National Academies Press: OpenBook

Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies (2020)

Chapter: Chapter 6 - Infrastructure Protection and Resilience

« Previous: Chapter 5 - Workforce Planning and Training/Exercises
Page 148
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 148
Page 149
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 149
Page 150
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 150
Page 151
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 151
Page 152
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 152
Page 153
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 153
Page 154
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 154
Page 155
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 155
Page 156
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 156
Page 157
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 157
Page 158
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 158
Page 159
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 159
Page 160
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 160
Page 161
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 161
Page 162
Suggested Citation:"Chapter 6 - Infrastructure Protection and Resilience." National Academies of Sciences, Engineering, and Medicine. 2020. Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25554.
×
Page 162

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

148 Infrastructure Protection and Resilience The USA Patriot Act of 2001 (42 U.S.C. 5195c(e)) defined “critical infrastructure” as systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruc- tion of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters. Presidential Policy Directive 21 (PPD-21): Critical Infrastructure Security and Resilience (2013) was issued to ensure that critical infrastructure be secure and able to withstand and rapidly recover from all hazards. It defined security as reducing the risk to critical infrastructure by physical means or defense cyber measures to intrusions, attacks, or the effects of natural or human- caused disasters. It recognized that “Critical infrastructure owners and operators are uniquely positioned to manage risks to their individual operations and assets and to determine effec- tive strategies to make them more secure and resilient.” Achieving this will require integration with the national preparedness system across prevention, protection, mitigation, response, and recovery. Proactive infrastructure protection requires the ability to identify, deter, detect, disrupt, and prepare for threats and hazards; reducing vulnerabilities of critical assets, systems, and networks; and mitigating the potential consequences to critical infrastructure of incidents or adverse events that do occur. Departments of Transportation (DOTs) have a significant role in infrastructure protection. DOTs have the responsibility for controlling access to critical components, conducting risk and vulnerability assessments, and taking action to mitigate the effects of those risks and vulner- abilities. Transportation employees and contractors are the best positioned to know what is usual and unusual, and can help their agency protect its employees, information, data, networks, and facilities. The general concept of resilience has existed for decades in transportation. In recent years, due to numerous major disasters, high-profile incidents, and system failures, resilience has emerged as a critical topic in transportation. Resilience can be defined as “the ability to prepare and plan for, absorb, recover from, or more successfully adapt to adverse events” (National Research Council 2012). The AASHTO Standing Committee on Research (SCOR) in 2016 highlighted what this means for transportation, “When we speak of resilience in the transportation sense, we mean the ability of the transportation system to recover and regain functionality after a major disruption or disaster.” There is a need for a resilience approach in all activities that are the responsibility of the transportation community. As stated in Understanding Transportation Resilience: A 2016–2018 Roadmap (AASHTO 2016), C H A P T E R 6

Infrastructure Protection and Resilience 149 The development of a new strategy based on resilience includes a broad range of options to help manage risks and recover from system disruptions. In this new paradigm, resilience . . . offers instead an overarching strategy that includes risk management, protection, and preparedness as complementary strategies to prevent attacks and to identify and ward off additional threats; adaptation, recovery, and other post-disruption strategies to restore normal transportation services . . . Figure 6-1 from the 2013 National Infrastructure Protection Plan illustrates the relationship between security and resilience. The transportation operating environment creates significant challenges for infrastructure protection and security planners charged with determining which of the agency’s assets require protection and adaptations to increase resilience. This chapter frames the question for deci- sion-makers and then summarizes some of the methods used to prioritize critical assets. Later sections address the specifics of buildings and facilities, bridges and tunnels, and rolling stock. Although the application of resiliency engineering in the transportation sector is still being developed, TRB has produced a wealth of resilience-related studies, products, guidelines, and effective practices. Applying multiple security measures in consecutive layers, often referred to as concentric layers of security, is the basic risk mitigation approach to all security systems. Planning for secu- rity in layers is based on the security industry concept of the Four Ds (deter, detect, defend, and defeat). With respect to resilience, two characteristics of a security system should be considered: redundancy and continuity. The resilience of the security system requires an ongoing effort to ensure it is maintained and adjusted as circumstances change. Source: DHS 2013. Figure 6-1. Relationship between security and resilience.

150 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies Critical Infrastructure Designation: Physical and Cyber Assets The critical infrastructure of a transportation agency includes the people, property, and information assets required to enable the organization to execute its primary responsibilities, activities, and functions. But deciding what assets or infrastructure are critical is not always as easy as it might seem. In the case of information systems the designation of CIIP (Critical Infor- mation Infrastructure Protection) has developed as a subset of the more widely known concept of Critical Infrastructure Protection (CIP). The initial sets of questions that must be answered are definitional. Should the agency use operational importance as its criteria? If so, what does that mean? Is it importance to business continuity, quality of service, or maybe the bottom line? What about the contribution of the asset to the mission? Factoring in resilience, are alternatives available to using the asset, and does that make it noncritical? And what about the asset’s repair (or recovery) time or cost? If the asset can be replaced quickly or at low cost does that affect its criticality? Other questions concern perspective. Should the agency decide what is critical based on threat assessments or target attractiveness? Are the adversary’s or aggressor’s eyes the right view- point? What about customer perceptions of security? Or perhaps even government agencies? Is national significance or the symbolic value of an asset an appropriate factor for consideration by transportation officials? Is there a viable alternative? These questions and many more confront security planners who are attempting to effectively balance the actual security needs of an orga- nization against the wide array of sometimes countervailing opinions. Ultimately, most transportation agencies should take the “ownership view,” which “examines information on ownership of assets, including the owner/operator’s decision structure, policies, and procedures, and recognizes those assets owned by the same entity as an integrated system.” Taking this approach to critical infrastructure identification yields the following list of assets for surface transportation systems. The AASHTO Guide to Highway Vulnerability Assessment for Critical Asset Identification and Protection (2002) contained a table listing Critical Transportation Assets. Effective Practices For The Protection Of Transportation Infrastructure From Cyber Incidents (TRB 2016) outlined the components of highway operational systems including the related cyber systems. Table 6-1 summarizes the physical and cyber assets identified in these two documents. INFRASTRUCTURE FACILITIES EQUIPMENT and SYSTEMS PERSONNEL Arterial Roads Interstate Roads Bridges Overpasses Barriers Roads Upon Dams Tunnels Chemical Storage Areas Fueling Stations Headquarters Buildings Maintenance Stations/Yards Material Testing Labs Ports of Entry District/Regional Complexes Road/Weather Monitoring Systems Traffic Management Systems Signal and Variable Messaging Systems HVAC and Tunnel Ventilation Systems Vehicles Contractors Employees Vendors Visitors Table 6-1. Critical transportation assets and cybersystems. (continued on next page)

Infrastructure Protection and Resilience 151 Source: DHS 2013. Figure 6-2. Transit assets and cybersystems. INFRASTRUCTURE FACILITIES EQUIPMENT and SYSTEMS PERSONNEL Traffic Management Centers Rest Areas Communications and Traveler Information Systems Hazardous Materials Storm Water Pump Stations Toll Booths Traffic Operations Centers Vehicle Inspection Stations Weigh Stations Source: Adapted from AASHTO 2002. Table 6-1. (Continued). Similarly, assets for transit and rail are identified in the FTA publication Transit Security Design Considerations (2004b). The webinar Effective Practices for the Protection of Transportation Infrastructure from Cyber Incidents (TRB 2016), which outlined the components of transit opera- tional systems, including the related cybersystems (Figure 6-2).

152 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies Identification of critical infrastructure should be accomplished during the preliminary stages of risk assessment. However, the transportation agency would be well served to continuously conduct criticality reviews to become better informed about ongoing security needs. Question- ing assumptions about definition and perspective can yield substantial benefits in terms of both security efficiency and performance. Methods to Rate and Prioritize Critical Assets There are as many approaches to performing the criticality analysis as there are available risk and vulnerability assessment methodologies. But regardless of the method undertaken, the basic steps remain the same—inventory, factor, valuate, rank order, and prioritize. The process of crit- ical infrastructure identification begins with the development of an inventory, an all-inclusive list that sufficiently describes the character of the agency’s assets. Care should be taken to ensure that the assets are properly delineated into distinct individual elements of infrastructure as opposed to component parts, systems, or subsystems. shelters to mere signposts. Transit agencies often lack control over these sites, which combined with their high level of accessibility, makes them difficult to secure against attack. • Administrative facilities and operations control centers (OCCs). Used for the operations and administration of the transit system and may be co-located on a site with non-transit uses. Although most administrative facilities are not open to the public and can therefore maintain stricter access control, they have a critical role in the transit system and have value as strategic targets. • Vehicle maintenance facilities. Used for the repair and storage of transit vehicles; they include vehicle garages, yards, and repair facilities. They often contain a large number of assets to be protected, including some high-risk elements such as fuel storage areas or containers. Maintenance facilities can be designed to allow transit vehicles and maintenance staff to enter and exit freely, while preventing access by unauthorized vehicles and people. • Elevated structures. All above-grade bridges and track structures, including pedestrian bridges and overpasses. Their high visibility and structural complexity present particular challenges to securing them against terrorist attack. • Tunnels. Used for the passage of transit vehicles underground and, in limited cases, underwater. They are more secure when designed to prevent unauthorized access from passenger platforms and at-grade entrances, while allowing transit vehicles to pass freely. Proper design can also facilitate evacuation in an emergency. • Right-of-way, track, and signals. Includes all land and equipment dedicated to the movement of transit vehicles between stations. Like tunnels, a design goal is to allow transit vehicle movement while preventing access by unauthorized people or vehicles • Remote and unmanned structures. All other physical assets. This category includes power substations, communications relays, and the like, which are not necessarily located on rights-of-way or in stations. These may be owned or controlled by other agencies or companies. Design features that take into account their remote locations and lack of consistent or continuous staff presence can improve their security. • Control and SCADA systems. Provide real-time monitoring of train movements and can also provide automatic train protection (ATP), automatic train operation (ATO), automatic train regulation (ATR), and automatic train supervision (ATS). • Communications systems. Includes CCTV, radio, intercom, public address, security, and copper and fiber optic data transmission systems. They may or may not be connected to other systems. Automatic vehicle location (AVL) systems are used in conjunction with computer-aided dispatch systems to locate and more efficiently manage transit bus and demand response vehicle fleets. The primary elements of the AVL system include an on-board computer, GPS, and mobile data communications. • Security monitoring and detection systems. Intrusion/access control includes CCTVs, perimeter detection, and card access. Threat monitoring/detection systems include fire detection, elevating devices monitoring, tunnel drainage monitoring, gas and pathogen monitoring, and seismic monitoring. Transit Agency Assets Transit agencies are responsible for a variety of assets (FTA 2004b). • Transit stations. Facilities used for boarding and alighting of transit passengers and fare collection; they can be below-grade, at-grade, or elevated. Their high profile, large volumes of pedestrian traffic, and central locations integrated with surrounding uses, make them likely targets for terrorist attack. • Transit stops. Usually smaller and more open than transit stations. They are typically on public land, where passengers can board buses and light rail vehicles; these include everything from elaborate

Infrastructure Protection and Resilience 153 Mainstreaming Transportation Hazards and Security Risk Management: CAPTA Update and Implementation (TRB 2017a) can support the evaluation and prioritization of asset risk manage- ment. Use of the methodology and associated CAPTool can assist in developing a list of most- critical assets, based on consequences of loss in the presence of relevant threats and hazards. In addition, the tool can provide a list of potential countermeasures for reducing vulnerability and improving resilience of critical assets, along with a rough order-of-magnitude cost estimate for implementing selected countermeasures. According to Recommendations for Bridge and Tunnel Security, prepared by the AASHTO Blue Ribbon Panel on Bridge and Tunnel Security (2003), many component parts, systems, and sub- systems are associated with a suspension and cable-stayed highway bridge (e.g., suspender ropes, stay cables, tower leg, orthotropic steel deck, reinforced and pre-stressed bridge decks, cable saddle, approach structures, connections, anchorage and piers). Even though some parts of the bridge structure may be harder to replace than others and therefore might be considered more critical, breaking down critical infrastructure into these subparts will add confusion and a lack of clarity to the definitional capture of critical assets. Once each asset has been delineated, the categories of personnel (human), property (physical), or information (cyber) can be used to group the individual elements so the second factoring aspect of the critical infrastructure identification process can be accomplished. Factors can refer to any number of important issue areas so long as they are relevant to the agency performing the analysis. Some sample areas include: • Casualty impact—The potential for loss or serious injury to human life; • Business continuity—The extent to which loss or serious damage to the asset would adversely impact the ability of the agency to continue to operate; • Economic impact—The extent to which loss or serious damage to the asset would affect the viability of business going forward; • Replacement cost—The capital investment required to replace the asset; • Replacement downtime—The length of time before the asset can be returned to service; • Redundancy—Availability of alternate for use in the event the asset is lost; and • Symbolic importance—National significance of the asset. The third part of the identification process is the establishment of relative values that indicate the importance of the assets to the operations of the agency. Generally, a numerical scale is used to compare the relative values. Table 6-2 illustrates relative value in the center column. This table also provides an overview of steps 1–3 in the critical infrastructure identifica- tion process. The final step in the process is the rank ordering and prioritization of critical assets. Table 6-3, from the FHWA Recommendations for Bridge and Tunnel Security by the AASHTO Blue Ribbon Panel on Bridge and Tunnel Security (2003) gives an illustrative example of bridge and tunnel critical asset prioritization. Note the inclusion of a risk reduction score, achieved through a form of algebraic analysis of the factoring and relative value steps of the process. The table also contains a ROM (rough order of magnitude) cost column that presents the security designer with an economic cross reference. Building Security A vast body of knowledge and information is available from federal government departments and agencies about the protection of buildings. The government has gone a long way toward establishing comprehensive building security standardization requirements and criteria for federal facilities. The work began in earnest on April 20, 1995, one day after the bombing of the

154 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies Alfred P. Murrah Building in Oklahoma City, when the president directed the Department of Justice (DOJ) to assess the vulnerability of federal office buildings in the United States, particu- larly to acts of terrorism and other forms of violence. Within 2 months DOJ completed the study and published its report, Vulnerability Assessment of Federal Facilities, containing minimum security standards intended for use in all federally occupied facilities (U.S. DOJ 1995). The stan- dards were based on DOJ security level criteria that basically considered occupancy, volume of public content, building size, and agency mission. In October 1995, Executive Order 12977 was signed by the president “to establish policies for security in and protection of federal facilities and to provide a permanent body to address continuing government-wide security for federal facilities.” The order established the Inter- agency Security Committee (ISC) with member agencies including the Departments of Justice, State, Labor, Transportation, Defense, Energy, Health and Human Services, the General Services Administration, and the Environmental Protection Agency. ISC security standards have been developed to better match the necessary level of protection to the level of risk. The Facility Security Assessment now considers additional factors such as symbolism, threat to the tenants, and mission criticality. In addition there is now a recognition that security needs to be balanced against other factors, including cost. “In most facilities, it is neither common to find anything close to perfect security nor is perfect security an economically feasible objective” (DHS 2014). Source: AASHTO Blue Ribbon Panel on Bridge and Tunnel Security 2003. Table 6-2. Critical asset value.

Infrastructure Protection and Resilience 155 A Facility Security Level matrix, shown in Table 6-4, was developed and comprises five equally weighted security evaluation factors with corresponding points of 1, 2, 3, or 4 allocated for each factor. Recognizing that the criteria cannot capture all the circumstances that could be encoun- tered, the standard includes a sixth factor—intangibles—that allows consideration of factors unique to the facility. The current standards address six general areas of security and supply compliance require- ments for countermeasures in: • Site—Including the site perimeter, site access, exterior areas and assets, and parking; • Structure—Including structural hardening, façade, windows, and building systems; • Facility entrances—Including employee and visitor pedestrian entrances and exits, loading docks, and other openings in the building envelope; Source: AASHTO Blue Ribbon Panel on Bridge and Tunnel Security 2003. Table 6-3. Bridge and tunnel critical asset prioritization.

156 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies • Interior—Including space planning and security of specific interior spaces; • Security systems—Including intrusion detection, access control, and CCTV camera systems; and • Security operations and administration—Including planning, guard force operations, man- agement and decision-making, and mail handling and receiving. For natural hazards (e.g., earthquakes, floods, winds, grassland and forest fires) and building fire hazards (technological accidents), information is available in building codes, industry stan- dards, and FEMA guidelines. For constructed hazards, the ISC as well as other federal agencies have published a significant number of building security standards documents for federal facilities. Figure 6-3 presents a list of available information resources; in some cases a specific request for the documents must be made to the respective federal agency. The summary of standards and other building security guidelines suggests that the follow- ing potential areas of vulnerability should be reviewed for possible implementation of security countermeasures: Pedestrian entranceways; Vehicular access and circulation; Parking garages; Public toilets and service areas; Refuge collection sites; Loading docks; Shipping and receiving areas; Stairwells; Public corridors; Equipment and maintenance spaces; Source: Interagency Security Committee 2016. Table 6-4. Facility security level matrix.

Infrastructure Protection and Resilience 157 Mailrooms; Lobbies and waiting areas; Roofs; Water supply; Air intakes; Fuel storage areas; Utility feeds; Elevators; General office space; Dining facilities; and Retail areas; Computer room. In addition, the following systems or subsystems should be considered for protective measures: Mechanical; Engineering; Electrical; Ventilation; Fire protection; Communications; Emergency power; Structural; Lighting; Entry control; Physical security; Electronic security; and Information technology Command and control. The Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings, 2nd Edition (DHS 2011) provides an updated version of risk assessment techniques and a new concept of infrastructure resiliency, and identifies new protective measures and emerging technologies to protect the built environment. Source: TRB 2006c. Figure 6-3. Transportation tunnel types.

158 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies Transportation agencies have unique types of buildings and facilities that will demand atypi- cal vulnerability reduction solutions. For example, a toll facility on an Interstate highway will likely require an extensive level of structural hardening, shielding, stress-bearing systems, and anti-ram barriers to protect the toll plaza, collectors, and vehicle occupants from an explosives blast, or to mitigate its effects. Similarly, a transit or commuter train that enters the build- ing envelope of an underground train station creates risk vulnerability and exposure elements for building occupants through any number of different threat scenarios. As has been recom- mended throughout this text, agencies must specifically address such uniqueness in their operat- ing environment when making security improvements. Buildings such as warehouses, car shops, maintenance facilities, plants and industrial areas, dispatch centers and fuel depots all have the potential to demand specialized individual security countermeasures or solution sets. The DHS Science and Technology Directorate has produced the Building and Infrastruc- ture Protection Series: Designing Buildings to Withstand Almost Anything (2012), aimed at engi- neers, architects, building owners, city planners, and emergency managers. The series—seven documents, four software applications, one website, and one training course—makes available government, industry, and academic research on designs and materials to make buildings and tunnels terror-resistant and terror-resilient. Bridge and Tunnel Security The U.S. surface transportation sector is a vast and open series of roadways, skyways, tracks, rails, pedestrian walkways, bike paths, and other routes that facilitate the travel of people and goods throughout the country. These routes are connected and interconnected by a system of bridges and tunnels that are engineered to traverse difficult terrain or geography, shorten travel distances, or simply improve the journey of system users. While the infrastructure of the entire route is an important part of transportation agency security planning, bridges and tunnels by virtue of their engineering, placement, or cost often are among the agency’s most critical assets. Land-based bridges are also integral to the maritime sec- tor because they cross over the nation’s waterways, thereby affecting the movement of ships and other vessels particularly on inland rivers. Protecting bridges and tunnels can be complicated. Referring once again to the FHWA Recommendations for Bridge and Tunnel Security, Among the 600,000 bridges in the United States, preliminary studies indicate that there are approxi- mately 1,000 where substantial casualties, economic disruption, and other societal ramifications would result from isolated attacks. Additionally, the U.S. transportation system includes 337 highway tunnels and 211 transit tunnels; many are located beneath bodies of water, and many have limited alternative routes due to geographic constraints. Such a vast number of bridge and tunnel structures interspersed throughout the nation points out the difficulty associated with creating a workable security protection scheme, particularly when the remoteness, inaccessibility, and reduced visibility of many of these structures has been factored in. However, just looking at the extent of the assets makes the case that rigorous critical infrastructure identification processes are clearly justified. It is apparent that the security planning tasks in this regard are daunting, exacerbated by the fact that there are also various types of bridge or tunnel structures, each with engineering design characteristics that can be completely different one from the other. Goethals Bridge Example In June 2017 the new Goethals Bridge opened to traffic. The bridge has twin spans con- necting Staten Island, New York, and Elizabeth, New Jersey across the Arthur Kill strait. The original bridge, one of the first constructed by the Port Authority of New York and

Infrastructure Protection and Resilience 159 New Jersey (PANYNJ), was retired and incrementally demolished to make way for one of the two new spans. The replacement bridge constructed directly south of the original bridge provides three 12-foot-wide lanes in each direction (replacing the two narrow 10-foot-wide lanes), a 10-foot-wide sidewalk/bikeway along the northern edge of the New Jersey-bound roadway, and a central corridor between the eastbound and westbound roadway decks, suf- ficient to accommodate potential transit service. The new bridge provides improved safety and reliability by meeting current geometric design, structural integrity, and security and seismic standards. The bridge also meets post-Hurricane Sandy resilience recommenda- tions, such as raised approach roadways to prevent overtopping and installed fender systems to deflect debris. Goethals Bridge has CCTV surveillance, dynamic message signs, variable speed limit signs, vehicle detection, and lane-use control signals. State-of-the-art smart bridge technology pro- vides continuous electronic monitoring of bridge structures using a network of sensors at critical points to monitor traffic and structural integrity. The sensors can spot potentially serious problems before they might be apparent to an inspector, as well as help determine how the bridge behaves under heavy traffic, in severe weather conditions, and during other poten- tially hazardous situations. It utilizes roadway weather information systems, which collect environmental data such as wind speed, visibility, and pavement temperature. A traffic detec- tion system provides traffic alerts that allow emergency services to quickly plan a response for any incident. PANYNJ has a public website for the new bridge with several webcams that show multiple views of the project. FHWA’s 2015 Specifications for National Tunnel Inventory categorizes the multiple systems that contribute to the overall functionality and the safety of tunnels as follows: • Structural systems. These systems make up the primary structure of the tunnel or support its equipment and include the walls, roof, ceiling slabs, roof beams, portals, invert slabs, slabs on-grade, cross-passageways, equipment supports, joints, and gaskets. • Civil systems. These systems consist of the wearing surface, traffic barriers, and pedestrian railings. • Mechanical systems. These systems consist of the ventilation system, drainage system, emer- gency generator system, and flood gates. The ventilation and drainage systems contain fans, fan motors, pumps, pump motors, pump controllers, piping, and drains. The emergency generator system includes a generator, fuel storage tank, fuel day tanks, exhaust air louvers, damper actuator, generator control equipment, and conduits. • Electrical systems. These systems include the tunnel’s electrical distribution and emergency distribution systems. The electrical distribution system includes switchgear, motor control centers, starters, transformers, transfer switches, panel boards, conduits, raceways, and elec- trical outlets/receptacles. The emergency distribution system consists of uninterruptable power supply, batteries, and battery charging equipment. • Lighting systems. These systems include the tunnel and emergency lighting systems, both of which contain light fixtures, fixture supports, bulb housings, lenses, light switches, junction boxes, wiring, conduit, cable, sensors, and controllers. • Fire/life safety/security systems. These systems consist of fire detection, fire protection, emer- gency communication, and operations and security systems. Fire detection systems consist of control panels, initiating devices (heat and smoke detectors, pull-stations, etc.), notification appliances (strobes, horns, etc.), wiring, conduit, and cable. • Emergency communication systems include communication devices—intercom, public address, emergency override FM radio rebroadcast, private emergency radios, cell phones, receivers, wiring, exchange devices, signs, controllers, speakers, and audio input equipment.

160 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies • Tunnel operations and security systems include communication equipment—CCTV cameras, telephones, radios, etc. Figure 6-3 shows four types of transportation tunnels, each with unique engineering char- acteristics that likely would call for specific individual countermeasures or countermeasures solution sets. A discussion of bridge and tunnel security issues presents an excellent opportunity to further explain concepts of security strategy in terms of goals and objectives. In Making the Nation Safer: The Role of Science and Technology in Countering Terrorism (National Research Council 2002), several overarching goals for countering terrorism are identified: • Predict—Intelligence and surveillance of targets and means; • Prevent—Disrupt networks, contain threats; • Protect—Harden targets, immunize populations; • Interdict—Frustrate attacks, manage crisis; • Response and recovery—Mitigate damage, expedite cleanup; and • Attribute—Identify attacker to facilitate response. These overlapping goals have been drawn differently in other publications, e.g., “preven- tion, detection, deterrence, response and mitigation” or the four D’s—“deter, detect, deny, and defend.” Nonetheless, a significant part of the purpose and underlying message of these goals is that certain tactics can either prevent an attack against a given target, or positively influence the target selection of an aggressor, or perhaps disrupt such an attack in progress. In fact, because of the catastrophic potential that could result from a successful attack against some key bridge or tunnel assets, front-end efforts to defend against the loss can become an even higher priority. Vulnerability reduction countermeasures focused on the defense of bridges and tunnels should include visible signs of security, such as fencing, lights, surveillance systems, and rapid response by security forces. The objective is to present a potential adversary with a percep- tion that an attack will be unsuccessful or that the attacker will be captured. Perhaps more importantly, the absence of such visible signs of security may induce target selection by an adversary. The approaches to critical bridges or tunnels and the undetected opportunity time, or “time on target” that an aggressor can acquire, are factors that deserve thoughtful security planning. For example, the approach on both sides of a critical underwater tunnel portal entrance could be lined with high-security, anti-ram fencing for an extended distance—1/2 mile or so—to prevent vehicle breach. Lighting, audible alarms, surveillance, and intrusion detection systems could be deployed in tandem so that any attempted access to the portal on foot would require the aggres- sor to walk or run for an extended time just to reach a mission-sensitive location. Responding security forces or officers on directed patrol capable of disrupting or interdicting the attack would add a final layer of protection for the asset. Time on target has additional ramifications for bridge and tunnel security. For example, an aggressor with sufficient time can improve the payload and blast effect of an IED by attaching or even drilling into a bridge’s critical structural elements, such as cable anchors, box girders, and cable towers. Considering the requirement that transportation agencies must perform rigorous critical asset identification, a recommendation for extensive security countermeasures for bridges and tunnels is somewhat incongruous with the preceding discussion of the vast number of such assets in the United States. One additional recommendation—maximizing portability in bridge and tunnel security countermeasures deployment—may help overcome this security planning

Infrastructure Protection and Resilience 161 dilemma. By establishing one or more portable countermeasures such as deployable sensors, cameras, alarms and other perimeter protection devices, security designers can prioritize secu- rity equipment utilization through temporary placements at critical bridge or tunnel locations. A deployment of this type would serve as a temporary security force multiplier capable of alert- ing responders of a potential security breach. The placement decision would be based on threat information/intelligence or tactical or strategic considerations. NCHRP Report 816: Guide for the Preservation of Highway Tunnel Systems (TRB 2015b) pro- vides a list of actions: (1) assemble a catalog of highway tunnel preservation actions, (2) quantify the benefits of tunnel preservation actions, (3) provide decision-making tools to optimize tunnel preservation actions, and (4) develop a method to determine appropriate levels of funding and staffing to achieve agency-selected goals and performance measures. Rolling Stock and Vehicles Transportation vehicle security today comprises three main areas: (1) safety and protection of vehicle operators, (2) safety and protection of vehicle passengers or occupants, and (3) prevent- ing the use of the conveyance as a weapon of destruction. In the first area, major potential threats include: (1) improvised explosive devices, (2) armed assault against the driver or passengers, and (3) chemical, biological, or radiological attack. In addition, there have been known instances of counterfeit transportation vehicles used in drug trafficking and other criminal activities. Fake vehicles have been loaded with drugs for transport. Some states have found that criminal organizations have tried to place illegal substances under DOT vehicles left overnight to transport the substances. Motor coaches, vans, and buses in general are an attractive target (and sometimes weapon) of terrorists and criminals because of the ease with which these vehicles can penetrate security barriers and the large-scale damage they can inflict on people and infrastructure. The vehicles are plentiful and routinely arouse no suspicion given the access they have to structures and activity centers. The American Bus Association issued a member alert on vehicle ramming in August 2017. The vehicles may be obtained in a variety of ways, such as through an insider threat, where an authorized driver carries out or facilitates the attack, and by hijacking, where an attacker gains control of the vehicle by force. The TSA recommends vigilance and preparedness to prevent the use of commercial vehicles in terrorist attacks. Commercial vehicle owners and operators should alert their staff to possible theft or hijacking of vehicles by would-be attackers and emphasize the importance of reporting suspicious activities to appropriate authorities. WMDs assumed much greater importance post–9-11. There is still a need to protect against aggressors using their own vehicles, but also against the commandeering of a vehicle transport- ing hazardous loads or the conversion of a transportation agency’s own rolling stock. According to the FTA, lessons learned from prior events suggest that the following security strategies will help protect the vehicle fleet: • Limit the ability to place or hide explosives on or under vehicle; • Improve the ability to see into and out of vehicle; • Reduce the damage that would result from an explosion; • Reduce the damage that would result from a fire; • Reduce the damage that would result from contaminants;

162 Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies • Enhance emergency egress through doors and windows; • Protect the driver from physical threat; • Network the vehicle with the Operation Control Center; • Enable communications between the vehicle operator and passengers; and • Secure the vehicle from theft and unauthorized operations. These issues have been well recognized by transportation agencies and homeland security professionals from government and industry, who have sought ways to improve the security of conveyances in transit or when housed at facilities.

Next: Chapter 7 - Homeland Security Laws, Directives, and Guidance »
Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Since 2009, when NCHRP's last Security 101 report was released, there have been significant advances in transportation security approaches, including new strategies, programs, and ways of doing business that have increased the security of transportation systems as well as ensured their resiliency.

Hazards and threats to the system have also continued to evolve since 2009. While the incidence of large-scale terrorist attacks has remained small, transportation agencies are at increasingly greater risk from system-disrupting events due to natural causes, unintentional human intervention, and intentional criminal acts, such as active-shooter incidents. Cyber risks also are increasing and can impact not only data, but the control systems—like tunnel-ventilation systems—operated by transportation agencies.>

The TRB National Cooperative Highway Research Program's NCHRP Research Report 930: Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies provides valuable information about current and accepted practices associated with both physical and cyber security and its applicability to surface transportation.

The report is accompanied by a PowerPoint for the project and NCHRP Web-Only Document 266: Developing a Physical and Cyber Security Primer for Transportation Agencies.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!