded the public to be aware and alert. Additional information about Transit Watch and how transit agencies can create, update, and execute public and employee information communications plans are found in the FTA’s Transit Agency Security and Emergency Manage- ment Protective Measures report, on TSA’s website (http:// www.tsa.gov), and on FTA’s safety and security website (http://transit-safety.volpe.dot.gov). TSA issues brochures such as the Highway Passenger Security for Motorcoach, which includes a visual guide of the areas on a bus in which devices and objects may be placed by a terrorist, and the Security Awareness Tips for Passengers, a guide on commuter and intercity rail systems. National Transit Institute (NTI), in conjunction with the FTA, also issues awareness and other relevant brochures. Individual agencies distribute these brochures and issue agency-specific publications and informational materials to their customers and employees. Samples of these brochures are shown in Appendix A. Public education and outreach efforts are being further enhanced by programs such as the Play Your Part initia- tive. The initiative is a key component of public awareness campaigns. Under this program, TSA, in joint efforts with mass transit and passenger rail agencies, advances secu- rity awareness among the traveling public and public and private partners. TSA Transportation Security Inspectors– Surface, supported by the Mass Transit Division, form partnerships with the agencies in high-visibility public awareness campaigns, altering the normal activities at ter- minals or stations and enhancing passenger awareness of and vigilance for suspicious activities and items, which are possible indicators of terrorist preparations for or execution of an attack. TSA and the agency’s employees and surge personnel display posters and distribute security awareness literature and promotional items to passengers at random dates, times, and locations throughout the system. Local police and emergency response personnel are informed of the event and invited to join.

34 Metro case study (see chapter six). WMATA has a unique and realistic training facility and vehicles for its transit police officers and personnel. The training facility, ideal for interagency drills, may be used by other transit agencies. Following are some of the security-related classes or courses provided by transit agencies: FIGURE 9 MBTA Police Officers (Courtesy: MBTA). Transit Watch• System Security Awareness for Transit Employees• System Security of Operators• Security Awareness Train-the-Trainer• Recognizing Terrorist Activity• Terrorist Recognition and Response• Strategic Counterterrorism for Transit Managers • The Mark (video/DVD)• Other NTI Transit Security DVDs• Behavior Recognition Train-the-Trainer• Incident Response to Terrorists• Terrorism Awareness• Transit Terrorist Tools and Tactics• Transit System Security and Design Review• National Incident Management System (NIMS) ICS • 100, 200, 300, 400, 700, and 800 Homicide/Suicide Bomber Training• Domestic Preparedness• Emergency Management• Transit Emphasis Inc. Management Service• Transit Vehicle Emergencies• Crime Prevention• CPTED• Firearms, arrest control technique, taser, baton, and • pepper spray training Peace Officers Standards and Training (POST)• First Aid/CPR (cardiopulmonary resuscitation)• Customer Service and Customer Relations.• FEMA’s Center for Domestic Preparedness in Anniston, Alabama, is the DHS’s only federally chartered WMD train- ing center. The Center provides hands-on training to emer- training. These publications include the following brochures, which are distributed by transit agencies to their new hires and current employees. Employee Guide to System Security• . This guide describes how to identify system vulnerabilities, how to identify and respond to suspicious people, activity, and objects, and how to report suspicious people, activ- ity, and objects. Terrorist Activity Recognition and Reaction• . This guide for employees provides information on how to recog- nize suspicious activities, including surveillance activ- ity, testing security, infiltrating secure areas, deploying assets, and individual behaviors. It describes how to recognize and respond to dangerous activity and how to report suspicious or dangerous activity. Emergency Preparedness Guide for Transit Employees• . This guide explains what to do before and during emer- gency situations and includes specific tips on how to handle a variety of emergencies, including natural disasters. The guide contains general system security awareness information. It is unique in that it has two sections—one pertaining to emergencies on the job and the other to emergencies at home. Employee Guide to Workplace Violence• . This guide includes basic strategies on how to deal with difficult or dangerous individuals are described. Although this publication focuses on worker-on-worker violence, these strategies are applicable to public-on-worker vio- lence as well. According to survey results, transit agencies have pro- vided or are planning to provide, at a minimum, security awareness training to their frontline employees, supervi- sory personnel, and security personnel. Security training is typically conducted either in house or through NTI or the Transportation Safety Institute. Other sources are available including APTA, FEMA, and universities such as Johns Hopkins University (JHU). Most training has been deliv- ered by classroom training or workshop, and the rest has been a combination of video/digital video disc, interactive compact disc, or online training without an instructor. The length of most training is between one and four hours. It is interesting to note that few courses are directed toward transit managers. One such course is the FTA-sponsored Strategic Counterterrorism for Transit Managers provided by JHU. The MBTA Transit Police Department is one of a few transit agencies with its own police training academy that trains both MBTA officers and local responders (MBTA 2000) (see Figure 9). Capital Metro provides training to its local responder community using a valuable tactical operations guide. Addi- tional information about the guide is included in the Capital

35 The CDTA in Albany, New York, has engaged in a collab- orative effort with one of the major school districts and police agencies in its service area to prevent juvenile crime and dis- order. The CDTA worked with the schools to establish the idea that CDTA buses are extension of the classroom; and, thus, students who violate either CDTA’s code of conduct or the school’s code of conduct are subject to suspension from school and CDTA bus service and its facilities for a period of time. Additional details about this effort can be found in the CDTA case study (see chapter six). EVALUATION PROCEDURES, DRILLS, AND COVERT TESTING According to survey respondents, evaluations of policing strategies and measures are often performed by measuring the impact of the strategy or measure on the specific problem being addressed. Additionally, specific testing and evalua- tions of new equipment are performed. Some agencies conduct or participate in simulations or tabletop exercises or workshops. Many transit agencies reg- ularly conduct at least one to two inter- and intra- agency drills a year, according to the Synthesis findings. After-ac- tion reports are useful for agencies in assessing their pre- paredness, and identifying and addressing system-related vulnerabilities and individual weaknesses. WMATA’s Metro subway system conducted Operation Trouble Waters, a Multi-Agency Emergency Preparedness Safety Exercise on the Yellow Line bridge over the Potomac River in October 2007. The drill took place on location using WMATA’s train- ing vehicle, which simulated a smoke-and-fire event with several injured passengers onboard a stranded four-car train. The multiagency event required the response, coordination, and communication of several agencies, including Metro Transit Police, Rail, Safety, FBI, Operations Control Cen- ter (OCC), DHS, and the Maryland, District of Columbia, and Virginia fire departments. The training facility, ideal for interagency drills, may be used by other transit agencies as well (WMATA 2007). Additional information for planning drills and exercises is available in TCRP Report 86, Volume 9: Guidelines for Transportation Emergency Training Exer- cises (TRB 2006a). Transit agencies tend not to engage in covert testing of their security personnel or their frontline workers, but a few agencies reported that they do conduct covert observations of operators with respect to safety and security, including pretrip inspections along with passenger relations, Americans with Disability Act (ADA) compliance, and on-time performance. One agency reported that they conduct hostage drills on buses once a year; another reported that nighttime entry into transit facilities is tested; and another reported that access to transit vehicle panels and compartment doors is checked randomly to verify adherence to standard operating procedure. gency responders using actual chemicals and other threat materials. DHS covers the cost of travel and other expenses for qualified participants (Center for Domestic Preparedness 2008). Eleven of the responding agencies reported having updated their performance appraisal system since 9/11 to include security matters. Covert evaluations of transit work- ers in implementation of security training content, security awareness, and other related matters usually are not com- pleted. Although drills are performed on a regular basis, large drills are costly, and agencies typically cannot accom- modate all transit police and security personnel and frontline employees. Simulation is an alternative training and evalua- tion tool that provides a realistic but safe three-dimensional setting in which employees may be trained and assessed. Simulation is being used in military settings to train military personnel and has been considered for use by a few transit agencies as a training tool. YOUTH OUTREACH STRATEGIES Transit systems with high juvenile ridership often experi- ence problems with disorderly behavior. Juveniles can be a major source of disorder and provoke fear in transit custom- ers, including in other youths and transit employees (Nelson 1997). In some cases, bus drivers have refused to drive into certain neighborhoods or during certain times of the day because of the fear of violence. According to the MBTA Youth Study results, 75% of weekday afternoon riders were intimidated by the crowds of juveniles on the system (MBTA 2000). Their behavior, which included loud and vulgar language, blocking subway doors, and other unruly acts, caused these riders to avoid using the system during the afternoon hours. Furthermore, juveniles have accounted for a disproportionate number of arrests, especially for assaults and battery. The MBTA Transit Police Department addressed the problem by taking several actions: police presence was increased; kiosks were installed in several stations to pro- vide easier access to the police; gang issues were addressed in partnership with the Boston Police Departments’ Youth Violence Strike Force; MBTA Transit Police Department collaborated with the YMCA to provide youths loitering in the transit system with free YMCA passes so that they would be able to participate in athletic and other activi- ties; and the MBTA Transit Police Department worked with a high school to reduce youth violence. In addition, Field Interviews and Observations were conducted to address truancy, and MBTA transit officers stopped pos- sible truants and obtained information about them. This effort indirectly reduced loitering, minor violations, and gang activity.

36 FERRY SECURITY Ferries outside of the United States have been targets of attacks, and U.S. ferry systems have been cased by sus- pected terrorists. Ferries are vulnerable to IEDs, acts of force, and chemical, biological, and radiological agents. Delivery methods can be by person, by vehicle, by vessel, by air, underwater, or as artillery. Ferries that carry cars as well as passengers are believed to be more vulnerable than passenger-only ferries because of the large amount of fuel being carried (TRB 2006c). Vehicle screening for explosives is performed by ferry systems that carry vehicles as well as passengers to comply with regulations of the Maritime Transportation Security Act of 2002, which became effective on July 1, 2004. The screening can be made visually, by canine, or with a car- screening van. The car-screening van contains explosives- detection equipment and is used by slowly driving past a vehicle to scan it for explosives. Passenger screening is done by ferry operators. In addition to screening requirements, other security measures include new regulations for train- ing and drills, approved security plans, onsite assessments by the U.S. Coast Guard, designated company and vessel security officers, Declarations of Security between termi- nals and vessels, and automatic identification systems. The nature and extent of the measures that are required by fed- eral regulations are directly linked to the Maritime Security threat level (I, II, or III). Security officers for one of the larger ferry systems use explosive-detection canine teams to screen vehicles stopped in the vehicle holding lane. If explosives are detected by the canine unit, a secondary physical inspection of the vehicle is performed. Random visual inspections of vehicles are per- formed, and drivers are asked to open trunks and other com- partments for visual checks. The Coast Guard Marine Safety and Security Team escorts ferries at random and increases the escorts during special events. Ferry vessel security was increased by securing the ferry captain’s compartment. The following are primary security measures for ferry systems (TRB 2006c): Fencing/Barriers• Access Control• Intruder Sensors• Monitoring• Procedural/Low-Cost Waterside Security• Screening• Human Observation.•

37 CHAPTER FIVE CONFLICT MITIGATION STRATEGIES ultimately, such fear and stress may damage the reputation of the transit agency. Recognizing the warning signs of a volatile or emotionally disturbed individual, understand- ing what to do to defuse potentially violent situations, and knowing how to respond if violence does occur will make transit employees feel safer both physically and emotionally. Typically, physical aggression does not occur out of the blue but develops along a continuum such as the one shown in Figure 10. FIGURE 10 Physical Aggression Continuum (Source: Crisis Prevention Institute’s 2007 Webinar on Workplace Violence Prevention). An appropriate training mechanism is role-playing, in which transit workers would be taught ways in which they can respond to attackers and potentially threatening behav- iors by actually playing out different confrontational interac- tions. As noted earlier, customer relations training is just as vital for transit employees because good customer relations can obviate the need for conflict mitigation. In addition, transit management should have a written policy on violence that includes what employees are expected to do in specific situations and how those incidents should be reported, and it should communicate this policy to all of its workers. Transit patrons are naturally going to experience anger and frustration, especially if they experience a delay or other issue with transit service. However, they should not be abusive or manipulative toward transit personnel or other customers. If the aggressor achieves his or her objec- tive in controlling the situation, the interaction will likely continue. As shown in the Escalation/Crisis Cycle Flow- chart (see Figure 11), if the transit worker participates in Based on panel member interest in this topic, this chapter describes conflict mitigation strategies, including verbal judo, assertive limit-setting, listening tactics, and problem- solving skills. Transit employees are in constant contact with the public, and the transit environment creates stressful situations for both passengers and employees (e.g., a com- muter who is already late to work may be further delayed by a late bus or train.) Potential conflict situations occur within transit systems on a daily basis and can escalate and erupt into physical confrontations or assaults. Assaults on front- line workers create a great deal of anxiety and stress for all workers and contribute to a reluctance to work in high-crime areas. Therefore, training employees in conflict mitigation techniques is important. Conflict mitigation techniques go hand in hand with customer relations training, which should be provided to all transit employees who have contact with the public. Effective customer relations management can enhance customer satisfaction and stave off conflict situ- ations. Although outside the scope of this study, transit employee versus employee conflict situations have been increasing in frequency as well. Transit agencies practice one or more conflict or assault mitigation techniques. The two primary methods, as reported by the 22 survey respondents, include passenger codes of conduct and presence of security or transit personnel; these measures also address other anticrime and counterterror- ism objectives. About half of the respondents indicated that their personnel use verbal techniques such as verbal judo, and less than half of the responding agencies indicated that they implement community policing practices and roving security patrols. A few respondents indicated that they use nonverbal techniques and restraining techniques to resolve and mitigate conflicts. Some agencies reported they provide specific training in conflict resolution techniques, participate in school outreach efforts to discourage juvenile offenders, and install cameras to act as a deterrent to criminal behavior and conflict escalation. Conflict management training for all transit workers is important to address both customer and workplace violence, especially for frontline workers who interact with the pub- lic on a daily basis. Increased fear and stress from potential confrontations and violence can cause increased absences, increased disability and workers compensation claims, decreased productivity, and poor employee retention; and,

38 Exchange of money• Delivery of passengers, goods, or services• Working alone or in isolated locations• Working late at night or during early morning hours• Working in high-crime areas• Responsible for property of interest to terrorists or • criminals. TECHNIQUES Conflict mitigation techniques can be broken down into the following categories. Initiating contact: When initiating contact with a hostile customer, verbal tone and nonverbal cues are both impor- tant. It is best if the transit worker is the first one to speak and ask a question to gain control of the situation. Use of cooperative language: The use of nonconfron- tational language is important—this type of language is milder, does not challenge the customer, and does not place blame. Also, hot phrases that suggest disinterest such as “whatever” or “I don’t care” and references to ethnic back- ground or unequal treatment should not be used. Words with threatening or challenging undertones and absolute words (such as “never”) should not be used. Verbal judo and self-defense techniques: Verbal judo, a tactical communication technique originally developed for law enforcement, is based on some of the principles of judo (e.g., redirecting the attacker’s energy to control the situa- tion). Surprising the attacker (e.g., saying something that is unexpected) is a good technique to confuse and stop the attacker from continuing their verbal abuse. This provides the transit worker with an opportunity to gain control of the interaction. Acknowledgment or listening tactics: Empathy state- ments such as “I understand that you are upset about the delay” acknowledge the customer’s feelings. These types of listening responses rephrase what the customer has said and demonstrate to the customer that the transit worker is listen- ing to them. Problem solving: Trying to resolve the customer’s problem and giving them useful information shows goodwill to the customer and may reduce hostility toward the transit worker. Also, explaining why the problem occurred may be helpful. Assertive limit-setting: Assertive limit setting is used to end a conversation that the transit worker has not been able to control by employing other tactics to change the attack- er’s behavior. The following concepts are imparted to the attacker in assertive limit-setting: and responds to the conflict, the interaction may escalate into a physical confrontation. For example, a customer may complain about the bus being late and blame the bus operator, stating, “If you knew how to drive the bus, this wouldn’t happen. What the hell is wrong with you!” To defuse the situation before it escalates, the transit person- nel initially should acknowledge the customer’s feelings, empathizing with the customer, and communicating with them as a real person with a name and feelings. Next, the transit personnel should try to control the interaction by beginning to defuse the situation early in the interaction and by being assertive and never losing control. If the tran- sit worker loses control and becomes angry at the attacker, the possibility of escalation and violence greatly increases (Bacal 1998). FIGURE 11 Escalation/Crisis Cycle Flowchart (Source: Defusing Hostile Customers Workbook). Aside from contact with the public, transit workers may be affected by other risk factors such as the following (NIOSH 2006):

39 A description of unacceptable behaviors,• A request to change that behavior, • An explanation of the consequences that will occur if • the behavior does not change, and A question that gives the customer a choice.• Countering nonverbal intimidation: A transit worker can change his or her physical position relative to the attacker by standing at an angle or side-by-side to counter physical intimidation and diminish confrontation. At the same time, it is important not to move into their space. In addition, dis- tracting the attacker by directing them to something else such as a clipboard or map may help. Other techniques: Many other techniques may be used, including redirecting the customer’s anger or giving the cus- tomer an address to send a complaint letter. Removing the audience (other customers, the public) by interacting with the customer in a more private area may be helpful. Creat- ing agreement about anything with the customer and giving away something (e.g., transit map) may lessen the intensity of their hostility. Certain behaviors such as a sudden change in expression, voice tone, or an intimidating body posture might identify customers who may need to be treated with caution (Bacal 1998, p. 22). INFORMATION SOURCES The following sources of information and references on workplace violence may be useful in providing guidance to transit management: Bureau of Labor Statistics, Survey of Workplace • Violence Prevention, 2005. International Labour Organization. Code of Practice on • Workplace Violence in Services Sectors and Measures to Combat this Phenomenon, 2003. National Institute for Occupational Safety and Health, • Violence in the Workplace: Risk Factors and Prevention Strategies, 1996. National Institute for Occupational Safety and Health, • Violence on the Job, 2004. Occupational Safety and Health Administration. • Voluntary Guidelines for the Prevention of Workplace Violence. There are also many training manuals developed by non- profit and for-profit organizations such as the Crisis Preven- tion Institute’s Prepare Training Program Manual (2005). PREVENTION STRATEGIES Strategies to counter the risk factors include the imple- mentation of smart cards and the elimination or reduction of cash-based transactions. Many agencies have imple- mented automated fare collection systems that do not accept any form of cash. When taking tokens or cash out of fare boxes, extra security should be present. Physical separation of workers from the general public using bullet-resistant barriers or enclosures may be helpful. To address a rise in assaults on its Metrobus bus operators, WMATA, in Febru- ary 2008, started testing a clear plastic shield separating the bus operator from fare boxes used by passengers (NIOSH 2006). LACMTA and CTA are also testing the separation device on their bus systems. Strong legislation can act as a deterrent to assaults on transit workers. The D.C. City Council is considering leg- islation to increase the penalties and fines for those who assault bus operators on the job. Similar legislation has been proposed in Maryland. In New York City, assaulting a transit worker is equivalent in severity to assaulting a police officer, which is considered a felony. This penalty has been advertised within the transit system and acts as a deterrent to assaults on its workers. Incidents should be documented to determine the extent and types of conflicts occurring between transit employ- ees and the customers, and the outcomes of the incidents to determine optimal conflict management techniques. Threats should be documented and evaluated by interdepartmental teams composed of representatives from security, human resources, unions, management, employee assistance, and other relevant units to determine how specific a threat is and whether the person making the threat has the means to carry it out. Law enforcement and transit security personnel should be contacted immediately for imminent threats, and employees should be aware of what to do in case a confronta- tion does become physical. A plan should describe the com- position of the response team, who should be responsible for the victim’s immediate care, and should explain how to debrief the victim(s), their coworkers, and families. Guide- lines on reestablishing transit service should be developed.

40 CHAPTER SIX CASE STUDIES The objectives of the case studies were to obtain an in-depth coverage of both crime and terrorism-related security chal- lenges faced by the selected transit agencies, examine their security practices and measures, and learn how they are holistically integrated and utilized by the agencies to address the challenges. The case study question categories included post-9/11 changes in security, policing, policy, and practices; security-related technologies and other implemented secu- rity measures; changes in crime, incident, and suspicious activity trends; training and personnel issues; security data collection and analysis practices and concerns; and other information relevant to the study. Case studies of four transit agencies and a transit agency profile are provided in this chapter. The case study agencies are Massachusetts Bay Transportation Authority (MBTA), serving the greater Boston area; the Bay Area Rapid Transit (BART), serving San Francisco, California’s Bay Area; the Capital District Transportation Authority (CDTA), serving the Albany, New York Capital District; and Capital Metro serving the two counties in the Austin, Texas, region. The transit agency profiled is the Washington Metropolitan Area Transit Authority (WMATA)—this agency’s successes in interoperable communications are described. MASSACHUSETTS BAY TRANSPORTATION AUTHORITY (BOSTON, MASSACHUSETTS) The MBTA, established in 1964, serves greater Boston and eastern Massachusetts. With a daily ridership of 1.1 million passengers, MBTA operates the oldest subway system in the country (the original subway opened in 1894) and is now composed of five subway lines, the Silver Line bus rapid transit, 13 commuter rail lines, four passenger ferry routes, and 181 bus routes, along with paratransit (see Figures 12 and 13). Serving a community with a daytime population of more than 2.5 million people, the MBTA employs approxi- mately 8,000 workers, covers nearly 3,244 square miles, and operates more than 2,200 vehicles on a daily basis. MBTA Transit Police Department The MBTA Transit Police Department was created in 1968 and has continuously evolved to meet MBTA’s security and public safety needs. Currently, under the leadership of Act- ing Chief Paul MacMillan, the MBTA Transit Police Depart- ment consists of 282 officers, 267 sworn and 15 nonsworn, who are specially trained to meet the unique challenges of securing the urban transit environment. In addition to 800 hours of training mandated by state law under the Munici- pal Police Training Committee, MBTA Transit police offi- cers receive specialized training in counterterrorism, youth relations, juvenile law, cultural diversity, and ROW railroad safety training. The MBTA Transit Police Department is one of the few transit agencies with its own police training acad- emy, which trains both MBTA officers and city and town officers and responders. FIGURE 12 MBTA Subway Map, Partial View (Courtesy: MBTA). On March 19, 2005, the Commission on Accreditation for Law Enforcement Agencies unanimously granted full accreditation status to the MBTA Transit Police Department. This agency grants this status to law enforcement agencies that are in compliance with more than 400 standards that rep- resent the highest level of law enforcement professionalism. MBTA Transit police officers have jurisdiction and full police authority in all 175 cities and towns within its service area. Outside this area, the officers exercise street railway police powers on the vehicles, properties, and ROWs that make up the Commuter Rail System. The MBTA policing area is divided into four geographic districts, each of which is headed by a commander. The commanders and their

41 MBTA Interactive Crime Statistics Map The MBTA Transit Police Department issues crime data in a timely and innovative manner. Annual statistics are pro- vided for each station on MBTA’s heavy rail and light rail systems as well as its Silver Line. A similar interactive crime statistics map is provided for MBTA’s commuter rail system (see Figure 14). The public benefits from these maps include assessing the frequencies of specific crimes and altering trip-making decisions accordingly, which promotes a greater sense of security and control over their trip. FIGURE 14 MBTA Transit Police Department’s interactive crime statistics map (Courtesy: MBTA). Counterterrorism Efforts Twenty-five officers are formally dedicated to antiterrorism efforts. All officers have been trained to address both ordi- nary crime and antiterrorism matters and to take appropri- ate action when the situation warrants. Professionals in the field agree that antiterrorism efforts can have an impact on day-to-day crime. Therefore, focusing officer attention on homeland security issues will affect minor offenses such as disorderly conduct and vandalism. This is an important issue for police management because serious offenses may often follow such minor offenses. Post-9/11 Security Measures The results of risk assessments have indicated that IEDs pose the highest threats to MBTA’s system for all of its trans- portation modes. Underwater tunnels, because of the poten- tial result following an explosion, are the most significant threat locations. Shortly after the 9/11 attacks, the MBTA Transit Police Department focused on increasing its counterterrorism secu- rity measures—and either implemented new programs or measures or expanded existing ones. Passenger reaction to personnel interact with residents, passengers, and vendors within their district to build good relationships with the community. FIGURE 13 MBTA System Map, Partial View (Courtesy: MBTA). MBTA Transit police officers are assigned to one of three divisions in the Department: Patrol Operations Division, Investigative Services Division, and Administrative Ser- vices Division. Transit police officers are responsible for the following: Protecting life and property; • Upholding the constitutional rights of all people; • Ensuring a safe environment within the transit • system; Reducing fear; • Preventing and detecting crime; • Arresting, detaining, and prosecuting violators of the • law; Recovering stolen property; • Preserving public peace; • Promoting • Transit Watch and other transit security initiatives, including coordinating special national security events (e.g., the 2004 Democratic National Convention); and Promoting the confidence of the riding public through • community policing. Policing Management One of the management strategies used by the MBTA Tran- sit Police Department is CompStat (computer-driven crime statistics). Monthly CompStat meetings are held by the chief with the commanders to identify and address changing crime trends. Timely information sharing and awareness of problems within the MBTA system are the key benefits of CompStat for the MBTA Transit Police Department.

42 these measures generally has been positive, with many pas- sengers expressing a desire to see even more security within their transit system. Many of these measures such as High Vis- ibility Patrols and Train Order Maintenance Sweeps not only deter terrorism but also prevent and detect ordinary crime, as well as increase customer perceptions of security, and there- fore are viewed as highly efficient as well as effective. High-Visibility Patrols High-visibility patrols are patrols that are made highly vis- ible through the saturation of specific locations with multiple specially uniformed officers (battle dress uniformed and IMPACT teams) and the use of visible tactical vests (ATLAS teams). These patrols are viewed as one of the most effective security measures instituted by the MBTA Transit Police Department. These patrols monitor all MBTA modes and all areas of the MBTA system, and act as a strong deterrent against both terrorism and ordinary crime. Train Sweeps Train sweeps involve officers who appear unannounced at a station and spread out along the platform. They step onto every car of the train while the train is stopped to observe passengers and identify suspicious activity or objects; they then step off the train. Because the procedure takes only sev- eral seconds, there is little disruption to train service. Similar to high-visibility patrols, the visible presence of officers on station platforms monitoring the interior of each train car acts as a strong deterrent against both terrorists and criminals. Explosives Detection Unit The MBTA Transit Police Department significantly expanded its explosives-detection unit by acquiring additional canine units and participating in the TSA canine program. Cur- rently, the MBTA Transit Police Department has 10 explo- sives-detection canine and 10 officers assigned to this unit. The canine teams patrol all MBTA modes aside from para- transit. Currently, 10 patrol dogs are part of the normal patrol unit within the MBTA system and provide security for the agency’s facilities, including bus depots and train yards. Passenger Security Inspections MBTA was the first transit agency in the United States to implement PSIs. In 2004, when Boston hosted the Demo- cratic National Convention, the MBTA transit police initiated random passenger bag and luggage inspections. This is now implemented on a systemwide basis for all MBTA modes except paratransit to deter acts of terrorism and enhance passenger perception of security. Explosives trace detection (ETD) equipment is typically used during the inspections. The ETD analyzes a swab taken by an officer from the zip- per, seams, or handle of a bag; alarms sound if it detects any traces of explosives material; and does not require that bags be opened, which protects the privacy of passengers. The inspections are random and can occur at any time, on any day, and at any location within the MBTA system, enhanc- ing the deterrence effect of this security measure. Behavioral Assessment Behavioral assessment is the observation of passenger behavior and the identification of suspicious behavior. Offi- cers question passengers deemed to be acting suspicious and take further action if warranted based on the observed behavior during the interaction. This procedure is not based on the physical appearance of the individual, and ethnicity is never taken into account. Behavioral assessment has been used successfully by Israeli airport security to identify ter- rorists and would-be suicide bombers. Cameras Every subway station has been outfitted with security cam- eras that were installed in conjunction with the installa- tion of automatic fare collection equipment. More than 500 cameras have already been installed in MBTA stations and trains. All cameras are now digital, allowing the storage of images for up to 30 days. Real-time images are sent to one of several command centers where personnel monitor them. Cameras are or will be installed on 300 buses and on ferries. A motion detection system that alarms when it detects unau- thorized individuals and triggers a camera is being installed in the underwater tunnels, which are deemed to be high-risk locations. Intelligent video software capable of identify- ing suspicious behavior and objects will be implemented in conjunction with this camera system and other cameras throughout the system. Intelligence Unit The MBTA Transit Police Department’s Intelligence Unit engages in information sharing with local law enforcement and federal agencies as well as other domestic and inter- national transit agencies. The unit established the Coun- terterrorism Hotline (1-866-PREVENT or 617-222-TIPS), which has been disseminated to the public. All reports are investigated by the Intelligence Unit and are forwarded to the FBI’s Joint Terrorism Task Force, when warranted. The Intelligence Unit issues a weekly bulletin that summarizes all transit-related incidents throughout the world. Special Operations Team The MBTA Transit Police Department deploys its Special Operations Team (SOT) to assist in critical incidents or situ- ations. The SOT is trained in hostage and barricade situa- tions, as well as high-risk entry situations. SOT members participate on the high-visibility ATLAS teams.

43 HazMat Officer The MBTA Transit police department has an officer spe- cially trained to handle hazardous materials (HazMat) and who will respond to HazMat emergencies. Chemical Detection A chemical detection unit was tested as part of the Program for Response Options and Technology Enhancements for Chemical/Biological Terrorism (PROTECT) and is being used in one of MBTA’s multimodal stations. If the unit detects a chemical threat, it will alarm and then trigger a camera within the station to transmit images to the MBTA’s Operations Control Center (OCC). Public Awareness Campaign The “See Something, Say Something” Transit Watch pro- gram implemented by the MBTA Transit Police Department encouraged the MBTA employees and passengers to report suspicious activities and objects. Public address announce- ments remind passengers to report suspicious behavior, and the frequency with which the announcements are made is correlated to the threat level. The perceptions of threat have decreased compared with the period immediately after 9/11 and the London and Madrid bombings. Public awareness campaigns keep the public, passengers, agency employees, and officers motivated and alert. The number of reports of suspicious activity and objects, which peaked immediately after 9/11 and then again after the London and Madrid bomb- ings, has now stabilized. Blast Mitigating Trash Receptacles After 9/11, blast-mitigating trash receptacles replaced regu- lar trash receptacles in the core subway system to prevent serious consequences from the detonation of an IED placed inside a regular transit receptacle. Training In addition to normal police training that all officers undergo in MBTA’s police academy, the following training is pro- vided either to all officers or to a select group of officers: Behavioral Assessment Training • Counterterrorism Training• General Electric Itemizer Training (the Itemizer is • a portable trace explosives detector used by MBTA Transit Police Department officers to conduct PSIs) HazMat Technician Training• NIMS ICS 100, 200, 300, 400, 700, and 800• Strategic Counterterrorism for Transit Managers (pro-• vided by JHU). All MBTA employees receive NTI security awareness training. Exercises and Drills The MBTA Transit Police Department initiated counterter- rorism training after 9/11, as well as more basic security awareness training for its officers and MBTA employees. The MBTA Transit police participate in three to four inter- agency exercises and drills per year. Stop Watch Program This program was initiated in September of 2003 as a result of increased complaints from students and other passengers that large groups of youths were congregating in stations or riding trains in a disorderly manner that created the percep- tion of fear. Stations at which large groups of juveniles tend to gather are identified and are the focus of the program. The program is a collaboration among many public service and law enforcement agencies to address this issue. Program par- ticipants include the Boston Police, the Boston School Police, juvenile probation officers, faith-based organizations, and city of Boston street workers. Participants do not necessarily make arrests but attempt to interact with the juveniles and disperse the groups that tend to engage in disorderly conduct or disturb passengers just by their presence. Challenges and Issues Unions representing MBTA workers are influential and often fight for compensation for any extra security-related tasks requested of MBTA workers. These labor relations items can impede the efforts of the MBTA Transit Police Department to implement desired security measures. At the same time, many MBTA workers are aware of security issues and some have called in with useful information about suspicious activity and items. MBTA has experienced issues with the manner in which the TSA has implemented VIPR programs. The MBTA Tran- sit Police Department is working with the TSA to ensure that TSA personnel on VIPR teams deployed to the MBTA system are properly trained and that VIPR missions support ongoing MBTA Transit Police Department operations. To allay these concerns and potential liability issues, a Memorandum of Understanding between the MBTA and the TSA on the use of the VIPR team is currently under consideration.

44 bution of cocaine. MBTA’s 2007 Crime Statistics indicate that Part I offenses have decreased by 10%, whereas Part II offenses have increased by 12%. Part I offenses are com- posed primarily of larceny and robbery, with aggravated assaults a distant third. Part II offenses are distributed more evenly among the categories. Crime statistics are reported based on the rate per 100,000 passengers and on average weekday occurrence. Examples of the statistics produced by the MBTA Transit Police Department are presented in Figures 15–20. Crime Trends Little has changed in terms of crime categories over the past several years; the most problematic crime throughout the MBTA system is larceny. In general, there has been a down- ward trend in crime compared with the mid-1990s during the height of the crack cocaine trade. Some of this decline may be the result of the increased presence and visibility of police officers because of the post-9/11 security enhance- ment at MBTA, along with a decline in the use and distri- FIGURE 15 MBTA Transit Police Department’s Part I and Part II crime statistics (Courtesy: MBTA). FIGURE 16 MBTA Transit Police Departments comparisons 2006 vs. 2007.

45 ship of approximately 350,000. BART’s service area spans four counties (Alameda, Contra Costa, San Francisco, and San Mateo) and 60 different police jurisdictions in the urban San Francisco Bay Area. Plans are under way to expand to a fifth county, Santa Clara, which includes San Jose (see Figure 21). FIGURE 17 MBTA Transit Police Department’s 2007 Part I crime categories (Courtesy: MBTA). FIGURE 18 MBTA Transit Police Department’s 2007 Part II crime categories (Courtesy: MBTA). BAY AREA RAPID TRANSIT (SAN FRANCISCO, CALIFORNIA) BART is a regional heavy rail mass transit system that carries about 92 million passengers annually, with a weekday rider-

46 Victimization Rates Rates of Part 1 Crime Victimization on the MBTA system Typical Week day Ridership Average Weekday Partt I Rate of a I Crime Line -Unlinked Crime occurring per 100,000 (FY 2006) (FY200*) Passengers Red Line Totals 213,700 0.80 0.37 Blue Line Totals 60,950 0.06 0.07 Orange Line Totals 161,350 0.74 0.45 Green Line Totals 202,400 0.15 0.07 Buses/MBTA Yards Totals 373,250 0.39 0.1 Commuter Rail Totals 136,805 0.57 0.41 Silver Line Totals 25,715 0.02 0.07 System Wide Totals 1,188,071 0.02 0.04 *2007 Part I Crime data was used with the 2006 Ridership numbers due to 2007 Ridership number not being established as of yet. FIGURE 19 MBTA Transit Police Department Part I crime rates by line (Courtesy: MBTA). System Wide Statistics UCR Group UCR Sub-Group 1997 1998 1999 2000 2001 2002 2003 2004 2005 0006 2007 Part Total 1182 1114 1321 1095 1233 1144 1215 1009 1000 971 873 Arson 3 3 2 3 1 4 2 2 1 0 0 3 3 2 3 1 4 2 2 1 0 0 Assault 132 146 143 137 144 125 152 127 162 135 112 Fireams 6 11 8 9 5 6 7 3 9 4 10 Hands/Fists/Feet 0 0 0 0 0 0 12 14 16 12 9 Knife/Cut 35 38 45 46 61 40 38 31 47 37 26 Other Weapon 91 97 00 82 78 79 95 79 90 82 67 Burglary 48 59 36 26 35 37 36 15 26 18 15 Attempted 6 12 10 6 12 7 3 0 0 0 0 Forcible 41 41 24 19 22 28 32 15 26 18 15 Unlawful 1 6 2 1 1 2 1 0 0 0 0 Criminal Homicide 0 2 0 1 1 1 3 2 2 0 1 Manslaughter/NEGL 0 0 0 0 0 1 0 0 1 0 0 Murder/ Nonneg MNSL 0 2 0 1 1 0 3 2 1 0 1 Forcible Rape 4 4 3 4 4 3 4 1 3 3 2 Assault to Rape 1 3 1 0 2 1 4 0 3 3 2 Rape by Force 3 1 2 4 2 2 0 1 0 0 0 Larceny-Theft 653 661 852 642 800 674 705 636 550 541 505 Bikes 48 44 72 61 105 74 58 81 98 88 101 From MV 276 271 394 246 255 267 299 218 159 143 155 Other 150 156 143 128 168 123 125 131 151 188 148 Pick-Pocket 150 156 143 128 261 202 210 188 123 112 83 Shop lifting 18 16 16 14 11 8 13 18 19 10 18 Motor vehicle Theft 112 72 101 64 60 73 83 46 41 46 55’ Autos 112 70 100 64 60 72 82 46 41 46 55 Stolen Other Vehicle 0 0 0 0 0 0 1 0 0 0 0 Trucks/ Buses 0 0 1 0 0 1 0 0 0 0 0 Robbery 230 167 184 218 188 227 230 180 215 228 183 Fireams 34 21 20 24 21 21 31 10 17 21 9 Knife/ Cut 55 32 50 52 47 54 54 26 29 17 9 Other weapon 6 3 6 3 3 4 8 25 25 29 26 Strong Arm 135 111 108 139 117 148 137 119 144 161 126 Part II Totals 503 509 437 471 518 487 585 555 618 623 565 Simple Assaults 503 509 437 471 518 487 585 555 618 623 565 Grand Total 1685 1623 1758 1566 1751 1631 1800 1564 1618 1594 1438 FIGURE 20 MBTA Transit Police Department’s Part I and Part II systemwide crime statistics (Courtesy: MBTA).

47 FIGURE 21 BART system map (Courtesy: BART). September 11, 1972, was BART’s opening day of passen- ger service. BART is governed by a nine-member board of directors who are elected officials from the nine BART dis- tricts. The 43 BART stations include 15 surface, 13 elevated, and 15 underground stations. In 2003, BART completed an extension to the San Francisco International Airport. BART’s track mileage totals 104 miles of which 3.6 miles are in an underwater Transbay tunnel. BART currently has 669 revenue vehicles with another 80 cars being planned for acquisition; 46,000 parking spaces are provided to BART customers. BART trains operate from 4:00 a.m. to midnight on week- days, 6:00 a.m. to midnight on Saturdays, and 8:00 a.m. to midnight on Sundays. On weekdays, trains operate approxi- mately every 15 minutes. Transbay train intervals between downtown Oakland stations and San Francisco stations are every 2.5 minutes during the peak hour and every 5 minutes in the midday. The system has both entry and exit gates; at the exit, the Automated Fare Collection system determines the distance- based fares, takes tickets, and informs passengers if addi- tional payment is needed or deducts the proper amount from multi-ride tickets. Chief Gary Gee heads the BART Police Department, an autonomous law enforcement agency with more than 300 personnel, of which 215 are sworn peace officers who provide the full range of law enforcement services. To prepare for major emergencies, critical incidents, and tactical responses, the department has teams of highly trained officers for tacti- cal response and crisis negotiations and is a signatory to the Bay Area’s mutual-aid pacts (see Figure 22). FIGURE 22 BART police vehicle (Courtesy: BART). Qualifications and training for BART police officers exceed the guidelines of the state’s Commission on POST. In addition to meeting POST requirements, every BART police officer applicant must have at least 30 college semester units. Although most officers are assigned to the Patrol Bureau, specialized assignments include field training officer, canine handler, investigations, bicycle patrol, field evidence tech- nician, personnel and training, background investigations, crime analysis, traffic, FBI Joint Terrorism Task Force, and the antivandalism and special-enforcement teams. In addition to regular police and counterterrorism train- ing, the provision of behavioral assessment training to BART officers is being considered. Counterterrorism training is provided by BART to frontline transit employees, and drills are conducted on a regular basis with other agencies and law enforcement. Also, training (primarily DVD-based and tar- geted train-the-trainer workshops) is provided to local law enforcement and members of the police academy as they are about to graduate. During BART’s first 13 years of revenue service, police officers reported to the transit district’s headquarters in Oakland. In 1985, the success of a field office in Concord spawned the establishment of additional field offices. They enabled officers to patrol their beats longer and become more familiar with their communities. In 1993, BART was fur- ther decentralized when the department was divided into four police zones, each with its own headquarters and field offices. Zone commanders were provided with personnel, equipment, and resources to manage their operations. This decentralized structure enables BART police officers to work more closely with the local residents, community orga- nizations, businesses, schools, allied public-safety agencies, and other transit district employees. Today, BART police facilities and field offices are located in Oakland, Concord, Walnut Creek, Pittsburg/Bay Point, El Cerrito, Dublin/Pleasanton, Castro Valley, Hayward, San Francisco, Colma, and San Bruno. Police commanders pro- vide input to planners for BART’s future extensions. SWAT Team The Special Weapons and Tactics (SWAT) Team receives special training on equipment techniques and training.

48 the FBI Joint Terrorism Task Force, and a command officer is designated as the department’s mutual-aid, counterterror- ism, and homeland security liaison. All of the BART Police Department’s canines are highly trained and certified to detect explosives. After the London and Madrid attacks in 2004, BART started acquiring explosives-detection canines, and currently nine canine teams patrol BART stations. Every canine undergoes two hours of training on a daily basis to maintain their explosives-detection capability. Although general crime is a daily concern for BART offi- cers, the BART Police Department recognizes the impor- tance of preparedness against terrorist attacks, because it is likely that the United States will be attacked again. Histori- cally speaking, transit is a likely target of a terrorist attack, and all major U.S. systems have vulnerabilities associated with being open to the public. After 9/11, the BART Police Department took steps to mitigate vulnerabilities and imple- mented counterterrorism measures even though no addi- tional resources were provided for these efforts. Following are the key post-9/11 security measures implemented by BART. A more detailed chronological listing is shown at the end of this case study. Conducted outside threat and security assessments • (FTA and Total Security Services International, Inc.) Closed public restrooms (first at all stations, then at • subway stations only) Controlled elevators by station agent (previous on • automatic control) Removed garbage cans from subway platforms• Trained employees on nuclear, biological, and chemi-• cal agents, WMDs, and terrorism Trained police officers on first response to critical inci-• dents, including joint training with allied law-enforce- ment agencies Enhanced alarm and CCTV systems in stations and • facilities Enhanced perimeter and internal controls at facilities• Implemented employee, contractor, and vendor back-• ground checks Increased high-visibility patrols and train sweeps• Issued an unknown-powder protocol• Purchased escape masks and safety vests• Participated in counterterrorism task forces• Conducted regular searches and sweeps of stations and • trains Installed alarms at both ends of the Transbay Tube• Installed seals on fire hose cabinets and areas where • items could be concealed Implemented a marketing plan to enhance awareness • of personal safety and security Held ongoing training and distributed remind-• ers to employees that BART is a potential target for terrorists Purchased handheld chemical-agent detectors• Personnel are selected from applicants based on a range of criteria, including physical fitness, firearms proficiency, and supervisory recommendations. Team members receive specialized training from several sources, including local FBI courses and joint training with other local teams. Team members train on scenarios that include situations aboard trains within tunnels, on elevated trackways, or in stations. In addition to situations unique to the BART system, the department’s SWAT Team is utilized to make “high-risk entries” pursuant to warrants obtained by the department. The use of the specially trained team members decreases the likelihood for resistance and enhances the safety of police personnel and the general public. Bicycle Patrol In 1991, the BART Police Department became the first domestic transit agency to implement a dedicated, full-time bicycle patrol unit. The unit supplements the regular patrol beats and focuses on problem areas in and around the BART stations. The unit was especially effective in and around the stations with parking facilities, bus transfer areas with heavy pedestrian traffic, and urban areas with heavy traffic. Where an untimely train schedule would make a regular patrol offi- cer’s response slow, the bike officers were able to respond more quickly. The unit’s interaction with the community was high, with 98% of the bike unit’s cases self-initiated. Graffiti Task Force In 1997, BART created an antigraffiti task force to fight the ongoing problem of graffiti, which costs the agency more than $1.5 million each year in cleanup and repair expenses. The task force includes members of several different oper- ating departments at BART, including the BART Police Department, which has a dedicated unit of officers known as the TAG (Together Against Graffiti) Team. TAG officers and other BART officers arrest suspects and encourage the pub- lic to report graffiti vandalism by calling 9-1-1 or BART’s graffiti hotline; a cash reward of up to $500 is offered for tips that lead to an arrest. Post-9/11 Security Measures The most significant impact that 9/11 has had on BART’s security and policing management is the inclusion of home- land security to its mission. Since 9/11, the emphasis has been to further harden BART’s critical infrastructure against the threat of terrorism. Risk assessments confirm that the most vulnerable elements of BART’s system are the Transbay Tube, other tunnels, and underground stations; likely threats include IEDs on trains and platforms. The department hosts drills for the region’s first respond- ers and participates in local, state, and federal counterter- rorism working groups. An officer is assigned full time to

49 Cross-trained police canines in explosives detection• Included WMD scenarios as part of regularly sched-• uled emergency drills Enhanced access control through smart-card • technology Formed partnerships with national labs on vulnerabil-• ity to explosives blasts and air distribution in under- ground areas Held security meetings with other in-house depart-• ments and general management; Created a threat-assessment matrix for police and tran-• sit operations. To further ensure the personal safety of BART riders, pay phones and emergency call boxes in parking lots con- nect directly to the BART police 9-1-1 communications center. The District also uses video surveillance systems in trains, stations, and parking lots. Police reports are trans- mitted electronically on a new computer-aided dispatch and records-management system. BART is part of the Bay Area’s Regional Transit Secu- rity Working Group. It is a joint-powers consortium, which includes members from the Bay Area’s Tier 1 and Tier 2 agencies. The Regional Transit Security Working Group meets regularly to discuss how the Bay Area’s Super Urban Area Security Initiative resources will be distributed among the transit agencies. BART is currently facing challenges related to interoper- able detection equipment and communications. BART has received $5.4 million to outfit four stations with an interop- erable CCTV network—images from the CCTVs will be pro- vided to BART police headquarters as well as to the OCC. Images are stored for one week. Intelligent video capability to identify suspicious objects and activities is being planned. This network is a significant step forward for BART because the many cameras it now has in its stations are not interoper- able and do not store images. In terms of threat detection technologies, radiological pagers are available to BART officers and are used when warranted. Other threat detectors have been tested, but they were not considered to be feasible for BART. Biological, chemical, and explosives detectors that would be viable for use on train cars for continuous environmental screening are desired. Local law enforcement and emergency responders may need to access BART stations, trains, and infrastructure to apprehend criminals or to respond to emergencies and incidents in the system. Although some communications interoperability with fire departments has been established, interoperable communications with local law enforcement agencies has not been achieved because each agency has its own communications system. To augment BART police officers, administrative employees have been trained to operate two-way radios and are deployed to station platforms. The nonpolice employees wear iridescent green safety vests, are an added visible pres- ence, and provide extra eyes and ears for the police. Crime Statistics The BART Police Department provides data on crimes against persons, vehicle-related crimes, and police emergen- cy-response times that are published in a quarterly report to the transit agency’s board of directors. Examples of these quarterly graphs are provided in Figures 23–25. In terms of crime trends and categories, other than a spate of bomb threats and reports of suspicious powder immediately after 9/11, the only significant and sustained change has been to the number of reports for unattended and suspicious packages. This is the result of customer security awareness ad campaigns and announcements encouraging riders with the message, “If you see something, say something,” and reminding them to report anything out of the ordinary (see Figure 26). FIGURE 23 BART Crimes against Persons quarterly statistics (Courtesy: BART). FIGURE 24 BART Auto Theft and Burglary quarterly statistics (Courtesy: BART).

50 FIGURE 25 BART Average Emergency Response Time quarterly statistics (Courtesy: BART). Controversy has continued regarding TSA’s VIPR teams. An example of this controversy occurred around the July 4 holiday. Without adequate notification, TSA’s VIPR team composed of security personnel from various states other than California arrived at BART police headquarters and notified BART that they would be patrolling the system dur- ing the holiday. The details of the VIPR team’s qualifications and training were not released to BART police; it was clear that they had not been trained on the BART system and were unfamiliar with BART infrastructure, equipment, proce- dures, and personnel. This raised a serious liability, security, and safety concern for everyone involved—BART’s cus- tomers, BART police officers, and employees as well as the VIPR team members. A Memorandum of Understanding is needed to establish an operating protocol, verify standard procedures, and address the many liability issues that arise as a result of the VIPR team’s presence. FIGURE 26 Examples of BART customer security awareness campaign literature (Courtesy: BART).

51 In general, BART police presence and extra security measures are welcomed by passengers. A few customers have complained that the presence of military personnel is excessive and unnecessary. Because BART is on the west coast, which was not a target of the 9/11 terrorist attacks, it is a challenge for BART police to maintain urgency in the minds of senior management and elected officials as well as BART employees and customers. BART Police Department is planning to hold a meet-• ing with the BART board of directors to emphasize the seriousness of the terrorist threat and the necessity to invest in appropriate countermeasures to counter the terrorist threat. The level of nonofficer employee motivation concern-• ing security-related matters is disconcerting. When NTI’s security awareness training was offered on a voluntary basis, only 70 of 2,000 BART employees volunteered to take the training class, even though they would have been paid for their time. Customer concerns about terrorism are not significant. • Customer focus groups conducted before a security awareness ad campaign determined that customers dislike the use of the word “terrorism” in the campaign because many customers feel that the terrorism threat is not real. Following is a chronological list of BART’s post-9/11 security initiatives: 2001 Closed Restroom and Removed Bins: Restrooms • have been closed and all recycling and garbage bins removed from the platform level in the underground stations. Transbay Tunnel (TBT) Cross-Passage Door Alarms: • Hard-wired entry alarms installed on TBT cross-pas- sage doors. TBT Vent Structure Intrusion Alarms: Motion and • entry alarms installed on both the Oakland and San Francisco vent structures. TBT Portal Intrusion Alarms: An intrusion alarm • system installed in the TBT that distinguish between trains and persons. Fire Hose Cabinets: All fire hose cabinets secured • with plastic ties. TBT Upper Gallery Doors Locked: The doors leading • to the upper gallery of the TBT have been secured to prevent unauthorized entry. ACT Program: The ACT Program promotes employee • awareness of their work environment and encour- ages them to be aware, question individuals display- ing behavior outside of normal patterns, and call the BART Police Department if they are unsatisfied with what they find. Anthrax Procedure: Outlines the district’s response • to suspicious powdery substances found on district facilities. Matrix: Outlines the district’s response to terrorist • events not only in the Bay Area, but also throughout the country and terrorist warnings issued by DHS. Police Presence: The BART Police Department stepped • up its presence and visibility on the system and regularly sweeps trains during rush hour and uses bomb-sniffing canines to assist. BART police are active participants in the FBI’s Bay Area Terrorism Task Force (ongoing). 2002 Lake Merritt Administration (LMA) Perimeter Security • Enhancement: Concrete planters, bicycle lockers, and CCTVs have been installed in the open areas of the LMA Plaza to restrain vehicular entry. Escape Hoods: The district issued escape hoods to • employees in certain job classifications because they would be expected to act in such a way that their risk of exposure would be greater than if they were to imme- diately vacate the area. Awareness Campaign: The district introduced an • awareness campaign for customers. It encourages cus- tomers to keep BART safe and to report any suspicious items or activities to BART Police. The latest eyes and ears campaign “Whose Bag?” was rolled out on May 26, 2004 (ongoing). Informing the Public of BART’s Emergency Plan: • Letters have been sent to large local institutions, such as business and schools, as well as city and county governments informing them of BART’s emergency response plan. Letters to large local institutions were resent in June 2004. Updated NBC (Nuclear/Biological/Chemical) Training: • Updated NBC Training material has been rolled out to all district employees. Joint Drills/Training Exercises: The district continues • to conduct joint drills with first responders in coun- ties served by BART to better coordinate emergency response. Ongoing Administrative Employee Emergency Aware-• ness: A basic system safety and emergency awareness guide for administration employees has been distri- buted. Counterterrorism Update: In November 2002, a • Counterterrorism Update was presented to approxi- mately 500 employees from TSD, Operations, and BART Police Department. Additionally, the presen- tation was made at the December Monthly Managers Meeting to about 65 people. The update gives employ- ees a history of terrorism, goals of a terrorist, new proj- ects initiated by the district since 9/11 and a review of the ACT Program. Security Related Assessments: •

52 BART-commissioned threat assessment completed – in January 2002, FTA security readiness assessment completed in – July 2002, Participated in the FTA transit security and emer- – gency management planning technical assistance project that began in January 2003, and Participating in an Office of Domestic Preparedness – risk assessment project that began in August 2004 (ongoing). 2003 Identification Requirements and Background Checks: • Require photo ID cards for all employees, dependents, vendors, and contractors. New employees, contractors, consultants, and vendors are required to go through security and criminal background checks. San Francisco Vent Structure: Continuing to work on • security at the San Francisco Vent Structure, including the installation of removable bollards to restrict vehic- ular access and installation of fence-like barrier around pier perimeter at the water line. Security Cards: A set of six cards on topics such as sus-• picious behavior, suspicious packages, suicide bomb- ers, and chemical, biological, and radioactive agents has been distributed to employees. The cards provide employees with information on what to look for and how to respond. Training Video: Developed and distributed to employ-• ees security training videos, including “Secret Weapon and Bomb … What If?” Station Agent Inspections: Station agents are required • to inspect the stations for suspicious packages and unusual activity. Publishing Information on the Internet/Intranet: A • group consisting of information technology (IT), Rolling Stock and Shops, Transportation, Document Control, and M&E is reviewing and updating current policy guidelines regarding external and internal pub- lication and distribution of information on the Internet, intranet, and other media. Lawrence Livermore Laboratory: Lawrence Livermore • is currently conducting an elaborate structural analy- sis study of the Transbay Tube and the vent structure. Once the study is complete, the district will look into mitigation measures that can be implemented. The study will take up to 12 months to complete. 2004 National Guard Civil Support Team: The district pro-• vided the Civil Support Team with basic train opera- tion training in the event of an emergency. The team was trained on how to move trains, perform check-out, and troubleshoot. They conducted a joint exercise with the OCC in the Transbay Tube and the Berkeley Hills Tunnel. The Civil Support Team went to West Virginia on April 12 for three days to conduct their tunnel drill and exercise. The exercise consisted of a chemical release, simulated explosion at Lake Merritt Station, and structural damage to a BART tunnel. Update Unattended Packages Procedure: Under the • revised procedures, the TBT as well as the core sys- tem from R30 and K30, A10, and M50 inclusive, where total train loading reaches maximum load point, will be treated differently from the outlying areas of the system. For example, OCC will hold trains for the BART Police Department or supervisors to inspect trains between M16 and M10 during rush hour. If the train has to be inspected by the train operator, the train is taken out of service. CAPITAL DISTRICT TRANSPORTATION AUTHORITY (ALBANY, NEW YORK) The CDTA, a public benefit corporation, was established in 1970 by the New York State Legislature. The Author- ity’s legislative purpose is “to provide for the continuance, further development and improvement of transportation and other services related thereto within the Capital Region Transportation District by railroad, omnibus, marine and air” (CDTA 2007). The CDTA operates 55 bus routes in four counties in the Albany capital district and provides service to several cam- puses, including Rensselaer Polytechnic Institute, State Uni- versity of New York–Albany, The College of St. Rose, and Union College. The CDTA serves an area of 2,300 square miles with a population of 769,000 (see Figure 27). The agency has 291 buses in its fleet, 650 employees, three bus depots, and surface parking facilities. The CDTA owns and operates the CDTA Rensselaer Train Station in Rensselaer, New York, and leases and operates the Saratoga Train Sta- tion in Saratoga, New York (see Figure 28). FIGURE 27 CDTA system map, partial view (Courtesy: CDTA).

53 FIGURE 28 CDTA bus and train station (Courtesy: CDTA). Best Practices The CDTA is unique in that it has an extremely small secu- rity staff and does not use local law enforcement to patrol its bus system. Conversely, drivers are asked to assist law enforcement in the course of their work when it is safe for them to do so, partnering with many local law enforcement agencies to address security issues. To address its security needs, the CDTA invests in an extensive amount of driver training, including security awareness, gang violence and preparedness training, and comprehensive training for front- line supervisors, including incident management training. In addition, the CDTA uses video surveillance and access control technology to enhance security and has developed interagency emergency response teams. Driver Training Because the CDTA operates in communities that experience gang-related violence and has limited security presence within the bus system, the CDTA offers a training course for bus drivers on gang-related violence. The course teaches drivers how to identify gang members and what to do should gang violence occur. Drivers are asked to assist local law enforcement by informing them of gang-related activity or criminal matters such as weapons violations. Recently, when a driver spotted a weapon that had been dropped by a rider on the bus floor, the driver immediately made a report after it was safe to do so (after the individual exited the bus along with his companions). Subsequently, it was determined by local law enforcement that two individuals had been involved in a kidnapping and were apprehended. Safewatch Safewatch is a cooperative program between the CDTA and local law enforcement in which CDTA employees assist the general public. Because all CDTA buses have two-way radios, CDTA employees are trained to be alert and to inform authorities about criminal activity, potential problems, road- side incidents, or accidents. Anyone needing police assis- tance can flag down a bus for emergency help and the driver will radio a request for police or other assistance that may be necessary. Children in any danger can board a CDTA bus and stay on the vehicle until authorities arrive. School Outreach Efforts The CDTA has engaged in a collaborative effort with one of the major school districts and police agencies in the service area to help prevent juvenile crime and disorder. The agen- cies meet regularly to discuss incidents and ways to effec- tively address them. The CDTA and school codes of conduct also facilitate these efforts. Code of Conduct The CDTA has established a code of conduct for all patrons, including students, of buses and facilities. The CDTA has worked with the schools to establish that CDTA buses are considered an extension of the classroom and students who violate either CDTA’s code of conduct or the school’s code of conduct will be subject to a suspension from school, CDTA bus service, and CDTA facilities for a period of time. These suspensions become progressively longer with additional violations of the codes of conduct. If anyone who had been disallowed from entering the CDTA system or facilities is identified during the suspension period trying to use the bus system or facility, that person would be subject to arrest for trespassing. Challenges From time to time assaults do occur on CDTA operators. A primary security objective of the agency is to deter such attacks and, when an event does occur, to be in a position to identify those responsible and hold them accountable. CDTA bus passengers experience mostly minor harassment and disorderly conduct involving CDTA patrons. In addition, vandalism to bus windows and shelters takes place. Because of the nature of these events, they sometimes go unreported and many times unresolved.

54 Post-9/11 Security Measures The height of passenger and employee awareness as indicated by the number of reports of suspicious objects or activity (about one per month for the first year) came immediately after the 9/11 attacks. This number has declined during the past several years and has since lev- eled off. However, CDTA passengers have welcomed secu- rity measures such as video surveillance and encourage the agency to continue to implement additional security for their transit system. The results of risk assessments have indicated that the greatest terrorist threats to the CDTA are explosives and shootings. With a 75% increase in its security budget since 9/11, the CDTA has made and is currently making significant investments in technology, employee training, and the design of buses and facilities, as well as in situational crime-prevention and security pro- tocols and procedures to counter these threats. The CDTA has hardened facilities through security-related projects. These steps have increased the preparedness of CDTA employees and the agency as a whole in case of a major incident or attack. Funds are still stretched thin and the greatest obstacle in policing management is the lack of resources. With addi- tional funds, the CDTA could increase its security force and make additional investments in technology and training. Following are some of the security measures that have been implemented since 9/11 by the CDTA: Completed Preparedness and Security Training:• Emergency response training—developed and pro- – vided in house by means of the classroom; 100% of frontline employees and 100% of supervisors have taken this training. NTI’s security awareness training—provided in – house by means of the classroom; 100% of frontline employees and 100% of supervisors have taken this training. Gang violence training—developed and provided in – house by means of the classroom; 100% of frontline new employees are taking this training. NTI’s violence in the workplace—provided in – house by means of the classroom; 100% of frontline employees have taken this training. Conducted drills and exercises three to four times a • year and tabletop exercises are conducted one to two times a year. Installed access control using proximity cards at CDTA • facilities and depots. Performed background checks for all new hires.• Established cooperative relationships with external • agencies and initiated intelligence sharing. Developed evacuation instructions.• Fingerprinted employees.• Developed an incident response plan.• Initiated the Safewatch Program.• Following are some of the security measures that have been implemented since 9/11 for CDTA buses: Digital video surveillance technology was deployed • by the CDTA for enhanced incident management on new buses. The technology better protects drivers from assaults by confirming the identity of the assailant and deterring other crime and terrorism. Also, the technol- ogy will be used to review incident information for liti- gation and training efforts. By June 2008, about 10% of the bus fleet (28 vehi- cles) will be outfitted with the video technology, and by the end of 2009, the percentage of the bus fleet with video technology may be as high as 33%. There are eight cameras per bus, one on the dashboard facing the road, five additional internal cameras, and two exter- nal cameras. Audio is also recorded along with images. With the installation of additional software, the wire- less video technology will allow the transmission of images on a real-time basis to a laptop within a cer- tain distance of the bus. This potentially would allow a police vehicle or responding supervisor to “see” inside the bus in case of an incident or emergency. No vandal- ism has occurred on the buses on which these cameras have been deployed. Silent alarms linked to the dispatch command center • are installed in all buses. Following are some of the security measures that have been implemented since 9/11 for the rail stations: Canine teams patrol the rail stations.• TSA has started to conduct random passenger baggage • inspections at the stations. Video surveillance technology has been implemented • both inside and outside the station and within the sta- tions’ underground parking facilities. An emergency response team was formed for the two • train stations. The CDTA along with Amtrak, local law enforcement, and tenants within the station formed this team to share information on incidents and other secu- rity-related issues, develop projects to address those issues, discuss any policy matters, and engage in live drills and tabletop training. An interagency drill with about 250 participants from the CDTA, local agencies (Rensselaer Sherriff’s Department, Amtrak Police, Rensselaer Police and Fire, and the Regional Hospital), and federal agencies (FBI and ATF) was performed at the Albany/Rensselaer rail station a few years ago (see Figure 29).

55 FIGURE 29 CDTA emergency preparedness meeting at the Rensselaer Train Station (Courtesy: CDTA). CAPITAL METRO (AUSTIN, TEXAS) Currently, Capital Metro’s core system is composed of 250 buses providing both express and local bus service to two counties in the Austin, Texas, region (see Figure 30). A com- muter rail system is expected to open in November 2008 (see Figure 31) and plans are in place for the development of a regional MetroRapid bus service (see Figure 32). FIGURE 30 Capital Metro system map, partial view (Courtesy: Capital Metro). FIGURE 31 CMTA Operations Guide (Source: Capital Metro). FIGURE 32 Capital Metro Bus (Courtesy: Capital Metro). The commuter rail system is designed to be easily acces- sible. Some stations will include park-and-ride facilities, whereas other stations will be designed for accessibility by bus, bike, or foot and passenger drop-offs. Once custom- ers reach their destinations, buses will be waiting to whisk them away to places of employment, retail centers, and other locations. The MetroRapid will be a fleet of bus-rapid transit-artic- ulated buses that will run on certain routes and have transit signal priority technology (transmitters that communicate with signals to keep them green as they approach intersec- tions, if they are already green).

56 Capital Metro is a small system with a small security staff (three full-time equivalents), which contracts out much of the security work. Because of the small size of its security force, Capital Metro strives to identify cost-effective ways to enhance its security capability and find innovative and efficient solutions to security challenges. Security considerations are now part of Capital Metro’s procurement process. For example, all future buses of any type bought by the agency automatically will have security cameras and recording systems installed as part of the pro- curement package. Capital Metro Bus System Currently, 47% of the bus fleet has security cameras that have event-based recording capability. The total cost of the video technology system was $1.4 million. Wireless capabil- ity that would allow images to be sent to a central command center or to law enforcement was not incorporated into the system for the following reasons: (1) the cost included a monthly fee of a few thousand dollars to maintain sys- tem availability, and (2) it used older cell phone rather than broadband technology and was extremely slow. Therefore, it was determined that a wireless system would not be a cost- effective investment for the agency. These cameras, even without image transfer capability, have been beneficial in deterring crime, terrorism, and false liability claims against the agency. Buses were selected for the installation of video technology based on the length of time they would remain in the fleet, to get the maximum length of time usage for each camera. Passenger perception of security has improved with the installation of the cameras. Some passengers have pro- vided positive comments about them, whereas others were impressed when the agency was able to use the cameras to identify a subject (perpetrator of a crime). Also, bus opera- tors have used the presence of the cameras to diffuse poten- tial situations, by reminding problem passengers that their actions were being recorded. Intelligent Bus System—Covert Alarm A covert alarm is available for bus operators in case of an emergency. When the covert alarm is activated, appropriate response is taken. These alarms enhance the actual security of bus operators as well as their perception of security. Bus Shelters CPTED principles are incorporated into all new bus shel- ters. Designers that submit plans for these shelters must be CPTED certified or they are not eligible to submit their ideas. These principles include eliminating blind spots and keeping landscaping low and trimmed back so that criminals cannot hide. Drive-Cams Drive-Cams were purchased in October 2007 and were installed in all buses by mid-November 2007. Drive-Cams are known throughout the taxi industry as a behavior modi- fication tool that reduces accidents and records near-misses. The recording of the near-misses allows for the incidents to be studied and analyzed. A few transit agencies have been implementing these cameras and have experienced safety- related benefits. Many bus drivers have been caught by Drive-Cam using their cell phones. A major security benefit associated with Drive-Cam is the ability to identify a perpetrator of a crime (e.g., assault on a bus operator); the technology has been used successfully for this purpose. Because Drive-Cams have been installed on all buses, they specifically benefit the buses that do not have other video cameras installed in them. The operator presses a button and the camera will record what happened in the previous 10 seconds. In addition to the deterrence of assaults on the operator, the Drive-Cam may deter criminals and terrorists from stealing the bus. Automated Vehicle Location Technology AVL is currently being installed in Capital Metro’s bus fleet. The many security benefits of AVL include tracking and monitoring buses, identifying buses that are off-route (indicating that the bus may have been hijacked), enabling security personnel and law enforcement to quickly pinpoint the exact location of a bus in distress, and ensuring that help can reach the bus in case of an accident or other emergency. AVL has other benefits that make it a cost-effective system for Capital Metro. These benefits include bus performance tracking—for example, detailed reliability metrics can be calculated by stop, time of day, and scheduling support— schedules that differ from actual performance may need to be adjusted. AVL is essential for fleet management during major emergencies and evacuations. Park-and-Ride Facilities Park-and-ride areas are being secured by video technology and security patrols. The areas are monitored at the agency’s central station by CCTV cameras and are patrolled by street security officers, who are off-duty Austin police officers. Commuter Rail Initially, Capital Metro’s commuter rail system will serve two counties and comprise nine stations and 32 miles, with an expected first-year ridership of about 52,000; six trains have already been delivered. The system is designed to be

57 an open system with no turnstiles. There are plans for future expansion of the system (see Figure 33). FIGURE 33 Capital MetroRail train design (Courtesy: Capital Metro). CPTED design principles are incorporated in the train and station designs, including the platform areas. Other security measures include the use of CCTVs—cameras have been installed in all of the train cars and record continuously for 72 hours. Multiple benefits are expected from the cameras, includ- ing crime reduction, counterterrorism, and liability and insur- ance cost reduction. Security personnel will patrol the system, staff critical stations during service hours, and participate in random VIPR operations. Fare enforcement will be used as a measure to enhance the security of the rail system. Intrusion detection alarms will be installed to protect the rail system’s critical infrastructure. Capital Metro has a Transit Watch pro- gram in place, and it also will be used on the rail system. Tactical Operations Guide Capital Metro created a Tactical Operations Guide or First Responders Emergency Guide for the local emergency responder community, which has proven to be highly suc- cessful. The distribution of this Guide has led to more than 30 drills and exercises over this past year. The agency is involved to a greater or lesser extent in all of these drills and exercises. The important point of these efforts is that they were based on the content of the Guide and that the responders who are responsible for protecting the lives of the agency’s workers and passengers and its infrastructure dur- ing emergencies now have a full understanding of the agen- cy’s transit operations and equipment and are familiar with its personnel. For example, operating a bus is not as simple as it appears to be. If an emergency responder needs to move the bus, they need to know how to start the bus and what to do when a bus has been intentionally disabled—a “healthy” bus can be disabled in several ways. A similar Guide will be created for Capital Metro’s new rail system. The Guide includes an explanation of the key parts of the bus; procedures on how to start the bus, operate a standard door, use the braking system, use the fire alarm and fire sup- pression systems, and use the covert alarm; and instructions on how a bus or the bus engine may be disabled. Instruc- tions on how to force open the front door and how to open an emergency window and roof hatch are provided. Other Security Practices Street Patrols Street patrols are assigned to sectors of the city. They patrol park-and-rides, transfer centers, and bus stops that have experienced criminal behavior in the past. These patrols respond when officers are not responding to calls for assis- tance, criminal, or accident investigations. Random, Onboard Security Checks Random security checks are meant to reassure the public, make them aware that security is working on their behalf, and potentially apprehend problem passengers. Plainclothes Security Personnel on Vehicles Plainclothes security personnel are used on routes that have experienced criminal behavior to prevent repeat criminal behavior or to apprehend the perpetrators if the crime occurs again. Local Intelligence Sharing Capital Metro is involved in the Austin Area Counterterror- ism Planning Task Force, which meets monthly to exchange current intelligence. This task force promotes local intelli- gence sharing, which is more valuable and pertinent to the agency than information it receives from federal sources. Performance Metrics and Data Issues Capital Metro’s principle security metrics are (1) crimes against persons per 100,000 passengers; (2) crimes against property per 100,000 passengers; and (3) average security response time to calls for assistance. Capital Metro performed a survey of its peers to deter- mine what metrics were being used to measure crime and terrorism-related incidents in the transit industry and found that most agencies do not use metrics and only report actual numbers of incidents. When they do use metrics, they are diverse in terms of the metrics used, their definitions, data collection, and analysis methods. Therefore, Capital Metro determined that there was no way to perform peer com- parisons with other agencies. A national format for security metrics along with a standardized, consistent, and compre- hensive crime and security incident data collection system for safety data would be helpful.

58 WASHINGTON METROPOLITAN AREA TRANSIT AUTHORITY (WASHINGTON, D.C.) Washington Metropolitan Area Transit Authority (WMATA or Metro) has had a great deal of success in communications interoperability. WMATA’s success may be attributed to the robust planning and coordination provided by the Metropoli- tan Washington Council of Governments (COG). The gov- ernments and independent agencies of the National Capital Region use COG as a vehicle to coordinate transit and public safety efforts. Among the suborganizations of COG are committees for Fire and Police Communications Managers, including both WMATA safety personnel and Transit Police Communica- tions. Both groups meet independently on a monthly basis and jointly each quarter. These meetings familiarize public safety managers in the region with each other and with the communication needs and capabilities of each agency. These efforts paid dividends on September 11, 2001, when the large numbers of first responders flooding into the Pentagon crash site presented unique communications challenges. The Montgomery County Police (Maryland) was in the process of upgrading its radios to a new 800 MHz system and had nearly a thousand portable radios in a warehouse. The radios were immediately reprogrammed to operate on the police and fire 800 MHz networks for the agencies surrounding the Pentagon grounds and were deployed to support the Arling- ton County Fire Department and responding local, state, and federal personnel. The effective communication between the many agencies on scene at the Pentagon allowed Metro to quickly move bus operations at the Pentagon (the busiest bus bay in the system) to the street in front of the nearby Pentagon City Station and to resume rail service under tight security to the Pentagon Metro Station on the morning of September 12. Before the attacks of 9/11, the first major effort in estab- lishing regional interoperability was to establish five Met- ropolitan Interoperability Radio System sites in five host agency communications centers across the region. Each of these host centers has dedicated interoperability devices that house radios from the participating agencies in and around their service area, including radios for transit providers, such as WMATA. When requested, these host agencies can link the requested radio systems so that personnel working together can communicate with each other and agencies can stay in contact with personnel operating outside the normal footprint of their home radio system. This capability would be particularly useful in maintaining communications between multiple agencies during a major incident, such as a natural disaster or terrorist attack. The most common method of interoperability in the National Capital region is the cross-programming of radios. Most agencies in the region cross-program their radios with those of partner agencies that have radio systems in the same band. For example, most fire and police agencies in the region use similar 800 MHz radio systems and, with cross- programming, can communicate with adjacent jurisdictions by pressing a few buttons on their radios. One exception to the primacy of 800 MHZ radios in the region is the use of the ultrahigh frequency (UHF) band by WMATA Operations, the Metro Transit Police Department (MTPD), and the D.C. Metropolitan Police. However, all MTPD and D.C. Metro- politan Police UHF radios are cross-programmed, and per- sonnel from both agencies frequently coordinate by radio. When interoperability with 800 MHZ radios is needed, the Metropolitan Interoperability Radio System sites can create a link between radio systems. Tactical interoperability devices are also carried by MTPD supervisors and can be used, in the field, to link radio systems using portable radios. Weaknesses in regional interoperability are identified for correction by frequent interagency drills, often with a transit focus. Area fire departments use either actual trains and sta- tions, or the dedicated WMATA facility that contains full- size rail cars, and a simulated transit environment to conduct training under realistic conditions. The training conditions can include smoke, simulated fire, and even a “roll-over” train that can simulate a derailed train at any angle, including upside down. These drills are not limited to basic firefighter skills, but also include radio interoperability elements. Com- munications-only drills are conducted, where communica- tions occur under conditions in which WMATA’s internal radio infrastructure is not available. The success of the deployment of a large group of radios to the Pentagon area after 9/11 demonstrated the effective- ness of having a cache of radios to deploy during special events or emergencies. As a result, COG created a regional system of radio caches, including a core group of more than 1,200 800 MHz radios programmed to interoperate with police and fire departments throughout the National Capital Area and even neighboring regions. These radios are stored in three geographically diverse sites and can be transported by dedicated vehicles on short notice. Each cache contains an evolving mix of equipment that includes tactical repeat- ers, cross-band switches and spare batteries, chargers, and a generator for extended operations. The basic deployment package includes specialized equipment for extending radio coverage into subway tunnels. The planning that went into creating these radio caches focused heavily on what was needed for emergencies within a transit environment. Because regional fire service personnel trained frequently in simulated transit emergencies, they recognized the sub- way tunnel environment as a uniquely difficult challenge to interoperable communications. Two other areas of interoperability that the national capi- tal region is exploring are data sharing and interoperability between Public Safety Computer-Aided Dispatch Systems.

59 Regional public safety officials recognize that it would be beneficial for specialized agencies like Transit Police to be notified immediately and seamlessly when an incident occurs within their jurisdiction or when it affect their operations. A rapid flow of information between and among police, fire, and traffic management control centers would allow for lim- ited disruptions for commuters and ease congestion around incidents.

60 CHAPTER SEVEN CONCLUSIONS Research results indicate that integration of security continues to occur holistically on many levels within transit agencies, including daily transit operations, training and education, customer outreach, capital budgeting and resource allocation decisions, and planning and procurement processes. This finding supports the FTA’s Security and Emergency Man- agement Technical Assistance Program (SEMTAP) finding that such programs are maturing and supports a proactive instead of a reactive approach. At the same time, this process needs to continue toward all-hazards, full-risk integration and management, and become more consistent across transit agencies and divisions within an agency. Within the security industry, a similar integration process is occurring: systems are being integrated across vendors and devices, and security technologies and systems are con- verging. Detection systems are being integrated with access control systems, physical access devices with identity man- agement, and physical with logical elements. The result will be a global solution that will effectively prevent, deter, detect, mitigate, and enable a multiunit, multiagency response to large and small incidents. Security systems eventually will be able to synthesize and analyze different streams of real- time and historical data from various sources, identify suspi- cious activity based on this integrated analysis, and transmit the information to appropriate internal and external person- nel and responders according to the level and nature of the threat or incident. PROJECT FINDINGS The primary post-9/11 changes in security practices include the implementation of Transit Watch or a similar employee and passenger awareness and outreach program, and the provision of security training to frontline employees and counterterrorism training to police and security person- nel. Transit agencies have increased the number and hours of security personnel; conducted threat and vulnerability assessments; received intelligence information from federal agencies; and increased local and regional coordination and outreach efforts through counterterrorism committees and intelligence and information sharing with local responders and neighboring transit agencies. Human resources practices have changed as well, particularly regarding background checks. According to survey respondents, post-9/11 security investments have had a positive impact on terrorism deter- rence and detection capabilities, general crime mitigation, and the public, passenger, and employee perception of secu- rity. Agencies report that their public outreach efforts have contributed to increased passenger and employee awareness, improved employee preparedness and increased security in terms of deterrence and detection. The following measures were considered by survey respon- dents to be the five most effective for counterterrorism: Transit Police Officers/Security Personnel Patrols/1. Sweeps Security Training for Transit Employees and Police/2. Security Personnel Video Technology 3. Public Education/Transit Watch and Outreach4. Intelligence Information.5. The following measures were considered to be the five most effective for crime prevention: Transit Police Officers or Security Personnel Patrols/1. Sweeps Plainclothes Officers/Unmarked Vehicles 2. Video Technology 3. Presence of Transit Employees 4. Lighting and Visibility.5. These measures along with innovative measures are sum- marized in the following section. TRANSIT SECURITY PRACTICES There are differences in the characteristics of criminals and terrorists. An important difference is that terrorists typically

61 engage in careful planning and an extensive target selection process and are deterred by changes in expected conditions of the system, such as the unexpected presence of officers. Therefore, random checks and other unscheduled security measures may be strong deterrents. Criminals, on the other hand, often take advantage of any opportunity that may pres- ent itself and may be more deterred by methods that would lead to their arrest, such as video surveillance. These differ- ences should be considered during the selection process for practices and measures. The following are effective counterterrorism practices, anticrime practices, and practices applicable to both coun- terterrorism and anticrime identified by the Synthesis sur- vey, case studies, literature review, and input from industry experts: Counterterrorism Practices Identity Management The ability to verify the identity of a transit police officer or security personnel, a transit employee or contractor, or a visitor is important in preventing unauthorized physical access into sensitive transit facility areas or virtual access into the agency’s network or its databases. Intelligence Information Gathering, sharing, and analyzing information is an impor- tant security practice. Gathering and identifying agency- specific, actionable information; analyzing intelligence information to determine its reliability and relevance to a particular agency; and sharing information can lead to rede- ployment of resources and changes in tactics that result in improved security and deterrence capability. Agencies that have reached out to peer agencies to share and exchange relevant information have succeeded in receiving focused intelligence as a result. A few larger agencies have created in-house intelligence units. Intelligence-sharing between the agencies and their federal, state, and local partners is further facilitated through TSA’s Mass Transit Security Information Network’s interagency communication and information- sharing protocols. The Homeland Security Information Net- work—Public Transit (HSIN-PT) Portal has been integrated into this network to provide a one-stop security information source and outlet for security advisories, alerts, and notices. Passenger Security Inspections Passenger security inspections (PSIs) include random bag- gage inspections, canine patrols, and behavioral assessment. Although the practice of PSI baggage inspections is currently limited to several transit agencies, canine PSI is conducted by rail systems, including Amtrak. Behavioral assessment is a relatively cost-effective PSI method that is readily deployable; in addition to training transit police and security staff, train- ing transit employees in behavioral assessment would effec- tively expand the reach of the police force as many transit employees are in constant contact with the general public. Public Education and Outreach Campaigns These campaigns inform passengers about the importance of reporting suspicious activities, persons, or items. Because it is impossible for security personnel to be in all locations at all times, enlisting thousands of the agency’s transit passen- gers to become the eyes and ears of the agency makes sense in terms of economics and effectiveness. As time passes without a major terrorist event, passengers as well as transit workers become less alert, and public outreach and aware- ness programs increase in importance. Public education and outreach efforts are further enhanced by programs such as “Play Your Part” through which the Transportation Security Administration (TSA), in joint efforts with mass transit and passenger rail agencies, advances security awareness among the traveling public and public and private partners. TSA Transportation Security Inspectors–Surface, supported by the Mass Transit Division, form partnerships with the agen- cies in high-visibility public awareness campaigns. These campaigns alter the normal activities at terminals or stations and enhance passenger awareness of and vigilance for suspi- cious activities and items as possible indicators of terrorist preparations for or execution of an attack. Regional Coordination Coordination among transit agencies, emergency respond- ers, local departments of transportation (DOTs), and other relevant agencies can improve the effectiveness of drills and exercises, intelligence-sharing initiatives, resource-sharing and funding-allocation initiatives, and emergency prepared- ness and response, and can help address regional security- related problems such as interoperable communications. Training Transit Police and Security Personnel Security awareness training and more specialized counterter- rorism training are practices universally believed to be effec- tive in enhancing the preparedness of transit systems. Training transit employees in basic security matters such as identification of suspicious activity, persons, and items is important because frontline employees come into constant contact with the gen- eral public and passengers. These trained employees can effec- tively expand the reach of transit police by acting as their eyes and ears. Additional training in countermeasures and specific threats, and in the PSI technique of behavioral assessment, is also important because transit workers are likely to be the first ones to detect a threat and respond in an emergency. Initially, a range of security training materials for transit workers were developed through FTA-sponsored programs to assist transit agencies. To further assist these agencies, TSA, in consulta-

62 tion with FTA and other public and private security partners, developed and published the Mass Transit Security Training Program. This program, presented on TSA’s website, provides detailed guidelines for mass transit and passenger rail agencies to facilitate development and implementation of security train- ing programs, and specifies the subject areas in which par- ticular categories of employees should receive training. These guidelines are implemented under the Transit Security Grant Program. Course options include programs funded by FTA/ TSA (transit-specific terrorism prevention and response) and Federal Emergency Management Agency (FEMA) (general terrorism prevention and response). Trace Detection Technology Technology to detect residues from explosives is available to transit agencies in different forms. Portable devices are especially useful in screening suspicious objects that may be found anywhere within a transit system. Radiological pagers are used by transit agencies to detect nuclear threats. Chemical detectors are being tested at major transit systems. The continued development and testing of both chemical and biological threat detectors are equally important. These technologies may be linked with video systems to provide real-time video feeds of identified threats. Anticrime Practices Codes of Conduct These codes include rules that passengers must follow once they enter the transit system. By enforcing the code, a transit agency presents an image of being in control of its transit environment and enhances the security of its transit system. Crime Statistics Map An interactive, user-friendly crime statistics map is a valu- able visual tool for transit police and is useful for the stra- tegic deployment of officers. Visually presenting up-to-date crime data using a crime map provides passengers with a security tool and the sense that they have greater control over their transit trip. Plainclothes Officers Plainclothes officers within the transit system can catch perpetrators such as vandals or fare evaders in the act of committing a crime. The use of unmarked vehicles is also an effective practice in catching perpetrators of crimes in transit park-and-ride or other parking facilities. School Outreach These programs involve the participation of schools in the transit agency’s service area to enforce passenger codes of conduct and discourage disorderly behavior in juvenile populations. Bus Driver Training Training drivers in customer relations, conflict mitigation, and gang-related violence is an effective security practice and provides bus drivers with greater confidence and knowl- edge to deal with the public. Counterterrorism and Anticrime Practices Crime Prevention Through Environmental Design Although not new to anticrime efforts, Crime Prevention Through Environmental Design (CPTED) is applicable to counterterrorism efforts as well. In the design of new tran- sit facilities and vehicles and in their retrofitting, CPTED principles can enhance security by hardening the potential transit target and making the environment less conducive to covert activity. For crime prevention, survey respondents identified lighting and visibility as being especially effec- tive. Some of these principles can be readily implemented by transit personnel; however, contractors and manufacturers should be consulted for major design work and retrofitting changes to stations and transit vehicles. Collaborative Transportation Imagery Project TSA and its partner agencies are working jointly on the Collaborative Transportation Imagery Project to produce detailed mapping and interactive imagery of key assets and systems to inform and enhance the quality of operational activities and address threats and security incidents, security plans, training programs, and exercises. The product, pro- vided on a digital video disc, incorporates multiple types of imagery, satellite maps, schematics, and related materials to provide a comprehensive view of the transit system, detail- ing significant infrastructure and security apparatus. Transit Police and Security Personnel High-visibility patrols and specialized counterterrorism teams can perform sweeps of transit terminals, stations, and trains and buses. This high visibility is believed to deter both terrorism and crime, and present a public image of a secure and safe transit system. Making the presence of transit employees more visible (e.g., use of brightly colored vests) is also believed to be an effective anticrime and counterterror- ism practice, and lessens the passenger perception of fear. Visible Intermodal Prevention and Response Visible Intermodal Prevention and Response (VIPR) teams have been deployed at hundreds of transit systems through- out the country. These teams augment security in the sys-

63 tems, expanding the agencies’ capabilities to implement random, unpredictable security activities to deter both ter- rorism and crime. Video Technology Video is considered to be effective in deterring and detecting crime and terrorism. Closed-circuit televisions with record- ers can identify perpetrators and verify crime occurrences such as assaults. Recordings of incidents and accidents can be used in postincident analysis. Although video technol- ogy has been in existence for many years, its continuing effectiveness as a security measure lies in the increas- ing power of its analytics, multiple uses, and scalability. Intelligent video technology can identify many types of behaviors, including potential burglaries, abandoned items, vandalism, and stopped vehicles. Video cameras can be linked with detection systems such as intrusion detectors and chemical detectors. Real-time image transmission is also possible. Other Findings Crime Trends According to the Bureau of Justice Statistics, a nationwide decline in crime and a concomitant decrease in transit crime were seen in the United States starting in the mid-1990s. Transit crime dropped significantly from 1997 to 2002 and then began to plateau. Industry experts raised concerns about the reliability and accuracy of National Transit Data- base (NTD) data; however, based on the NTD analysis con- ducted for this study, the following conclusions can be made: There were many more minor than serious crimes, and the numbers of the most violent crimes—homicide and rape— were extremely low. For serious Part I offenses, the most problematic was theft, and for less serious Part II offenses, the most predominant was fare evasion, with a majority of the citations occurring on light rail systems. Major Incidents, Suspicious Activity and Threats Following 9/11, there was an increase in suspicious activi- ties, persons, and items. These reports have diminished and have plateaued over the past few years. Passenger Perception of Crime and Terrorism Public perception of transit security is influenced by media coverage and the entertainment industry, which tend to aggravate public fears. Minor crimes and disorder also affect passenger perceptions even if the actual consequences are insignificant. There are also regional differences in the per- ception of terrorism. For example, east coast transit passen- gers are more aware and tolerant of terrorism-related security measures compared with their west coast counterparts. Performance Metrics Performance metrics help assess and track the performance of security systems, practices, and measures as well as the overall security of a transit system. Metrics can highlight the benefits of security to agency management and other stakeholders. PROBLEMS AND OBSTACLES The greatest obstacle in security and policing manage- ment reported by survey respondents was by far the lack of resources to implement desired security measures. Stake- holder support and related issues included the following: Lack of customer support and lack of qualified workers • or technical expertise were reported by some agencies. Support from decision makers with budget author-• ity (e.g., elected officials, board members, and senior agency management) and acknowledgment of the ter- rorist threat was reported by a few agencies. Motivating officers to focus on ordinary crime has • become more challenging because officers perceive counterterrorism assignments to be more presti- gious and therefore desirable. Several transit agencies expressed concern about the motivation of transit employees in implementing security practices. For unionized transit workers, the increased time • needed to perform added security-related tasks was cited as a potential issue, because this may impinge upon prenegotiated labor agreements and cause labor relations issues. Agencies may wish to seek union par- ticipation and buy-in before implementing new secu- rity practices and measures. Other reported problems and obstacles included the following: Lack of specificity of intelligence and the desire for more • focused intelligence was reported by a few agencies. Interoperable communications barriers hamper the • efforts of transit police, personnel, and first responders. Barriers to interoperability include technical, financial, and human factors issues. Rail infrastructure faces special communications challenges, including the pro- vision of wireless communications. Relatively few frontline transit workers participate in • drills. Because frontline workers are usually the first ones at the scene of an emergency, crime, or terrorist attack, involving them in training and evaluation exer- cises would be advisable. Two transit agencies expressed the need for the devel-• opment of a Memorandum of Understanding with TSA regarding the federal VIPR program. TSA responded to these concerns with a collaborative effort to enhance

64 coordination of deployment and effectiveness of the security augmentation operations. Products resulting from this effort provide guidance on planning, prepara- tion, coordination, execution, and after-action review of VIPR deployments and describe the capabilities of each component of a VIPR team with recommendations on their most effective use. The coordination and review of operational plans by mass transit and passenger rail agency security officials before VIPR deployment ensures mutual understanding of security activities and procedures to address identified threats, suspicious activities, and incidents of apparent criminal conduct. Questions about the reliability and accuracy of NTD • security and incident data and year-to-year consistency were raised. Data terminology issues were identified— for example, insignificant incidents are classified and reported under the category of “bombings.” These issues need to be researched and addressed. RESEARCH NEEDS The following research needs were identified in the Synthe- sis report. Data and Performance Metrics NTD Data Enhancing the reliability of NTD security and incident data, improving temporal consistency, and addressing terminol- ogy issues were identified in this study. Crime Trends Research on the underlying causes of the changes in specific crime and incident categories identified in the NTD may be of interest to transit agencies once the fundamental accuracy issues of NTD data have been addressed. Security Metrics Security metrics can demonstrate the value of security to the agency, the customer, the general public, and other stakeholders by conveying and quantifying the specific ben- efits of security investments. Clear and consistent security measures are important when comparing the security levels of peer agencies. These measures would benefit from con- sistent data definition, collection, analysis, and reporting methodologies. Victim and Offender Characteristics Research on the characteristics of transit crime victims and offenders is recommended as these data are not readily available. Crime-Reporting Issues More research is recommended to determine the extent of and reasons for underreporting, as well as possible overre- porting of transit crime. New crime-reporting procedures, the level of customer understanding of how to report transit crimes, and how best to promote the notification and docu- mentation of relevant incidents by frontline personnel are suggested for further research. Intelligence Information and Information Sharing What do transit agencies consider actionable intelligence? Is there a common definition, or does it differ from agency to agency? These questions, along with the security gaps in information sharing identified by SEMTAP, remain and need to be researched. Interoperable Communications Transit-specific interoperability issues need to be addressed. Some of the issues are common to many transit agencies, but each agency faces specific issues as well. Therefore, transit agencies need to identify interoperable communications issues and problems within their agency, find out how to address them, and determine how they may participate in regional, state, and federal interoperability programs and efforts. Training, Evaluation, and Motivation Training Although an enormous amount of progress has been made since 9/11 in providing security training to transit employ- ees, the lack of ample security training sources and materials for and delivery to transit managers above the supervisory level is a concern that needs to be addressed. Additionally, the need for adequate refresher training and training rein- forcement for awareness and security orientation training were noted by SEMTAP. Evaluations Transit workers usually are not evaluated in terms of secu- rity awareness, implementation of security training content, and other related matters. These evaluations would be useful in determining the preparedness level of individual workers as well as the agency as a whole. Also, testing certain secu- rity measures may require covert testing using fake threat material. Developing methods to conduct this type of test- ing will enable agencies to determine the robustness of their security systems and preparedness of their workforce. Indi- vidual weaknesses can be addressed by providing remedial training to those who require it. Universal weaknesses can be addressed by changing or adding to the training content or the security system and practice.

65 Cross-Functional Training As the transportation security community takes on an all- hazards approach, and to ensure the success of convergence efforts, cooperation among multiple functions and divisions within the transit agency is needed, including the police force or security unit, IT, human resources, operations plan- ning, customer service, marketing, and others. There is, therefore, a foreseeable need for communications and cross- functional experience and training for transit employees in these areas. Simulation This alternative training and evaluation tool provides a real- istic but safe three-dimensional virtual reality setting in which employees may be trained and assessed. Simulation is used in military settings to train military personnel and has been considered for use by a few transit agencies as a training tool. Motivation To address the issue of both officer and transit employee motivation with regards to both crime and terrorism, further research on transit police and employee motivation tech- niques is recommended. Resource Allocation and Deployment Resource allocation and deployment decisions for security investments and their justification are challenging for some agencies. Transit agency management, planners, and police and security departments look to determine the optimal number of security personnel, deployment locations, and schedules, as well as the best mix of labor and technology for their particular agency. Even though models may exist, the appropriate use of the resource allocation models and application to an agency’s long-term and near-term invest- ment strategy may not be known. Transit Vehicle Design Further research and collaboration with transit vehicle manufacturers are both required to design security into transit vehicles. Standard buses, for example, do not have compartments with access control for bus drivers; nor do they have access control (e.g., a key) for the vehicles themselves. Weapons of Mass Destruction Detection Technologies Whereas the testing of various weapons of mass destruction detection technologies has taken place, continued testing and improvements to these technologies are required before they can be made available to transit agencies “off-the-shelf.” Cyber Security Cyber attacks can affect communications systems, Intel- ligent Transportation Systems technologies such as train control systems, or Automatic Vehicle Location systems and signal systems, and these attacks may compromise sensitive data. Although relatively few incidents of cyber crime have been reported by transit agencies, cyber crime in general has been on the rise. Large amounts of personal data of govern- ment employees and the general public have already been stolen and used by identity thieves or otherwise compro- mised. The more alarming aspect of this trend is that many government agencies have been targeted by cyber criminals; in June 2007, the Pentagon was a victim of hacking and sen- sitive information was compromised. Some speculate that hackers may be financed by foreign governments, entities, and/or terrorist organizations. Therefore, more research may be needed in cyber security issues. Other Research Needs Biometric Systems As the transportation worker identification card (TWIC) pro- gram progresses, transit agencies will need to incorporate biometric technologies into their identity management efforts. Additional research into how transit agencies will be able to accommodate biometric technology and integrate their iden- tity management with the TWIC program may be needed. Graffiti This fundamental quality-of-life issue from the passen- ger’s perspective raises the question, that, if transit agencies cannot secure transit systems from vandals, how can they secure these systems from terrorists? The cost to remove graffiti for transit agencies is in the millions. Graffiti has been addressed successfully in some transit systems, but the problem remains or has reappeared in others. Revenue Security Because employee theft is a continuing problem for transit agencies, research into antitheft measures for transit workers may be of interest to transit agencies. Significant progress has been made by transit agencies in transit security and counterterrorism since September 11, 2001. However, this progress needs to continue to ensure that transit systems are at a maximal level of preparedness and to counter the continued persistence and desire of terrorists to inflict harm on innocent persons and their proclivity to choose transit systems as targets. Transit agencies should renew their focus on ordinary crime and minor offenses to prevent a backslide in the remarkable improvement in crime reduction that has occurred.

66 ABBREVIATIONS AND ACRONYMS ADA Americans with Disabilities Act AFSD Assistant Federal Security Director AVL Automatic Vehicle Location BART Bay Area Rapid Transit District (San Francisco) BASE Baseline Assessment for Security Enhancement BJS Bureau of Justice Statistics CBRNE Chemical, Biological, Radiological, Nuclear, or Explosive CCTV Closed-circuit television CDTA Capital District Transportation Authority CERT Community Emergency Response Team COG Council of Governments COOP Continuity of Operations CPR cardiopulmonary resuscitation CPTED Crime Prevention Through Environmental Design CTA Chicago Transit Authority DHS Department of Homeland Security DHS/S&T DHS Science and Technology Directorate DMZ Demilitarized zone DOT Department of transportation EOC Emergency operations center EOP Emergency operating procedure ETD Explosives trace detection FAMSAC Federal Air Marshals Special Agent in Charge FBI Federal Bureau of Investigation FEMA Federal Emergency Management Agency FOIA Freedom of Information Act FRAWG Federal Risk Assessment Working Group GIS Geographic information system HAZMAT Hazardous materials HSIN Homeland Security Information Network HSIN-PT Homeland Security Information Nework— Public Transit HSAS Homeland Security Advisory System HVAC Heating, ventilation, and air conditioning IAs Immediate actions ICS Incident command system IDEA Innovations Deserving Exploratory Analysis IED Improvised explosives device IP Internet Protocol IT Information technology JHU Johns Hopkins University JTTF Joint Terrorism Task Force MARTA Metropolitan Atlanta Rapid Transit Authority MBTA Massachusetts Bay Transportation Authority MOU Memorandum of Understanding MTA Metropolitan Transportation Authority MTPD Metro Transit Police Department Muni San Francisco Municipal Railway NBC Nuclear/Biological/Chemical NCTC National Counterterrorism Center NEDCTP National Explosives Detection Canine Team Program NFTA Niagara Frontier Transportation Authority NIMS National incident management system NIPP National Infrastructure Protection Plan NJT New Jersey Transit NRP National Response Plan NTD National Transit Database NTI National Transit Institute NYCT New York City Transit OCC Operations control center OGT Office of Grants and Training PATH Port Authority Trans–Hudson Corporation PC Personal computer

67 PCAC Permanent Citizens Advisory Committee PIV Personal Identity Verification POST Peace Officers Standards and Training PSI Passenger security inspection ROW Right-of-way SCP Situational Crime Prevention SEMTAP Security and Emergency Management Techni- cal Assistance Program SEPTA Southeastern Pennsylvania Transportation Authority SOP Standard operating procedure SOT Special operations team STISAC Surface Transportation–Information Sharing and Analysis Center SWAT Special Weapons and Tactics TAG Together Against Graffiti TCO Total cost of ownership TOMs Train Order Maintenance Sweeps TSNM Transportation Sector Network Management TS-SSP Transportation Systems–Sector Security Plan TVA Threat and Vulnerability Analysis TWIC Transportation worker identification card UCR Uniform Crime Reporting UHF Ultrahigh frequency VIPR Visible Intermodal Prevention and Response WMD Weapons of mass destruction WTC World Trade Center

68 REFERENCES Bacal, R., Defusing Hostile Customers Workbook, Institute for Cooperative Communication, Winnipeg, Canada, 1998. Bahr, N., E. Gorrie, and M. Zannoni, Security and Emer- gency Management Technical Assistance for the Top 50 Transit Agencies, FTA Report No. DOT-VNTSC-FTA- 07-01, Federal Transit Administration, Washington, D.C., 2007. Batelle, TotalSecurity US, and Transportation Research Associates, Transit Agency Security and Emergency Management Protective Measures, Federal Transit Administration, Washington, D.C., 2006. Blumenthal, L., “Intelligence Suggests Terrorists Conduct Surveillance on Ferries,” HeraldToday.com, Sep. 9, 2006. Blumstein, A. and J. Wallman, eds., The Crime Drop in America, Cambridge University Press, Cambridge, U.K., 2000. “Cameras on Buses and Shuttles Can Reap Rewards,” Park- ing Today, Vol. 7, No. 9, 2002, p. 16. Campbell, G., “Demonstrate Security’s Alignment with Business Objectives,” Security Technology & Design, Feb. 2008. Campbell, G.K., Measures and Metrics in Corporate Secu- rity, Senior Executive Council, 2006. Center for Domestic Preparedness, Fact Sheet, Department of Homeland Security, Anniston, Ala., 2008 [Online]. Available: https://cdp.dhs.gov/. Clarke, R.V., ed., Situational Crime Prevention: Successful Case Studies, 2nd ed., Harrow and Heston, New York, 1997. CNN (Cable News Network), “FBI: Three Held in New York Tunnel Plot,” July 7, 2006 [Online]. Available: http:// www.CNN.com. Conklin, J., Why Crime Rates Fell, Pearson Education, Inc., New York, 2003. Conry-Murray, A., “On Location: Chicago Transit Author- ity,” Mar. 19, 2007 [Online]. Available: http://www.net- workcomputing.com [accessed Jan. 23, 2007]. Criminal Victimization in the United States, 1996–2005 Sta- tistical Tables, U.S. Department of Justice, Washington D.C. CDTA Budget FY2008, Capital District Transportation Authority, Albany, New York, 2007. “Evaluation of DHS’ Information Security Program for Fis- cal Year 2007,” Office of the Inspector General, Depart- ment of Homeland Security, Washington, D.C., 2007. “Existing and Potential Standoff Explosives Detection Tech- niques.” Committee on the Review of Existing and Poten- tial Standoff Explosives Detection Techniques, Board on Chemical Sciences and Technology, National Research Council, Washington, D.C., 2004. Felson, M., et al., “Redesigning Hell: Preventing Crime and Disorder at the Port Authority,” In Preventing Mass Tran- sit Crime, R. Clarke, ed., Crime Prevention Series, Vol. 6., Criminal Justice Press, Monsey, N.Y., 1996, pp. 5–92. Frank, T., “TSA to Test New Thermal Cameras in Rail Sta- tions,” USA Today, Oct. 4, 2007. Gomersall, C., “Challenges and Developments in Intelligent Video Surveillance,” Commentary, SourceSecurity.com [Online]. Available: http://sourcesecurity.com, n.d.. Goodfellow, R., “Lighting as a Situational Approach to Pre- venting Transit Crime,” Proceedings of the APTA Rail Transit Conference, Dallas, Tex., Sep. 26–28, 2005. Half of All Violent Crimes and a Third of Property Crimes Were Reported to Law Enforcement Agencies in 2000, Press Release, Bureau of Justice Statistics, U.S. Depart- ment of Justice, Washington, D.C., March 9, 2003. Homicide Trends in the U.S., 1976–2005, Bureau of Justice Statistics, U.S. Department of Justice, Washington, D.C., Multiple Years. Hull, G., “Testimony before the House Committee on Appro- priations,” Subcommittee on Homeland Security, Wash- ington, D.C., Feb. 13, 2007. Johnson, K., “Battling Subway Crime, Both Real and Per- ceived,” The New York Times, Oct. 2, 1998. Judge, T., “Yard Management Gets Smarter,” Railway Age, Nov. 2007, pp. 33–34. Kelling, G. and C. Coles, Fixing Broken Windows: Restoring Order and Reducing Crime in Our Communities, Simon and Schuster, New York, 1997a. Kelling, G. and C. Coles, “Taking Back the Subway,” In Fix- ing Broken Windows: Restoring Order and Reducing Crime in Our Communities, Chapter 4, Simon and Schus- ter, New York, 1997b. Kelling, G. and C. Coles, “Community-Based Crime Pre- vention,” In Fixing Broken Windows: Restoring Order and Reducing Crime in Our Communities, Chapter 5, Simon and Schuster, New York, 1997c.

69 Kelling, G. and C. Coles,“Fixing Broken Windows,” In Fix- ing Broken Windows: Restoring Order and Reducing Crime in Our Communities, Chapter 7, Simon and Schus- ter, New York, 1997d. Kilcarr, S., “NPTC’s Petty: Truck Terrorism Threat High,” DriversMag.com, Aug. 27, 2003 [Online]. Available: http://driversmag.com/. Layton, L., “Metro to Prepare Riders for Terror,” The Wash- ington Post, Sep. 2, 2004. Leidigh, C., Fundamental Principles of Network Security, American Power Conversion Corp., West Kinston, R.I., 2005. Lusk, A., Bus and Bus Stop Designs Related to Perceptions of Crime, Federal Transit Agency, Washington, D.C., 2001. Making the Nation Safer: The Role of Science and Technol- ogy in Countering Terrorism, National Research Coun- cil, The National Academies Press, Washington, D.C., 2002. “Maryland Transit Deploys Intelligent Video,” Arcinc, Nov. 2, 2006 [Online]. Available: http://www.arcinc.com. MBTA Youth Study Final Report, MBTA (Massachusetts Bay Transportation Authority), MBTA Police and North- eastern University’s Center for Criminal Justice Policy, Boston, Mass., 2000. McDonald, P.P., Managing Police Operations: Implement- ing the NYPD Crime Control Model Using COMPSTAT, Wadsworth Publishing, New York, 2001. “MTA Announces a State of the Art Integrated Electronic Secu- rity System for NY Transportation Network,” MTA (Metro- politan Transportation Authority), MTA Press Release, mta. info, Aug. 23, 2005 [Online]. Available at http://www.mta. info/mta/news/ releases/?agency=hq&en=050823 (accessed Jan. 23, 2005). Murphy, M.J., TCRP Synthesis 58: Emergency Response Procedures for Natural Gas Transit Vehicles, Transpor- tation Research Board, National Research Council, Washington, D.C., 53 pp. Nakanishi, Y.J. and J.L. Western, “Ensuring the Security of Transportation Facilities: Evaluation of Advanced Vehi- cle Identification Technologies,” Transportation Research Record: Journal of the Transportation Research Board, No. 1938, Transportation Research Board of the National Academies, Washington, D.C., 2005b, pp. 9–16. Nakanishi, Y.J. and J.L. Western, “Evaluation of Biometric Technologies for Access Control at Transportation Facili- ties and Border Crossings,” Transportation Research Record: Journal of the Transportation Research Board, No. 1938, 1–8. Transportation Research Board of the National Academies, Washington, D.C., 2005a, pp. 1–8. Nason, R., “Crash Course in Perimeter Security Technol- ogy,” Security Technology & Design, Feb. 2008, pp. 28–33. National Strategy for Combating Terrorism, The White House, Washington, D.C., 2006 [Online]. Available: www.whitehouse.gov/nsc/nsct/2006. National Strategy for Information Sharing: Successes and Challenges in Improving Terrorism-Related Information Sharing, National Counterterrorism Center, Office of the Director of National Intelligence, Washington, D.C., 2007. Nelson, K.R., “Policing Mass Transit: Serving a Unique Community,” Federal Bureau of Investigation, Washing- ton, D.C., Jan. 1997 [Online]. Available at http://www. mta.com [accessed Jan. 23, 2005]. On-Net Surveillance Systems, Inc., Suffern, N.Y., Online presentation [Online]. Available: www.OnSSI.com, n.d. Prepare Training Program Manual, Crisis Prevention Insti- tute, Brookfield, Wis., 2005. “Promo and Drill CD-ROM,” n.d., WMATA (Washington Metropolitan Area Transit Authority), Obtained from Capt. Brian Heanue, Washington, D.C. Radin, S., Advanced Public Transportation Systems Deploy- ment in the United States—Year 2004 Update, Federal Transit Administration, Washington, D.C., 2005. Reed, T.B., et al., “Transit-Passenger Perceptions of Transit- Related Crime Reduction Measures,” Transportation Research Record: Journal of the Transportation Research Board, No. 1731, 2000, pp. 130–141. “Reporting Crime to the Police,” U.S. Department of Justice, Bureau of Justice Statistics, Washington, D.C., 1992–2000. Royal Canadian Police Departmental Performance Report [Online]. Available: http://www.tbs-sct.gc.ca/dpr- rmr/2006-2007/inst/rcm/rcm-eng.pdf. Rubenstein, E., Detection of Radioactivity in Transit Sta- tions, Transit IDEA Project 42, Transportation Research Board, National Research Council, Washington, D.C., 2006. “SafeCom Program,” n.d. [Online]. Available: http://www. safecomprogram.gov. Schweiger, C.L., TCRP Synthesis 68: Methods of Rider Com- munication, Transportation Research Board, National Research Council, Washington, D.C., 2006, 91 pp. Science Applications International Corp., “Guide to Risk Management of Multimodal Transportation Infrastruc- ture,” NCHRP Project SP20-59(17), Transportation Research Board of the National Academies, Washington, D.C., 2006.

70 “Security Manpower Planning Model,” Federal Transit Administration, Washington, D.C., May 2008 [Online]. Available at http://transit-safety.volpe.dot.gov/Security/ SecurityInitiatives/SMPM/Default.asp. Starcic, J., “Technology is Key Layer to Securing Transit,” Metro Magazine, April 2008 [Online]. Available: http:// www.metro-magazine.com. “Supplementary Homicide Reports,” 1976–2005, DOJ and FBI (Department of Justice Report and Federal Bureau of Investigation), Washington, D.C. TCRP Report 86, Volume 1: Communication of Threats: A Guide, Transportation Research Board, National Research Council, Washington, D.C., 2002. TCRP Report 86, Volume 4: Intrusion Detection for Public Transportation Facilities Handbook, Transportation Research Board, National Research Council, Washing- ton, D.C., 2003. TCRP Report 86, Volume 8: Continuity of Operations Plan- ning Guidelines for Transportation Agencies, Transpor- tation Research Board, National Research Council, Washington, D.C., 2005. TCRP Report 86, Volume 9: Guidelines for Transportation Emergency Training Exercises, Transportation Research Board, National Research Council, Washington, D.C., 2006a. TCRP Report 86, Volume 10: Hazard and Security Plan Workshop: Instructor Guide, Transportation Research Board, National Research Council, Washington, D.C., 2006b. TCRP Report 86, Volume 11, Security Measures for Ferry Systems, Transportation Research Board, National Research Council, Washington, D.C., 2006c. TCRP Report 86, Volume 12: Making Transportation Tun- nels Safe and Secure, Transportation Research Board, National Research Council, Washington, D.C., 2007a. TCRP Report 86, Volume 13: Public Transportation Passen- ger Security Inspections: A Guide for Policy Decision Makers, Transportation Research Board, National Research Council, Washington, D.C., 2007b. TCRP Report 88: A Guidebook for Developing A Tran- sit Performance-Measurement System, Transporta- tion Research Board, National Research Council, Washington, D.C., 2003. “$34 Million for NYC Metro Area Emergency Com- munications,” Government Technology News Report, April 17, 2008 [Online]. Available: http://www.gov- tech.com. Transit Security Design Considerations, FTA (Federal Transit Administration), Washington D.C., 2004. “Transportation Sector Network Management Mass Transit Division,” TSA (Transportation Security Administration), Summary of Security Enhance- ment Efforts, Washington, D.C., May 14, 2008. Trends in Victimization Rates by Age, 1973–2005, Bureau of Justice Statistics, U.S. Department of Jus- tice, Washington, D.C. “TSA Expanding National Explosives Detection Canine Teams,” TSA (Transportation Security Administra- tion), 2005. TSA Press Release, Washington, D.C., Sep. 28, 2005. “Uniform Crime Reporting,” FBI (Federal Bureau of Investigation), 1976–2005, [Online].Available: http://www.fbi.gov/ucr/ucr.htm. Widawsky, I.D., Passenger Security in the Subways: An Analysis of Crime, Fear, and Perceptions of Insecu- rity in the New York City Subway System, A Report by the Permanent Citizens Advisory Committee to the MTA, 1989. Workplace Violence Prevention Strategies and Research Needs, NIOSH (National Institute for Occupational Safety and Health), Publication No. 2006-144, National Institute for Occupational Safety and Health, Washington, D.C., 2006.

71 BIBLIOGRAPHY Acohido, B., “Theft of Personal Data More Than Triples This Year,” USA TODAY, Dec. 9, 2007 [Online]. Available: http://www.usatoday.com/money/industries/technology/ 2007-12-09-data-theft_N.htm. Airline Passenger Security Screening: New Technologies and Implementation Issues, Aviation Security: Screener Training and Performance Measurement Strengthened, but More Work Remains, GAO Report 05-457, Washing- ton, D.C., May 2005. “Airline Passenger Security Screening: New Technologies and Implementation Issues,” Committee on Commercial Aviation Security, National Materials Advisory Board and Commission on Engineering and Technical Systems, National Research Council, Washington, D.C., 1996. Assessing and Managing the Terrorism Threat, U.S. Depart- ment of Justice, Bureau of Justice Assistance, Washing- ton, D.C., Sep. 2005. “Assessment of Technologies Deployed to Improve Aviation Security: First Report,” Commission on Engineering and Technical Systems, Panel on Assessment of Technologies Deployed to Improve Aviation Security, National Research Council, Washington, D.C., 1999. Banerjee, B., “The ABCs of TCO (Total Cost of Ownership): The True Costs of IP Video Surveillance,” Video Technol- ogy and Applications, Feb. 2008. Beaver, K.,“Locking Down Today’s Data Centers,” Security Technology & Design, Dec. 2007, pp. 30–34. Bodell, P., “Commentary: Are we Letting the Bad Guys Get Away?” Video Technology and Applications, Feb. 2008. Committee on the Review of Existing and Potential Standoff Explosives Detection Techniques, Board on Chemical Sciences and Technology, National Research Council, Washington, D.C., 2002. “Configuration Management and Performance Verification of Explosives-Detection Systems,” Commission on Engi- neering and Technical Systems, National Materials Advi- sory Board, Panel on Technical Regulation of Explosives-Detection Systems, Publication NMAB- 482-3, National Research Council, Washington, D.C., 1998. “Containing the Threat from Illegal Bombings: An Inte- grated National Strategy for Marking, Tagging, Render- ing Inert, and Licensing Explosives and Their Precursors,” Committee on Marking, Rendering Inert, and Licensing of Explosives, Board on Chemical Sciences and Technol- ogy, and Commission on Physical Sciences, Mathematics, and Applications, National Research Council, Washing- ton, D.C., 1998. “Cybercriminals Becoming Increasingly Professional,” Gov- ernment Technology, Sep. 17, 2007 [Online]. Available: https://www.govtech.com/. Daniel, M., “MBTA Set to Begin Passenger ID Stops,” Globe, May 22, 2004. “Detection of Explosives for Commercial Aviation Security,” Committee on Commercial Aviation Security, National Materials Advisory Board and Commission on Engineer- ing and Technical Systems, National Research Council, Washington, D.C., 1993. Effective Employment of Visible Intermodal Prevention and Response Teams in Mass Transit and Passenger Rail, Transportation Security Administration, Washington, D.C., 2007. “Evaluation of DHS’ Information Security Program for Fis- cal Year 2007,” Department of Homeland Security/Office of the Inspector General, DHS Office of the Inspector General, Washington, D.C. “Existing and Potential Standoff Explosives Detection Tech- niques,” Committee on the Review of Existing and Poten- tial Standoff Explosives Detection Techniques, Board on Chemical Sciences and Technology, National Research Council, Washington, D.C., 2002. “Existing and Potential Standoff Explosives Detection Tech- niques,” Committee on the Review of Existing and Poten- tial Standoff Explosives Detection Techniques, National Research Council, Washington, D.C., 2004. “Facts and Statistics,” Identity Theft Research Center, April 30, 2007 [Online]. Available: http://www.idtheftcenter. org/artman2/publish/m_facts/Facts_and_Statistics. shtml [accessed Dec. 20, 2007]. Fatah, A., et al., An Introduction to Biological Agent Detec- tion Equipment for Emergency First Responders, NIJ Guide 101-00, National Institute of Justice, Washington, D.C., Dec. 2001. Fatah, A., et al., Guide for the Selection of Chemical Agent and Toxic Industrial Material Detection Equipment for Emergency First Responders, NIJ Guide 100-00, National Institute of Justice, Washington, D.C., June 2000. FEMA 426—Reference Manual to Mitigate Potential Ter- rorist Attacks Against Buildings, Federal Emergency Management Agency, Washington, D.C. updated Oct. 2007.

72 FEMA 427—Primer for Design of Commercial Buildings to Mitigate Terrorist Attacks, Federal Emergency Manage- ment Agency, 2003. “Government Smart Card Interoperability Specification, Version 2.1T,” National Institute of Standards and Tech- nology [Online]. Available: http://csrc.nist.gov/publica- tions/ nistir/nistir-6887.pdf. Guidance for Protecting Building Environments from Air- borne Chemical, Biological, or Radiological Attacks, National Institute for Occupational Safety and Health, Washington, D.C., 2002. “Guidance on Background Checks, Redress and Immigra- tion Status,” Transportation Security Administration, Washington, D.C., 2007 [Online]. Available: http://www. tsa.gov/. Haas, K., Transportation & Homeland Security: A Critical Issues Guide for Local Officials, Public Technology, Inc., 2005. Jenkins M.B., “Protecting Surface Transportation Systems and Patrons from Terrorist Activities: Case Studies of Best Security Practices and a Chronology of Attacks,” Dec. 1997. Kelling, G. and J. Wilson, “Broken Windows,” Atlantic Monthly, Mar. 1982. King, L., “SEPTA Unveils Antiterror Weapons,” Inquirer, Employee Security Connection, Vol. 19, No. 3, Feb. 9, 2006. Lawrence Livermore National Laboratory, Evaluation of an Expedient Terrorist Vehicle Barrier. Lewis, A.J., Security and Surveillance, Center for Strategic and International Studies, Washington, D.C., 2002. Marisco, R., “PATH Station to Test Bomb-Detection Plan,” Star-Ledger, Jan. 25, 2006. “Mass Transit Annex to Transportation Systems Sector Secu- rity Plan,” Transportation Security Administration, Wash- ington, D.C. [Online]. Available: http://www.tsa. gov/. “Mass Transit Security Training Program,” Transportation Security Administration, Washington, D.C., 2007 [Online]. Available: http://www.tsa.gov/. Nakanishi, Y.J. and J.L. Western, “Advancing the State-of- the-Art in Identification and Verification: Biometric and Multibiometric Systems,” In 86th Annual Meeting of the Transportation Research Board [CD-ROM], Washing- ton, D.C., Jan. 21–25, 2007. Nakanishi, Y., K. Kim, Y. Ulusoy, and A. Bata, “Assessing Emergency Preparedness of Transit Agencies: A Focus on Performance Indicators,” In Transportation Research Record 1822, Transportation Research Board, National Research Council, Washington, D.C., 2003. Needle, J.A. and R.M. Cobb, Synthesis of Transit Practice 21: Improving Transit Security, Transportation Research Board, National Research Council, Washington, D.C., 1997, 36 pp. NewsEdge Corp., “Profile of Computer Hackers Changing,” CommwebNews.com, Dec. 26, 2007. O’Neil, D. and Y. Nakanishi, “Survey and Analysis of Trans- portation Security Training Needs and Programs,” TR News, Spring 2005. “Opportunities to Improve Airport Passenger Screening with Mass Spectrometry,” Committee on Assessment of Secu- rity Technologies for Transportation, National Materials Advisory Board, National Research Council, Washing- ton, D.C., 2004. “Program for Response Options and Technology Enhance- ments for Chemical/Biological Terrorism (PROTECT),” National Nuclear Security Administration, National Insti- tute of Standards and Technology. Pryor, R., “TSA Trip I, II, III Tests Presentation Slides,” CTO Operational Integration Division/TSA. Public Transportation System Security and Emergency Pre- paredness Planning Guide, Federal Transit Administra- tion, Washington, D.C., 2003. Railway Age, Nov. 2007. Rhykerd C., D. Hannum, D. Murray, and J. Parmeter, Guide for the Selection of Commercial Explosives Detection Systems for Law Enforcement Applications, NIJ Guide 100-99, National Institute of Justice, Washington, D.C., Sep. 1999. “Security and Emergency Management Action Items,” Fed- eral Transit Administration/Transportation Security Administration, Washington, D.C., 2006 [Online]. Avail- able: http://www.tsa.gov/. Security and Emergency Management Technical Assistance for the Top 50 Transit Agencies Final Report, Federal Transit Administration, Washington, D.C., 2007. Silverman, E., NYPD Battles Crime: Innovative Strategies in Policing, Northeastern University Press, Boston, Mass., 2001. Smiths Detection and TeraView Developing Hand-Held Screening Device, Flt Tech Online Weekly News Sum- mary, June 17, 2004. Special Report 270: Deterrence, Protection, and Prepara- tion: The New Transportation Security Imperative, Trans- portation Research Board, Washington, D.C., 2002. Survey of United States Transit System Security Needs and- Funding Priorities, “Summary of Findings,” American Public Transportation Association, Washington, D.C., 2004.

73 Taylor, B., et al., “Responding to Security Threats in the Post- 9/11 Era: A Portrait of U.S. Urban Public Transit,” Public Works Management & Policy, Vol. 11, No. 1, pp. 3–17. TCRP Project J-3: International Transit Studies Program, Transportation Research Board, National Research Coun- cil, Washington, D.C., June 2003. TCRP Report 86, Volume 2: K9 Units in Public Transporta- tion: A Guide for Decision Makers, Transportation Research Board, National Research Council, Washing- ton, D.C., 2002. TCRP Report 86, Volume 3: Robotic Devices for the Transit Environment, Transportation Research Board, National Research Council, Washington, D.C., 2003. TCRP Report 86, Volume 5: Security-Related Customer Communications and Training for Public Transportation Providers, Transportation Research Board, National Research Council, Washington, D.C., 2004. TCRP Report 86, Volume 6: Applicability of Portable Explo- sive Detection Devices in Transit Environments, Trans- portation Research Board, National Research Council, Washington, D.C., 2004. TCRP Report 86, Volume 7: Public Transportation Emer- gency Mobilization and Emergency Operations Guide, Transportation Research Board, National Research Coun- cil, Washington, D.C., 2005. TCRP Web Document 15: Guidelines for the Effective Use of Uniformed Transit Police and Security Personnel, Trans- portation Research Board, National Research Council, Washington, D.C., May 1997. TCRP Web Document 18: Developing Useful Transit-Related Crime and Incident Data, Transportation Research Board, National Research Council, Washington, D.C., April, 2000. “Title 33: Navigation and Navigable Waters, Part 104-Vessel Security. Electronic Code of Federal Regulations” [Online]. Available: http://www.mxak.org/regulations/ homeland/33cfr104.htm. “Transit Security Grant Program Guidelines,” Department of Homeland Security/Transportation Security Adminis- tration, Washington, D.C. [Online]. Available: http:// www.tsa.gov/. Transit Security Handbook, Federal Transit Administration, Report No. FTA-MA-90-9007-98-1, U.S. Department of Transportation, Washington, D.C., 1998. “Transit Threat Level Response Recommendation,” Federal Transit Administration, Washington, D.C. Transit Tunnel Recommended Protective Measures, Trans- portation Security Administration, Washington, D.C., 2007. “Transportation Security: Post-September 11th Initiatives and Long-Term Challenges,” Report No. GAO-03-616, [Online]. Available: http://www.gao.gov/new.items/ d03616t.pdf. “TSA Expanding National Explosives Detection Canine Teams to Mass Transit and Commuter Rail Systems,” Department of Homeland Security, DHS press release, Washington, D.C., Oct. 6, 2005. “TSA Unveils Mobile Security Checkpoint Pilot Program with Maryland Transit Authority,” Department of Home- land Security, DHS press release, Washington, D.C. April 3, 2006. “Vandalism, Terrorism, and Security in Urban Public Pas- senger Transport,” Report of the Hundred and Twenty Third Round Table on Transport Economics, European Conference of Ministers of Transport, 2003. Verrinder, M., “N.J. Starts Bomb-Screening of Train Rid- ers,” Associated Press, Feb. 8, 2006. Washington State Ferry, [Online]. Available: http://www. wsdot.wa.gov/ferries/security. Weber, S., “Cyber Security: Ignore At Your Peril,” Forbes. com, Feb. 28, 2008. Williams, T. and S. Chan, “In New Security Move, New York Police to Search Commuters’ Bags,” NY Times, July 21, 2005. Workplace Violence Prevention Strategies and Research Needs, National Institute for Occupational Safety and Health, NIOSH Publication No. 2006-144, Washington, D.C., Sep. 2006.

74 GLOSSARY TRANSIT SECURITY TERMS Source: Transit security glossary definitions are primarily derived from Transit Safety & Security Statistics & Anal- ysis 2003 Annual Report; National Infrastructure Pro- tection Plan (July 2006) or the National Response Plan (December 2004). All Hazards An approach for prevention, protection, preparedness, response, and recovery that addresses a full range of threats and hazards, including domestic terrorist attacks, natural and manmade disasters, accidental disruptions, and other emergencies. Arson To unlawfully and intentionally damage, or attempt to dam- age, any real or personal property by fire or incendiary device. Assault, Aggravated An unlawful attack by one person upon another wherein the offender— Uses a weapon in a threatening manner, or • Victim suffers obvious severe or aggravated bodily • injury. Assault, Other An unlawful attack or attempt by one person upon another in which no weapon was used or that did not result in seri- ous or aggravated injury to the victim. This includes— Simple assault • Minor assault • Assault and battery • Injury by culpable negligence • Intimidation, coercion, hazing • All attempts to commit these offenses • Attack or Active Incident An actual emergency that might include a terrorist attack, accident, or natural disaster. Bomb Threat Credible written or oral (e.g., telephone) communication to a transit agency threatening the use of an explosive or incendiary device for the purpose of disrupting public transit services or to create a public emergency. Bombing The unlawful and intentional delivery, placement, discharge, or detonation of an explosive or other lethal device. Burglary The unlawful entry into a building or other structure with the intent to commit a felony or a theft. This includes offenses known locally as burglary (any degree), unlawful entry with intent to commit a larceny or felony, breaking and entering with intent to commit a larceny, housebreaking, safe cracking, and all attempts at these offenses. Chemical, Biological, or Nuclear Release The unlawful and intentional delivery, placement, discharge, or detonation of a biological, chemical, or nuclear lethal device. Crime Prevention Through Environmental Design (CPTED) CPTED is a method of situational crime prevention by which the transit environment discourages offenders from mak- ing the choice to commit a crime by increasing the risks and required efforts. The many CPTED measures include bright lighting, unobstructed sightlines, and natural and formal surveillance. Criminal Activity An activity that violates the law. Cyber Incident Involves the targeting of transit facilities, personnel, infor- mation, computer, or telecommunications systems asso- ciated with transit agencies. Proscribed activities include the following: Denial or disruption of computer or telecommunica-• tions services, especially train control systems; Unauthorized monitoring of computer or telecommu-• nications systems; Unauthorized disclosure of proprietary or classified • information store within or communicated through computer or telecommunications systems;

75 Unauthorized modification or destruction of computer • programming codes, computer network databases, stored information or computer capabilities; and Manipulation of computer or telecommunications • services resulting from fraud, financial loss, or other criminal violations. Derailment/Bus Going Off Road A noncollision incident in which either one or more wheels of a transit vehicle unintentionally leaves the rails, a bus leaves the roadway, or there is a rollover. Detection The identification and validation of potential threat or attack that is communicated to an appropriate authority that can act. General detection activities include intelligence gath- ering, analysis of surveillance activities, and trend analy- sis of law enforcement reporting. For specific assets, examples include intrusion-detection systems, alarms, surveillance, and employee security awareness programs. Deterrence An activity, procedure, or physical barrier that reduces the likelihood of an incident, attack, or criminal activity. Directly Operated Transportation service provided directly by a transit agency, using their employees to supply the necessary labor to operate the revenue vehicles. This includes instances in which an agency’s employees provide purchased trans- portation services to the agency through a contractual agreement. Emergency Incident An incident in which emergency response is required; spe- cifically, an imminent threat to human life. Employee An individual who is compensated by the transit agency as follows: For directly operated services, the labor expense for • the individual is reported in object class 501 labor. For purchased transportation service, the labor expense • for the individual meets the same criteria as object class 501 labor. Evacuation A condition requiring all passengers and employees to depart a transit vehicle and enter onto the transit right-of-way or roadway under emergency circumstances. Fare Evasion The unlawful use of transit facilities by riding without pay- ing the applicable fare. Fatality A transit-caused death confirmed within 30 days of a transit incident, which occurs under the collision, derailment, fire, evacuation, security incident, vehicle leaving the roadway, or not otherwise classified categories. Fire Uncontrolled combustion made evident by flame and/or smoke that requires suppression by equipment or personnel. Forcible Rape The carnal knowledge of a person forcibly and/or against that person’s will. This includes assault to rape or attempt to rape. FTA Urbanized Area Formula Program Funds Financial assistance from Section 5307 of the Federal Transit Act. This program makes federal resources available to finance capital projects and the planning and improve- ment costs of equipment, facilities, and associated capital maintenance items for use in mass transportation. The program also allows funds for operating assistance in urbanized areas of less than 200,000 population. Grade Crossings An intersection of highway roads, railroad tracks, or dedi- cated transit rail tracks that run either parallel or across mixed traffic situations with motor vehicles, light rail, commuter rail, heavy rail, trolley bus, or pedestrian traf- fic. Collisions at grade crossings involving transit vehi- cles apply to light rail, commuter rail, heavy rail, or trolley bus. Graduated Security Response A security response that increases in a modular or continu- ous fashion as the defined threat level increases in sever- ity; protective measures implemented at lower threat levels build to the higher threat level protective measures in a cumulative fashion. High-Visibility Patrols High-visibility patrols are made highly visible through the saturation of specific locations with multiple specially uniformed officers and the use of visible tactical vests.

76 Hijacking Seizing control of a transit vehicle by force. Homicide The killing of one or more human beings by another, includ- ing the following: Murder and nonnegligent manslaughter: The willful • (nonnegligent) killing of one or more human beings by another. Negligent manslaughter: The killing of another person • or persons through gross negligence. Incident Major (episodic): Existence of one or more of the following: A fatality other than a suicide. • Injuries requiring immediate medical attention away • from the scene for two or more persons. Property damage equal to or exceeding $25,000. • An evacuation as a result of life safety reasons. • A collision at a grade crossing resulting in at least one • injury requiring immediate medical attention away from the scene or property damage equal to or exceed- ing $7,500. A mainline derailment. • A collision with person(s) on a rail right-of-way result-• ing in injuries that require immediate medical atten- tion away from the scene for one or more persons. A collision between a rail transit vehicle and another rail • transit vehicle or a transit nonrevenue vehicle resulting in injuries that require immediate medical attention away from the scene for one or more persons. Nonmajor (summary): Incidents not already reported on the Major Incident Reporting form (S&S-40) with one or more of the following conditions: Injuries requiring immediate medical attention away • from the scene for one person. Property damage equal to or exceeding $7,500 (less • than $25,000). All nonarson fires not qualifying as major incidents.• Injury Any physical damage or harm to persons as a result of an incident that requires immediate medical attention away from the scene. Larceny/Theft The unlawful taking, carrying, leading, or riding away of property from the possession or constructive possession of another person. This includes pocket picking, purse snatching, shoplifting, thefts from motor vehicles, thefts of motor vehicle parts and accessories, theft of bicycles, theft from buildings, theft from coin-operated devices or machines, and all other theft not specifically classified. Mitigation Activities designed to reduce or eliminate risks to persons or property or to lessen the actual or potential effects or con- sequences of an incident. Mode A system for carrying transit passengers described by spe- cific right-of-way, technology, and operational features. Motor Vehicle Theft Theft or attempted theft of a motor vehicle. A motor vehicle is a self-propelled vehicle that runs on the surface of land and not on rails. National Transit Database (NTD) The system through which the FTA collects uniform data needed by the secretary of transportation to administer department programs. Not Otherwise Classified (personal casualty) A major or nonmajor incident in which persons are injured or die in transit-related operations, but not as a result of a collision, derailment/vehicle leaving roadway, evacua- tion, or fire. These incidents can include the following: Injuries or fatalities that occur in slips, trips or falls on • stairs, escalators, elevators, passageways, platforms, or transit rights-of-way. Injuries or fatalities that occur in sudden braking or • unexpected swerving on transit vehicles. Injuries or fatalities that occur in slips, falls, door clos-• ings, or lifts while getting on or off a transit vehicle. Nonarson Fires An incident involving uncontrolled combustion manifested by flame or smoke resulting in evidence of charring, melt- ing, or other evidence of ignition of transit property. These are reported as in station, on right-of-way or other, or in a vehicle. Nonviolent Civil Disturbance Nonviolent public demonstrations that may or may not be disruptive.

77 Other An individual who is neither a transit passenger, transit facil- ity occupant, employee/other worker at a transit agency, or a trespasser. Other Assault An unlawful attack or attempt by one person upon another in which no weapon was used or that did not result in seri- ous or aggravated injury to the victim. Passenger A person who is onboard, boarding, or alighting from a tran- sit vehicle for the purpose of traveling without participat- ing in the operation of the vehicle. Passenger Miles The cumulative sum of distances ridden by each passenger. Population Density Population divided by the area for which the population was measured. In the NTD, the number of people is the most recent census urbanized area population divided by the square miles of that urbanized area. Property Damage The dollar amount required to repair or replace all vehicles (transit and nontransit) and all property/facilities (track, signals, and buildings) damaged during an incident to a state equivalent to that which existed before the incident. Protective Measures Planned activities that reduce vulnerability, deny an adver- sary opportunity, or increase response capability during a period of heightened alert. Purchased Transportation Transportation service provided to a public transit agency or government unit from a public or private transportation provider based on a written contract. The provider is obli- gated in advance to operate public transportation services for a public transit agency or governmental unit for a spe- cific monetary consideration, using its own employees to operate revenue vehicles. Purchased transportation does not include franchising, licensing operations, manage- ment services, cooperative agreements, or private con- ventional bus service. Recovery The development, coordination, and execution of service- and site-restoration plans for affected areas and opera- tions. Response Activities that address the short-term, direct effects of an incident, including immediate actions to save lives, pro- tect property, and meet basic human needs. Risk A measure of potential harm that encompasses threat, vul- nerability, and consequence. Robbery The taking or attempting to take anything of value under confrontational circumstances from the care, custody, or control of another person by force or threat of force or violence and/or by putting the victim in fear of immedi- ate harm. The use or threat of force includes firearms, knives or cutting instruments, other dangerous weapons (clubs, acid, explosives), and strong-arm techniques (hands, fists, feet). Sabotage Sabotage or tampering with transit facilities’ assets may be a means to achieve any of the above events, such as start- ing a fire or spreading an airborne chemical agent, or it may be a stand-alone act, such as tampering with track to induce derailment. Security Vulnerability/Risk Assessment (SVA) A systematic assessment approach for security vulnerabil- ity/risk and includes threat and vulnerability analysis. Sensitive Security Information (SSI) Any information or records that the disclosure of the infor- mation may compromise safety or security of the travel- ing public and transit workers. The use of sensitive security information is intended to restrict the material from automatic Freedom of Information Act disclosure. Situational Crime Prevention (SCP) The theoretical basis of SCP is rational choice. The offender decides to commit a crime based on risks, efforts, and rewards. SCP attempts to make the risks and efforts

78 greater than the rewards. The four key categories of SCP techniques as cited by Clarke and Homel are increasing perceived effort, increasing perceived risks, reducing anticipated rewards, and inducing guilt or shame. Suicide A person attempting to end his or her own life intention- ally. Both successful and unsuccessful attempts are counted as suicides. Suicides were previously classified as a subset of Collisions with People. They have been reclassified as nonmajor security incidents in the rede- signed NTD. Terrorist Attack An intentional act of violence with intent to inflict signifi- cant damage to property, inflict casualties, and produce panic and fear. Threat A potential action or situation that may cause harm to people or property. Transit Facility Occupant A person who is inside the public passenger area of a transit revenue facility. Employees, other workers, or trespassers are not transit facility occupants. Trespass To unlawfully enter land, a dwelling, or other real property. Unlinked Passenger Trips The number of passengers who board public transportation vehicles. Passengers are counted each time they board vehicles no matter how many vehicles they use to travel from their origin to their destination. Vandalism The willful or malicious destruction, injury, disfigurement, or defacement of any public or private property, real or personal, without consent of the owner or person having custody or control by cutting, tearing, breaking, marking, painting, drawing, covering with filth, or any other such means as may be specified by local law. Vehicles Operated in Annual Maximum Service The number of revenue vehicles operated to meet the annual maximum service requirement. Vehicle Miles The total number of miles traveled by transit vehicles. Com- muter rail, heavy rail, and light rail report individual car miles rather than train miles for vehicle miles. Vulnerability A weakness in the design, implementation, or operation of an asset, system, or network that can be exploited by an adversary, or disrupted by a natural hazard or technologi- cal failure. Weapons of Mass Destruction (WMD) Weapons that can cause significant destruction of property and inflict significant numbers of casualties and deaths; typically considered to be a part of the group of weapons called chemical, biological, radiological, nuclear, or explosive weapons.

79 CYBER SECURITY TERMS Source: These cyber security terms are from National Cyber Security Alliance Glossary (http://staysafeonline.org/basics/ glossary.html). Adware Any software application that displays advertising banners while the program is running. The authors include additional code, which can be viewed through pop-up windows or through a bar that appears on the computer screen. Adware has been criticized because it usually includes code that tracks a user’s personal information and passes it on to third parties without the user’s authorization or knowledge. Alert Notification that a specific attack has been directed at the information system of an organization. Attack Intentional act of attempting to bypass one or more computer security controls. Audit Trail A record showing who has accessed a computer system and what operations he or she has per- formed during a given period of time. Audit trails are useful both for maintaining security and for recovering lost transactions. Authenticate To verify the identity of a user, user device, or other entity, or the integrity of data stored, transmitted, or otherwise exposed to unauthorized modification in an information system, or to establish the validity of a transmission. Authentication Security measure designed to establish the validity of a transmission, message, or originator, or a means of verifying an individual’s authorization to receive specific categories of informa- tion. Also see Two Factor Authentication. Back Door Hidden software or hardware mechanism used to circumvent security controls. Synonymous with trap door. Backup A copy of data and/or applications contained in the information technology (IT) stored on magnetic media outside of the IT to be used in the event IT data are lost. Blended Threat A computer network attack that seeks to maximize the severity of damage and speed of conta- gion by combining methods, for example, using characteristics of both viruses and worms, while also taking advantage of vulnerabilities in computers, networks, or other physical sys- tems. An attack using a blended approach might send a virus via an e-mail attachment, along with a Trojan horse embedded in an HTML file that will cause damage to the recipient com- puter. The Nimda, CodeRed, and Bugbear exploits were all examples of blended threats. Bluetooth Technology Wireless Internet technology. Bots Bots are remote-controlled agents installed on your system. Bots are often controlled remotely via Internet Relay Chat. Once a system is infected with a bot, it becomes part of a bot network (botnet) and is used in conjunction with other botnet members to carry out the wishes of the bot owner or bot herder. Bots can scan networks for vulnerabilities, install various Distributed Denial of Service tools, capture network packets, or download and execute arbitrary pro- grams. Often bots will contain additional spyware or install it. Computers or systems infected with bots can be used to distribute spam to make it harder to track and prosecute the spammers. Broadband “Broadband” is the general term used to refer to high-speed network connections. In this con- text, Internet connections via cable modem and Digital Subscriber Line are frequently referred to as broadband Internet connections. “Bandwidth” is the term used to describe the relative speed of a network connection—for example, most current dial-up modems can support a bandwidth of 56 kbps (thousand bits per second). There is no set bandwidth threshold required for a connection to be referred to as “broadband,” but it is typical for connections in excess of 1 Megabit per second (Mbps) to be so named. Browser/Browser Settings One browser configuration strategy to manage the risk associated with active content while still enabling trusted sites is the use of Internet Explorer security zones. Using security zones, you can choose preset levels of security. Certification The comprehensive evaluation of the technical and nontechnical security features of IT and other safeguards, made in support of the accreditation process that establishes the extent to which a particular design and implementation meet a specified set of security requirements. Ciphertext Form of cryptography in which the plaintext is made unintelligible to anyone, who intercepts it by a transformation of the information itself, based on some key.

80 Cookie Cookies are pieces of information generated by a Web server and stored in the user’s com- puter, ready for future access. Cookies are embedded in the HTML information flowing back and forth between the user’s computer and the servers. Cookies were implemented to allow user-side customization of Web information. For example, cookies are used to personalize Web search engines, to allow users to participate in WWW-wide contests (but only once!), and to store shopping lists of items a user has selected while browsing through a virtual shop- ping mall. Configuration Management The process of keeping track of changes to the system, if needed, approving them. Contingency Plan A plan for emergency response, backup operations, and postdisaster recovery maintained by an activity as a part of its security program that will ensure the availability of critical resources and facilitate the continuity of operations in an emergency situation. Countermeasures Action, device, procedure, technique, or other measure that reduces the vulnerability of an information system. Data-Driven Attack A form of attack that is encoded in seemingly innocuous data that is executed by a user or a process to implement an attack. A data-driven attack is a concern for firewalls, because it may get through the firewall in data form and launch an attack against a system behind the firewall. Data Integrity The state that exists when automated data are the same as that in source documents, or has been correctly computed from source data, and has not been exposed to alteration or destruction. Denial of Service Result of any action or series of actions that prevents any part of an information system from functioning. Dial-up Service The service whereby a computer terminal can use the telephone to initiate and effect commu- nication with a computer. Dictionary Attack An attack that uses a brute-force technique of successively trying all the words in some large, exhaustive list. Digital Signature Digital signatures are a way to verify that an e-mail message is really from the person who supposedly sent it and that it hasn’t been changed. You may have received e-mails that have a block of letters and numbers at the bottom of the message. Although it may look like useless text or some kind of error, this information is actually a digital signature. To generate a signa- ture, a mathematical algorithm is used to combine the information in a key with the informa- tion in the message. The result is a random-looking string of letters and numbers. Distributed Tool A tool that can be distributed to multiple hosts, which can then be coordinated to anony- mously perform an attack on the target host simultaneously after some time delay. DNS Spoofing Assuming the DNS name of another system by either corrupting the name service cache of a victim system, or by compromising a domain name server for a valid domain. DSL (Digital Subscriber Line) Digital Subscriber Line (DSL) Internet connectivity, unlike cable modem-based service, pro- vides the user with dedicated bandwidth. However, the maximum bandwidth available to DSL users is usually lower than the maximum cable modem rate because of differences in their respective network technologies. Also, the “dedicated bandwidth” is only dedicated between your home and the DSL provider’s central office—the providers offer little or no guarantee of bandwidth all the way across the Internet. Encryption Encryption is the translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or pass- word that enables you to decrypt it. Unencrypted data is called plain text; encrypted data is referred to as cipher text. EULA (End-User License Agreements) An end-user license agreement (EULA) is a contract between you and the software’s vendor or developer. Some software packages state that by simply removing the shrink-wrap on the package, you agree to the contract. However, you may be more familiar with the type of EULA that is presented as a dialog box that appears the first time you open the software. It usually requires you to accept the conditions of the contract before you can proceed. Firewall A system designed to prevent unauthorized access to or from a private network. Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are fre- quently used to prevent unauthorized Internet users from accessing private networks con- nected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

81 Flooding Type of incident involving insertion of a large volume of data resulting in denial of service. Gateway A bridge between two networks. Hacker Unauthorized user who attempts to or gains access to an information system. IM (Instant Messaging) Text message-based communications. Internet A global network connecting millions of computers. As of 1999, the Internet has more than 200 million users worldwide, and that number is growing rapidly. Intranet A network based on TCP/IP protocols (an Internet) belonging to an organization, usually a corporation, accessible only by the organization’s members, employees, or others with autho- rization. An intranet’s websites look and act just like any other websites, but the firewall sur- rounding an intranet fends off unauthorized access. Intrusion Unauthorized act of bypassing the security mechanisms of a system. ISP Internet Service Provider. Malicious Code Software capable of performing an unauthorized process on an information system. Management Controls Security methods that focus on the management of the computer security system and the man- agement of risk for a system. Mobile Code Software modules obtained from remote systems, transferred across a network, and then downloaded and executed on a local system without explicit installation or execution by the recipient. Malicious mobile code is designed, employed, distributed, or activated with the intention of compromising the performance or security of information systems and computers, increasing access to those systems, disclosing unauthorized information, corrupting informa- tion, denying service, or stealing resources. Operation Controls Security methods that focus on mechanisms that primarily are implemented and executed by people (as opposed to systems). Packet A block of data sent over the network transmitting the identities of the sending and receiving stations, error-control information, and message. Packet Filtering A feature incorporated into routers to limit the flow of information based on predetermined communications such as source, destination, or type of service being provided by the network. Packet filters let the administrator limit protocol-specific traffic to one network segment, iso- late e-mail domains, and perform many other traffic control functions. Packet Sniffer A device or program that monitors the data traveling between computers on a network. Patches (Software Patches) Updates that fix a particular problem or vulnerability within a program. Sometimes, instead of just releasing a patch, vendors will release an upgraded version of their software, although they may refer to the upgrade as a patch. Make sure to apply relevant patches to your com- puter as soon as possible so that your system is protected. Also see Software Assurance. Pharming Similar in nature to e-mail phishing, pharming seeks to obtain personal or private (usually financial-related) information through domain spoofing. Rather than being spammed with malicious and mischievous e-mail requests for you to visit spoof websites that appear legiti- mate, pharming “poisons” a DNS server by infusing false information into the DNS server, resulting in a user’s request being redirected elsewhere. Your browser, however, will show you are at the correct website, which makes pharming a bit more serious and more difficult to detect. Phishing attempts to scam people one at a time with an e-mail, while pharming allows the scammers to target large groups of people at one time through domain spoofing. Phishing Phishing attacks use e-mail or malicious websites to solicit personal, often financial, informa- tion. Attackers may send e-mail seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts. Probe An attempt to gather information about an information system for the apparent purpose of cir- cumventing its security controls. Proxy Software agent that performs a function or operation on behalf of another application or sys- tem while hiding the details involved. RADIUS Short for Remote Authentication Dial-In User Service, an authentication and accounting sys- tem used by many Internet Service Providers (ISPs). When you dial in to the ISP you must enter your username and password. This information is passed to a RADIUS server, which checks that the information is correct, and then authorizes access to the ISP system.

82 Remote Access The hookup of a remote computing device via communication lines such as ordinary phone lines or wide area networks to access network applications and information. Replicator Any program that acts to produce copies of itself. Examples include a program, a worm, or virus. Retro-virus A retro-virus is a virus that waits until all possible backup media are infected, too, so that it is not possible to restore the system to an uninfected state. Risk Analysis The process of identifying security risks, determining their magnitude, and identifying areas needing safeguards. Risk analysis is a part of risk management. Risk Management Process of identifying, controlling, and eliminating or reducing risks that may affect IT resources. Rootkit A hacker security tool that captures passwords and message traffic to and from a computer. A collection of tools that allows a hacker to provide a backdoor into a system, collect informa- tion on other systems on the network, mask the fact that the system is compromised, and much more. Rootkit is a classic example of Trojan Horse software. Rootkit is available for a wide range of operating systems. Security Incident An adverse event in a computer system or the threat of such an event occurring. Security Plan Document that details the security controls established and planned for a particular system. Security Specifications A detailed description of the safeguards required to protect a system. Sensitive Data Any information that the loss, misuse, modification of, or unauthorized access to could affect the national interest or the conduct of federal programs, or the privacy to which individuals are entitled under Section 552a of Title 5, U.S. Code, but has not been specifically authorized under criteria established by an executive order or an act of Congress to be kept classified in the interest of national defense or foreign policy. Smart Card A credit-card-sized device with embedded microelectronics circuitry for storing information about an individual. This is not a key or token, as used in the remote access authentication process. Smurfing Software that mounts a denial of service attack by exploiting IP broadcast addressing and ICMP (Internet control message protocol) ping packets to cause flooding. Spam To indiscriminately send unsolicited, unwanted, irrelevant, or inappropriate messages, espe- cially commercial advertising in mass quantities. Electronic “junk mail.” Spam can contain worms, viruses, and other malicious code. Spim Spam that is sent over Instant Messaging. Like spam, spim can contain worms, viruses, and other malicious code. Spoofing Unauthorized use of legitimate identification and authentication data, however it was obtained, to mimic a subject different from the attacker. Impersonating, masquerading, piggy- backing, and mimicking are forms of spoofing. Spyware Any software using someone’s Internet connection in the background without their knowledge or explicit permission. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet; however, it should be noted that the majority of shareware and freeware applications do not come with spyware. Once installed, the spyware monitors user activity on the Internet and transmits that informa- tion in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers. System Integrity The quality that a system has when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. Threat Any circumstance or event with the potential to adversely affect an information system through unauthorized access, destruction, disclosure, modification of data, and/or denial of service. Trojan Horse A malicious or harmful code contained inside apparently harmless programming or data in such a way that it can get control and do its chosen form of damage, such as ruining the file allocation table on your hard disk. Virus Self-replicating, malicious code that attaches itself to an application program or other execut- able system component and leaves no obvious signs of its presence. VOIP Voice over Internet Protocol.

83 Vulnerability A weakness in automated system security procedures, technical controls, environmental con- trols, administrative controls, internal controls, and so on that could be used as an entry point to gain unauthorized access to information or disrupt critical processing. Web Bugs Web bugs are HTML elements, often in the form of image tags that retrieve information from a remote website. While the image may not be visible to the user, the act of making the request can provide information about the user. Web bugs are often embedded in web pages or HTML-enabled e-mail messages. Worm Independent program that replicates from machine to machine across network connections often clogging networks and information systems as it spreads.