National Academies Press: OpenBook
« Previous: References
Page 192
Suggested Citation:"Appendix - Information Resources." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 192
Page 193
Suggested Citation:"Appendix - Information Resources." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 193
Page 194
Suggested Citation:"Appendix - Information Resources." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 194
Page 195
Suggested Citation:"Appendix - Information Resources." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 195
Page 196
Suggested Citation:"Appendix - Information Resources." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 196
Page 197
Suggested Citation:"Appendix - Information Resources." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 197
Page 198
Suggested Citation:"Appendix - Information Resources." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 198
Page 199
Suggested Citation:"Appendix - Information Resources." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 199
Page 200
Suggested Citation:"Appendix - Information Resources." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 200

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

192 Information Resources A P P E N D I X Information related to topics in this report is available from many sources and in many formats. Security Awareness Information Resources 1. AASHTO National Operations Center of Excellence https://transportationops.org/ 2. APTA—Recommended Practices: Security Awareness Training for Transit Employees, 2012 http://www.apta.com/resources/standards/Documents/APTA-SS-SRM-RP-005-12.pdf 3. DHS—If You See Something, Say Something™ print materials and video and audio awareness items in English and Spanish https://www.dhs.gov/see-something-say-something/campaign-materials 4. DHS—Bomb Threat Checklist http://emilms.fema.gov/is906/assets/ocso-bomb_threat_samepage-brochure.pdf 5. DHS—Counter-IED Awareness Products https://www.dhs.gov/counter-ied-awareness-products a. Awareness cards and posters b. DHS-DOJ Bomb Threat Stand-off Guide c. DHS Bomb Threat Checklist d. DHS-DOJ Bomb Threat Guidance e. DHS Vehicle Inspection Guide and Video f. Vehicle-Borne IED Identification Guide: Parked Vehicles g. First Responder Support Tools 6. TSA—https://www.tsa.gov/for-industry/surface-transportation a. Employee Guide to System Security—Commuter Bus (Pocket Guide) b. Employee Guide to System Security—Commuter Rail (Pocket Guide) c. Employee Guide to System Security—Heavy Rail (Pocket Guide) d. Employee Guide to System Security—Light Rail (Pocket Guide) e. System Security Awareness for Transit Employees (CD), also available in Spanish f. The Mark (DVD) g. Warning Signs (DVD) h. Visible Intermodal Prevention and Response (Pamphlet) i. Motor Coach (Pocket Guide) j. Trucking (Pocket Guide) k. Highway Infrastructure (Pocket Guide) l. School Bus (Pocket Guide) m. Hazmat Motor Carrier Security Action Item Training (Brochure) n. First Observer: School Transportation Security Training (School Bus and School Transportation) available with Spanish subtitles

Information Resources 193 v. Security Awareness for Passenger Vessel Employees (CD) w. VBIED/IED Recognition/Response for Passenger Vessels and Terminals (CD) x. Crowd Control for Passengers Vessels and Terminals (CD) y. Maritime Terrorism and Hijacking Situations (CD) z. Screening Procedures (CD) aa. Terminal and Vessel Evacuation Procedures (CD) 7. First Observer Plus™ Program, multiple modes https://www.tsa.gov/for-industry/firstobserver 8. FTA—Transit Agency Security and Emergency Management Protective Measures (CD) 9. National Transit Institute Guides www.ntionline.com a. Employee Guide to All-Hazards Awareness and Preparedness b. Employee Guide to Preventing Workplace Violence c. Infectious Disease Awareness and Prevention d. Emergency Preparedness Guide for Transit Employees: On the Job and At Home 10. FEMA—National Training and Education Division https://www.frstrespondertraining.gov/content.do 11. FEMA—Training Operations Course Catalog https://www.firstrespondertraining.gov/webforms/pdfs/gt_catalog.pdf 12. FEMA Emergency Management Institute (EMI) 13. http://training.fema.gov/is/ a. Workplace Security Awareness (IS-906) b. Active Shooter: What You Can Do (IS-907) c. Surveillance Awareness: What You Can Do (IS-914) d. Critical Infrastructure Security: Theft and Diversion—What You Can Do (IS-916) e. Workplace Violence Awareness Training 2014 (IS-106.14) f. Protecting Critical Infrastructure Against Insider Threats (IS-915) 14. MTI National Transportation Security Center of Excellence Exploring the Effectiveness of Transit Security Awareness Campaigns in the San Francisco Bay Area, 2010 15. Transportation Safety Institute http://www.tsi.dot.gov/ 16. Rural Domestic Preparedness Consortium (RDPC) 17. http://www.ruraltraining.org/training/courses/ 18. Federal Bureau of Investigation (FBI) Guide to Concealable Weapons, Federal Bureau of Investigation (FBI), 2003 http://www.cutr.usf.edu/security/reports.htm 19. ATF Bomb Threat Checklist ATF 1613.1, Bureau of Alcohol Tobacco and Firearms June 1997 http://www.state.tn.us/homelandsecurity/bomb_checklist.pdf 20. Improvised Explosive Device (IED) Safe Standoff Distance Cheat Sheet, US Army National Ground Intelligence Center 21. Terrorist Bomb Threat Stand-Off Card, (Pocket Guide) Technical Support Working Group http://www.cttso.gov/?q=node/243 22. Best Practices for Safe Mail Handling, DHS Interagency Committee, September 2006 23. Biological Attack Human Pathogens, Biotoxins, and Agricultural Threats, National Academy of Sciences, 2004 www.nae.edu/nae/pubundcom.nsf/weblinks/CGOZ-642P3W?OpenDocument 24. Chemical Attack Warfare Agents, Industrial Chemicals, and Toxins, National Academy of Sciences, 2004 www.nae.edu/nae/pubundcom.nsf/weblinks/CGOZ-642P3W?OpenDocument o. First Observer: Operation Secure Transport (Motorcoach) available with Spanish subtitles p. School Transportation Security Awareness q. Hazmat Motor Carrier: Security self-assessment training r. IED Detection and Recognition for Railroad Employees (CD) s. On the Tracks: Rail Sabotage Awareness and Reporting (CD) t. On the Tracks: Rail Sabotage Awareness and Reporting (Poster) u. On the Tracks: Rail Sabotage Awareness and Reporting (Brochure)

194 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies 29. Dirty Bombs—Fact Sheet, Department of Health and Human Services, Centers for Disease Control and Prevention (CDC) July 2003 PDF http://www.cdc.gov 30. What You Should Do To Prepare For and Respond to Chemical, Radiological, Nuclear and Biological Terrorist Attacks, RAND Corporation, 2003 31. NCHRP Report 525: Surface Transportation Security Volume 1, Responding to Threats: A Field Personnel Manual, 2004 www.trb.org/TRB/publications/Publications.asp 32. NCHRP Report 793: Incorporating Transportation Security Awareness into Routine State DOT Operations and Training, 2014 33. NCHRP Report 525: Surface Transportation Security Volume 7—System Security Awareness for Transportation Employees, 2005 34. http://www.trb.org/Main/Blurbs/154638.aspx 35. NCHRP 20-59(51)B Draft Interim Report: A Guide to Emergency Management at State Transportation Agencies, Second Edition, 2017 36. NCHRP Synthesis 468: Interactive Training for All-Hazards Emergency Planning, Preparation, and Response for Maintenance and Operations Field Personnel, 2015 37. TCRP Report 86, Volume 5: Security-Related Customer Communications and Training for Public Transportation Providers, 2004 38. TCRP F-21 Tools And Strategies For Eliminating Assaults Against Transit Operators, 2017 39. TCRP Report 180: Policing and Security Practices for Small- and Medium-Sized Public Transit Systems, 2015 40. TCRP Synthesis 80: Transit Security Update, 2008 http://onlinepubs.trb.org/onlinepubs/tcrp/tcrp_syn_80.pdf 41. TCRP Report 86, Volume 9: Guidelines for Transportation Emergency Training Exercises, 2006 42. What You Should Do to Prepare for and Respond to Chemical, Radiological, Nuclear and Biological Terrorist Attacks, RAND Corporation, 2003. http://www.rand.org/pubs/monograph_reports/MR1731z2.html 43. DHS ICS-CERT Control Systems Security Program (CSSP) and Virtual Learning 44. Portal https://ics-cert-training.inl.gov/ 45. Federal Virtual Training Environment (free on-demand training) 46. https://niccs.us-cert.gov/training/federal-virtual-training-environment-fedvte 47. TSA Surface Transportation Cyber Toolkit 48. https://www.tsa.gov/for-industry/surface-transportation-cybersecurity-toolkit 49. NCHRP Protection of Transportation Infrastructure from Cyber Attacks: A Primer 26. Radiological Attack: Dirty Bombs and Other Devices, National Academy of Sciences, 2004 www.nae.edu/nae/pubundcom.nsf/weblinks/CGOZ-642P3W?OpenDocument 27. Worker Training in a New Era: Responding to New Threats, Department of Health and Human Services NIOSH, October 2002 28. Dirty Bombs Fact Sheet, United States Nuclear Regulatory Commission, March 2003 25. Nuclear Attack, National Academy of Sciences, 2004 www.nae.edu/nae/pubundcom.nsf/weblinks/CGOZ-642P3W?OpenDocument http://nap.edu/23516 50. ACRP Report 140: Guidebook on Best Practices for Airport Cybersecurity, 2015 51. http://trbcybersecurity.erau.edu/resources/acrp_rpt_140.pdf The National Institute of Standards and Technology (NIST) offers many relevant resources and standards including the following Special Publications. 52. SP 800-16 A Role-Based Model for Federal Information Technology/Cybersecurity Training, Revision 1 (Third Draft) 2014 53. SP 800-50 Building an Information Technology Security Awareness and Training Program, 2003 54. SP 800-84 Guide to Test, Training, and Exercise Programs for IT Plans and Capabilities, 2006 55. 2017 National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework

Information Resources 195 b. Part II: Defining a Security Zone Architecture for Rail Transit and Protecting Critical Zones c. Part III: Attack Modeling Security Analysis White Paper Building Security Standards and Resources 1. ISC Security Design Criteria for New Federal Office Buildings and Major Modernization Projects, ISC, May 2001 2. ISC Security Standards for Leased Space, ISC, 2004 3. Standard Guide for Developing a Cost-Effective Risk Mitigation Plan for New and Existing Constructed Facilities: E 2506—06 ASTM Committee on Standards, © 2006 ASTM International www.astm.org 4. GSA Facilities Standards for the Public Buildings Service General Services Administration, March 2005 http://www.gsa.gov 5. DoD Minimum Antiterrorism Standards for Buildings (Unified Facilities Criteria UFC 4-010-01) Department of Defense, October 2003 www.wbdg.org/ccb/DOD/UFC/ufc_4_010_01.pdf 6. Risk Management Process for Federal Facilities: An ISC Standard, 2016 https://www.hsdl.org/?abstract&did=797952 7. Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings (DHS BIPS 07) refreshes FEMA 426, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings. The manual identifies new ways to blunt the damage and limit casualties from various attacks. It also offers a new way to understand infrastructure resiliency and assess risk. 8. Items Prohibited from Federal Facilities: An ISC Standard 9. Security Specialist Competencies: An ISC Guideline [PDF] 10. U.S. Department of Veterans Affairs Physical Security Design Manual For Mission Critical Facilities, 2015 11. FEMA 430, Site and Urban Design for Security: Guidance against Potential Terrorist Attacks, 2007 12. Best Practices and Key Considerations for Enhancing Federal Facility Security and Resilience to Climate-Related Hazards, 2015 13. Best Practices for Working with Lessors: An ISC Guide, 2014 https://www.dhs.gov/sites/default/files/publications/ISC-Best-Practices-for-Working-with- Lessors-1st-Edition-508.pdf 14. Best Practices for Armed Security Officers in Federal Facilities, 2013 15. Violence in the Federal Workplace: A Guide for Prevention and Response, 2013 https://www.dhs.gov/sites/default/files/publications/ISC%20Violence%20in%20%20the%20Fede ral%20Workplace%20Guide%20April%202013.pdf 16. Occupant Emergency Programs: An ISC Guide, 2013 https://www.dhs.gov/sites/default/files/publications/ISC%20- Occupant%20Emergency%20Programs%20Guide%20FINAL_508_0.pdf 17. Best Practices for Managing Mail Screening and Handling Processes: A Guide for the Public and Private Sectors, 2012 18. Planning and Response to an Active Shooter: An Interagency Security Committee Policy and Best Practices Guide, 2015 19. DOD Security Engineering Facilities Planning Manual (Draft) UFC 4-020-01 Department of 20. Defense March 2006 www.wbdg.org/ndbm/DesignGuid/pdf/Final%20Draft_UFC_4-020-01.pdf 56. https://www.nist.gov/itl/applied-cybersecurity/nice/resources/nice-cybersecurity-workforce- framework 57. American Public Transportation Association Recommended Practices: Securing Control and Communications Systems in Transit Environments a. Part I: Elements, Organization and Risk Assessment/Management

196 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies 1. FHWA Framework for Improving Resilience of Bridge Design (Report No. FHWA-IF-11- 016, January 2011). Recognizing that addressing security concerns and potential failures during design is a much less costly approach, the framework that can be employed by bridge designers during the design process that can help to minimize bridge failures while in service and/or during construction. It was developed to provide bridge designers with a tool for identifying potential failure mechanisms by highlighting design considerations that could reduce failures that might not be readily apparent in current design specifications. 2. NCHRP Report 645: Blast-Resistant Highway Bridges: Design and Detailing Guidelines (2010) contains general design guidance and a simplified design procedure for blast-resistant reinforced concrete bridge columns. 3. NCHRP 20-07/Task 378 Assessing Risk for Bridge Management, 2016 focused on developing guidelines for a data-driven risk assessment at the bridge and structure level that considered risks from natural and human-made hazards. The methodology and proposed guidelines produced support the state DOTs’ focus on risk-based asset management. 4. FHWA Bridge Security Design Manual (2017) provides state-of-the-art guidance on bridge- specific security planning, extreme loading phenomenology and characterization, and protective design strategies for vulnerability assessments of existing bridges, resilient design of new bridge construction, and emergency planning efforts. 5. TSA Comparative Analysis of Assessed Bridges (2015) indicates nine most common bridge construction types, the most vulnerable structural element, recommended mitigation method, and cost of such mitigation. The report is identified as Sensitive Security Information (SSI) but is available on a “need to know” basis for persons validly associated with bridge security and construction. Tunnel Security Guidance and Resources 1. 2015 FHWA Tunnel Operations, Maintenance, Inspection, and Evaluation Manual (TOMIE Manual) 2. Tunnel Security for Public Transit (APTA SS-SIS-RP-16-15, 2015) offers best practices in the development of security for transit tunnels and the application and implementation of security design considerations where applicable. This document outlines the structure of tunnels, potential threats, and measures to enhance the security of these structures. Additionally, it recommends technologies, policies, and procedures, coupled with the operational aspects for securing tunnels from potential threats. 3. TCRP Report 86, Volume 12: Making Transportation Tunnels Safe and Secure, 2006 4. Risk Management for Terrorist Threats to Bridges and Tunnels, Federal Highway Administration (FHWA)/U.S. Army Corps of Engineers (USCOE), 2008 5. Integrated Rapid Visual Screening Series (IRVS) for Tunnels, Department of Homeland Security (DHS), 2011 6. Best Practices for Implementing Quality Control and Quality Assurance for Tunnel Inspections, NCHRP 20-07/Task 261 7. Design Fires in Road Tunnels, NCHRP Project 20-05, Synthesis Topic 41-05 8. Tunnel Operations, Maintenance, Inspection and Evaluation (TOMIE) Manual 9. FHWA DTFH61-07-D 00004 Bridge Security Guidance and Resources

Information Resources 197 11. Recommended AASHTO LRFD Tunnel Design and Construction Specifications, NCHRP 12-89, FY 2011, ongoing 12. National Fire Protection Association, Standard for Road Tunnels, Bridges, and Other Limited Access Highways, Publication 502, 2011 13. Technical Security Working Group (TSWG), Best Practices for Bridges and Tunnels, TSWG Contract Number N4175-05-R-4828, accessed Jan. 31, 2013 10. High Speed Nondestructive Testing Methods for Mapping Voids, Debonding, Delaminations, Moisture, and Other Defects Behind or Within Tunnel Linings, SHRP2 R06(G)

Abbreviations and acronyms used without definitions in TRB publications: A4A Airlines for America AAAE American Association of Airport Executives AASHO American Association of State Highway Officials AASHTO American Association of State Highway and Transportation Officials ACI–NA Airports Council International–North America ACRP Airport Cooperative Research Program ADA Americans with Disabilities Act APTA American Public Transportation Association ASCE American Society of Civil Engineers ASME American Society of Mechanical Engineers ASTM American Society for Testing and Materials ATA American Trucking Associations CTAA Community Transportation Association of America CTBSSP Commercial Truck and Bus Safety Synthesis Program DHS Department of Homeland Security DOE Department of Energy EPA Environmental Protection Agency FAA Federal Aviation Administration FAST Fixing America’s Surface Transportation Act (2015) FHWA Federal Highway Administration FMCSA Federal Motor Carrier Safety Administration FRA Federal Railroad Administration FTA Federal Transit Administration HMCRP Hazardous Materials Cooperative Research Program IEEE Institute of Electrical and Electronics Engineers ISTEA Intermodal Surface Transportation Efficiency Act of 1991 ITE Institute of Transportation Engineers MAP-21 Moving Ahead for Progress in the 21st Century Act (2012) NASA National Aeronautics and Space Administration NASAO National Association of State Aviation Officials NCFRP National Cooperative Freight Research Program NCHRP National Cooperative Highway Research Program NHTSA National Highway Traffic Safety Administration NTSB National Transportation Safety Board PHMSA Pipeline and Hazardous Materials Safety Administration RITA Research and Innovative Technology Administration SAE Society of Automotive Engineers SAFETEA-LU Safe, Accountable, Flexible, Efficient Transportation Equity Act: A Legacy for Users (2005) TCRP Transit Cooperative Research Program TDC Transit Development Corporation TEA-21 Transportation Equity Act for the 21st Century (1998) TRB Transportation Research Board TSA Transportation Security Administration U.S. DOT United States Department of Transportation

TRA N SPO RTATIO N RESEA RCH BO A RD 500 Fifth Street, N W W ashington, D C 20001 A D D RESS SERV ICE REQ U ESTED N O N -PR O FIT O R G . U .S. PO STA G E PA ID C O LU M B IA , M D PER M IT N O . 88 ISBN 978-0-309-48134-2 9 7 8 0 3 0 9 4 8 1 3 4 2 9 0 0 0 0 U pdate of Security 101: A Physical Security and Cybersecurity Prim er for Transportation A gencies N CH RP Research Report 930 TRB

Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Since 2009, when NCHRP's last Security 101 report was released, there have been significant advances in transportation security approaches, including new strategies, programs, and ways of doing business that have increased the security of transportation systems as well as ensured their resiliency.

Hazards and threats to the system have also continued to evolve since 2009. While the incidence of large-scale terrorist attacks has remained small, transportation agencies are at increasingly greater risk from system-disrupting events due to natural causes, unintentional human intervention, and intentional criminal acts, such as active-shooter incidents. Cyber risks also are increasing and can impact not only data, but the control systems—like tunnel-ventilation systems—operated by transportation agencies.>

The TRB National Cooperative Highway Research Program's NCHRP Research Report 930: Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies provides valuable information about current and accepted practices associated with both physical and cyber security and its applicability to surface transportation.

The report is accompanied by a PowerPoint for the project and NCHRP Web-Only Document 266: Developing a Physical and Cyber Security Primer for Transportation Agencies.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!