Transit Security Update (2008)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

87 APPENDIX B LITERATURE REVIEW Kelling, G. and C. Coles, Fixing Broken Windows: Restoring Order and Reducing Crime in Our Communities, Simon and Schuster, New York, 1997. The “broken windows” hypothesis put forth by Wilson and Kelling conceptualized that minor problems in the local environment could promote the committing of major crimes. In the mid-l970s, the state of New Jersey announced a “Safe and Clean Neighborhoods Program,” which was designed to improve the quality of community life in 28 cities. As part of that program, the state provided money to help cities take police officers out of their patrol cars and assign them to walking beats. The governor and other state officials were enthusiastic about using foot patrol as a way of reducing crime, but many police chiefs were skeptical. Foot patrol, in their eyes, had been pretty much discredited. It reduced the mobility of the police, who thus had difficulty responding to citizen calls for service, and it weakened headquarters’ control over patrol officers. Five years after the program started, the Police Foundation, in Washington, D.C., published an evaluation of the foot-patrol project. Based on its analysis of a carefully controlled experiment carried out chiefly in Newark, New Jersey, the foundation concluded, to the surprise of hardly anyone, that foot patrol had not reduced crime rates. But residents of the foot-patrolled neighborhoods seemed to feel more secure than persons in other areas, tended to believe that crime had been reduced, and seemed to take fewer steps to protect themselves from crime (staying at home with the doors locked, for example). Moreover, citizens in the foot-patrolled areas had a more favorable opinion of the police than did those living elsewhere. And officers walking beats had higher morale, greater job satisfaction, and a more favorable attitude toward citizens in their neighborhoods than did officers assigned to patrol cars. In the chapter on “Taking Back the Subway: NYC’s Quality of Life Program,” the authors write that the order restoration initiatives in New York City (NYC) began in the 1970s—the first one was in Times Square and Bryant Park in the late 1970s to regain control of the park. The initiative had a large community and business involvement and ultimately was successful. In the NYC subway system, NYC Transit’s first major initiative was to target graffiti, which had been a seemingly insurmountable problem in the 1980s. The Clean Car Program was established by the NYC Transit president; the program ensured that graffitists would never see their “art” on clean trains. Once a train had been cleaned, any additional graffiti would be cleaned within two hours; otherwise, the train would be taken out of service. By removing the trains from service, it eliminated the ability of the vandals to see the results of their work, which had been one of their major motives, and this discouraged further vandalism of transit property. However, NYC Transit still faced a considerable amount of lawlessness. When William Bratton arrived at NYC Transit and instituted an order restoration policy, the lack of coordination between the court system and the Transit police produced policing challenges. While transit officers were trying to address minor disorder, advocate groups and the NYS judiciary succeeded in decriminalizing quality-of-life offenses. Despite these challenges, the Transit police continued to enforce the code of conduct, performed fare evasion sweeps, and targeted other minor disorder offenses. The authors write about the benefits of community policing and describe the ways in which this policing was implemented in NYC and other large cities. McDonald, P.P., Managing Police Operations: Implementing the NYPD Crime Control Model Using COMPSTAT. Wadsworth Publishing, New York, 2001. Dr. McDonald provides a comprehensive description of CompStat and how it was implemented and operated within NYPD to prevent and address crime problems.

88 To understand the new challenges being placed on law enforcement and transit police and security personnel, it is necessary to understand the changes that have occurred in the history of law enforcement. In the first half of the twentieth century, law enforcement’s main focus was on crime prevention and rapid response to calls for service along with random patrols and reactive investigations. In the late 1960s, however, a presidential report and a few research studies questioned the effectiveness of random patrols in deterring crime, and critics started questioning the effectiveness of policing in general. They spawned a widespread belief in the law enforcement community that crime is caused by social issues, such as poverty and drug use, and that not much could be done to actually control crime rates or to prevent crime. The focus of police departments therefore shifted from serious crime to communities and community policing, and strengthening the role of citizens to maintain order. CompStat is a Crime Control Model that integrates operations, functions, and resources to combat crime. In the past, the New York Police Department (NYPD) did not have up-to-date crime statistics and a centralized information-sharing mechanism. Also, different units were working separately toward different objectives, often in isolation from other units; crime patterns could not be identified and therefore stymied crime-fighting efforts. The five principles of CompStat were based on “integration, organization and coordination,” which, according to Dr. McDonald, “are far more powerful in crime control than are fragmentation, disorganization, and random activities randomly applied.” These five principles are described below: 1. Specific Objectives—Three to five specific objectives (e.g., robbery) are selected by the chief of police. The objectives are never administrative or “output” objectives, such as increasing the number of beat officers in a particular district or increasing the number of arrests. The objectives are “outcome” objectives, such as “drive drug dealers out of the system,” “curb youth violence,” or “reduce fare evasion.” District commanders would be evaluated against the objectives, but no targets are set to avoid discouragement or complacency. 2. Timely and Accurate Intelligence—Timely and accurate information about when, where, and how crimes are being committed is essential to the CompStat process. The most effective way in which this information could be presented and conveyed to all levels of the policing organization was to map the incidents. As the number of crimes increased in a specific area, “hot spots” and crime patterns were identified, tracked, and addressed. Crime statistics could be broken down into various categories of crime by hour of day and day of the week. Correlations that had not been previously identified (e.g., homicides with drug complaints) were discovered. This crime-mapping method provided a ready-made assessment tool of how well particular strategies were working and how effective commanders were. 3. Effective Strategies and Tactics—The development of a strategy to address a crime hot spot or pattern requires regular meetings with officers at all levels of law enforcement and within the various geographic districts in NYC. The meetings have a single focus—to address crime and public safety, and to hold commanders and officers accountable, using crime intelligence and electronic pin maps. The meetings bring together specialized units, such as patrol, investigations, narcotics, and canine, and foster communication and cooperation among units that traditionally worked in isolation. An example of the strategy development process is provided below. x Crime analysis—Comprehensive data collection and analysis lead to the identification of hot spots and crime patterns. x Strategy and tactic development—The officers and commanders report regularly to their supervisors, and the impact of interventions are evaluated regularly. x Organizational location and aApplications of support units—Support units function with department-wide objectives and priorities in mind. They are part of problem-solving teams to design strategies for hot spots and fill requests for resources. x Role of district commander—The district commander is responsible for the development and implementation of strategies to combat crime for a specific area. The commander organizes teams of officers for strategy development.

89 x Community policing strategy—Sector sergeants work together to identify and address crime patterns across sectors, and district commanders do the same. Beat officers work with the public within their area to solve problems and obtain information regarding crime patterns in beat, sector, district, or city. x Criminal investigations—Criminal investigation commanders work with patrol commanders to analyze hot spots and patterns. Detectives and patrol officers engage in proactive activities to reduce and prevent crime. x Disorder and quality of life—Identify causes and symptoms of environmental and behavioral disorders (abandoned cars, loud noises, drug dealing). Government agencies and other entities are contacted to help address these issues. Those exhibiting disorderly conduct are detained or arrested and are then questioned to obtain information about serious crimes. 4. Rapid Deployment of Personnel and Resources—After a strategy has been generated and decided upon, personnel and resources are rapidly deployed. The command meetings facilitate this by involving all stakeholders in the decision-making process. When a particular resource such as a canine unit is devoted to a specific area, any issue to be resolved or negotiations can be addressed at the meeting. Once a decision has been made, it will “stick,” because all of the key personnel were present during the decision-making process. 5. Relentless Follow-up and Assessment—Continual evaluation and follow-up are not used in traditional police management but were considered crucial to the success of CompStat. Qualitative and quantitative assessment techniques were used to evaluate strategies and tactics. Also, factors such as crime patterns and trends, continued existence of hot spots, continued citizen complaints, suspect identification, change of patterns in calls-for-service, and arrests resulting in prosecutions were considered. 6. Performance Measures—Key criteria for serious crime are Part I crimes and offenders incarcerated; the key criteria for disorder are citizen calls and complaints, and videos of areas; and the key criteria for fear are citizen surveys and victimization surveys. Success measures used for assessment purposes are outcome oriented; these measures include the following: x Number of incidences reduced or prevented x Number of crime patterns interrupted x Number of hot spots resolved Dr. McDonald notes that “ultimately, cities should use all these measures—serious crime, disorder, and fear—to take the temperature of public safety.” 7. Data Sources—Data sources include calls for service through 9-1-1, arrests, and other police activities. These data are collected and stored within a police management information system (MIS), which also captures response time to calls for service, time expended to handle a call, and reconciliation of the originating call category. Other data sources that may or may not be automatically funneled into the MIS include information reported by the public through means other than 9-1-1, police officers’ intelligence and field interrogation reports, information from other agencies, prisoner debriefings, informants, private security [e.g., closed-circuit television (CCTV)], and police radios being used by private security, citizen patrols, or auxiliary police. 8. Training—Law enforcement managers will need more training in “(a) the ability to analyze data scientifically; (b) the ability to create, develop, and apply a variety of tactics and strategies; (c) an understanding of theories of command; (d) the ability to coordinate resources of several functional units and other government agencies in concert with elements of the community; (e) skills in tracking, monitoring, adjusting, and evaluating singular and multidimensional crime control activities; and (f) the ability to track and draw important conclusions from trend analysis.”

90 9. Recommendations—Specific recommendations arising out of the model were as follows: a. Maintain detailed records of success and failures of individual tactics and strategies and then analyze them at regular time periods to determine which techniques led to success. b. Acquire the services of an academic researcher to assist either by conducting the long- term trend analysis or short-term tactic-specific evaluations. c. Evaluate overall crime trends within a jurisdiction on an annual, semiannual, or monthly basis. This may be considered a report card to the community and can be used for resource allocation and personnel distribution. d. Accumulate demographic and other data that might provide additional information explaining the dynamics of a crime trend to understand why a problem exists or why it is not yielding to suggested tactics. 10. Legal Issues—Legal issues needed to be addressed by both NYC and NYC Transit when they instituted order maintenance policies. For example, in Young vs. NYCTA, the court banned enforcement for panhandling. However, the public was on the side of NYC Transit, not on the side of homeless advocates and civil rights groups. The MTA appealed the decision and won. Establishing Accountability In traditional policing, commanders are not held accountable for results but rather for personnel and administrative issues. Hence, establishing accountability was a challenge and required a change in their mind-sets that executive management of the NYPD had to enact. Some of the ways in which commanders were encouraged to take responsibility for crime levels, and meetings objectives, and to be held accountable for results were as follows: a. Holding one commander to task for a longer period of time by asking probing questions to accelerate the learning curve and underline the criticality of the process. b. Initially rewarding minimal successes as a positive reinforcer. c. Finding behavioral ways to communicate displeasure with performance without verbally assaulting or insulting the commander. d. Working with a commander’s subordinates to get the job done, in the event that the commander exhibits initial reluctance to get involved. e. Seeing that subordinates become invested in the process, with or without the commander; because this will motivate the commander to become involved as a way to reassert command and control. f. Addressing criticism directly to performance or behavior rather than to personal qualities of the individual and speaking in harsh tones without demeaning the individual. g. Demonstrating that the jurisdiction is receiving praise for its new actions to convince a commander that if he or she does not participate, promotion or other desirable positions will not be an option. At the CompStat meetings, officers and staff from disparate units come together to develop strategies and tactics to address crime. Also, representatives from related agencies and organizations were invited to the meetings when needed. In addition, the importance of the meetings is emphasized by never cancelling the meetings except in the case of major disasters and by the presence of senior management at the meetings. Felson, M., et al., “Redesigning Hell: Preventing Crime and Disorder at the Port Authority,” Preventing Mass Transit Crime, ed. R. Clarke, Crime Prevention Series, Vol. 6. Criminal Justice Press, Monsey, N.Y., 1996. The principles of Crime Prevention through Environmental Design (CPTED) were implemented and have been attributed as contributing to the turnaround of the Port Authority Bus Terminal in New York City, a large and busy bus transit transfer facility with multiple pedestrian circulation levels. In the late 1980s, the passenger terminal was plagued with both major and minor crimes that had escalated to an uncontrollable

91 level—the major crimes included robbery, pick-pocketing, luggage theft, larceny, and assault. Other problems included transients, homeless persons, drug sales, solicitation for prostitution, and public pay phone abuse. The planning process to implement crime-prevention design strategies began in the early 1990s. The primary strategy was to diminish disorder and discourage transients by addressing nooks and streamlining pedestrian flows. Obstructions to station access areas were removed, and new lighting, improved signage, a renovated food court, and a redesigned ticket area were implemented. At one of the facility’s entrances that had little passenger traffic, illegitimate activity had often taken place. This area was addressed by bringing in a coffee shop that changed the nature of the activity to legitimate. Clear glass replaced existing opaque walls of waiting areas, immediately increasing passenger security, and floors were coated with a special sealer. The seating in waiting areas was replaced with less comfortable flip-down seats to discourage their extended use by transients. The Port Authority’s cleaner appearance helped to attract legitimate users and detract criminals and transients. The restroom areas had been taken over by criminals and transients, and passengers were naturally afraid to use them. Fourteen changes including the addition of corner mirrors, the securing of ceiling panels to make ceiling areas inaccessible to transients, and the addition of attendants were instituted to address this problem. The Operations Unit was responsible for the smooth flow of both buses and passengers, and, with the assistance of CCTV cameras, identified and addressed any bottlenecks or situations that caused delays. Problems were experienced in both rush hour and nonrush hour periods. Rush hour periods contributed to disorder because of the sheer numbers of passengers passing through the terminal, while nonrush hour periods when travelers were few contributed to danger and fear. The bus gate and adjacent waiting areas were of particular concern because they were located away from the main terminal space. The Operations Unit decided to consolidate activities during off-peak periods (public access was limited to four areas from 10 p.m. to 1 a.m. and to one area from 1 a.m. to 5:30 a.m.) and shut down many of the bus gates and waiting areas during those periods. Three additional information kiosks were constructed within the terminal. The increased number of information kiosks contributed to a more secure environment by providing information to travelers to help them locate their destinations faster and increasing the number of employees watching the area, thereby decreasing the possibility of pick pocketing or other crimes. The Port Authority worked with existing retailers to enhance lighting and store configurations and provided strategies to reduce illegitimate activity within their stores. The Port Authority filled unused spaces with additional shops or pushcarts and attempted to attract well-known national and regional chain stores. All of these design and operational changes contributed to a more secure public space and an increase in customer ratings of the bus terminal. Larceny, robbery, pick pocketing, assaults, criminal mischief, and rape diminished starting in 1991. From 1991 to 1994, a 19-point improvement was seen in customer ratings of personal security. The greatest changes in customer perceptions of security attributes occurred in safety walking through the terminal, safety in the restrooms, police effectiveness, and police visibility. In terms of external attributes, safety in streets around the terminal and safety in subways near the terminal both increased as well. Complaints about the homeless, beggars and panhandlers, drunks, and the use of obscene or threatening language decreased significantly. Actual counts of homeless and other transients in the terminal verified the fact that their numbers had decreased significantly, from 55,100 in 1991 to 11,100 in 1994. An examination of crime in surrounding areas revealed that a decline in crime did occur for Manhattan and New York City as a whole but that the decline was much more significant for the Port Authority bus terminal.

92 Mentioned in the case study is a list of the 62 specific tactics employed by the Port Authority in the turnaround. They are categorized into the following areas: x Increase Visibility x Close Nooks and Improve Natural Supervision x Improve Flows x Discourage Loitering and Hustling in Other Ways x Improve Retailing Clarke, R., ed., Preventing Mass Transit Crime. Crime Prevention Series, Vol. 6. Monsey, NY: Criminal Justice Press, 1996. Other case studies and topics in the book, in addition to the Port Authority turnaround case study, included WMATA Metro’s planning process and how WMATA incorporated many CPTED principles into its subway system: the use of bike patrol in Vancouver’s park-and-ride lot to prevent motor vehicle theft; the elimination of payphone toll fraud at the Port Authority; and the implementation of target-hardening strategies at a NYC subway station. The target-hardening case study included information about the following: x A program to move homeless to shelters x Improved lighting strategy x A station manager program x Fare evasion sweeps x Passenger code-of-conduct enforcement Some of these strategies targeted minor offenses and disorder to reduce or prevent more serious crimes. Blumstein, A. and J. Wallman, eds., The Crime Drop in America. Cambridge University Press, Cambridge, England, 2000. The authors compile a series of articles on the potential causes of the national crime drop, including the use of drugs and the drug trade, guns and gun violence, the prison expansion, and the role of demography. They provide an analysis of the national crime statistics, including the characteristics of perpetrators and their victims, as well as limitations of the data, and they discuss the implications of changes in particular categories of data and reporting rates. Conklin, J.E., Why Crime Rates Fell, Pearson Education, Inc., New York, 2003. Conklin presents reasons for the decline in the crime rate during the 1990s. He argues that New York’s crime rate had started to drop before he became the commissioner, and other large cities also experienced reductions in crime. Conklin believes that the national crime decline was composed of many factors including the following: a result of less reporting of crime to the police, a natural cycle in crime rates, more effective policing, more use of incarceration, changes in the drug trade, changes in the attitudes of youths, reduced access to firearms, changes in the age distribution of the population, improved economic conditions, and increased participation in community organizations. Nelson, K.R., Policing Mass Transit: Serving a Unique Community, FBI, Washington, D.C., Jan. 1997. Nelson suggested using crime, disorder, and fear along with ridership levels as measures of success for law enforcement efforts. He notes that customer perceptions of danger and fear of crime do affect ridership and this “sets in motion an inevitable cycle of deterioration spurred by the declines in revenues and the migration of potential middle-class and affluent riders to other modes of transportation.” To track crime and disorder, he suggests that each transit police department look at a broad range of activities that affect the quality of the transit experience. He notes that causes of ridership changes are

93 difficult to determine, but large changes in crime levels accompanied by large decreases in ridership would be worth noting. Rider perceptions are also important—to understand rider perceptions, subjective ridership surveys should be conducted to develop a fear index. Changes in the fear index could be used to determine the success of policing activities. Nelson describes the importance of having legislative support in prosecuting transit cases, especially repeat offenders. For example, TriMet contracted with the Multnomah County District Attorney’s Office to hire a prosecutor specializing in transit crime. State legislatures can give police powers supporting their law enforcement efforts (e.g., allowing officers to expel repeat offenders from the system). Without this support from prosecutors, transit officers will find it difficult to make an impact on transit crime even if many arrests are made. Nelson also describes the juvenile problem and states that studies have found that passengers find even innocent behavior by juveniles within the transit system somewhat disconcerting and even threatening. These perceptions are enhanced for the elderly, women, and parents with small children. He writes that “youthful exuberance, even without criminal intent, can carry large crowds of young people to extremes.” The interactions of rival groups or gangs can cause a potentially volatile situation. Transportation Security Administration (TSA) Reports and Guidance Transportation Security Administration (TSA) reports and guidance relevant to transit security can be found on their website at www.tsa.gov and include the following: Transportation Security Administration, Mass Transit Annex to Transportation Systems Sector Security Plan [Online]. Available: http://www.tsa.gov/. Published in June 2007, the existing Mass Transit Annex to Transportation Systems Sector Security Plan (TS-SSP), produced in coordination with Transit, Commuter and Long Distance Rail Government Coordinating Council (GCC), Mass Transit Sector Coordinating Council (SCC), and the Transit Policing and Security Peer Advisory Group (PAG), presents a coordinated security-enhancement strategy for public transportation and passenger rail systems. In September 2005, the U.S. Department of Homeland Security (DHS) and the U.S. Department of Transportation (U.S.DOT) executed an annex on public transportation to the U.S.DOT/DHS Memorandum of Understanding (MOU) executed September 2004. The annex states the Mass Transit Mode’s vision for transit security is as follows: The Mass Transit Mode’s vision is a secure, resilient transit system that leverages public awareness, technology, and layered security programs while maintaining the efficient flow of passengers and encouraging the expanded use of the Nation’s transit services. Systems-Based Risk Management (SBRM) methodology drives TSA’s overall transportation security initiatives, programs, and exercises to enhance operational capabilities and effectiveness. Randomness and unpredictability, smart application of technological tools, and coordinated training and outreach efforts to stakeholders are emphasized for the Mass Transit Mode. The public-private strategy is guided by the following strategies: x Apply risk-based analysis in making investment and operational decisions x Avoid giving terrorists or potential terrorists an advantage based on our predictability x Intervene early based on intelligence and focus security measures on the terrorist, as well as the means for carrying out the threat x Build and take advantage of security networks x Invest in protective measures that would mitigate the impact of potential terrorist actions TSA is mandated by law to develop policies, strategies, and plans to deal with threats to transportation; assess intelligence and identify threats; coordinate countermeasures; issue, rescind, revise, and enforce

94 security-related regulations and requirements; and oversee the implementation and ensure the adequacy of security measures. For example, after the attacks on commuter trains in Madrid in March 2004, TSA issued two security directives—SD RAILPAX-04-01 and SD RAILPAX-04-02—to enhance the security of passenger rail and mass transit. TSA focuses particular attention on the following six Transit Security Fundamentals: 1. Protection of high-risk underwater/underground assets and systems. Because of the consequences of incendiary and explosive device (IED) attacks in an enclosed environment where there may also be large concentrations of riders, protecting riders and the integrity of the transit system against such attacks is essential. Transit agencies should focus countermeasures on programs that can prevent an attack or mitigate the consequences of an incident. Active coordination and regular testing of emergency evacuation plans can also greatly reduce loss of life. 2. Protection of other high-risk assets that have been identified through systemwide risk assessments. It is imperative that transit agencies focus countermeasure resources on their highest-risk, highest-consequence assets. For example, a systemwide assessment may highlight the need to segregate critical security infrastructure from public access. One solution could be an integrated intrusion detection system, controlling access to these critical facilities or equipment. Transit systems should consider security technologies to help reduce the burden on security manpower. For example, using smart CCTV systems in remote locations can help free up security patrols to focus on more high-risk areas. 3. Use of visible, unpredictable deterrence. Visible and unpredictable security patrols have proven to be very successful for instilling confidence and calm in the riding public and, most importantly, in deterring attacks. These kinds of patrols, especially those employing explosives- detection canine teams or mobile-screening or detection equipment, represent effective means to prevent and deter IED attacks. Security patrols should be properly trained in counterterrorism surveillance techniques. An understanding of terrorist behavior patterns helps security patrols more effectively intervene during terrorist surveillance activities or the actual placing of an IED. 4. Targeted counterterrorism training for key frontline staff. Appropriate training enhances detection and prevention capabilities and ensures a rapid, prepared response in the first critical minutes after an attack—steps that can significantly reduce the consequences of the attack. For example, well-trained and rehearsed operators can help ensure that, if an underground station has suffered a chemical agent attack, trains—and the riding public—are quickly removed from the scene, thus reducing their exposure and risk. 5. Emergency preparedness drills and exercises. Experience has taught transit agencies that well-designed and regularly practiced drills and exercises are fundamental to rapid and effective response and recovery. Transit agencies should develop meaningful exercises, including covert testing, that test their response effectiveness and how well they coordinate with first responders. In addition to large regional drills, transit systems should conduct regular, transit-focused drills. Drills should test response and recovery to both natural disasters, as well as, terrorist attacks. 6. Public awareness and preparedness campaigns. Successful security programs in all industries understand the value and power of the public’s “eyes and ears.” Awareness programs should be well-designed and employ innovative ways to engage the riding public to become part of their “transit security system.” Advertisement campaigns, using media and celebrity support have proven to be successful. Including the riding public in preparedness and evacuation drills has been shown to be effective in raising public awareness. A transit agency’s awareness campaign should also extend to its employees. Appropriate counterterrorism training, coupled with a strong security awareness campaign, will yield significantly heightened security awareness in transit systems.

95 The risk to public transit systems is contingent on the type of attack as well as on the form of transportation. While an attack on a bus would be significant in terms of consequences, subway and rail attacks can be more severe in terms of casualties, injuries, and damage, as well as the “enhanced effect of attacks in confined space.” Underwater tunnels are viewed as being even more vulnerable and posing even greater response and recovery challenges. The following process model is used by the TSA: Source: Process Model from the Mass Transit Annex, Figure 3-1. The TSSP goals are (1) preventing and deterring acts of terrorism using or against the U.S. transport- ation system, (2) enhancing resiliency of the U.S. transportation system, and (3) improving the cost-effective use of resources for transportation security. Mass transit and passenger rail security partners have developed a plan that is aligned with TSSP goals and objectives, and that employs risk-informed decision making to determine specific actions. The plan to enhance security in mass transit and passenger rail is focused on and achieved through the following: Expanding Partnerships for Security Enhancement x Regional security collaboration x Partnerships with state and local law enforcement, fire, emergency medical services x Coordination with security partners in the region to expand the resources available for employment in random, unpredictable security activities x Integration of security resources outside the transit agency [local law enforcement patrols, canines, TSA Visible Intermodal Prevention and Response (VIPR) teams] in security- enhancement activities x Coordination with regional federal officials [Federal Bureau of Investigation (FBI)/ Joint Terrorism Task Force (JTTF), TSA, Surface Transportation Security Inspectors] x Participation in connecting communities forums (joint FTA/TSA regional security and emergency response seminars) Continually Advancing the Security Baseline x Implement continuous improvement process x Review implementation of security and emergency management plans x Conduct security assessments and audits—facilitated by TSA surface inspectors, self-assessments, audits by state safety oversight agencies x Set performance improvement priorities and implementation plans x Measure progress through continuous improvement process Building Security Force Multipliers x Operational deterrence—dedicated antiterrorism teams (large, grant eligible agencies), random and unpredictable security activities x Employee security training—security awareness, behavior recognition, immediate response to threat/incident x Exercises and drills—multijurisdictional, cross-functional, system-focused x Public awareness and preparedness campaigns x Culture of prevention (terrorism, crime)

96 Security Information Leadership x Participation in information sharing and exchange networks (e.g., Homeland Security Information Network, Surface Transportation Information Sharing, and Analysis Center) x Information sharing with local law enforcement agencies x Connection to and receipt of products from area FBI/JTTF, State Fusion Center x Security clearance for security director, general manager x Public affairs activities pertaining to security program x Activities to convey deterrent messages Deploying Tools to Mitigate High-Consequence Risk x Integration of security activities into employees’ daily duties x Transit Security Grant Program (TSGP) priorities (for eligible agencies) x Procurement and deployment of security enhancement technologies x Physical security measures for facilities, such as fencing, lighting, barriers, and locking access gates x Physical security measures for transit vehicles to prevent unauthorized access when unattended or not in use, including crew or driver areas and storage spaces Specific programs and the links to Mass Transit objectives and goals are also included in the annex. Information about transit security grants is also provided. The DHS TSGP has provided $547 million on a risk-based prioritization basis to 60 mass transit and passenger rail systems in 25 states and the District of Columbia. The importance of performance metrics is noted in the Annex: “Metrics supply the data to affirm that specific goals are being met or to show what corrective actions may be required.” This is the reason that a Measurement Joint Working Group is being formed. The group will operationalize measures; establish data sources, data collection, and verification procedures; set measurement policy for the TSSP; and approve supporting procedures. Core National Infrastructure Protection Plan (NIPP) metrics are consistent across sectors and measure risk reduction in each sector. Sector-specific strategic metrics also measure the overall effectiveness of mass transit and passenger rail and other modes in meeting TSSP goals and objectives. Sector-specific program measures are aligned with strategic risk objectives for the transportation sector. The Outcomes Monitoring Methodology is presented in figure 3-5 of the annex: Source: Outcome Model from the Mass Transit Annex, Figure 3-5.

97 Other TSA resources, many of which may be found on TSA’s website, include the following: x Security and Emergency Management Action Items, FTA/TSA, 2006. x Guidance on Background Checks, Redress and Immigration Status, TSA, 2007. x Mass Transit Security Training Program, TSA, 2007. x TSGP Guidelines, DHS, 2007. x Effective Employment of Visible Intermodal Prevention and Response Teams in Mass Transit and Passenger Rail, 2007. x Transit Tunnel Recommended Protective Measures, TSA, 2007. FTA Reports and Guidance The FTA’s security website is available through the Volpe Center at http://transit- safety.volpe.dot.gov/Security/Default.asp. The website contains information about FTA’s security initiatives, Transit Watch program, guidelines and best practices, training tools, and other strategic and research products of interest to transit agencies. Source: FTA Safety and Security website, http://transit-safety.volpe.dot.gov/Security/ Two key reports recently published include the Security and Emergency Management Technical Assistance for the Top 50 Transit Agencies and Transit Agency Security and Emergency Management Protective Measures. Security and Emergency Management Technical Assistance for the Top 50 Transit Agencies, Final Report, FTA, Washington, D.C., 2007. In the FTA’s Security and Emergency Management Technical Assistance for the Top 50 Transit Agencies project, MOUs were created and signed to ensure agreement upon the handling of security-sensitive information. The Top Security and Emergency Management Technical Assistance Action Items List was created for the following categories: Management and Accountability 1. Establish written system security programs and emergency management plans 2. Define roles and responsibilities for security and emergency management 3. Ensure that operations and maintenance supervisors, forepersons, and managers are held accountable for security issues under their control 4. Coordinate a security and emergency management plan(s) with local and regional agencies

98 Security and Emergency Response Training 5. Establish and maintain a security and emergency training program Homeland Security Advisory System (HSAS) 6. Establish plans and protocols to respond to the DHS HSAS threat levels Public Awareness 7. Implement and Reinforce a Public Security and Emergency Awareness Program Drills and Exercises 8. Conduct tabletop exercises and functional drills Risk Management and Information Sharing 9. Establish and use a risk management process to assess and manage threats, vulnerabilities, and consequences (risk management includes mitigation measures selected after risk assessment has been completed) 10. Participate in an information-sharing process for threat and intelligence information 11. Establish and use a reporting process for suspicious activity (internal and external) Facility Security and Access Controls 12. Control access to security critical facilities with identification (ID) badges for all visitors, employees, and contractors 13. Conduct physical security inspections Background Investigations 14. Conduct background investigations of employees and contractors Document Control 15. Control access to documents of security critical systems and facilities 16. Establish process for handling and access to Sensitive Security Information (SSI) Security Audits 17. Establish an audit program The project generated the following gap products: x SSI guidance document—guidance for transit agencies in terms of proper designation, labeling, and handling of SSI x Resource links—provision of links to additional resource and guidance documents x Security forces manpower planning model—development of a scalable security forces manpower planning model

99 x Testing detailed protective measures implementation—validation testing of the advanced systematic approach for transit agencies to consider when developing their protective measures plans, programs, and protocols Improvement might be required in the following major areas: x Transit agencies demonstrate is wide variation in the levels of preparedness, including provision of security awareness training, National Incident Management System (NIMS) and Incident Command System (ICS), employee identification programs, building access control, and technology implementation, most notably CCTVs: most agencies were using some form of CCTVs, but the sophistication and extent to which the cameras were being used varied considerably. x While different forms of perimeter security were in place such as lighting, CCTVs, and physical barriers, improvements are required. Also, interoperable and backup inter- and intra-agency communications is a concern at some agencies. The project results also indicated that the top 50 agencies had undertaken the following measures: x Dedicated security managers participating in regional counterterrorism efforts x Security information sharing with peers x Updating critical documents and plans x Updating CCTV systems and perimeter and access control systems x Transit Watch Program implementation x Preemployment background checks x Interagency safety and security drills The lessons learned that came out of the project were as follows: x Transit agencies are experiencing information overload, including intelligence that may not be specific enough for each agency. x Training materials are disjointed and at times unrelated to the audience. Many agencies due to their limited budgets provide security training only to new employees. x Transit agencies are seeking cost-effective technologies that are suitable (feasible) for their transit system. x Transit agencies need more guidance on designing security into transit infrastructure, including stations, transit vehicles, and other transit facilities. x Transit agencies need emergency management. Transit Agency Security and Emergency Management Protective Measures. Federal Transit Administration, Washington, D.C., 2006. This report addresses all aspects of the transit agency’s security and emergency management activities in relation to the HSAS threat conditions. The type and extent to which the measures are implemented depend on the HSAS threat level. Specific security measures for each of the six security categories addressed in the study are provided and categorized by HSAS threat level. The benefits of this systematic approach is that it provides a solution to reduce vulnerabilities, detect and deter potential attacks or other criminal activities, respond to active incidents or emergencies, and mitigate the consequences of an incident or emergency. The six categories of suggested protective measures included in the report are as follows: x Information and Intelligence x Security and Emergency Management x Regional Coordination x Information Technology and Communications Systems x Employee and Public Communications

100 x Contingency and Continuity Plans The report also contains specific measures in appendix B for each of the six categories. Table 3 of the Report displays the protective topics categorized by the threat type: Source: Transit Security Design Considerations. FTA, Washington, D.C., 2004. The report describes key transit assets and their vulnerabilities. It also provides design considerations that can help protect these assets. In addition, access management, systems integration, and communications are

101 addressed in the report. Some of the design considerations have been incorporated into the Synthesis report text. Information about threats presented in the guide is presented below: The threats that have the most potential to cause casualties, injuries, and/or property loss are identified and described below: Arson: Arson is an intentionally set fire and can destroy transit assets within a facility, cause structural damage to the facility itself along with electrical and mechanical systems failure, and cause injuries or fatalities. Toxic fumes produced by burning fuel, oil, plastics, and paints are a serious health threat and may cause death. Smoke can reduce visibility, obscuring exit pathways and making escape more difficult for victims. Fires may be intentional or accidental, and measures for either will be relevant for both types. Arson and explosion-related fires, however, may cause more severe damage because they tend to target or cluster around critical systems and equipment. Explosives: The hazards of an explosive blast include the destruction of assets within a facility, structural damage to the facility itself, and injuries or fatalities. In addition, explosions may start a fire, which may inflict additional material damage, injuries, or fatalities due to direct exposure or to heat, smoke, and fumes. An explosion is an instantaneous or almost instantaneous chemical reaction resulting in a rapid release of energy. The energy is usually released as rapidly expanding gases and heat, which may be in the form of a fireball. The expanding gases compress the surrounding air creating a shock wave or pressure wave. The pressure wave can cause structural damage to the structure while the fireball may ignite other building materials leading to a larger fire. The strength of a blast depends on the type and amount of explosive material used. A bomb that a person can carry is capable of a smaller blast than an explosive-laden truck. Weapons of mass destruction (WMD): Weapons of mass destruction (WMD) typically refer to nuclear, radiological, chemical, and biological weapons capable of inflicting mass casualties. WMD can also refer to radioactive materials and other contaminants intended to quickly harm large numbers of people, such as any powders, liquids, gases, and dirty bombs; most of these come in a liquid, vapor, gas, or powder form, and are spread through air movement. The hazards of WMD include fatalities or deleterious health effects, as well as potentially permanent contamination of a facility that may render it unusable. Many agents have little or no plainly discernable characteristics, so symptoms may be the first sign that an attack has occurred. While some chemical agents induce immediate symptoms, other agents will not produce symptoms for hours after the attack. Some biological agents may have an incubation period of up to a few days before symptoms appear. Violent confrontations/hostage situations: Violent confrontations by terrorists are common on transit systems throughout the world. These include assaults carried out on board transit vehicles or at transit facilities, with the intent of inflicting casualties, property damage, or both. Violent incidents may include the taking of hostages. Transit vehicles are especially vulnerable to hostage situations because of easy public access, remoteness of the vehicle, and available civilians onboard. Such attacks are meant to create widespread fear and apprehension through public displays of violence and the interruption of public services. Attackers may use a variety of weapons, including small arms, assault rifles, shoulder-mounted rocket-propelled grenades, knives or other bladed weapons, and small explosives. Tampering: Tampering with transit facilities’ assets may be a means to achieve any of the above events, such as starting a fire or spreading an airborne chemical agent, or it may be a stand-alone act, such as tampering with a track to induce derailment. It can also include the intentional ramming of a facility, with a truck, boat, or airplane, to cause structural damage to a facility or injury to its users. The ramming vehicle may be laden with explosives. Depending on the situation, tampering may lead to asset damage, structural damage, contamination, injuries, and/or fatalities. Power Loss: Loss of electrical power, either locally or over a broad area, can pose a major problem for transit systems in the form of diminished or suspended operations control, computer-aided dispatch, and radio systems. Loss of electricity could be the result of an intentional attack or unintentional event—either within the agency or in the surrounding environment—but in any case could hinder a transit agency’s ability to operate or communicate effectively. Apart from service impairment, loss of power may

102 inadvertently result in damage to property or persons within the agency, in the service area, or in the vicinity. Transit vehicle as a weapon: Transit vehicles can become weapons as well as targets. For instance, terrorists may steer a transit vehicle into a building or bridge, into transit infrastructure, or may plant explosives in the vehicle while in the storage yard in hopes of detonating it at a later time. A retired transit vehicle may be an attractive weapon or vehicle for carrying out terrorist operations because of its familiar and innocuous nature. TCRP and NCHRP Cooperative Research Programs As reported in the TRB Cooperative Research Programs Security Research Status Report dated May 12, 2008, a wide range of transit and transportation security research has been completed after 9/11 through the TCRP and NCHRP Cooperative Research Programs (CRPs). As of February 2009, 100 security-related projects have been authorized in the CRPs: 76 of these projects have been completed; 15 projects are in progress; and 9 projects have contracts pending or are currently in development. The AASHTO Special Committee on Transportation Security and APTA Executive Committee Security Affairs Steering Committee provide steering direction to the coordinated CRP security research under NCHRP and TCRP, respectively. A technical panel provides all-hazards, all-modes oversight and project selection guidance through NCHRP Project Panel 20-59, Surface Transportation Security Research. Capsule descriptions of products and links to a variety of security-related products produced by the TRB, other divisions of the National Academies, and other transportation research organizations can be found on the TRB and National Academies’ Security-Related Products and Links website at www.TRB.org/NASecurityProducts: x TRB Security-Related Publications—TRB-published reports at TRB.org/SecurityPubs x TRB Cooperative Research Programs Security Research Status Report—Updated monthly (in PDF) x Transportation Security: A Summary of TRB Activities—Updated monthly (slideshow in PDF) x TRB Transportation System Security Website x Key Hazards and Security Products of the National Academies—Updated monthly (in Microsoft Word, with live links) x Slides—Hazards and Security Activities of the National Academies—28 MB in PowerPoint with live links) x Transportation Security Information Contained in TRB’s Transportation Research Information Services Database x Transportation Security Research in Progress x Select Non-TRB Transportation Security Information—Material highlighted in past TRB e- newsletters A list of TCRP and NCHRP security research products is provided below. TCRP Research Studies 1. Communication of Threats: A Guide 2. K9 Units in Public Transportation: A Guide for Decision Makers 3. Robotic Devices for the Transit Environment 4. Intrusion Detection for Public Transportation Facilities Handbook 5. Security-Related Customer Communications and Training for Public Transportation Providers 6. Applicability of Portable Explosive Detection Devices in Transit Environments 7. Public Transportation Emergency Mobilization and Emergency Operations Guide 8. Continuity-of-Operations (COOP) Planning Guidelines for Transportation Agencies

103 9. Guidelines for Transportation Emergency Training Exercises 10. Hazard and Security Plan Workshop: Instructor Guide 11. Security Measures for Ferry Systems 12. Making Transportation Tunnels Safe and Secure 13. Public Transportation Passenger Security Inspections: A Guide for Policy Decision Makers NCHRP Research Studies 1. Responding to Threats: A Field Personnel Manual 2. Information Sharing and Analysis Centers: Overview and Supporting Software Features 3. Incorporating Security into the Transportation Planning Process 4. A Self-Study Course on Terrorism-Related Risk Management of Highway Infrastructure 5. Guidance for Transportation Agencies on Managing Sensitive Information 6. Guide for Emergency Transportation Operations 7. System Security Awareness Training for Transportation Employees 8. Continuity-of-Operations (COOP) Planning Guidelines for Transportation Agencies 9. Guidelines for Transportation Emergency Training Exercises 10. A Guide to Transportation's Role in Public Health Disasters 11. Disruption Impact Estimating Tool--Transportation (DIETT): A Tool for Prioritizing High- Value Transportation Choke Points 12. Making Transportation Tunnels Safe and Secure 13. A Guide to Traffic Control of Rural Roads in an Agricultural Emergency Publication is pending for: * Costing Asset Protection: An All-Hazards Guide for Transportation Agencies * Security 101: Physical Security Standards and Guidelines * An Airport Guide for Regional Emergency Planning for CBRNE Events TCRP Report 86, Volume 1: Communication of Threats: A Guide. Transportation Research Board, National Research Council, Washington, D.C., 2002. Because identifying threats is a first step toward protecting transit systems, the threat identification and dissemination mechanism are discussed in detail in the guide. Threat management and consequence mitigation strategies are also mentioned. TCRP Report 86, Volume 2: K9 Units in Public Transportation: A Guide for Decision Makers. Transportation Research Board, National Research Council, Washington, D.C., 2002. The research report describes the use of canines in counterterrorism applications at transit systems. The attributes and disadvantages of canines are described in detail in this report. Case studies are also provided. The key advantages mentioned in the report are as follows: 1. Good for public relations, supports outreach with community and media, and provides strong symbol for public safety. 2. Effective tool for deterrence and order maintenance, passengers generally like K9 unit, criminals are often fearful of trained police dogs. 3. Supports a higher level of officer safety, criminal fear of dogs reduces resistance during apprehension. 4. More effective resource for facility searches, one K9 team can perform the work of four patrol officers. 5. Most effective resource available for nonrepetitive detection of narcotics and explosives, no technology or other resource is better. 6. One K9 team can perform dual functions, supporting both patrol and either drug or explosives detection. 7. Grants are currently available for dual function patrol and drug detection dogs.

104 The key disadvantages mentioned in the report are as follows: 1. Consequences of poor planning are exacerbated by the importance of initial decision making to program capabilities and performance. Bad decisions cannot easily be overcome. 2. Reliance on outside technical support is often necessary to start a program, a major vulnerability for a system new to this function. Good help is hard to find. 3. High program start-up costs, not averaged evenly over time, places large emphasis on cost savings during the phase of project when spending is most essential. 4. Difficulty of finding good dogs, patrolling the transportation environment places additional strains on K9s, selection testing is critical, but expensive and not readymade for public transportation. 5. Difficulty of selecting the right handler, public transportation systems with limited experience may value the wrong traits or fail to recognize potential shortcomings prior to a major investment. 6. Legal and public relations consequences of bites, the public has zero tolerance for what it may perceive as inappropriate force exerted by police dogs. 7. Demands of K9 administration are high for a supervisor with other responsibilities. Scheduling challenges limit availability of K9s for service. 8. Success requires a long-term investment, several months to a year for results. 9. Constant effort is required to ensure that law enforcement and operations personnel are using the resources of the K9 unit. TCRP Report 86, Volume 4: Intrusion Detection for Public Transportation Facilities Handbook. Transportation Research Board, National Research Council, Washington, D.C., 2003. This report provides information about the various intrusion detection systems that may be applicable for transit agencies. The following categories of systems are covered in the handbook: x Fencing Systems x Barrier Systems x Lighting Systems x Video Systems x Access Control Systems x Sensor Systems x Identification Systems x Data Fusion, Display and Control Systems x Crisis Management Software x Other Systems TCRP Report 86, Volume 5: Security-Related Customer Communications and Training for Public Transportation Providers, Transportation Research Board, National Research Council, Washington, D.C., 2004. The research produced a video presentation entitled Being Prepared: Security Training and Communication and provided recommendations on customer security communications. TCRP Report 86, Volume 6: Applicability of Portable Explosive Detection Devices in Transit Environments. Transportation Research Board, National Research Council, Washington, D.C., 2004. The capabilities of existing portable explosive detection devices (EDDs) in a transit environment, including subways and bus station platforms, were addressed along with how EDDs can be used effectively without interfering with efficient operations, scientific and technical expertise in the deployment and operation of portable EDDs, and field operational tests to assess the efficacy of available portable EDDs in transit settings. The testing confirmed the feasibility of trace detection equipment in transit systems.

105 TCRP Report 86, Volume 8: Continuity-of-Operations (COOP) Planning Guidelines for Transportation Agencies. Transportation Research Board, National Research Council, Washington, D.C., 2005. COOP helps transportation agencies ensure the performance of critical services during and after emergencies. The guidelines assist transportation agencies in evaluating and modifying existing COOP plans, policies, and procedures, as called for in NIMS, and provide guidelines for agencies to develop, implement, maintain, train for, and exercise COOP capabilities. TCRP Report 86, Volume 11: Security Measures for Ferry Systems. Transportation Research Board, National Research Council, Washington, D.C., 2006. The objective of this project is to provide guidance to the ferry operators in selecting security measures. The Excel tool generated from the research contains a detailed list of security measures and five sets of evaluation criteria that are weighted by the user. The evaluation criteria weights are used to calculate the value of each option to the user, thereby enabling the user to compare many alternative options against user-specific criteria. This approach provides the user with a methodology to consider operator-specific requirements using operator-weighted criteria. Part I of this report, “Guide for Evaluating Security Measures for the U.S. Ferry System,” is designed to accompany the Excel tool and provide step-by-step guidance for evaluating measures. The measures include the following: Fencing/Barriers x Retractable vehicle barriers/gates x Fixed vehicle deterrent with pedestrian access x Fixed, both vehicle and pedestrian deterrent Access Control x Credentials x Locks x System control Intruder Sensors x Perimeter (doors and windows, walls and fences, and buried) x Volume sensors—motion detectors Monitoring x Lighting x CCTV/video Procedural/Low Cost Waterside Security x Surface x Underwater Screening x Passengers and cargo x Trace detection Human Observation x All areas x Waterside

106 TCRP Report 86, Volume 12: Making Transportation Tunnels Safe and Secure. Transportation Research Board, National Research Council, Washington, D.C., 2007. The report addresses countermeasures for transportation tunnels and answers the following questions: x What natural hazards and intentional threats do tunnel operators face? x How would they be introduced? x What are the vulnerable areas? x How much of a disturbance would there be? x How can these hazards and threats be avoided? x How can preparations be taken in case the disturbance occurs? TCRP Report 86, Volume 13: Public Transportation Passenger Security Inspections: A Guide for Policy Decision Makers. Transportation Research Board, National Research Council, Washington, D.C., 2007. Passenger Security Inspections (PSIs), described in detail in TCRP Report 86, Volume 13: Public Transportation Passenger Security Inspections: A Guide for Policy Decision Makers, are suspicionless inspections of transit passengers by transit security or staff. Because the Fourth Amendment requires warrants or individualized suspicion to conduct inspections, PSIs are legally permissible only if they can be justified. Therefore, legal and other issues need to be carefully considered by transit agencies before implementation. The PSI decision-making model recommended in the report is an excellent way in which transit agencies can determine whether to use PSI, which PSI to use, and how to implement it. Risk assessment is the first step in the model because PSIs should be linked to the terrorism risk to justify their use. Next, PSI methods should be evaluated for operational feasibility (such as space and power requirements, available resources/personnel, time to inspect). Legal implications—constitutional, tort, and Americans with Disability Act ramifications, major risks, and mitigation of those risks—need to be carefully evaluated. Fourth Amendment liability can be mitigated by linking PSIs to clearly articulated threats, providing adequate notice of inspections, limiting the scope of inspections to the threat, and providing the opportunity to avoid the inspections. After the agency decides to use PSIs, a written policy describing the purpose and scope of the inspections should be developed along with a written protocol and procedures of how the policy should be implemented. Finally, PSI methods need to be assessed. Specific checklists are provided in the guidance for equipment parameters, personnel parameters, passenger service impact parameters, cost parameters, and operational parameters. PSIs may be conducted using manual or visual inspections. In manual inspections, the officer opens a passenger’s bag and may move the items within the bag. In visual inspections, the officer observes but does not touch the contents. PSI technologies primarily have been used in aviation security but are not considered appropriate for use in the transit environment because of their size and passenger delays caused by the inspections. Portable and handheld versions of the technologies, such as handheld electronic explosives detection equipment, portable trace detectors, and radiation pagers, are being tested or are being used by transit systems. Canine teams with explosives-detection capability are considered the best PSI option by many agencies. This is due to the unobtrusiveness and adaptability of canines to the transit environment. Behavioral assessment is seen as a cost-effective way to identify suspicious behavior, because existing transit staff can be taught how to perform behavioral assessments. The report appendix contains a Technology Review which includes the following information: • Operational Issues • Customer Acceptance • Health Issues • Customer Communications • Costs

107 Technologies for Bulk Detection X-rayss "ACKSCATTER8 RAYSs )NFRARED)2 s Terahertzs -ILLIMETER7AVE)MAGINGs .EUTRONSGAMMARAYSMAGNETICRESONANCEANDMAGNETIClELDSs Technologies for Trace Detection )ON-OBILITY3PECTROMETRY)-3 s -ASS3PECTROMETRY-3 s 3URFACE!COUSTIC7AVE3!7 s /PTICIAL)NFRARED3PECTROSCOPYs 0HOTOACOUSTIC)NFRARED3PECTROSCOPY0)23 s &ILTER"ASED)NFRARED3PECTROMETRYs Nascent Technologies -3#HROMATOGRAPHYs !UTOMATED-3s %NVIRONMENTAL-ONITORINGUSING-3s 4ERAHERTZ,IGHT7AVE(AND HELD7ANDs .ONLINEAR/PTICALs -ICRO%LECTRO -ECHANICAL3ENSORS-%-3 s Biosensorss $YNAMICBEHAVIOROFANEXPLOSIVEVAPORPLUMEs %LECTRONICh"IOSENSORvs Canine Teams #ANINETEAMSARESEENBYSOMETRANSITSYSTEMSASACOST EFFECTIVEWAYTOENHANCESECURITY4HESECANINE TEAMSAREABLETODETECTEXPLOSIVESANDCLEARSUSPICIOUSPACKAGES/THERCANINETEAMSALREADYINUSEATTHESE AGENCIESHAVEBEENTRAINEDTOPERFORMONEORMOREOFTHESESECURITYANDSAFETY RELATEDDUTIESACTASDETERRENT PATROLSINSTATIONSPLATFORMSVEHICLESTRANSFERCENTERSANDPARKINGFACILITIESSUPPORTSPECIALEVENTSMAN- AGEMENTORCROWDCONTROLTRACKPERSONSINCLUDINGLOSTORMISSINGCHILDRENPERFORMSAFETYCHECKSOFTRANSIT FACILITIESLOCATEVICTIMSDURINGEMERGENCIESSUPPORTNARCOTICSSEARCHESANDFORFEITUREPROGRAMSPURSUEOR SEARCHFORPERSONSTHATTHREATENTHEHANDLEROROTHERPERSONSANDDEFENDORPROTECTPUBLICSAFETYOFlCERSOR OTHERPERSONS TRB Special Report 294: The Role of Transit in Emergency Evacuation. Transportation Research Board, National Research Council, Washington, D.C. 2008. 4HEREPORTEMPHASIZESTHENEEDFORLOCALANDREGIONALEVACUATIONPLANSANDEMERGENCYOPERATIONSPLANSTO INCLUDETRANSIT4HEREPORTÓSFOCUSISONMAJORINCIDENTSINTHELARGESTURBANIZEDAREAS4HESURGEREQUIREMENTS ANDCOORDINATIONDEMANDSOFEVACUATIONSRESULTINGFROMSUCHINCIDENTSARECONSIDEREDINTHISREPORT)NADDI- TIONTHENEEDSANDMOBILITYCHALLENGESOFEVACUATINGTHEDISABLEDANDELDERLYPOPULATIONSAREADDRESSED NAS05_Impact_Runways.indd 109 2/12/09 11:38:43 AM

108 Cyber Threats Cyber attacks can compromise sensitive information, expend valuable manpower and cause major disruptions to transit service and operations. As increasing numbers of transit systems deploy ITS technologies, such as automatic vehicle location (AVL) and traveler information, the consequences of a single virus can be serious and cause significant economic damage to a transit agency. Hackers have illegally accessed a transit agency’s control center network and altered displays on electronic message signs. Terrorist organizations and other organized crime understand the enormous potential of cyber crime to make money, access sensitive data, and wreak havoc on the U.S. economy (“Cyber-criminals Becoming Increasingly Professional” 2007). Cyber crime against U.S. businesses, government agencies, organizations, and individuals has been increasing at an alarming rate. Annual business losses resulting from cyber crime have risen to $55 billion (Identify Theft Research Center 2007). In 2006, there were 15 million victims of identity theft, which translates into a new victim every 2 seconds (Acohido 2007). The number of records lost or stolen has increased from 50 million in 2006 to 162 million in 2007 (NewsEdge Corp. 2007). Cyber criminals have also become increasingly sophisticated and more organized. Hackers have established social networks and actively exchange hacking toolkits and other information to facilitate their illegal activities (Beaver 2007). Wider attack surfaces have been created by increased automation of systems that introduce new vulnerabilities and more points of entry. Wireless systems, which are inherently more vulnerable to attacks, are becoming more pervasive in all types of applications, including communications, data transfer, and access control and monitoring. The replacement of physical servers with virtual servers and the creation of storage-specific hacking tools that can cause attacks on storage systems to go unnoticed make information security more challenging (Weber 2008). For transit agencies, IT vulnerabilities not only include employee databases with sensitive HR information but also mission-critical systems, including bus fleet maintenance processes and schedules, rail signal systems, transit command centers, AVL control systems, and electronic signage. Any policing, security- related, or highly sensitive information, such as patrol schedules, is desirable to terrorists and criminals, and this information should be considered vulnerable to attack. DHS has acknowledged the importance of cyber security and its National Cyber Security Division established the Computer Emergency Readiness Team to defend against cyber attacks. DHS is actively creating security standards an both the Director of National Intelligence and the Overseas Security Advisory Council have stated that cyber security is a primary concern for 2008. However, it may take several years before a national cyber defense system is perfected. Therefore, transit agencies would benefit from a proactive stance on combating cyber crime. Ferry Threats All vehicles are subject to screening requirements set by the Maritime Transportation Security Act of 2002 (MTSA). Regulations based on the Act became effective on July 1, 2004—all passenger vessels regulated under 46 CFR subchapters H and K need to comply with 33 CFR Part 104, Vessel Security. Small passenger vessels regulated under 46 CFR subchapter T on domestic voyages need only comply with the new rules for general security and port security found in 33 CFR Parts 101 and 103. In addition to screening requirements, new regulations were established for training and drills for vessels and terminals, approved security plans, onsite assessments by the Coast Guard, designated company and vessel security

109 officers, Declarations of Security between terminals and vessels, and Automatic Identification Systems (AIS). In TCRP Report 86, Volume. 11, the three major threat categories for ferries, the delivery methods, and acts of force are listed as follows: x Incendiary and explosive devices (IEDs)—for example, planted in a facility or on a suicide bomber, car, truck, underwater mine, or fuel container. x Acts of force—for example, hijacking or commandeering a vessel or facility. Acts of force may include use of firearms, knives, or other weapons or use of physical impact (e.g., ramming) to inflict injury to persons or damage a vessel or facility. x Chemical, biological, and radiological (CBR) agents—for example, chlorine, anthrax, and dirty bombs. The delivery methods include the following: x By person—including suicide bombers; people setting remotely detonated, time-detonated, or sensor-detonated IEDs; people creating IEDs (e.g., igniting fuel or creating electrical fires); people concealing IEDs in hand baggage, and so forth. x By vehicle—including cars, trucks, or railcars. Vehicles may conceal diesel, fertilizer, liquefied natural gas (LNG), gasoline, and other IEDs. Large cars can accommodate up to about 1,000 pounds of explosives without significant modifications and more with significant modifications of the suspension. Trucks may deliver thousands of pounds of explosive material to destroy buildings, large vessels, and so forth. Delivery by truck (e.g., as in the Oklahoma City bombing, the first World Trade Center bombing, and the Beirut marine barracks) is the most common mode of IED delivery. x By vessel—including boats or other floating vessels (e.g., USS Cole style). x Artillery—including rocket-propelled grenade (RPG) launchers. While RPGs may be legally obtained in the United States, ammunitions may enter the country only through illegal means. RPGs may be fired from the shore or from passing boats. x Underwater—includes IEDs that divers attach to the hull, mines that divers place in the path of a ferry, and so forth. x Overhead—including IEDs that are dropped from bridges or cliffs, light aircrafts, commercial airliners, remotely controlled aircrafts, helicopters, and so forth. Acts of force include the following: Commandeering—seizing control of a portion or all of a facility or vessel for the purpose of piracy or hijacking. This act is commonly carried out with the use (or threatened use) of firearms; knives; IEDs; CBR agents; or other weapons. Ramming—driving a vehicle, vessel, or aircraft into a vessel or shore-side facility. A ferry may be rammed or commandeered for ramming. This act may involve the use of IEDs or CBR agents, but the initial portion of the attack—the ramming itself—is an act of force. Security and Safety Standards Resources In addition to the information about APTA’s initiatives mentioned in the text of the Synthesis, the following are other sources of security and safety standards information:

110 x The Code of Federal Regulations is developed to comply with the legislative mandates passed by Congress and signed into law by the president. The federal government also issues recommended practices, which are nonregulatory, but provide an awareness of issues and tools to address them. x The American National Standards Institute is a private nonprofit organization that administers and coordinates the U.S. voluntary standardization and conformity assessment system. x The Security Industry Association represents a wide range of stakeholders and is developing expected application behaviors and metrics to enable the integration of disparate security products. x The IEEE is a technical professional association that develops standards applicable to rail vehicles, in addition to other engineering areas. x The ASTM is a nonprofit organization that provides a forum for the development and publication of voluntary consensus standards for materials, products, systems, and services. x The ASME is an education and technical organization setting many industrial and manufacturing standards. x The National Fire Protection Association develops consensus codes and standards intended to minimize the possibility and effects of fire and other life safety risks. x The FTA has issued fire safety practices for rail transit vehicle material selection and the FRA has issued passenger rail equipment fire safety regulations. x The SAE develops engineering design and safety standards for the motor vehicle industry, including buses. Banerjee, R., “The ABCs of TCO (Total Cost of Ownership): The True Costs of IP Video Surveillance.” Video Technology and Applications, Feb. 2008. Maintenance costs can be important in the Total Cost of Ownership (TCO) for video technology. For larger-scale systems, recording and storage can include 50% to 80% of the capital cost and also have a large impact on maintenance costs. Usually, storage requirements are high when a large quantity of cameras or high video quality is desired or when video needs to be retained for a long period of time. Network video recorders (NVRs) have been replacing digital video recorders (DVRs), because DVR storage is available only within or as an attachment to each camera, and NVRs are able to distribute storage capacity across the network. NVRs, however, require a server platform, which is especially costly in terms of maintenance. An alternative approach reduces TCO by up to 30% by using video recording management software to bypass NVR PCs and have IP cameras stream images directly to the storage. The TCO is estimated to be between 3 an 15 times the purchase price of the server hardware and software. Another disadvantage of the PC-based NVR is the difficulty in increasing video quality or retention time. To do this, additional storage would need to be bought and the camera or NVR would need to be reconfigured. The alternative approach reduces TCO by up to 30% by using video recording management software to bypass NVR PCs and have IP cameras stream images directly to the storage. By eliminating the NVR servers, hardware, software, and maintenance costs are eliminated as well. The video recording management software would distribute video in 1 GB blocks across the network’s storage units untying each storage unit from the camera to which it is attached. Interoperable Communications These interoperable communications initiatives described on the DHS website www.dhs.gov are in addition to the federal initiatives mentioned in the Synthesis report: x The Office for Interoperability and Compatibility was established in 2004 to assist in the coordination of interoperability efforts across DHS within its Science and Technology Directorate’s Office of Systems Engineering and Development to strengthen and integrate interoperability and compatibility efforts. Project 25 is a standards development process for the design, manufacture, and evaluation of interoperable digital two-way wireless communications products created by and for public safety professionals. x The DHS-sponsored Multi-Band Radio Project is expected to develop a portable radio allowing emergency responders to communicate with other agencies regardless of radio band.

111 x DHS and the Emergency Interoperability Consortium have signed an agreement to develop data- sharing standards for the emergency response community and other relevant organizations, government agencies, as well as the general public (DHS 2008). x DHS Office of Grants and Training’s Interoperable Communications Technical Assistance Program provides technical assistance to enhance interoperable communications among local, state, and federal emergency responders and public safety officials as they prevent or respond to a WMD attack, and is associated with Grants and Training's Urban Areas Security Initiative Grant program (DHS). x SAFECOM’s RapidCom initiative ensured that a minimum level of emergency response interoperability would be in place in 10 high-threat urban areas (Boston, Chicago, Houston, Jersey City, Los Angeles, Miami, New York, Philadelphia, San Francisco, and Washington, D.C.). The five “critical success factors” essential to interoperable systems identified in RapidCom were Governance, Standard Operating Procedures, Technology, Training and Exercises, and Usage. x SAFECOM’s Radio over Wireless Broadband project is field testing the integration of broadband Push-to-Talk technology and GIS applications with existing Land Mobile Radio systems and standard operating procedures; the project will facilitate the integration of new technologies with existing emergency response communications systems. A Homeland Defense Journal special report on interoperability (Serluco) identified the measures and considerations that should be addressed by agencies for assured communications: x Redundant connectivity is important during emergencies when the public communications infrastructure may be compromised. Critical redundancy considerations include the following: í Prioritize access to key data and systems required to conduct essential functions í Avoid reliance on terrestrial communications along í Consider multijurisdictional dedicated satellite networks í Plan for fuel when powering backup generators x Continuity planning including an off-site emergency communications center ensures that emergency operations centers continue operating during emergencies. Critical considerations include the following: í Maintain communications capabilities sufficient to support essential operations and to ensure public access to emergency resources í Consider entering into a mutual aid agreement with other organizations and agencies to use their facilities for command and control í Plan for adequate people space and all that this entails í Consider Mobile Emergency Response Operations Centers and Mobile Emergency Communications Vehicles x Organizational interdependencies need to be understood and relationships cultivated, because interagency coordination will result in effective emergency response. Critical considerations include the following: í Ensure the ability to collaborate and coordinate voice, data, and video with key stakeholders í Know who the stakeholders are and include them as part of the agency’s technology, process, and controls planning í Map interdependent agencies, departments, systems, processes, data, and controls within the COOP í Meet regularly with all stakeholders í Regularly test the reliability, timeliness, and accuracy of critical information and analysis flows Haas, K., Transportation and Homeland Security: A Critical Issues Guide for Local Officials. Public Technology, Inc., 2005. The key topics in this guide include the following: x Emergency Transportation Planning within the Emergency Planning Framework

112 x Risk Management Plan Development Guidelines The guide also answers the following questions: x Who should develop the emergency transportation plan? x What threats should a local emergency transportation plan address? x What are the elements of a local emergency transportation plan? Taylor, B., et al. “Responding to Security Threats in the Post-9/11 Era: A Portrait of U.S. Urban Public Transit,” Public Works Management & Policy, Vol. 11, No. 1, pp. 3–17. Taylor and his research team performed a survey of transit systems regarding their post-9/11 policies and practices. The researchers found that most of the credible threats were focused on the largest transit agencies. In terms of protective measures, the findings indicated that use of CPTED strategies has increased the most after 9/11. Despite measurable programmatic progress, however, many respondents believe that meaningfully securing urban transit systems remains a daunting, perhaps insurmountable, challenge. TCRP Web Document 18: Developing Useful Transit-Related Crime and Incident Data. Transportation Research Board, National Research Council, Washington, D.C., April 2000. Primary data sources of crime statistics include incident reports filed by transit police or security, reports and complaints called into transit police, and information gathered by local law enforcement. If transit police are not available to take a report from a passenger or employee, incidents may not be reported, especially minor ones such as fare evasion and theft. In these cases, minor crimes as well as quality-of-life violations will be underreported, cannot serve as good indicators of disorder, and will impede the assessment of policing tactics. The underreporting of quality-of-life crimes also occurs because the FBI’s Uniform Crime Reporting (UCR) reporting guidelines being following by the FTA recommend reporting only those crimes that result in an arrest. Another crime data issue is the definition of a transit-related crime. If it is not clear, some local police agencies may simply aggregate borderline cases with other crime data and not specify that it is transit- related. This would be a problem for agencies that do not have their own police force. Crime data research conducted for TCRP Project F-6A concluded that, while the definition used by each individual agency was consistent within the agency, “the lack of a generally accepted definition of transit-related crime makes it impractical to compare transit crime rates between agencies, or to obtain a consistent and accurate picture of transit crime trends at a national level.” There is also a lack of uniformity in the definition of the different types of crime. The project report also states that “the only consistent use of defined terms is for the eight serious crimes—homicide, rape, robbery, aggravated assault, burglary, larceny/theft, motor vehicle theft, arson.” In terms of the presentation of the crime data, the study concluded that data tables and charts are not consistent across agencies. Reed, T.B., et al., Transit-Passenger Perceptions of Transit-Related Crime Reduction Measures, Transportation Research Record 1731, Transportation Research Board, National Research Council, Washington, D.C., 2000, pp. 130–141. In a 1999 Michigan study of violent crimes against public transit bus operators and passengers, transit passenger perceptions of numerous transit-related crime reduction measures—patrol and security, design actions, and technological innovation—were determined via survey. The respondents indicated emergency telephones for passengers and increased lighting as the best crime-prevention measures.

113 References for the Literature Review Appendix Acohido, B., “Theft of Personal Data More Than Triples This Year,” USA TODAY, Dec. 9, 2007 [Online]. Available: http://www.usatoday.com/money/industries/technology/2007-12-09-data-theft_N.htm. Beaver, K., “Locking Down Today’s Data Centers,” Security Technology & Design, Dec. 2007, pp. 30–34. “Cyber-criminals Becoming Increasingly Professional,” Government Technology, 2007 [Online]. Available https://wwww.govtech.com/gt/print_article.php?id=144372 [accessed Dec. 12, 2007].. Department of Homeland Security, “Emergency Interoperability Consortium Announce Alliance to Help First Responders.” ISC365.com, Mar. 26, 2008. Department of Homeland Security website [Online]. Available at http://www.ojp.usdoj.gov/odp/ta_ictap.htm. Identity Theft Research Center, Employee Security Connection, Vol. 19, No. 3, Apr. 30, 2007..Facts and Statistics [Online].. Available: http://www.idtheftcenter.org/artman2/publish/m_facts/Facts_and_Statistics.shtml [accessed Dec. 25, 2007]. NewsEdge Corp, “Profile of Computer Hackers Changing,” CommwebNews.com, Dec. 26, 2007. Serluco, P., “Special Report: MorganFranklin Guide: Interoperability vs. Assured Communications, Critical Factors for Emergency Managers.” Homeland Defense Journal [Online].. Available: http://www.homelanddefensejournal.com. Weber, S., “Cyber Security: Ignore At Your Peril.” Forbes.com., Feb. 28, 2008.