Developing a Physical and Cyber Security Primer for Transportation Agencies (2020)

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

179 Appendix D Glossary GLOSSARY OF TERMS Aberration Any inherent deficiency of a lens or optical system. Aberrations are responsible for imperfections in shape or sharpness of the image. Abnormal user Persons whom you do not desire to be in a certain space. Absolute risk The proportion of a population expected to get a disease over a specified time period. See also risk, relative risk. Absorbed dose The amount of energy deposited by ionizing radiation in a unit mass of tissue. It is expressed in units of joule per kilogram (J/kg), and called “gray” (Gy). Acceptable risk The level of Residual Risk that has been determined to be a reasonable level of potential loss/disruption for a specific system. Access control Any combination of barriers, gates, electronic security equipment, and/or guards that can deny entry to unauthorized personnel or vehicles. Access control mechanism Security measures designed to detect and deny unauthorized access and permit authorized access to an information system or a physical facility. (Adapted from CNSSI 4009) Access control methods and technologies Used to identify and control access to a defined area. Used in conjunction with intrusion detection systems to control nuisance alarms. Access control point (ACP) A station at an entrance to a building or a portion of a building where identification is checked, and people and hand-carried items are searched. Access control system (ACS) Also referred to as an Electronic Entry Control Systems; an electronic system that controls entry and egress from a building or area. Access control system elements Detection measures used to control vehicle or personnel entry into a protected area. Access Control System elements include locks, Electronic Entry Control Systems, and guards. Access control The process of granting or denying specific requests for or attempts to: 1) obtain and use information and related information processing services; and 2) enter specific physical facilities. (CNSSI 4009)

180 Access controls Procedures and controls that limit or detect access to minimum essential infrastructure resource elements (e.g., people, technology, applications, data, and/or facilities), thereby protecting these resources against loss of integrity, confidentiality, accountability, and/or availability. Access group A software configuration of an Access Control System that groups together access points or authorized users for easier arrangement and maintenance of the system. Access road Any roadway such as a maintenance, delivery, service, emergency, or other special limited use road that is necessary for the operation of a building or structure. Access The ability and means to communicate with or otherwise interact with a system, to use system resources to handle information, to gain knowledge of the information the system contains, or to control system components and functions. (CNSSI 4009) Accessibility The quality of being assessable; that which may be approached or entered. Accessible Having the legally required features and/or qualities that ensure easy entrance, participation, and usability of places, programs, services, and activities by individuals with a wide variety of disabilities. Accident notification threshold The oversight agency must require the rail transit agency to notify the oversight agency within two (2) hours of any incident involving a rail transit vehicle or taking place on rail transit-controlled property where one or more of the following occurs: 1. A fatality at the scene; or where an individual is confirmed dead within thirty (30) days of a rail transit-related incident; 2. Injuries requiring immediate medical attention away from the scene for two or more individuals; 3. Property damage to rail transit vehicles, non-rail transit vehicles, other rail transit property or facilities and non-transit property that equals or exceeds $25,000; 4. An evacuation due to life safety reasons; 5. A collision at a grade crossing; 6. A main-line derailment; 7. A collision with an individual on a rail right-of-way; or 8. A collision between a rail transit vehicle and a second rail transit vehicle, or a rail transit non-revenue vehicle. Accountability The explicit assignment of responsibilities for oversight of areas of control to executives, managers, staff, owners, providers, and users of minimum essential infrastructure resource elements. Acoustic eavesdropping The use of listening devices to monitor voice communications or other audibly transmitted information with the objective to compromise information. Acquisition procedures Used to obtain resources to support operational requirements. Active aggressor An individual actively engaged in killing or attempting to kill people in a confined and populated area through the use of firearms, vehicles, straight-edged blades or knives, homemade explosives, and other deadly weapons.

181 Active attack An actual assault perpetrated by an intentional threat source that attempts to alter a system, its resources, its data, or its operations. Active content Software that is able to automatically carry out or trigger actions without the explicit intervention of a user. (Adapted from CNSSI 4009) Active detector An active detector is, in general, a device that generates and emits energy for illuminating the portal region of the detector. For the walk-through metal detector, the emitted energy is in the form of a magnetic field. The interaction of the emitted magnetic field with certain types of objects in the portal region of the detector and the ability to detect this interaction is the basis of operation for walk-through metal detectors. Active illumination Illumination that is generated by electrical energy. Active incident Synonymous with an attack, something has in fact happened and lives and property are at risk. Active shooter An individual actively engaged in killing or attempting to kill people in a confined and populated area, typically through the use of firearms. Active vehicle barrier An impediment placed at an access control point that may be manually or automatically deployed in response to detection of a threat. Activity (radioactivity) The rate of decay of radioactive material expressed as the number of atoms breaking down per second measured in units called becquerels or curies. Acute exposure An exposure to radiation that occurred in a matter of minutes rather than in longer, continuing exposure over a period time. See also chronic exposure, exposure, fractionated exposure. Acute radiation syndrome (ARS) A serious illness caused by receiving a dose greater than 50 rads of penetrating radiation to the body in a short time (usually minutes). The earliest symptoms are nausea, fatigue, vomiting, and diarrhea. Hair loss, bleeding, swelling of the mouth and throat, and general loss of energy may follow. If the exposure has been approximately 1,000 rads or more, death may occur within 2 – 4 weeks. Advanced persistent threat (APT) An adversary that possesses sophisticated levels of expertise and significant resources, which allow it to create opportunities to achieve its objectives by using multiple attack vectors (e.g., cyber, physical, and deception). The intention of an APT may be to steal data, or to cause damage to the network or organization, or to plant attack capabilities for future activation. Stuxnet is an example of an ATP. (NIST SP 800-53 Rev 4) Adversary Any individual, group, organization or government that conducts activities, or has the intention and capability to conduct activities detrimental to critical assets.

182 Aerosol Fine liquid or solid particles suspended in a gas (e.g., fog or smoke). After action report A report covering response actions, application of emergency management, modifications to plans and procedures, training needs, and recovery activities. After Action Reports are required under emergency management plans after any incident which requires a declaration of an emergency. Reports are required within 90 days. The AAR summarizes key exercise-related evaluation information, including the exercise overview and analysis of objectives and core capabilities. The AAR is usually developed in conjunction with an improvement plan. Agency (Incident Command Systems) A division of government with a specific function offering a particular kind of assistance. In ICS, agencies are defined either as jurisdictional (having statutory responsibility for incident management) or as assisting or cooperating (providing resources or other assistance). Agency administrator/ executive The official responsible for administering policy for an agency or jurisdiction, having full authority for making decisions and providing direction to the management organization for an incident. Agency dispatch The agency or jurisdictional facility from which resources are sent to incidents. Agency representative A person assigned by a primary, assisting, or cooperating federal, state, tribal, or local government agency or private organization that has been delegated authority to make decisions affecting that agency’s or organization’s participation in incident management activities following appropriate consultation with the leadership of that agency. Aggressor Any person seeking to compromise a function or structure. Air burst A nuclear weapon explosion that is high enough in the air to keep the fireball from touching the ground. Because the fireball does not reach the ground and does not pick up any surface material, the radioactivity in the fallout from an air burst is relatively insignificant compared with a surface burst. Air gap To physically separate or isolate a system from other systems or networks (verb). The physical separation or isolation of a system from other systems or networks (noun). Airborne contamination Chemical or biological agents introduced into and fouling the source of supply of breathing or conditioning air. Airlock A building entry configuration with which airflow from the outside can be prevented from entering a toxic-free area. An airlock uses two doors, only one of which can be opened at a time, and a blower system to maintain positive air pressures and purge contaminated air from the airlock before the second door is opened.

183 Alarm assessment Verification and evaluation of an alarm alert through the use of closed-circuit television or human observation. Systems used for alarm assessment are designed to respond rapidly, automatically, and predictably to the receipt of alarms at the security center. Alarm indication A signal to warn of the detection of a metal object. The indication can be visual and/or auditory. Alarm indicator The device used to generate the alarm indication. For a visual indication, the alarm generating device can be a light bulb, lamp, light emitting diode, etc. For an auditory indication, the alarm generating device can be a horn, siren, buzzer, etc. Alarm printers Alarm printers provide a hard copy of all alarm events and system activity, as well as limited backup in case the visual display fails. Alarm priority A hierarchy of alarms by order of importance. This is often used in larger systems to give priority to alarms with greater importance. All−hazards Any incident, natural or man-made, that warrants action to protect life, property, environment, public health or safety, and minimize disruptions of government, social, or economic activities. All-hazards preparedness Refers to preparedness for domestic terrorist attacks, major disasters, and other emergencies. (HSPD-8) Allocated resources Resources dispatched to an incident. Alpha particle The nucleus of a helium atom, made up of two neutrons and two protons with a charge of +2. Certain radioactive nuclei emit alpha particles. Alpha particles generally carry more energy than gamma or beta particles, and deposit that energy very quickly while passing through tissue. Alpha particles can be stopped by a thin layer of light material, such as a sheet of paper, and cannot penetrate the outer, dead layer of skin. Therefore, they do not damage living tissue when outside the body. When alpha-emitting atoms are inhaled or swallowed, however, they are especially damaging because they transfer relatively large amounts of ionizing energy to living cells. See also beta particle, gamma ray, neutron, x-ray. Alternate worksite A work location, other than the primary location, to be used when the primary location is not accessible. Alternative security program A third-party or industrial-organization-developed standard that the commandant has determined provides an equivalent level of security to that established by current federal and U.S. Coast Guard regulations. Ambient air The air that surrounds us.

184 Americium (Am) A silvery metal; it is a man-made element whose isotopes Am-237 through Am-246 are all radioactive. Am-241 is formed spontaneously by the beta decay of plutonium-241. Trace quantities of americium are widely used in smoke detectors, and as neutron sources in neutron moisture gauges. Analytical risk management (ARM) The process of selecting and implementing security countermeasures to achieve an acceptable level of risk at an acceptable cost. Annunciation A visual, audible, or other indication by a security system of a condition. Antispyware software A program that specializes in detecting and blocking or removing forms of spyware. Anti-terrorism (AT) Defensive measures used to reduce the vulnerability of individuals, forces, and property to terrorist acts. Antivirus software A program that monitors a computer or network to detect or identify major types of malicious code and to prevent or contain malware incidents. Sometimes by removing or neutralizing the malicious code. (Adapted from NCSD Glossary) Applied police research Research that results in findings that have a practical application for a police agency. Approved Acceptable to the authority having jurisdiction. Area command An organization established to oversee the management of multiple incidents that are each being handled by a separate ICS organization or to oversee the management of a very large or evolving incident that has multiple incident management teams engaged. An agency administrator/executive or other public official with jurisdictional responsibility for the incident usually makes the decision to establish an area command. An area command is activated only if necessary, depending on the complexity of the incident and incident management span−of−control considerations. Area command (Unified area command) An organization established (1) to oversee the management of multiple incidents that are each being handled by an ICS organization or (2) to oversee the management of large or multiple incidents to which several incident management teams have been assigned. Area command has the responsibility to set overall strategy and priorities, allocate critical resources according to priorities, ensure that incidents are properly managed, and ensure that objectives are met and strategies followed. Area command becomes unified area command when incidents are multijurisdictional. Area command may be established at an emergency operations center facility or at some location other than an incident command post. Area lighting Lighting that illuminates a large exterior area.

185 Area Maritime Security Committee The committee established to assist and advise in the development, review, and update of the area maritime security plan for its Captain of the Port zone. Area of responsibility A Coast Guard area, district, marine inspection zone, or Captain of the Port zone. Area sensor Used to monitor a physical surface area such as a floor, outdoor ground area, etc. Ranging from as simple as a pressure mat, to as complex as a buried field sensor. Distinction between Area and Volume sensors are sometimes limited. Areas of potential compromise Categories where losses can occur that will affect either a department’s or an agency’s minimum essential infrastructure and its ability to conduct core functions and activities. Areas of rescue Assistance or areas of refuge spaces where persons unable to use stairs can call for and await evacuation assistance from emergency personnel assets personnel, mission-essential equipment, and facilities. Armed As used in this guideline, armed refers to a private security officer who is equipped with a weapon (firearm), such as a pistol or rifle, from which a shot is discharged. Armed threat or attack Refers to an individual(s) having, threatening, or using a personal deadly weapon such as a firearm, knife, baseball bat, or other personal weapon that can be carried or concealed by a person. Armored car company A company which, for itself or under contract with another, transports currency, securities, valuables, jewelry, food stamps, or any other item that requires secured and insured delivery from one place to another with armed personnel. Armored car personnel An armed employee of an armored car company who is engaged exclusively by that company and is liable for the safe transportation, care, and custody of valuables. Arrest The taking or keeping of a person in custody by legal authority, especially in response to a criminal charge; specifically, the apprehension of someone for the purpose of securing the administration of the law, especially of bringing that person before a court. Assess Refers to the action of a transit agency employee determining if an observed situation constitutes criminal or terrorist preliminary activities, or poses potential or real danger to the transit agency’s facilities, themselves, passengers/patrons, and anyone else in the vicinity. Assessment The evaluation and interpretation of measurements and other information to provide a basis for decision making.

186 Assessment system elements Detection measures used to assist guards in visual verification of Intrusion Detection System Alarms and Access Control System functions and to assist in visual detection by guards. Assessment System elements include closed-circuit television and protective lighting. Asset 1 An asset is any person, facility, material, information, or activity that has a positive value to the Transportation Systems Sector. The asset may have value to an adversary, as well as an owner, although the nature and magnitude of those values may differ. Assets may be categorized in many ways, including people, information, equipment, facilities, and activities or operations. Asset 2 A resource of value requiring protection. An asset can be tangible (e.g., people, buildings, facilities, equipment, activities, operations, and information) or intangible (e.g., processes or a company’s information and reputation). Asset protection Security program designed to protect personnel, facilities, and equipment, in all locations and situations, accomplished through planned and integrated application of combating terrorism, physical security, operations security, and personal protective services, and supported by intelligence, counterintelligence, and other security programs. Asset value The degree of debilitating impact that would be caused by the incapacity or destruction of an asset. Assets People, information, and property for which the public transportation system is responsible as legal owner, employer, or service provider. Assets (Critical) A sub-category of assets whose loss has the greatest consequences for people and the ability of the system to sustain service. These assets may require higher or special protection. Assigned resources Resources checked in and assigned work tasks on an incident. Assignments Tasks given to resources to perform within a given operational period that are based on operational objectives defined in the Incident Action Plan (IAP). Assistant Title for subordinates of principal Command Staff positions. The title indicates a level of technical capability, qualifications, and responsibility subordinate to the primary positions. Assistants may also be assigned to unit leaders. Assisting agency An agency or organization providing personnel, services, or other resources to the agency with direct responsibility for incident management. See Supporting Agency. Assurance The confidence that may be held in the security provided by a system, product or process (eenvoy). Attack 1 A hostile action resulting in the destruction, injury, or death to the civilian population, or damage or destruction to public and private property.

187 Attack 2 Sabotage or the use of bombs, chemical or biological agents, nuclear or radiological materials, or armed assault with firearms or other weapons by a terrorist or quasi-terrorist actor that cause or may cause substantial damage or injury to persons or property in any manner. Attack 3 A discrete malicious action of debilitating intent inflicted by one entity upon another. A threat might attack a critical infrastructure to destroy or incapacitate it. Attack method or attack mode The manner or technique and means an adversary may use in an assault on information or an information system.(Adapted from DHS Risk Lexicon, NCSD Glossary) Attack path The steps that an adversary takes or may take to plan, prepare for, and execute an attack. (Adapted from DHS Risk Lexicon, NCSD Glossary) Attack pattern Similar cyber events or behaviors that may indicate an attack has occurred or is occurring, resulting in a security violation or a potential security violation. For software, descriptions of common methods for exploiting software systems. Attack signature A characteristic or distinctive pattern that can be searched for or that can be used in matching to previously identified attacks. An automated set of rules for identifying a potential threat (such as an exploit or the presence of an attacker tool) and possible responses to that threat. (Adapted from NCSD Glossary, CNSSI 4009, ISSG V1.2 Database) Attack surface The set of ways in which an adversary can enter a system and potentially cause damage. Attack or cyber attack An attempt to gain unauthorized access to system services, resources, or information, or an attempt to compromise system integrity. The intentional act of attempting to bypass one or more security services or controls of an information system. (NCSD Glossary. NTSSI 4009 (2000), CNSSI 4009) Audible alarm device An alarm device that produces an audible announcement (e.g., bell, horn, siren, etc.) of an alarm condition. Audit 1 An evaluation of a security assessment or security plan—performed by the owner or operator, the owner or operator’s designee, or an approved third party—intended to identify deficiencies, non-conformities, and/or inadequacies that would render the assessment or plan insufficient. Audit 2 The process of reviewing and evaluating compliance with applicable directives and regulations and/or the examination of records or accounts to check their accuracy. Authentication The process of verifying the identity or other attributes of an entity (user, process, or device).

188 Authenticity A property achieved through cryptographic methods of being genuine and being able to be verified and trusted, resulting in confidence in the validity of a transmission, information or a message, or sender of information or a message. (Adapted from CNSSI 4009, NIST SP 800-53 Rev 4) Authority having jurisdiction (AHJ) An organization, office, or individual responsible for enforcing the requirements of a code or standard, or for approving equipment, materials, an installation, or a procedure. Authorization A process of determining, by evaluating applicable access control information, whether a subject is allowed to have the specified types of access to a particular resource. The process or act of granting access privileges or the access privileges as granted. (OASIS SAML Glossary 2.0; Adapted from CNSSI 4009) Auto equivalent units (AEUs) A commonly used measurement to determine auto-deck capacity to keep the vessel balanced. The measurement is based on the space that a boarding vehicle occupies compared with the space of a standard vehicle to determine weight constraints for vehicle ferries. Auto-Iris Lens A lens with an electronically controlled iris. This allows the lens to maintain one light level throughout varying light conditions. Automatic identification system (AIS) A shipboard broadcast system that acts like a transponder, operates in the VHF maritime band, is capable of handling thousands of reports per minute, and updates as often as every 2 seconds. Availability The ability to have access to mission-essential infrastructure resource elements when required by the mission and core supporting processes. Availability The property of being accessible and usable upon demand. In cybersecurity, applies to assets such as information or information systems. (Adapted from CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542) Available resources Resources assigned to an incident, checked in, and available for a mission assignment, normally located in a Staging Area. Backdoor An undocumented way of gaining access to a computer system. A backdoor is a potential security risk. Background radiation Ionizing radiation from natural sources, such as terrestrial radiation due to radionuclides in the soil or cosmic radiation originating in outer space. Background screening An inquiry into the history and behaviors of an individual under consideration for employment, credit, access to sensitive assets (such as national defense information), and other reasons.

189 Background verification/check The process of checking an individual’s character, general reputation, personal characteristics, or mode of living for consideration of employment, promotion, access to sensitive assets (such as national information), or for continued employment. Elements of a background verification/check can vary widely, and may include information from credit bureaus, courts records repositories, departments of motor vehicles, past or present employers and educational institutions, governmental occupational licensing or registration entities, business or personal references, and any other source required to verify information that was voluntarily supplied. Badging Based on credentialing and resource ordering, provides incident−specific credentials and can be used to limit access to various incident sites. Balance pressure switch An IDS sensor that alarms when subjected to a pressure differential. Balanced magnetic switch A door position switch utilizing a reed switch held in a balanced or center position by interacting magnetic fields when not in alarm condition. Ballistics attack An attack in which small arms (e.g., pistols, submachine guns, shotguns, and rifles) are fired from a distance and rely on the flight of the projectile to damage the target. Barbed tape or concertina A coiled tape or coil of wires with wire barbs or blades deployed as an obstacle to human trespass or entry into an area. Barbed wire A double strand of wire with four-point barbs equally spaced along the wire deployed as an obstacle to human trespass or entry into an area. Barcode A black bar printed on white paper or tape that can be easily read with an optical scanner. Barrier sensors Used to monitor a physical barrier - fence, wall, roof, window, etc. Base The location at which primary logistics functions for an incident are coordinated and administered. There is only one Base per incident. (Incident name or other designator will be added to the term Base.) The Incident Command Post may be co−located with the Base. Base measure See Baseline. Baseline A starting point used in research and identified prior to experimentation as a point of comparison with data after experimental variables are introduced. Batch process A process that leads to the production of finite quantities of material by subjecting quantities of input materials to an ordered set of processing activities over a finite time using one or more pieces of equipment. (ANSI/ISA-88.01-1995) Becquerel (Bq) The amount of a radioactive material that will undergo one decay (disintegration) per second.

190 Behavior monitoring Observing activities of users, information systems, and processes and measuring the activities against organizational policies and rule, baselines of normal activity, thresholds, and trends. Benefit Amount of risk reduction based on the overall effectiveness of countermeasures with respect to the assessed vulnerabilities (ARM) Beta particles Electrons ejected from the nucleus of a decaying atom. Although they can be stopped by a thin sheet of aluminum, beta particles can penetrate the dead skin layer, potentially causing burns. They can pose a serious direct or external radiation threat and can be lethal depending on the amount received. They also pose a serious internal radiation threat if beta-emitting atoms are ingested or inhaled. See also alpha particle, gamma ray, neutron, x-ray. Binary sensor An IDS sensing device that has only two states - open or closed, which is used to annunciate alarms. Example = BMS Bioassay An assessment of radioactive materials that may be present inside a person’s body through analysis of the person’s blood, urine, feces, or sweat. Biological agents Living organisms or the materials derived from them that cause disease in or harm to humans, animals, or plants or cause deterioration of material. Biological agents may be used as liquid droplets, aerosols, or dry powders. Biological effects of ionizing radiation (BEIR) reports Reports of the National Research Council's committee on the Biological Effects of Ionizing Radiation. Biometric The utilization of a personal biometric trait to identify a user to ACS and IDS systems. Examples are fingerprints, iris scans, retinal scans, hand geometry. Biometric reader A device that gathers and analyzes biometric features. Biometrics The use of physical characteristics of the human body as a unique identification method. Blacklist A list of entities that are blocked or denied privileges or access. Blast curtains Heavy curtains made of blast-resistant materials that could protect the occupants of a room from flying debris. Blast vulnerability envelope The geographical area in which an explosive device will cause damage to assets. Blast-resistant glazing Window opening glazing that is resistant to blast effects because of the interrelated function of the frame and glazing material properties frequently dependent upon tempered glass, polycarbonate, or laminated glazing.

191 Blower door assembly A calibrated device that measures the airflow rate into the facility during pressurization and out of the facility during depressurization BMS balance magnetic switch A set of contacts and magnets used to annunciate the opening / closing of door, window, or other device. Replaces magnetic position switches that are easily defeated and bypassed. Bollard A vehicle barrier consisting of a cylinder, usually made of steel and sometimes filled with concrete, placed on end in the ground and spaced about 3 feet apart to prevent vehicles from passing, but allowing entrance of pedestrians and bicycles. Bomb A device capable of producing damage to material and injury or death to personnel when detonated or ignited. Bombs are classified as explosive or incendiary. Bomb incident Involves any occurrence concerning the detonation/ignition of a bomb, the discovery of a bomb, or execution of a bomb threat. Bomb threat A message delivered by any means and the message may or may not: specify location of the bomb, include the time for detonation/ignition, and contain an ultimatum related to the detonation/ignitor or concealment of the bomb. Bot master or bot herder The controller of a botnet that, from a remote location, provides direction to the compromised computers in the botnet. Bot A computer connected to the Internet that has been surreptitiously / secretly compromised with malicious logic to perform activities under remote the command and control of a remote administrator. A member of a larger collection of compromised computers known as a botnet. Botnet A network of computers that have been penetrated, compromised, and programmed to operate on the commands of an unauthorized remote user, usually without the knowledge of their owners or operators. The network of “robot” computers can then be manipulated by the remote actor to commit attacks on other systems. The computers on botnets are frequently referred to as “zombies” and are often employed in digital denial of service attacks. Boundary penetration sensor An interior intrusion detection sensor that detects attempts by individuals to penetrate or enter a building. Branch The organizational level having functional or geographical responsibility for major aspects of incident operations. A Branch is organizationally situated between the Section chief and the division or group in the operations section, and between the section and units in the logistics section. Branches are identified by the use of roman numerals or by functional area.

192 Breach of security An incident that has not resulted in a transportation security incident because security measures have been circumvented, eluded, or violated. Breakwire An IDS sensor that alarms an IDS when a wire or other cable is broken. Broadcast Transmission to all devices in a network without any acknowledgment by the receivers. (IEC/PAS 62410) Buffer Overflow A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. Adversaries exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system. Bug An unexpected and relatively small defect, fault, flaw, or imperfection in an information system or device. (NCSD Glossary) Build Security In A set of principles, practices, and tools to design, develop, and evolve information systems and software that enhance resistance to vulnerabilities, flaws, and attacks. Building hardening 1 Enhanced conventional construction that mitigates threat hazards where standoff distance is limited. Building hardening may also be considered to include the prohibition of certain building materials and construction techniques. Building hardening 2 Enhanced construction that reduces vulnerability to external blast and ballistic attacks. Building separation The distance between closest points on the exterior walls of adjacent buildings or structures. Building/facility elements One of the three cost types that define the building/facility component of the detailed cost-accounting framework: building/facility elements; building/facility site work; non-elemental. The building/facility elements cost type is associated with the elemental classification UNIFORMAT II. Business continuity A comprehensive managed effort to prioritize key business processes, identify significant threats to normal operation, and plan mitigation strategies to ensure effective and efficient organizational response to the challenges that surface during and after a crisis. Business continuity program (BCP) An ongoing process supported by senior management and funded to ensure that the necessary steps are taken to identify the impact of potential losses, maintain viable recovery strategies and recovery plans, and ensure continuity services through personnel training, plan testing, and maintenance. Business impact analysis (BIA) A management level financial analysis that identifies the impacts of losing an organization’s resources. The analysis measures the effect of resource loss and escalating losses over time in order to provide reliable data upon which to base decisions on mitigation, recovery, and business continuity strategies. C2 Command & Control

193 C3 Command, Control, & Communications C4 Command, Control, Communications, Computers & Integration - Military term to define an integrated system for overall control and operation of a complex operation Cable barrier Cable or wire rope anchored to and suspended off the ground or attached to chain-link fence to act as a barrier to moving vehicles. Cache A predetermined complement of tools, equipment, and/or supplies stored in a designated location, available for incident use. Camera Format The approximate size of a camera image pickup device. This measurement is derived from the diagonal line of a chip or the diameter of the tube. Currently there are five format sizes in the CCTV industry. Capabilities assessment A formal evaluation, conducted by the public transportation system, to identify the status of its security and emergency preparedness activities. This activity enables the system to determine its existing capacity to: ⇒ Reduce the threat of crime and other intentional acts ⇒ Recognize, mitigate, and resolve incidents that occur in service and on system property ⇒ Reduce the threat of crime and other intentional acts ⇒ Protect passengers, employees, emergency responders, and the environment during emergency operations ⇒ Support community response to a major event. Capability The ability of a suitably organized, trained, and equipped entity to address, penetrate, or alter systems and/or to disrupt, deny or destroy all or part of a critical infrastructure (CIAO) A measure of the degree to which a system is able to satisfy its performance objectives. Capacitance An IDS sensor technology that measures the disturbance of a capacitive field setup to protect fixed objects. Capacitance sensor A device that detects an intruder approaching or touching a metal object by sensing a change in capacitance between the object and the ground. Captain of the Port (COTP) The local officer exercising authority for the Captain of the Port zones. The COTP is the maritime security coordinator and the port facility security officer. Carcinogen A cancer-causing substance. Card reader A device that gathers or reads information when a card is presented as an identification method. Cat5 Category 5 cable includes four twisted pairs in a single cable jacket. This use of balanced lines helps preserve a high signal-to-noise ratio despite interference from both external sources and other pairs (this latter form of interference is called crosstalk). It is most commonly used for 100 Mbit/s networks, such as 100BASE- TX Ethernet.

194 Catamaran A vessel with twin hulls and usually a deck or superstructure connecting the hulls. Categorizing resources Resources are organized by category, kind, and type, including size, capacity, capability, skill, and other characteristics. This makes the resource ordering and dispatch process within and across organizations and agencies, and between governmental and nongovernmental entities, more efficient, and ensures that the resources received are appropriate to their needs. CATS Consequence Assessment Tool Set Causation The ability of one event to create or control another event. CBR event An airborne release involving a CBR agent and caused by an industrial accident or an intentional release either external or internal to the facility CCTV pan-tilt-zoom camera (PTZ) A CCTV camera that can move side to side, up and down, and zoom in or out. CCTV pan-tilt-zoom control The method of controlling the PTZ functions of a camera. CCTV pan-tilt-zoom controller The operator interface for performing PTZ control. CCTV switcher A piece of equipment capable of presenting multiple video images to various monitors, recorders, etc. Certified K9 A K9 team meeting the performance standards of the police department, contracting agency, or recognized professional association, as evaluated by a qualified service dog expert. Certifying personnel Personnel certification entails authoritatively attesting that individuals meet professional standards for the training, experience, and performance required for key incident management functions. Chain of Command 1 A series of command, control, in hierarchical order of authority, executive, or management positions. Chain of Command 2 The orderly line of authority within the ranks of the incident management organization. Chain reaction A process that initiates its own repetition. In a fission chain reaction, a fissile nucleus absorbs a neutron and fissions (splits) spontaneously, releasing additional neutrons. These, in turn, can be absorbed by other fissile nuclei, releasing still more neutrons. A fission chain reaction is self-sustaining when the number of neutrons released in a given time equals or exceeds the number of neutrons lost by absorption in non- fissile material or by escape from the system. Check-In 1 All responders, regardless of agency affiliation, must report in to receive an assignment in accordance with the procedures established by the IC.

195 Check-In 2 The process through which resources first report to an incident. Check-in locations include the incident command post, Resources Unit, incident base, camps, staging areas, or directly on the site. Chemical agent A chemical substance that is intended to kill, seriously injure, or incapacitate people through physiological effects. Generally separated by severity of effect (e.g., lethal, blister, and incapacitating). Chief The ICS title for individuals responsible for management of functional sections: operations, planning, logistics, finance/administration, and intelligence (if established as a separate section). Chimney effect Air movement in a building between floors caused by differential air temperature (differences in density), between the air inside and outside the building. It occurs in vertical shafts, such as elevators, stairwells, and conduit/wiring/piping chases. Hotter air inside the building will rise and be replaced by infiltration with colder outside air through the lower portions of the building. Conversely, reversing the temperature will reverse the flow (down the chimney). Also known as stack effect. Chronic exposure Exposure to a substance over a long period of time, possibly resulting in adverse health effects. See also acute exposure, fractionated exposure. Circulator service A ferry service on a fixed route without a fixed schedule. Clear zone An area that is clear of visual obstructions and landscape materials that could conceal a threat or perpetrator. Closed-circuit television (CCTV) An electronic system of cameras, control equipment, recorders, and related apparatus used for surveillance or alarm assessment. Cloud computing A model for enabling on-demand network access to a shared pool of configurable computing capabilities or resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. (Adapted from CNSSI 4009, NIST SP 800-145) Coastal Pertaining to services providing intercity and interisland trips on saltwater and large freshwater lakes. Travel times range from 1 hour to 1 day. Service frequency often ranges from daily to weekly. Cobalt (Co) Gray, hard, magnetic, and somewhat malleable metal. Cobalt is relatively rare and generally obtained as a by-product of other metals, such as copper. Its most common radioisotope, cobalt-60 (Co-60), is used in radiography and medical applications. Cobalt-60 emits beta particles and gamma rays during radioactive decay.

196 Codec A device or program capable of performing encoding and decoding on a digital data stream or signal. The word codec may be a combination of any of the following: 'Compressor-De-compressor', 'Coder- Decoder', or 'Compression/Decompression algorithm'. Coding Assigning numbers to types of data so that they can be readily tabulated. Collateral damage Injury to personnel or damage to buildings that are not the primary target of an attack. Collaterally protected construction Construction that provides protection against near-miss detonations of large general purpose military bombs. Collective dose The estimated dose for an area or region multiplied by the estimated population in that area or region. For more information, see “Primer on Radiation Measurement” at the end of this document. Collective protection Provision of a contaminant-free area where personnel can function without individual protective equipment such as a mask and protective garments Combating terrorism The full range of federal programs and activities applied against terrorism, domestically and abroad, regardless of the source or motive. Command The act of directing, and/or controlling resources at an incident by virtue of explicit legal, agency, or delegated authority. May also refer to the incident commander. Command post (See Incident Command Post) Command staff In an incident management organization, the command staff consists of the incident command and the special staff positions of public information officer, safety officer, liaison officer, and other positions as required, who report directly to the incident commander. They may have an assistant or assistants, as needed. Commandant (i.e., head) of the U.S. Coast Guard. Committed dose A dose that accounts for continuing exposures expected to be received over a long period of time (such as 30, 50, or 70 years) from radioactive materials that were deposited inside the body. For more information, see “Primer on Radiation Measurement” at the end of this document. Common operating picture 1 A broad view of the overall situation as reflected by situation reports, aerial photography, and other information or intelligence. Common operating picture 2 Offers an overview of an incident thereby providing incident information enabling the IC/UC and any supporting agencies and organizations to make effective, consistent, and timely decisions.

197 Common terminology Normally used words and phrases—avoids the use of different words/phrases for same concepts, consistency, to allow diverse incident management and support organizations to work together across a wide variety of incident management functions and hazard scenarios. Communications Process of transmission of information through verbal, written, or symbolic means. Communications router A communications device that transfers messages between two networks. Common uses for routers include connecting a LAN to a WAN, and connecting MTUs and RTUs to a long-distance network medium for SCADA communication. Communications unit An organizational unit in the logistics section responsible for providing communication services at an incident or an EOC. A Communications unit may also be a facility (e.g., a trailer or mobile van) used to support an incident communications center. Communications/disp atch center Agency or interagency dispatcher centers, 911 call centers, emergency control or command dispatch centers, or any naming convention given to the facility and staff that handles emergency calls from the public and communication with emergency management/response personnel. Center can serve as a primary coordination and support element of the MACS for an incident until other elements of MACS are formally established. Community A political entity that has the authority to adopt and enforce laws and ordinances for the area under its jurisdiction. In most cases, the community is an incorporated town, city, township, village, or unincorporated area of a county; however, each state defines its own political subdivisions and forms of government. Commuter rail urban Passenger train service for short-distance travel between a central city and adjacent suburbs. Commuter rail does not include heavy rail or light rail service. Components and cladding Elements of the building envelope that do not qualify as part of the main wind-force resisting system. Computer-based training Any training that uses a computer as the focal point of instructional delivery. Training is provided through the use of computer hardware and software that guides the learner through an interactive learning program. Computer network defense The actions taken to defend against unauthorized activity within computer networks. (CNSSI 4009) Concentration The ratio of the amount of a specific substance in a given volume or mass of solution to the mass or volume of solvent. Concurrent Validity A statistical form of validity that compares two or more sets of data that have been gathered simultaneously.

198 Conference of Radiation Control Program Directors (CRCPD) An organization whose members represent state radiation protection programs. Confidentiality Secrecy, the state of having the dissemination of certain information restricted. A property that information is not disclosed to users, processes, or devices unless they have been authorized to access the information. Preserving authorized restrictions on information access and disclosure, including means for protecting personal privacy and proprietary information. Configuration (of a system or device) Step in system design; for example, selecting functional units, assigning their locations, and defining their interconnections. (IEC/PAS 62409) Configuration control Process for controlling modifications to hardware, firmware, software, and documentation to ensure the information system is protected against improper modifications before, during, and after system implementation. (CNSSI 4009) Consequence The negative effect, or effects, that can be expected if an asset or system is damaged, destroyed, or disrupted. Consequence The effect of an event, incident, or occurrence. Consequence management 1 Measures to alleviate the damage, loss, hardship or suffering caused by emergencies. These include measures to restore essential government services, protect public health and safety, and provide emergency relief to afflicted entities. Consequence management response is under the primary jurisdiction of the affected state and local governments. Federal agencies support local efforts under the coordination of the Federal Emergency Management Agency (FEMA). Consequence management 2 Measures to protect public health and safety, restore essential government services, and provide emergency relief to governments, businesses, and individuals affected by the consequences of terrorism. State and local governments exercise the primary authority to respond to the consequences of terrorism. Consequences The severity of impact and probability of loss for a given threat scenario. Consequences may be measured in qualitative or quantitative terms. Construction (CON) Begins with the development, fabrication, or construction of the engineered design for the selected alternative and concludes with the delivery of the completed project. This phase include the inspection, review, and checkout of the delivered project and concludes with the determination that the delivered project meets the engineering specification.

199 Contact List A list of team members and key players in a crisis. The list should include home phone numbers, pager numbers, cell phone numbers, etc. Container structures Structures built using shipping containers that are designed to withstand structural loadings associated with shipping, including Container Express (CONEX) and International Organization for Standardization (ISO) containers. Testing has shown that these structures behave similarly to buildings for the purposes of these standards. Containment protection mode Mode that consists of compartmentalizing the fire zones by closing the fire doors and, if the building is so equipped, the smoke dampers. Contamination The undesirable deposition of a chemical, biological, or radiological material on the surface of structures, areas, objects, or people. Contamination (radioactive) The deposition of unwanted radioactive material on the surfaces of structures, areas, objects, or people where it may be external or internal. See also decontamination. Contamination control area An area where personnel can safely remove contaminated IPE, put on clean IPE, and bring items into or out of a protected area in a proper airflow environment using the appropriate contamination control procedures. Contingency plan Plan maintained for emergency response, backup operations and post-disaster recovery for a system (or an entity) to ensure availability of critical resources and facilitate the continuity of operations in an emergency. Continuity of core business function Strategies to mitigate risks and alternative methods for ensuring the continuation of the entity’s business functions, e.g. financial management, information technology, operations support, critical training and the primary reason(s) for being for the entity Continuity of government (COG) Activities that address the continuance of constitutional governance. COG planning aims to preserve and/or reconstitute the institution of government and ensure that a department or agency’s constitutional, legislative, and/or administrative responsibility are maintained. This is accomplished through succession of leadership, the predelegation of emergency authority, and active command and control during response and recovery operations. Continuity of operations Those plans and/or processes designed to ensure a viable capability exists to continue essential functions across a wide range of potential emergencies. The focus of this type of planning is to ensure the survivability of critical department/agency/entity functions (FEMA)

200 Continuity of operations plan A document that sets forth procedures for the continued performance of core capabilities and critical operations during any disruption or potential disruption. (Adapted from CPG 101, CNSSI 4009) Continuity of operations plans (COOP) Planning should be instituted (including all levels of government) across the private sector and nongovernmental organizations (NGOs), as appropriate, to ensure the continued performance of core capabilities and/or critical government operations during any potential incident. Continuity of services and operations Controls to ensure that, when unexpected events occur, departmental/agency minimum essential infrastructure services and operations, including computer operations, continue without interruption or are promptly resumed, and that critical and sensitive data are protected through adequate contingency and business recovery plans and exercises. Continuous monitoring A continuous monitoring program is a process designed to regularly Contract security service Protective services provided by one entity, specializing in such services, to another entity on a compensated basis. Contractor Means an entity that performs tasks required on behalf of the oversight or rail transit agency. The rail transit agency may not be a contractor for the oversight agency. Control The part of the ICS used to perform the monitoring and control of the physical process. This includes all control servers, field devices, actuators, sensors, and their supporting communication systems. Control center A centrally located room or facility staffed by personnel charged with the oversight of specific situations and/or equipment. Control center An equipment structure or group of structures from which a process is measured, controlled, and/or monitored. (ANSI/ISA-51.1-1979) Control group Subjects in an experiment who are not exposed to changes in the independent variables. Control loop A control loop consists of sensors for measurement, controller hardware such as PLCs, actuators such as control valves, breakers, switches and motors, and the communication of variables. Controlled variables are transmitted to the controller from the sensors. The controller interprets the signals and generates corresponding manipulated variables, based on set points, which it transmits to the actuators. Process changes from disturbances result in new sensor signals, identifying the state of the process, to again be transmitted to the controller. Control network Those networks of an enterprise typically connected to equipment that controls physical processes and that is time or safety critical. The control network can be subdivided into zones, and there can be multiple separate control networks within one enterprise and site. (ISA99)

201 Control server A controller that also acts as a server that hosts the control software that communicates with lower-level control devices, such as Remote Terminal Units (RTUs) and Programmable Logic Controllers (PLCs), over an ICS network. In a SCADA system, this is often called a SCADA server, MTU, or supervisory controller. Control system A system in which deliberate guidance or manipulation is used to achieve a prescribed value for a variable. Control systems include SCADA, DCS, PLCs and other types of industrial measurement and control systems. Controlled area An area into which access is controlled or limited. It is that portion of a restricted area usually near or surrounding a limited or exclusion area. Correlates with exclusion zone. Controlled perimeter A physical boundary at which vehicle and personnel access is controlled at the perimeter of a site. Access control at a controlled perimeter should demonstrate the capability to search individuals and vehicles. Controlled variable The variable that the control system attempts to keep at the set point value. The set point may be constant or variable. (The Automation, Systems, and Instrumentation Dictionary) Controller A device or program that operates automatically to regulate a controlled variable. (ANSI/ISA-51.1-1979) Conventional construction Building construction that is not specifically designed to resist weapons or explosives effects. Conventional construction is designed only to resist common loadings and environmental effects such as wind, seismic, and snow loads. Conventional construction standoff distance The standoff distance at which conventional construction may be used for buildings without a specific analysis of blast effects, except as otherwise required in these standards. Conviction The act or process of judicially finding someone guilty of a crime; the state of having been proved guilty. Cooperating agency An agency supplying assistance other than direct operational or support functions or resources to the incident management effort. Coordinate To advance systematically an analysis and exchange of information among principals who have or may have a need to know certain information to carry out specific incident management responsibilities. Core capabilities Capabilities which are essential for the execution of each of the five mission areas: Prevention, Protection, Mitigation, Response, and Recovery. The core capabilities are not exclusive to any single government or organization, but rather require the combined efforts of the whole community. Corrective action plan A plan developed by the rail transit agency that describes the actions the rail transit agency will take to minimize, control, correct, or eliminate hazards, and the schedule for implementing those actions.

202 Corrective actions Implementing procedures that are based on lessons learned from actual incidents or from training and exercises. Correlation A measure of the degree of relationship between two variables. Cosmic radiation Radiation produced in outer space when heavy particles from other galaxies (nuclei of all known natural elements) bombard the earth. See also background radiation, terrestrial radiation. Cost Tangible items, such as money, equipment and operational expenses; and, intangibles such as lost productivity, morale, etc. A result of a specific action that constitutes a decrease in the production possibilities or welfare level of society. Counterintelligence Information gathered and activities conducted to protect against: espionage, other intelligence activities, sabotage, or assassinations conducted for or on behalf of foreign powers, organizations, or persons; or international terrorist activities, excluding personnel, physical, document, and communications security programs. Countermeasure A countermeasure is an action intended to induce institutional, process, and physical changes that reduce risks to systems and assets. The countermeasure may address a vulnerability, threat, consequence, or overall system performance. Countermeasures Those activities taken to reduce the likelihood that a specific threat will result in harm. Countermeasures typically include the deployment and training of personnel, the implementation of procedures, the design or retrofit of facilities and vehicles; the use of specialized equipment, the installation of alarms/warning devices and supporting monitoring systems; and communications systems and protocols. Counterterrorism (CT) Offensive measures taken to prevent, deter, and respond to terrorism. Covert entry Attempts to enter a facility by using false credentials or stealth. Crash bar A mechanical egress device located on the interior side of a door that unlocks the door when pressure is applied in the direction of egress. Credentialing Providing documentation that can authenticate and verify the certification and identity of designated incident managers and emergency responders

203 Credible warning a believable but nonspecific message informing of danger from an imminent attack that has yet to be confirmed and lacks sufficient information for effective prevention Crew The personnel engaged onboard ship, excluding the master and officers and the passengers on passenger ships. Crime An act or commission of an act that is forbidden or the omission of a duty that is commanded by a public law and that makes the offender liable to punishment by that law. Crime can be divided into four main categories: - Reported - Unreported - Unacknowledged (store shrinkage), - Undetected The majority of crime is represented by the last three categories. For CPTED purposes, crime is simply the by-product of a human function that is not working properly. Crime prevention The systematic study of the interrelationships among those who commit crime, the location where crime occurs, and the victims of crime to identify patterns, and develop operational and design/engineering strategies to reduce the likelihood of crime and public fear. Two central elements of crime prevention include: ⇒ Crime Prevention through Environmental Design (CPTED): Set of design principles used by law public safety professionals, architects and engineers to limit the ability of the physical environment to support criminal activity and public fear. ⇒ Situational crime prevention (SCP): A set of management, policy, and legal/ prosecution measures applied within a physical space to address specific categories of criminal occurrences. SCP is often described as the operational equivalent of CPTED design principles. Crime prevention through environmental design (CPTED) A crime prevention strategy based on evidence that the design and form of the built environment can influence human behavior. CPTED usually involves the use of three principles: natural surveillance (by placing physical features, activities, and people to maximize visibility); natural access control (through the judicial placement of entrances, exits, fencing, landscaping, and lighting); and territorial reinforcement (using buildings, fences, pavement, signs, and landscaping to express ownership). Criminal records Official records related to criminal cases. A crime is an act or omission that is prosecuted in a criminal court by a government prosecutor and can be punished by confinement, fine, restitution, and/or forfeiture of certain civil rights.

204 Crisis Any global, regional, or local natural or human-caused event or business interruption that runs the risk of (1) escalating in intensity, (2) adversely impacting shareholder value or the organization’s financial position, (3) causing harm to people or damage to property or the environment, (4) falling under close media or government scrutiny, (5) interfering with normal operations and wasting significant management time and/or financial resources, (6) adversely affecting employee morale, or (7) jeopardizing the organization’s reputation, products, or officers, and therefore negatively impacting its future. Crisis management (CM) The measures taken to identify, acquire, and plan the use of resources needed to anticipate, prevent, and/or resolve a threat or act of terrorism. Crisis management 1 Intervention and coordination by individuals or teams before, during, and after an event to resolve the crisis, minimize loss, and otherwise protect the organization. Crisis management 2 Measures to resolve a hostile situation, investigate, and prepare a criminal case for prosecution under federal law. Crisis management response is under the primary jurisdiction of the Federal Government with the Federal Bureau of Investigation acting as the lead agency. Crisis management response involves measures to confirm the threat, investigate and locate the terrorists and their weapons, and capture the terrorists. Crisis management center A specific room or facility staffed by personnel charged with commanding, controlling, and coordinating the use of resources and personnel in response to a crisis. Crisis management planning A properly funded ongoing process supported by senior management to ensure that the necessary steps are taken to identify and analyze the adverse impact of crisis events, maintain viable recovery strategies, and provide overall coordination of the organization’s timely and effective response to a crisis. Crisis management team A group directed by senior management or its representatives to lead incident/event response comprised of personnel from such functions as human resources, information technology facilities, security, legal, communications/media relations, manufacturing, warehousing, and other business critical support functions. Criteria The individual (criterion) or collective stated qualifications (criteria) to be compared with an applicant’s or employee’s actual credentials, experience, or history in determining suitability for an employment decision (hiring or otherwise). Critical asset An asset that supports national security, national economic security, and/or crucial public health and safety activities (CIAO)

205 Critical assets Those assets essential to the minimum operations of the organization, and to ensure the health and safety of the general public. Critical function Business activity or process that cannot be interrupted or unavailable for several business days without having a significant negative impact on the organization. Critical incident stress debriefing A formal, yet open, discussion of incident events, which is specifically directed to emergency response personnel to resolve the emotional aftermath of the incident. Critical infrastructure 1 Primary infrastructure systems (e.g., utilities, telecommunications, transportation, etc.) whose incapacity would have a debilitating impact on the organization’s ability to function. Critical infrastructure 2 Assets, systems, and networks, whether physical or virtual, so vital to the United States that the incapacity or destruction of such assets, systems, or networks would have a debilitating impact on security, national economic security, public health or safety, or any combination of those matters. Critical infrastructure The systems and assets, whether physical or virtual, so vital to society that the incapacity or destruction of such may have a debilitating impact on the security, economy, public health or safety, environment, or any combination of these matters.(Adapted from: National Infrastructure Protection Plan) Critical infrastructures The sophisticated facilities, systems, and functions, which include human assets and physical and cyber systems, that work together in processes that are highly interdependent to provide the foundation for our national security, governance, economic vitality, and way of life. Critical infrastructure sector The sectors of critical infrastructure defined in the National Infrastructure Protection Plan (NIPP). The 2013 NIPP identifies 16 critical infrastructure sectors: Chemical; Commercial Facilities; Communications; Critical Manufacturing; Dams; Defense Industrial Base; Emergency Services; Energy; Financial Services; Food and Agriculture; Government Facilities; Healthcare and Public Health; Information Technology; Nuclear Reactors, Materials, and Waste; Transportation Systems; and Water and Wastewater Systems. Critical mass The minimum amount of fissile material that can achieve a self-sustaining nuclear chain reaction. Critical records Records or documents that, if damaged, destroyed, or lost, would cause considerable inconvenience to the organization and/or would require replacement or recreation at a considerable expense to the organization. Criticality A fission process where the neutron production rate equals the neutron loss rate to absorption or leakage. A nuclear reactor is "critical" when it is operating.

206 Criticality assessment (CA) Factors affecting the criticality of assets include: (1) Loss and Damage Consequences – casualty risk, environmental impact, replacement costs, and replacement/down time; (2) Consequences to Public Services – emergency response functions, government continuity, military importance; and (3) Consequences to the General Public – available alternatives, economic impact, public health impact, functional importance and symbolic importance Cumulative dose The total dose resulting from repeated or continuous exposures of the same portion of the body, or of the whole body, to ionizing radiation. Curie (Ci) The traditional measure of radioactivity based on the observed decay rate of 1 gram of radium. One curie of radioactive material will have 37 billion disintegrations in 1 second. For more information, see “Primer on Radiation Measurement” at the end of this document. Cutaneous radiation syndrome (CRS) The complex syndrome resulting from radiation exposure of more than 200 rads to the skin. The immediate effects can be reddening and swelling of the exposed area (like a severe burn), blisters, ulcers on the skin, hair loss, and severe pain. Very large doses can result in permanent hair loss, scarring, altered skin color, deterioration of the affected body part, and death of the affected tissue (requiring surgery). For more information, see CDC’s fact sheet “Acute Radiation Syndrome,” at http://www.bt.cdc.gov/radiation/ars.asp. Cyber exercise A planned event during which an organization simulates a cyber-disruption to develop or test capabilities such as preventing, detecting, mitigating, responding to or recovering from the disruption. (Adapted from NCSD Glossary, DHS Homeland Security Exercise and Evaluation Program) Cyber incident Actions taken through the use of computer networks that result in an actual or potentially adverse effect on an information system and/or the information residing therein. A violation or imminent threat of violation of computer security policies, acceptable use policies, or standard security practices. (NIST Glossary) Cyber infrastructure An electronic information and communications systems and services and the information contained therein. The information and communications systems and services composed of all hardware and software that process, store, and communicate information, or any combination of all of these elements. Processing includes the creation, access, modification, and destruction of information. Storage includes paper, magnetic, electronic, and all other media types. Communications include sharing and distribution of information. (Adapted from NIPP)

207 Cyber security The prevention of damage to, unauthorized use of, or exploitation of, and, if needed, the restoration of electronic information contained therein to ensure confidentiality, integrity, and availability. Includes protection and restoration, when needed, of information networks and wireline, wireless, satellite, public safety answering points, and September 11 communications and control systems. Cybercrime Criminal activity conducted using computers and the Internet, often financially motivated. Cybercrime includes identity theft, fraud, and Internet scams, among other activities. Cybercrime is distinguished from other forms of malicious cyber activity, which Cybersecurity The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation. Strategy, policy, and standards regarding the security of and operations in cyberspace, and encompass[ing] the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure. (Adapted from CNSSI 4009, NIST SP 800-53 Rev 4, NIPP, DHS National Preparedness Goal; White House Cyberspace Policy Review, May 2009) Cyberspace The interdependent network of information technology infrastructures that includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers. (Adapted from NSPD 54/HSPD -23, CNSSI 4009, NIST SP 800-53 Rev 4) Cyber resilience 1 The emergent property of an organization that can continue to carry out its mission after disruption that does not exceed its operational limit. (Based on concept of Operational Resilience, CERT-RMM, Carnegie Mellon) Cyber resilience 2 The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on cyber resources. (Source: Cyber Resiliency Engineering Framework, MITRE ) Damage assessment 1 An appraisal or determination of the effects of the disaster on human, physical, economic, and natural resources. Damage assessment 2 The process used to appraise or determine the number of injuries and deaths, damage to public and private property, and the status of key facilities and services (e.g., hospitals and other health care facilities, fire and police stations, communications networks, water and sanitation systems, utilities, and transportation networks) resulting from a man-made or natural disaster.

208 Damage potential The potential for negative effects—including immediate and long-term damage or loss, whether tangible or intangible—resulting from an unintentional event or an attack on an asset. Mission-related damage potential (i.e., impacts that are critical to the owner’s transportation institutional mission, including destruction or damage causing loss or reduction of functionality) is of special importance, together with injury or loss of life, as well as impacts on quality of life and morale. Damage potential grows as a function of an asset’s criticality. However, a critical asset may be damaged without a total loss of functionality. DATA Pieces of information. Data aggregation The process of gathering and combining data from different sources, so that the combined data reveals new information. The new information is more sensitive than the individual data elements themselves and the person who aggregates the data was not granted access to the totality of the information. (Adapted from CNSSI 4009) Data breach or data leakage Data breach or data leakage. Data diode A data diode (also referred to as a unidirectional gateway, deterministic one-way boundary device or unidirectional network) is a network appliance or device allowing data to travel only in one direction. Data fusion Methods to collect and display various IDS sensors and systems information Data gathering panel A local processing unit that retrieves, processes, stores, and/or acts on information in the field. Data integrity The property that data is complete, intact, and trusted and has not been modified or destroyed in an unauthorized or accidental manner. (Adapted from CNSSI 4009, NIST SP 800-27) Data loss The result of unintentionally or accidentally deleting data, forgetting where it is stored, or its exposure to an unauthorized party. Data transmission equipment A path for transmitting data between two or more components (e.g., a sensor and alarm reporting system, a card reader and controller, a CCTV camera and monitor, or a transmitter and receiver). Decision tree A device used to portray alternative courses of action and relate them to alternative decisions showing all consequences of the decision. The tree represents alternative courses or series of actions related to a previous decision. Decision making The process of evaluating and judging information gathered and relating it to the specific requirements of the position for which the applicant is applying. Deck house A small superstructure on the top deck of a vessel that contains the helm and other navigational instruments.

209 Decontamination The reduction or removal of a chemical, biological, or radiological material from the surface of a structure, area, object, or person. Defeat To overcome or vanquish; to beat; to prevent the success of; overpower; foil. Defend To guard from attacked; to protect by opposition to resistance; to prevent from being injured or destroyed. Defense layer Building design or exterior perimeter barriers intended to delay attempted forced entry. Defensive measures Protective measures that delay or prevent attack on an asset or that shield the asset from weapons, explosives, and CBR effects. Defensive measures include site work and building design. Delay rating A measure of the effectiveness of penetration protection of a defense layer. Delegation of authority A statement provided to the incident commander by the agency executive delegating authority and assigning responsibility. The delegation of authority can include objectives, priorities, expectations, constraints, and other considerations or guidelines as needed. Many agencies require written delegation of authority to be given to incident commanders prior to their assuming command on larger incidents. Same as the Letter of Expectation. Delivery tactic The method of delivering a CBR agent (external or internal release) Demilitarized zone (DMZ) An interface on a routing firewall that is similar to the interfaces found on the firewall’s protected side. Traffic moving between the DMZ and other interfaces on the protected side of the firewall still goes through the firewall and can have firewall protection policies applied.(SP 800-41) Demobilization The orderly, safe, and efficient return of an incident resource to its original location and status. Demographics Statistics relating to groups of people, such as births, deaths, ages, ethnic composition. Denial of service An attack that prevents or impairs the authorized use of information system resources or services. A distributed denial of service is a denial of service technique that uses numerous systems to perform the attack simultaneously. (Adapted from NCSD Glossary) Deny To refuse access. Department operations center An Emergency Operating Center, specific to a single department or agency. Their focus is on internal agency incident management and response. They are often linked to and, in most cases, are physically represented in a combined agency EOC by authorized agent(s) for the department or agency. Depleted uranium Uranium containing less than 0.7% uranium-235, the amount found in natural uranium. See also enriched uranium.

210 Depth of field The regions in front of and behind the focused distance where the image remains in focus. With a greater the depth of field, more of the scene near to far is in focus. Lens aperture and scene lighting will greatly influence the D.O.F. Deputy A fully qualified individual who, in the absence of a superior, can be delegated the authority to manage a functional operation or perform a specific task. In some cases, a deputy can act as relief for a superior and, therefore, must be fully qualified in the position. Deputies can be assigned to the incident commander, general staff, and branch directors. Design A term which, within the CPTED context, encompasses people and their physical and social surroundings. Design basis threat The threat (aggressors, tactics, and associated weapons, tools, or explosives) against which assets within a building must be protected and upon which the security engineering design of the building is based. Design basis threat (DBT) The threat (e.g., tactics and associated weapons, tools, or explosives) against which assets within a building must be protected and upon which the security engineering design of the building is based. Design constraint Anything that restricts the design options for a protective system or that creates additional problems for which the design must compensate. Design team A group of individuals from various engineering and architectural disciplines responsible for the protective system design. Detect 1 To discover; to find out. Detect 2 Refers to the objective of a transit agency employee’s observing the environment around them. This observation activity’s objective is to detect suspicious things or activities, an imminent threat, or attack in progress on the transit agency’s facilities, passengers/patrons, and/or themselves. Detection The discovery or finding of a metallic object. The detection of a metallic object is transmitted to the operator by some type of alarm indicator, typically a visual or audible indicator. Detection layer A ring of intrusion detection sensors located on or adjacent to a defensive layer or between two defensive layers. Detection measures Protective measures that detect intruders, weapons, or explosives; assist in assessing the validity of detection; control access to protected areas; and communicate the appropriate information to the response force. Detection measures include detection systems, assessment systems, and access control system elements.

211 Detection system elements Detection measures that detect the presence of intruders, weapons, or explosives. Detection system elements include intrusion detection systems, weapons and explosives detectors, and guards. Detector axis An imaginary line passing through and perpendicular to the detector plane that is centered vertically and horizontally within the portal of the walk-through metal detector and points in the direction of the subject’s motion through the portal. Detector dog A service dog selected by the trainer and qualified by recognized standards to perform searches for hidden substances, including narcotics and explosives. Dogs used for detection typically are trained to detect each of the following odors: Drug Odors – Cocaine (a.k.a., Powder and Crack), Heroin, LSD, Marijuana, burned Marijuana odor in cloth, Methadone, Methamphetamine (Ecstasy), and Mescaline (Peyote); and Explosive Odors – black powder, smokeless powder, gunpowder, Pyrodex, handguns, bullets, shotgun shells, firecrackers, dynamite, TNT, C4, detonating cord, Ammonium Nitrate, Composition B, Penolite, emulsions, RDX, and PETN. Detector floor The bottom plane of the detector portal. Detector response The electrical signal generated by the sensor or sensor circuit of the detector and caused by an object interacting with the magnetic field emitted by the detector. The detector response is the basis on which an alarm indication is derived. Deter 1 To discourage or keep (a person) from doing something through fear, anxiety, doubt, etc. Deter 2 Refers to an activity, procedure, or physical barrier that reduces the likelihood of an incident or attack. Deterministic effects Effects that can be related directly to the radiation dose received. The severity increases as the dose increases. A deterministic effect typically has a threshold below which the effect will not occur. See also stochastic effect, non-stochastic effect. DFDCS data fusion, display, and control Applies to an extremely wide variety of systems and software applications from a diverse field of vendors or integrators that cover the complete range of data fusion, display, and control management Digital Denial of Service (DDOS) A cyber war technique in which an Internet site, a server, or a router is flooded with more requests for data than the site or device can respond to or process. Consequently, legitimate traffic cannot access the site and the site is in effect shut down. Botnets are used to conduct such attacks, thus distributing the attack over thousands of originating computers acting in unison. Digital or computer forensics The processes and specialized techniques for gathering, retaining, and analyzing system-related data (digital evidence) for investigative purposes.

212 Digital signature A value computed with a cryptographic process using a private key and then appended to a data object, thereby digitally signing the data. Director The ICS title for individuals responsible for supervision of a Branch. Dirty bomb A device designed to spread radioactive material by conventional explosives when the bomb explodes. A dirty bomb kills or injures people through the initial blast of the conventional explosive and spreads radioactive contamination over possibly a large area—hence the term “dirty.” Such bombs could be miniature devices or large truck bombs. A dirty bomb is much simpler to make than a true nuclear weapon. See also radiological dispersal device. Disaster 1 An event, incident, or combination of incidents, not necessarily related to transit operations, that causes multiple injuries or widespread property damage on the system or in the public transportation system’s service area Disaster 2 An unanticipated incident or event, including natural catastrophes, technological accidents, or human- caused events, causing widespread destruction, loss, or distress to an organization that may result in significant property damage, multiple injuries, or deaths. Disaster field office (DFO) The office established in or near the designated area of a Presidentially declared major disaster to support federal and state response and recovery operations. Disaster mitigation Measures, procedures, and strategies designed to reduce either the likelihood or consequences of a disaster. Disaster recovery Immediate intervention taken by an organization to minimize further losses brought on by a disaster and to begin the process of recovery, including activities and programs designed to restore critical business functions and return the organization to an acceptable condition. Disaster recovery center (DRC) Places established in the area of a Presidentially declared major disaster, as soon as practicable, to provide victims the opportunity to apply in person for assistance and/or obtain information relating to that assistance. Disaster/emergency management program A program that implements the mission, vision, and strategic goals and objectives as well as the management framework of the program and organization. Discussion-based Exercises Discussion-based exercises (seminars, workshops, tabletop exercises (TTXs), and games) help participants develop as well as understand their roles and responsibilities with respect to new plans, policies, agreements, and procedures. Dispatch 1 See: operations control center.

213 Dispatch 2 The ordered movement of a resource or resources to an assigned operational mission or an administrative move from one location to another. Dispersion A measure of the extent to which values of a variable differ. Disruption An event which causes unplanned interruption in operations or functions for an unacceptable length of time. (Adapted from CNSSI 4009) Division 1 The organizational level responsible for operations within a defined geographic area or with functional responsibility. The Division level is organizationally situated below the Branch. Division 2 The partition of an incident into geographical areas of operation. Divisions are established when the number of resources exceeds the manageable span of control of the Operations Chief. A division is located within the ICS organization between the branch and resources in the Operations Section. DoD components The Office of the Secretary of Defense (OSD); the Military Departments (including their National Guard and Reserve Components); the Chairman, Joint Chiefs of Staff and Joint Staff; the Combatant Commands; the Office of the Inspector General of the Department of Defense; the Defense Agencies; the DoD Field Activities; and all other organizational entities within DoD. Domestic terrorism The unlawful use, or threatened use, of force or violence by a group or individual based and operating entirely within the United States or Puerto Rico without foreign direction committed against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof in furtherance of political or social objectives. Door position switch A switch that changes state based on whether or not a door is closed. Typically, a switch mounted in a frame that is actuated by a magnet in a door. Door strike, electronic An electromechanical lock that releases a door plunger to unlock the door. Typically, an electronic door strike is mounted in place of or near a normal door strike plate. Dose (radiation) Radiation absorbed by person’s body. Several different terms describe radiation dose. Dose rate (radiation) A general term indicating the quantity (total or accumulated) of ionizing radiation or energy absorbed by a person or animal, per unit of time. Dosimeter A small portable instrument (such as a film badge, thermoluminescent dosimeter [TLD], or pocket dosimeter) for measuring and recording the total accumulated dose of ionizing radiation a person receives. Dosimetry Assessment (by measurement or calculation) of radiation dose.

214 Drill A drill is a coordinated, supervised activity usually employed to validate a specific operation or function in a single agency or organization. Drills are commonly used to provide training on new equipment, develop or validate new policies or procedures, or practice and maintain current skills. Dual purpose (or dual use) dog A service dog selected by the trainer and qualified by recognized standards to perform two distinct functions. Traditionally these functions include general patrol and another specific type of detection. Dual technology sensor A sensor that combines two different technologies in one unit. Due diligence The attention and care that a reasonable person exercises under the circumstances to avoid harm to other persons or their property. Failure to make this effort is considered negligence. Duress alarm A binary sensor device activated covertly by personnel to annunciate to an IDS the occurrence of an alarm condition. Duress alarm devices Also known as panic buttons, these devices are designated specifically to initiate a panic alarm. DVR Digital video recorder Method of recording video signals from CCTV systems by digitizing the analog video signal, compressing, and saving on computer style hard disk storage. Dwell time or dwell cycle The period of time to purge an airlock compartment after protective garments are removed and personnel enter the inner airlock compartment. EBS Electronic badging system System that saves a user’s picture and other relevant data (including, if required, biometric information) into a database. This information is used to create credentials that are used by guard force personnel and access control systems for both identification & access control. Effective dose A dosimetric quantity useful for comparing the overall health effects of irradiation of the whole body. It takes into account the absorbed doses received by various organs and tissues and weighs them according to present knowledge of the sensitivity of each organ to radiation. It also accounts for the type of radiation and the potential for each type to inflict biologic damage. The effective dose is used, for example, to compare the overall health detriments of different radionuclides in a given mix. The unit of effective dose is the sievert (Sv); 1 Sv = 1 J/kg. Effective half-life The time required for the amount of a radionuclide deposited in a living organism to be diminished by 50% as a result of the combined action of radioactive decay and biologic elimination. See also biological half-life, decay constant, radioactive half-life.

215 Effective standoff distance A standoff distance less than the Conventional Construction Standoff Distance at which the required level of protection can be shown to be achieved through analysis or can be achieved through building hardening or other mitigating construction or retrofit. Electroluminescent (EL) Luminescence resulting from the application of an alternating electrical current to phosphor. Electromagnetic pulse (EMP) A sharp pulse of energy radiated instantaneously by a nuclear detonation that may affect or damage electronic components and equipment. EMP can also be generated in lesser intensity by non-nuclear means in specific frequency ranges to perform the same disruptive function. Electronic emanations Electromagnetic emissions from computers, communications, electronics, wiring, and related equipment. Electronic medium based training Any training that uses an electronic technology as a method of effectively conveying instruction and/or information. Electronic technology includes but is not limited to video or audiocassettes and video conferencing. Electronic security system (ESS) An integrated system that encompasses interior and exterior sensors, closed-circuit television systems for assessment of alarm conditions, Electronic Entry Control Systems, data transmission media, and alarm reporting systems for monitoring, control, and display of various alarm and system information. Emergency (emergency situation) An unexpected event related to the operation of passenger train service involving significant threat to the health or safety of one or more persons, requiring immediate action. Examples include: derailment, highway/rail grade crossing accident, passenger or employee fatality or serious illness/injury, evacuation of train, or security situation. Emergency 1 Absent a Presidentially declared emergency, any incident(s), human-caused or natural, that requires responsive action to protect life or property. Under the Robert T. Stafford Disaster Relief and Emergency Assistance Act, an emergency means any occasion or instance for which, in the determination of the President, federal assistance is needed to supplement state and local efforts and capabilities to save lives and to protect property and public health and safety, or to lessen or avert the threat of a catastrophe in any part of the United States. Emergency 2 The most serious event and consists of any unwanted operational, civil, natural phenomenon, or security occurrence which could endanger or adversely affect people, property, or the environment. Emergency 3 A situation which is life threatening to passengers, employees, or other citizens, or which causes significant damage to any transit vehicle or facility that require assessment and repair, or which reduces the ability of the system to fulfill its mission within its service area.

216 Emergency alert system (EAS) A communications system of broadcast stations and interconnecting facilities authorized by the Federal Communications Commission (FCC). The system provides the President and other national, state, and local officials the means to broadcast emergency information to the public before, during, and after disasters. Emergency environmental health services Services required to correct or improve damaging environmental health effects on humans, including inspection for food contamination, inspection for water contamination, and vector control; providing for sewage and solid waste inspection and disposal; cleanup and disposal of hazardous materials; and sanitation inspection for emergency shelter facilities. Emergency exit locator signs Conspicuously marked emergency marking/signage used to identify and/or direct passengers to the nearest emergency exit location. Emergency management The development, coordination and direction of planning, preparedness, and readiness assurance activities. Emergency management assistance compact (EMAC) A congressionally ratified organization that provides form and structure to interstate mutual aid. Through EMAC, a disaster−affected State can request and receive assistance from other member States quickly and efficiently, resolving two key issues upfront: liability and reimbursement. Emergency management/ response personnel Includes federal, state, territorial, tribal, substate, regional, and local governments, private sector organizations, critical infrastructure owners and operators, NGOs, and all other organizations and individuals who assume an emergency management role. Also known as Emergency Responder. Emergency medical services (EMS) Services including personnel, facilities, and equipment required to ensure proper medical care for the sick and injured from the time of injury to the time of final disposition, including medical disposition within a hospital, temporary medical facility, or special care facility; release from the site; or declared dead. Further, emergency medical services specifically include those services immediately required to ensure proper medical care and specialized treatment for patients in a hospital and coordination of related hospital services. Emergency mortuary services Services required to assure adequate death investigation, identification, and disposition of bodies; removal, temporary storage, and transportation of bodies to temporary morgue facilities; notification of next of kin; and coordination of mortuary services and burial of unclaimed bodies. Emergency operating procedure (EOP) Any transportation system procedure that details activities to be performed by transit employees when normal operations are not possible.

217 Emergency operations center (EOC) 2 Special policy and incident management area, activated under certain conditions and staffed by representatives from the transit system, including top management, to serve as an information coordination point during special events or emergencies, and to authorize decisions that require/affect the legal authority of the system. Emergency operations center (EOC) 3 The protected site from which state and local civil government officials coordinate, monitor, and direct emergency response activities during an emergency. Emergency operations center 1 A location from which centralized emergency management can be performed. EOC facilities are established by an agency or jurisdiction to coordinate the overall agency or jurisdictional response and support to an emergency. Emergency operations centers (EOCs) 4 The physical location at which the coordination of information and resources to support domestic incident management activities normally takes place. An EOC may be a temporary facility or may be located in a more central or permanently established facility, perhaps at a higher level of organization within a jurisdiction. EOCs may be organized by major functional disciplines (e.g., fire, law enforcement, and medical services), by jurisdiction (e.g., federal, state, regional, county, city, tribal), or some combination thereof. Emergency operations plan (EOP) 2 A document that describes how people and property will be protected in disaster and disaster threat situations; details who is responsible for carrying out specific actions; identifies the personnel, equipment, facilities, supplies, and other resources available for use in the disaster; and outlines how all actions will be coordinated. Emergency operations plan 1 The ongoing plan maintained by various jurisdictional levels for responding to a wide variety of potential hazards. Emergency plan A brief, clear and concise description of the overall emergency organization, designation of responsibilities, and descriptions of the procedures, including notifications, involved in coping with any or all aspects of a potential credible emergency Emergency preparedness 1 A uniform basis for operating policies and procedures for mobilizing public transportation system and other public safety resources to assure rapid, controlled, and predictable responses to various types of transportation and community emergencies. Emergency preparedness 2 The training of personnel, acquisition and maintenance of resources, and exercising of the plans, procedures, personnel and resources essential for emergency response.

218 Emergency public information (EPI) Information that is disseminated primarily in anticipation of an emergency or at the actual time of an emergency and, in addition to providing information, frequently directs actions, instructs, and transmits direct orders. Emergency response provider Includes federal, state, local, and tribal emergency public safety, law enforcement, emergency response, emergency medical (including hospital emergency facilities), and related personnel, agencies, and authorities. Emergency response team (ERT) An interagency team, consisting of the lead representative from each federal department or agency assigned primary responsibility for an ESF and key members of the FCO’s staff, formed to assist the FCO in carrying out his/her coordination responsibilities. Emergency response team advance element (ERT-A) For federal disaster response and recovery activities under the Stafford Act, the portion of the ERT that is first deployed to the field to respond to a disaster incident. The ERT-A is the nucleus of the full ERT. Emergency response team national (ERT-N) An ERT that has been established and rostered for deployment to catastrophic disasters where the resources of the FEMA Region have been, or are expected to be, overwhelmed. Three ERT-Ns have been established. Emergency signage Textual and graphic messages designed to assist passengers and crew in exiting a rail car in an emergency and to assist emergency responders in gaining access to rail cars from the exterior. Emergency support function (ESF) In the Federal Response Plan (FRP), a functional area of response activity established to facilitate the delivery of federal assistance required during the immediate response phase of a disaster to save lives, protect property and public health, and to maintain public safety. ESFs represent those types of federal assistance that the state will most likely need because of the impact of a catastrophic or significant disaster on its own resources and response capabilities, or because of the specialized or unique nature of the assistance required. ESF missions are designed to supplement state and local response efforts. Emergency support team (EST) An interagency group operating from FEMA Headquarters. The EST oversees the national-level response support effort under the FRP and coordinates activities with the ESF primary and support agencies in supporting federal requirements in the field. Emergency vehicles Vehicles such as fire trucks and ambulances that are critical to emergency response, and for which close proximity to inhabited buildings or containment therein is essential. Employment verification The process of contacting an applicant’s past employers to confirm dates of employment, title, salary, and eligibility for rehire.

219 Encryption The scrambling of information so that it is unreadable to those who do not have the code to unscramble it. Enriched uranium Uranium in which the proportion of the isotope uranium-235 has been increased by removing uranium- 238 mechanically. See also depleted uranium. Enterprise risk management A comprehensive approach to risk management that engages people, processes, and systems across an organization to improve the quality of decision making for managing risks that may hinder an organization’s ability to achieve its objectives. Involves identifying mission dependencies on enterprise capabilities, identifying and prioritizing risks due to defined threats, implementing countermeasures to provide both a static risk posture and an effective dynamic response to active threats; and assessing enterprise performance against threats and adjusts countermeasures as necessary. (Adapted from: DHS Risk Lexicon, CNSSI 4009) Entity A governmental agency or jurisdiction, private or public company, partnership, nonprofit organization, or other organization that has disaster/emergency management and continuity of operations responsibilities. Entity-wide security Planning and management that provides a framework and continuing cycle of activity for managing risk, developing security policies, assigning responsibilities, and monitoring the adequacy of the entity’s physical and cyber security controls. Entry control point A continuously or intermittently manned station at which entry to sensitive or restricted areas is controlled. Entry control stations Entry control stations should be provided at main perimeter entrances where security personnel are present. Entry control stations should be located as close as practical to the perimeter entrance to permit personnel inside the station to maintain constant surveillance over the entrance and its approaches. Envelope everything that separates the interior of a building, or portion of a building, from the exterior environment, including the windows, walls, foundation, basement, slab, floor, ceiling, roof, and insulation Environmental design A term which, within the CPTED context, is rooted in the design of the man/environment relation. Epidemiology The study of the distribution and determinants of health-related states or events in specified populations; and the application of this study to the control of health problems. Equipment closet A room where field control equipment such as data gathering panels and power supplies are typically located.

220 Equivalent security measure An alternative measure that can take the place of a 33 CFR 104 and 105 required measure. Equivalent security measures must be approved by the commandant (G–MP) as meeting or exceeding the effectiveness of the required measures in 33 CFR 104 and 105. Essential service routes Routes used when no other modes of transportation are available to the specific destination serviced. EVAC Is an immediate action that includes the following steps:  E for Evacuate the immediate area (train, bus, or building)  V for Vacate – Vacate the general area – keep going and put distance and barriers in place between you and the incident  A for Assess the situation and continue to protect yourself and others  C for Communicate by calling in a report. Evacuation Organized, phased, and supervised withdrawal, dispersal, or removal of civilians from dangerous or potentially dangerous areas, and their reception and care in safe areas. Evacuation of passengers The controlled removal of passengers from a bus, train or other transit vehicle during an emergency situation. Evacuation, spontaneous Residents or citizens in the threatened areas observe an emergency event or receive unofficial word of an actual or perceived threat and, without receiving instructions to do so, elect to evacuate the area. Their movement, means, and direction of travel are unorganized and unsupervised. Evacuation, voluntary This is a warning to persons within a designated area that a threat to life and property exists or is likely to exist in the immediate future. Individuals issued this type of warning or order are NOT required to evacuate; however, it would be to their advantage to do so. Evacuees All persons removed or moving from areas threatened or struck by a disaster. Evaluation and maintenance Process by which a business continuity plan is reviewed in accordance with a predetermined schedule and modified in light of such factors as new legal or regulatory requirements, changes to external environments, technological changes, test/exercise results, personnel changes, etc. Event An observable occurrence in an information system or network. Sometimes provides an indication that an incident is occurring or at least raise the suspicion that an incident may be occurring. (Adapted from CNSSI 4009) Event 1 An occurrence, not yet assessed, that may affect the performance of a system (or an entity) (CIAO) Any real-time occurrence or significant deviation from planned or expected behavior that could endanger or adversely affect people, property, or the environment.

221 Event 2 A planned, nonemergency activity. ICS can be used as the management system for a wide range of events, e.g., parades, concerts, or sporting events. Exclusion area A restricted area containing a security interest. Uncontrolled movement permits direct access to the item. Exclusion zone An area around an asset that has controlled entry with highly restrictive access. Exercise An instrument to train for, assess, practice, and improve performance in prevention, protection, response, and recovery capabilities in a risk-free environment. Exercises can be used for: testing and validating policies, plans, procedures, training, equipment, and interagency agreements; clarifying and training personnel in roles and responsibilities; improving interagency coordination and communications; identifying gaps in resources; improving individual performance; and identifying opportunities for improvement. Exfiltration The unauthorized transfer of information from an information system. (NIST SP 800-53 Rev 4) Expeditionary situations Situations in which existing facilities are unavailable or inadequate for incorporating CBR protection features and transportable or mobile facilities are used for field applications Experiment A controlled event designed to determine the relationship between two or more variables. Exploit A technique to breach the security of a network or information system in violation of security policy. Explosives disposal container A small container into which small quantities of explosives may be placed to contain their blast pressures and fragments if the explosive detonates. Exposure The condition of being unprotected, thereby allowing access to information or access to capabilities that an attacker can use to enter a system or network. (Adapted from NCSD Glossary) Exposure (radiation) A measure of ionization in air caused by x-rays or gamma rays only. The unit of exposure most often used is the roentgen. See also contamination. Exposure (to risk) The number, types, qualities, and monetary values of various types of property or infrastructure and life that may be subject to an undesirable or injurious hazard event. The condition of being vulnerable to some degree to a particular outcome of an activity, if that outcome occurs Exposure pathway A route by which a radionuclide or other toxic material can enter the body. The main exposure routes are inhalation, ingestion, absorption through the skin, and entry through a cut or wound in the skin. Exposure rate A measure of the ionization produced in air by x-rays or gamma rays per unit of time (frequently expressed in roentgens per hour). Express services Ferry services that generally operate during peak commuter hours by both demand based and fixed-route service.

222 External exposure Exposure to radiation outside of the body. Externality The discrepancy between private and social costs or private and social benefits. Externally illuminated The light source is contained outside the device, legend, or path to be illuminated. The light source is typically fluorescent, incandescent or a dedicated fluorescent or incandescent source. Facial recognition A biometric technology that is based on features of the human face. Facility Any structure that is located in, on, under, or adjacent to any waters subject to the jurisdiction of the United States. A facility may be used, operated, or maintained by a public or private entity, including any contiguous or adjoining property under common ownership or operations. Facility security officer The person responsible for the development, implementation, revision, and maintenance of the facility security plan. Facility security plan The plan developed to ensure the application of security measures designed to protect the facility and its servicing vessels or those vessels interfacing with the facility, their cargoes, and persons onboard at the respective MARSEC levels. Failure The inability of a system or component to perform its required functions within specified performance requirements. (NCSD Glossary) Fallout, nuclear Minute particles of radioactive debris that descend slowly from the atmosphere after a nuclear explosion. Federal Of or pertaining to the Federal Government of the United States of America. Federal coordinating officer (FCO) The person appointed by the FEMA Director to coordinate federal assistance in a Presidentially declared emergency or major disaster. Federal departments and agencies Those executive departments enumerated in 5 U.S.C. 11, and the Department of Homeland Security; independent establishments as defined by 5 U.S.C. 14(1); Government corporations as defined by 5 U.S.C. 13(1); and the United States Postal Service. (HSPD-8) Federal on-scene commander The FBI official designated upon JOC activation to ensure appropriate coordination of the overall United States government response with federal, state, and local authorities, until such time as the Attorney General transfers the LFA role to FEMA. Federal response plan (FRP) Establishes a process and structure for the systematic, coordinated, and effective delivery of federal assistance to address the consequences of any major disaster or emergency. Felony A serious crime usually punishable by imprisonment for more than one year or by death. Examples include burglary, arson, rape, and murder.

223 Fence protection An intrusion detection technology that detects a person crossing a fence by various methods such as climbing, crawling, cutting, etc. Fence sensor An exterior intrusion detection sensor that detects aggressors as they attempt to climb over, cut through, or otherwise disturb a fence. Ferry A vessel that (a) is limited in its use to the carriage of deck passengers or vehicles, or both and (b) operates on a short-run, frequent schedule between two or more points over the most direct water route, other than in ocean or coastwise service. A ferry may also be a hovercraft, hydrofoil, or other high-speed vessel. Ferry service Urban Service where at least one terminal is within an urbanized area. Such service excludes international, rural, rural interstate, island, and urban park ferries. Ferry service express Service that may operate in peak hours bypassing intervening islands. Alternatively, some trips may be operated by high-speed or passenger-only ferries as opposed to the regular ferry, which could be considered as express service of a sort. Ferry service transit A service confined to metropolitan areas and small cities where offshore islands, bays, and wide rivers preclude any other type of service at a reasonable cost. In a few places, service may operate between two points on the same shore. Fiber optics A method of data transfer by passing bursts of light through a strand of glass or clear plastic. Field assessment team (FAsT) A small team of pre-identified technical experts that conduct an assessment of response needs (not a PDA) immediately following a disaster. Field of view The horizontal or vertical scene size at a given length from the camera to the subject. Field operations guide Durable pocket or desk guides that contain essential information required to perform specific assignments or functions. Final design (FD) Takes the formalized concept and engineering development and finalizes them in the plans, specifications, and bid documents required for awarding the individual construction and equipment fabrication and installation contracts. Finance/ administration section 1 A part of the general structure of the incident command system activated on long duration incidents, responsible for cost accounting and financial analysis of the incident. At the incident, the Section can include the Time Unit, Procurement Unit, Compensation/Claims Unit and Cost Unit. Finance/ administration section 2 The section responsible for all administrative and financial considerations surrounding an incident.

224 Financial mechanisms One of the three mitigation strategy classifications (engineering alternatives; management practices; financial mechanisms). A set of devices relating to finances that facility owners and managers can utilize to reduce their exposure to natural and man-made hazards. These devices include purchase of insurance policies and responding to external financial incentives to engage in engineering-based or management- based risk mitigation. Firewall A capability to limit network traffic between networks and/or information systems. A hardware/software device or a software program that limits network traffic according to a set of rules of what access is and is not allowed or authorized. (Adapted from CNSSI 4009) First (initial) costs Attribute of a capital investment. Costs incurred in placing a building or building subsystem into service, including, but not limited to, costs of planning, design, engineering, site acquisition and preparation, construction, purchase, installation, property taxes and interest during the construction period, and construction-related fees. First responder 1 Those individuals who in the early stages of an incident are responsible for the protection and preservation of life, property, evidence, and the environment, including emergency response providers as defined in section 2 of the Homeland Security Act of 2002 (6U.S.C. 11), as well as emergency management, public health, clinical care, public works, and other skilled support personnel (such as equipment operators) that provide immediate support services during prevention, response, and recovery operations. (HSPD-8) First responder 2 Local police, fire, and emergency medical personnel who first arrive on the scene of an incident and take action to save lives, protect property, and meet basic human needs. Fissile material Any material in which neutrons can cause a fission reaction. The three primary fissile materials are uranium-233, uranium-235, and plutonium-239. Fission (fissioning) The splitting of a nucleus into at least two other nuclei that releases a large amount of energy. Two or three neutrons are usually released during this transformation. See also fusion. Fixed guideways Service in which the beginning and ending points are fixed. By law, ferryboat services are considered fixed guideways. Though each trip may take a slightly different course due to water conditions, the beginning and ending points are fixed. Fixed routes Routes that have a fixed point for a beginning and end. By law, ferryboats are considered fixed guideways. Each trip may take a slightly different course, but the end and beginning are fixed points.

225 Fixed route Service provided on a repetitive, fixed-schedule basis along a specific route with vehicles stopping to pick up and deliver passengers to specific locations; each fixed-route trip serves the same origins and destinations, unlike demand response. Includes route deviation service, where revenue vehicles deviate from fixed routes on a discretionary basis. F-number Indicates the brightness of the image formed by the lens, controlled by the iris. The smaller the F-number the brighter the image. Force protection conditions A set of specific security measures promulgated by the commander after considering a variety of factors including the design basis threat, current events that might increase the risk of a terrorist attack, and observed suspicious activities Forced entry Entry to a denied area achieved through force to create an opening in fence, walls, doors, etc., or to overpower guards. Fractionated exposure Exposure to radiation that occurs in several small acute exposures, rather than continuously as in a chronic exposure. Fragment retention film (FRF) A thin, optically clear film applied to glass to minimize the spread of glass fragments when the glass is shattered. Frame rate In digital video, a measurement of the rate of change in a series of pictures, often measured in frames per second (fps). Frangible construction Building components that are designed to fail to vent blast pressures from an enclosure in a controlled manner and direction. Frequency distribution A table where all score units are listed in one column and the number of individuals or cases receiving each score are indicated as frequencies in the second column. F-Stop A term used to indicate the speed of a lens. The smaller the F-number the greater amount of light passes through the lens. Full-scale exercise (FSE) FSEs are typically the most complex and resource-intensive type of exercise. They involve multiple agencies, organizations, and jurisdictions and validate many facets of preparedness. FSEs often include many layers operating under cooperative systems such as the Incident Command System or Unified Command. Function 1 The service, process, capability, or operation performed by specific infrastructure assets, systems, or networks.

226 Function 2 Function refers to the five major activities in ICS: command, operations, planning, logistics, and finance/administration. The term function is also used when describing the activity involved, (e.g., the planning function). A sixth function, intelligence/investigations, may be established, if required, to meet incident management needs. Functional exercise (FE) Functional exercises are designed to validate and evaluate capabilities, multiple functions and/or sub- functions, or interdependent groups of functions. FEs are typically focused on exercising plans, policies, procedures, and staff members involved in management, direction, command, and control functions. In FEs, events are projected through an exercise scenario with event updates that drive activity at the management level. An FE is conducted in a realistic, real-time environment; however, movement of personnel and equipment is usually simulated. Fuse A device used to protect an electric circuit from the effect of excessive current draw. Fusion A reaction in which at least one heavier, more stable nucleus is produced from two lighter, less stable nuclei. Reactions of this type are responsible for the release of energy in stars or in thermonuclear weapons. Gamma rays High-energy electromagnetic radiation emitted by certain radionuclides when their nuclei transition from a higher to a lower energy state. These rays have high energy and a short wave length. All gamma rays emitted from a given isotope have the same energy, a characteristic that enables scientists to identify which gamma emitters are present in a sample. Gamma rays penetrate tissue farther than do beta or alpha particles, but leave a lower concentration of ions in their path to potentially cause cell damage. Gamma rays are very similar to x-rays. Gangway A narrow, portable platform used as a passage by persons entering or leaving a vessel moored alongside a pier or quay. Geiger counter A radiation detection and measuring instrument consisting of a gas-filled tube containing electrodes, between which an electrical voltage but no current flows. When ionizing radiation passes through the tube, a short, intense pulse of current passes from the negative electrode to the positive electrode and is measured or counted. The number of pulses per second measures the intensity of the radiation field. Geiger counters are the most commonly used portable radiation detection instruments.

227 General staff A group of incident management personnel organized according to function and reporting to the incident commander. The general staff normally consists of the operations section chief, planning section chief, logistics section chief, and finance/administration section chief. An intelligence/investigations chief may be established, if required, to meet incident management needs. Genetic effects Hereditary effects (mutations) that can be passed on through reproduction because of changes in sperm or ova. See also teratogenic effects, somatic effects. Geographic information system (GIS) A computer system that integrates, stores, edits, and analyzes geographic information. Geophone An IDS sensor that utilizes sound and pressure to detect intrusions Glare security lighting Illumination projected from a secure perimeter into the surrounding area, making it possible to see potential intruders at a considerable distance while making it difficult to observe activities within the secure perimeter. Glass-break detector An intrusion detection sensor that is designed to detect breaking glass either through vibration or acoustics. Glazing A material installed in a sash, ventilator, or panes (e.g., glass, plastic, etc., including material such as thin granite installed in a curtain wall). Glazing The part of a window, skylight, or door assembly that is transparent and transmits light, but not air. Game A game is a simulation of operations that often involves two or more teams, usually in a competitive environment, using rules, data, and procedures designed to depict an actual or hypothetic situation. Games explore the consequences of player decisions and actions and are therefore excellent tools to use when validating or reinforcing plans and procedures or evaluating resource requirements. Government Coordinating Council (GCC) The council comprised of representatives across various levels of government (federal, state, local, and tribal) as appropriate to the security and operational landscape of each individual sector. The GCC is the government counterpart to the sector coordinating council (SCC) for each sector established to enable interagency coordination. Governor’s authorized representative (GAR) The person empowered by the Governor to execute, on behalf of the State, all necessary documents for disaster assistance.

228 Gray (Gy) A unit of measurement for absorbed dose. It measures the amount of energy absorbed in a material. The unit Gy can be used for any type of radiation, but it does not describe the biological effects of the different radiations. Grid wire sensor An intrusion detection sensor that uses a grid of wires to cover a wall or fence. An alarm is sounded if the wires are cut. Gross tons The internal cubic capacity of all spaces in and on the vessel that are permanently enclosed, with the exception of certain permissible exemptions. It is expressed in tons of 100 cubic feet. Ground surface The surface on which the walk-through detector rests. Group Established to divide the incident management structure into functional areas of operation. Groups are composed of resources assembled to perform a special function not necessarily within a single geographic division. Groups, when activated, are located between Branches and resources in the Operations Section. Grouped frequency distribution Where individual score units are grouped together, reducing the number of discrete categories listed in the score column. Hack A verb meaning to gain unauthorized access into a computer system. Hacker An unauthorized user who attempts to or gains access to an information system. (CNSSI 4009) Hacktivism The exploitation of computers and computer networks as a means of protest to promote political ends. The anti-secrecy group Anonymous is an example of a hacktivist organization. Half-life The time any substance takes to decay by half of its original amount. See also biological half-life, decay constant, effective half-life, radioactive half-life. Hand geometry A biometric technology that is based on characteristics of the human hand. Handler An officer, contractor, or other person qualified by the trainer and/or a certifying agency to care for and use a service dog. Hardened construction Below ground construction designed to resist nuclear weapons effects. Hardwired radio A radio communications device permanently mounted in a railroad vehicle and permanently connected to an antenna mounted on the vehicle. Hazard 1 A source of potential danger or adverse condition.

229 Hazard 2 Any real or potential condition that can cause injury, death, or damage or loss of equipment or property. Hazard 3 An event or physical condition that has the potential to cause fatalities, injuries, property damage, infrastructure damage, agricultural loss, damage to the environment, interruption of business, or other types of harm or loss. Hazard mitigation Any action taken to reduce or eliminate the long-term risk to human life and property from hazards. The term is sometimes used in a stricter sense to mean cost-effective measures to reduce the potential for damage to a facility or facilities from a disaster event. Hazardous material (HazMat) Any substance or material that, when involved in an accident and released in sufficient quantities, poses a risk to people’s health, safety, and/or property. These substances and materials include explosives, radioactive materials, flammable liquids or solids, combustible liquids or solids, poisons, oxidizers, toxins, and corrosive materials. Health physics A scientific field that focuses on protection of humans and the environment from radiation. Health physics uses physics, biology, chemistry, statistics, and electronic instrumentation to help protect individuals from any damaging effects of radiation. High performance photoluminescent material (HPPL) A material that is capable of emitting fluorescent and/or phosphorescent light at a high rate and for an extended period of time after absorption of light radiation from an external source by the process of photon excitement. NOTE--Following a charge of 5 foot-candles for one hour, the measured value of light emitted shall be a minimum of not less than 7.5 milli-candela per square meter (7.5 mcd/m2 ) 1.5 hours after removal of the charging source (see Annexes B-D). High-level radioactive waste The radioactive material resulting from spent nuclear fuel reprocessing. This can include liquid waste directly produced in reprocessing or any solid material derived from the liquid wastes having a sufficient concentration of fission products. Other radioactive materials can be designated as high-level waste, if they require permanent isolation. This determination is made by the U.S. Nuclear Regulatory Commission on the basis of criteria established in U.S. law. See also low-level waste, transuranic waste. High-occupancy Vehicle A highway travel lane reserved for vehicles carrying two or more passengers. High-risk areas Portions of a building that are at a high risk of an internal release, such as mailrooms, lobby areas, and supply delivery areas with separate ventilation systems as well as unscreened public access areas and any other general-access areas

230 High-risk target Any material resource or facility that, because of mission sensitivity, ease of access, isolation, and symbolic value, may be an especially attractive or accessible terrorist target. Homeland security The Federal Government’s efforts, in coordination with state and local governments and the private sector, to develop, coordinate, fund and implement the programs and policies necessary to detect, prepare for, prevent, protect against, respond to, and recover from terrorist or other attacks within the United States. Homogeneity Uniformity of a factor within a group of subjects or data, such as age, occupation, religion. Hot spot Any place where the level of radioactive contamination is considerably greater than the area around it. Hot Wash A Hot Wash is a facilitated discussion held immediately after an exercise among exercise players. It captures feedback about any issues, concerns, or proposed improvements players may have about the exercise. The Hot Wash is an opportunity for players to voice their opinions on the exercise and their own performance. Hovercraft A vessel used for the transportation of passengers and cargo that rides on a cushion of air formed under it. It is very maneuverable and amphibious. Human-caused hazard Human-caused hazards are technological hazards and terrorism. They are distinct from natural hazards primarily in that they originate from human activity. Within the military services, the term threat is typically used for human-caused hazard. Hunting An industry term used to describe an auto-iris lenses inability to stabilize under certain light conditions. Hydrofoil A motorboat that has metal plates or fins attached by struts fore and aft for lifting the hull clear of the water as speed is attained. I-frames I-frames are used for random access and are used as references for the decoding of other pictures. Intra- refresh periods of a half-second are common on such applications as digital television broadcast and DVD storage Icon A sign or representation that stands for an object by virtue of a resemblance or analogy to it. Identification and authentication Individuals and organizations that access the NIMS information management system and, in particular, those that contribute information to the system (e.g., situation reports), must be properly authenticated and certified for security purposes. Identity and access management The methods and processes used to manage subjects and their authentication and authorizations to access specific objects.

231 Illuminance The amount of light (luminous flux) falling on a specific area or surface. English units are foot-candles (fc) or lumens per sq. foot (Lm/ft2). International units (SI) are lumen per sq. meter (Lm/m2) or lux (lx). Immediate actions (IAs) Actions transit agency employees are trained to perform in anticipation or response to a potential attack until further instructions are available. The steps are taken immediately (without management direction) upon awareness of a potential or actual incident. IAs are intended to provide immediate protection of life and property and generally take a very short time to execute. The IA ends with a notification to management (e.g., the communications center) of the conditions present. Immediate response zone (IRZ) A circular zone ranging from 10 to 15 kilometers (6 to 9 miles) from the potential chemical event source, depending on the stockpile location on-post. Emergency response plans developed for the IRZ must provide for the most rapid and effective protective actions possible, because the IRZ will have the highest concentration of agent and the least amount of warning time. Imminent threat The immediate potential of harm to people and property. Impact The amount of loss or damage that can be expected or may be expected from a successful attack of an asset (ARM) Incarceration The act or process of confining someone; imprisonment. Incident An occurrence that actually or potentially results in adverse consequences to (adverse effects on) (poses a threat to) an information system or the information that the system processes, stores, or transmits and that may require a response action to mitigate the consequences. An occurrence that constitutes a violation or imminent threat of violation of security policies, security procedures, or acceptable use policies. (Adapted from CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, ISSG) Incident 2 An occurrence that has been assessed as having an adverse effect of the security of performance of a (critical infrastructure). Incident 1 An occurrence or event, natural or human-caused, that requires an emergency response to protect life or property. Incidents can, for example, include major disasters, emergencies, terrorist attacks, terrorist threats, wildland and urban fires, floods, hazardous materials spills, nuclear accidents, aircraft accidents, earthquakes, hurricanes, tornadoes, tropical storms, war-related disasters, public health and medical emergencies, and other occurrences requiring an emergency response. Incident action plan An oral or written plan containing general objectives reflecting the overall strategy for managing an incident. It may include the identification of operational resources and assignments. It may also include

232 attachments that provide direction and important information for management of the incident during one or more operational periods. Incident command Responsible for overall management of the incident and consists of the incident commander, either single or unified command, and any assigned supporting staff. Incident command post (ICP): The field location at which the primary tactical-level, on-scene incident command functions are performed. The ICP may be collocated with the incident base or other incident facilities and is normally identified by a green rotating or flashing light. Incident command system (ICS) 1 A standardized organizational structure used to command, control, and coordinate the use of resources and personnel that have responded to the scene of an emergency. The concepts and principles for ICS include common terminology, modular organization, integrated communication, unified command structure, consolidated action plan, manageable span of control, designated incident facilities, and comprehensive resource management. Incident command system (ICS) 2 The nationally used, standardized, on-scene emergency management concept specifically designed to allow its user(s) to adopt an integrated organizational structure equal to the complexity and demands of single or multiple incidents without being hindered by jurisdictional boundaries. ICS is the combination of facilities, equipment, personnel, procedures, and communications operating within a common organizational structure, with responsibility for the management of resources to effectively accomplish stated objectives pertinent to an incident. Incident commander (IC) The individual responsible for all incident activities, including the development of strategies and tactics and the ordering and the release of resources. The IC has overall authority and responsibility for conducting incident operations and is responsible for the management of all incident operations at the incident site. Incident management The broad spectrum of activities and organizations providing effective and efficient operations, coordination, and support applied at all levels of government, utilizing both governmental and nongovernmental resources to plan for, respond to, and recover from an incident, regardless of cause, size, or complexity. Incident management system In disaster/emergency management applications, the combination of facilities, equipment, personnel, procedures, and communications operating within a common organizational structure with responsibility for the management of assigned resources to effectively accomplish stated objectives pertaining to an incident.

233 Incident management team (IMT) An IC and the appropriate Command and General Staff personnel assigned to an incident. The level of training and experience of the IMT members, coupled with the identified formal response requirements and responsibilities of the IMT, are factors in determining “type,” or level, of IMT. Incident management The management and coordination of activities associated with an actual or potential occurrence of an event that may result in adverse consequences to information or information systems. (Adapted from NCSD Glossary, ISSG NCPS Target Architecture Glossary) Incident objectives Statements of guidance and direction needed to select appropriate strategy(s) and the tactical direction of resources. Incident objectives are based on realistic expectations of what can be accomplished when all allocated resources have been effectively deployed. Incident objectives must be achievable and measurable, yet flexible enough to allow strategic and tactical alternatives. Incident of national significance Based on criteria established in HSPD-5 (paragraph 4), an actual or potential high-impact event that requires a coordinated and effective response by an appropriate combination of federal, state, local, tribal, nongovernmental, and/or private sector entities in order to save lives and minimize damage, and provide the basis for long-term community and economic recovery. Incident response plan A set of predetermined and documented procedures to detect and respond to a cyber incident. (Adapted from CNSSI 4009) Incident/attack An act against the transit system’s facilities, passengers/patrons, and employees. Independent variable A variable that causes, effects, or influences the outcome of an experiment. Indicator An occurrence or sign that an incident may have occurred or may be in progress. (Adapted from CNSSI 4009, NIST SP 800-61 Rev 2 (DRAFT), ISSG V1.2 Database) Individual A passenger; employee; contractor; other rail transit facility worker; pedestrian; trespasser; or any person on rail transit-controlled property. Industrial control system Computer-based facilities, systems, and equipment used to remotely monitor and/or control critical/sensitive processes and physical functions. These systems collect measurement and operational data from field locations, process and display this information, and, in some systems, relay control commands to local or remote equipment or to human-machines interfaces (operators). (Transportation Industrial Control Systems Cybersecurity Standards Strategy, DHS, 2012)

234 Infiltration The uncontrolled exchange of the building’s interior air with outside air. Inflation A rise in the general price level over time, usually expressed as a percentage rate. Information assurance The measures that protect and defend information and information systems by ensuring their availability, integrity, and confidentiality. (Adapted from CNSSI 4009) Information management The collection, organization, and control over the structure, processing, and delivery of information from one or more sources and distribution to one or more audiences who have a stake in that information. Information sharing An exchange of data, information, and/or knowledge to manage risks or respond to incidents. (Adapted from NCSD Glossary) Information system resilience The ability of an information system to: (1) continue to operate under adverse conditions or stress, even if in a degraded or debilitated state, while maintaining essential operational capabilities; and (2) recover effectively in a timely manner. (Adapted from NIST SP 800-53 Rev 4) Information technology Any equipment or interconnected system or subsystem of equipment that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission, or reception of data or information. . . . The term information technology includes computers, ancillary equipment (including imaging peripherals, input, output, and storage devices necessary for security and surveillance), peripheral equipment designed to be controlled by the central processing unit of a computer, software, firmware, and similar procedures, services (including support services), and related resources. (40 USC, Sec 11101) Infrastructure The framework of interdependent networks and systems comprising identifiable industries, institutions (including people and procedures), and distribution capabilities that provide a reliable flow of products and services essential to the defense and economic security of the United States, the smooth functioning of governments at all levels, and society as a whole. Ingestion The act of swallowing; and in the case of radionuclides or chemicals, swallowing radionuclides or chemicals by eating or drinking.

235 Ingestion pathway (50-mile EPZ) A circular geographic zone (with a 50-mile radius centered at the nuclear power plant) for which plans are developed to protect the public from the ingestion of water or food contaminated as a result of a nuclear power plant accident. In the Chemical Stockpile Emergency Preparedness Program (CSEPP), the EPZ is divided into three concentric circular zones: Inhalation The act of breathing in; and in the case of radionuclides or chemicals, breathing in radionuclides or chemicals. Initial action The actions taken by those responders first to arrive at an incident site. Initial response Resources initially committed to an incident. Innocuous item test objects Test objects used to test the discrimination performance of the large object size and medium object size walk-through metal detectors. Inside(r) threat A person or group of persons within an organization who pose a potential risk through violating security policies. One or more individuals with the access and/or inside knowledge of a company, organization, or enterprise that would allow them to exploit the vulnerabilities of that entity's security, systems, services, products, or facilities with the intent to cause harm. (Adapted from: CNSSI 4009; From NIAC Final Report and Recommendations on the Insider Threat to Critical Infrastructure, 2008) Insider compromise A person authorized access to a facility (an insider) compromises assets by taking advantage of that accessibility. Integrated risk management The structured approach that enables an enterprise or organization to share risk information and analysis and to synchronize independent yet complementary risk management strategies to unify efforts across the enterprise. (Adapted from DHS Risk Lexicon) Integrated testing (INT-TEST) Begins with activities to identify, plan and conduct tests to evaluate integration of the delivered and accepted project into planned revenue operations. This phase concludes with verified documentation of compatibility between system elements. Integrity The property whereby information, an information system, or a component of a system has not been modified or destroyed in an unauthorized manner. A state in which information has remained unaltered from the point it was produced by a source, during transmission, storage, and eventual receipt by the destination. (Adapted from CNSSI 4009, NIST SP 800-53 Rev 4, 44 U.S.C., Sec 3542, SANS; From SAFE-BioPharma Certificate Policy 2.5)

236 Intellectual property rights (IPR) A category of intangible rights protecting commercially valuable products of the human intellect. The category comprises primarily trademark, copyright, and patent rights, but also includes trade secret rights, publicity rights, moral rights, and rights against unfair competition. (Note: Some areas of the world differ significantly in their recognition and enforcement of patents, trademarks, copyrights, and other IPR. It is important to understand the IPR climate and the ability of the legal safeguards that are applicable in each jurisdiction where there is a necessity to support your business requirements.) Intelligence officer The intelligence officer is responsible for managing internal information, intelligence, and operational security requirements supporting incident management activities. These may include information security and operational secirotu activities, as well as the complex task of ensuring that sensitive information of all types (e.g., classified information, law enforcement sensitive information, proprietary information, or export-controlled information) is handled in a way that not only safeguards the information, but also ensures that it gets to those who need access to it to perform their missions effectively and safely. Intelligence/investigat ions Intelligence gathered within the intelligence/investigations function is information that either leads to the detection, prevention, apprehension, and prosecution of criminal activities (or the individual(s) involved) including terrorist incidents or information that leads to determination of the cause of a given incident (regardless of the source) such as public health events or fires with unknown origins. This is different from the normal operational and situational intelligence gathered and reported by the Planning Section. Intent A state of mind or desire to achieve an objective. Intercity Connecting two or more cities. Intercoastal Describing external waterways that run along coasts or gulfs. Intercom A communications system within a train consist which is keyed into by a train crewmember for transmission/broadcast to/from specific locations within the train and used to provide train crew-to- passenger communication and intra-crew communication. Intercom door/gate station Part of an intercom system where communication is typically initiated, usually located at a door or gate. Intercom master station Part of an intercom system that monitors one or more intercom door/gate stations; typically, where initial communication is received.

237 Intercom switcher Part of an intercom system that controls the flow of communications between various stations. Intercom system An electronic system that allows simplex, half-duplex, or full-duplex audio communications. Interdependency The multi- or bi-directional reliance of an asset, system, network, or collection thereof, within or across sectors, on input, interaction, or other requirement from other sources in order to function properly. Intermodal Those issues or activities which involve or affect more than one mode of transportation, including transportation connections, choices, cooperation and coordination of various modes. Also known as "multimodal." Internal exposure Exposure to radioactive material taken into the body. Internally illuminated The light source is contained inside the device or legend that is illuminated. The light source is typically incandescent, fluorescent, electroluminescent, light emitting diodes (LED) or self-illuminating. International terrorism Violent acts or acts dangerous to human life that are a violation of the criminal laws of the United States or any state, or that would be a criminal violation if committed within the jurisdiction of the United States or any state. These acts appear to be intended to intimidate or coerce a civilian population, influence the policy of a government by intimidation or coercion, or affect the conduct of a government by assassination or kidnapping. International terrorist acts occur outside the United States, or transcend national boundaries in terms of the means by which they are accomplished, the persons they appear intended to coerce or intimidate, or the locale in which their perpetrators operate or seek asylum. Interoperability Allows emergency management/response personnel and their affiliated organizations to communicate within and across agencies and jurisdictions via voice, data, or video−on−demand, in real−time, when needed, and when authorized. Interoperability The ability of two or more systems or components to exchange information and to use the information that has been exchanged. (Adapted from IEEE Standard Computer Dictionary, DHS personnel) Interstate Connecting two or more states. Intracoastal Describing internal waterways such as lakes, rivers, and harbor Intrastate Connecting within a state.

238 Intruder Unauthorized person, animal, or object in a restricted area. Intrusion Attacks or attempted attacks from outside the security perimeter of (an asset) Intrusion An unauthorized act of bypassing the security mechanisms of a network or information system. Intrusion alarm Alarm generated by an IDS. Alarms include Intrusion, Nuisance, Environmental, and False. Intrusion detection Methods and technologies to sense and annunciate the intrusion of personnel into a defined area. Intrusion detection Sensor A device that initiates alarm signals by sensing the stimulus, change, or condition for which it was designed. Intrusion detection system (IDS) The combination of components, including sensors, control units, transmission lines, and monitor units, integrated to operate in a specified manner. Intrusion detection The process and methods for analyzing information from networks and information systems to determine if a security breach or security violation has occurred. (Adapted from: CNSSI 4009, ISO/IEC 27039 (draft)) Investigation The process used to determine the causal and contributing factors of an accident or hazard, so that actions can be identified to prevent recurrence. Investment cost First cost and later expenditures which have substantial and enduring value (generally more than one year) for upgrading, expanding, or changing the functional use of a building or building system.

239 Iodine A nonmetallic solid element. There are both radioactive and non-radioactive isotopes of iodine. Radioactive isotopes of iodine are widely used in medical applications. Radioactive iodine is a fission product and is the largest contributor to people’s radiation dose after an accident at a nuclear reactor. Ion An atom that has fewer or more electrons than it has protons causing it to have an electrical charge and, therefore, be chemically reactive. Ionization The process of adding one or more electrons to, or removing one or more electrons from, atoms or molecules, thereby creating ions. High temperatures, electrical discharges, or nuclear radiation can cause ionization. Ionizing radiation Any radiation capable of displacing electrons from atoms, thereby producing ions. High doses of ionizing radiation may produce severe skin or tissue damage. See also alpha particle, beta particle, gamma ray, neutron, x-ray. Iris A mechanical diaphragm which can be controlled manually or automatically to adjust the lens aperture. Irradiation Exposure to radiation. Isolated fenced perimeters Fenced perimeters with 100 feet or more of space outside the fence that is clear of obstruction, making approach obvious. Isotope A nuclide of an element having the same number of protons but a different number of neutrons. Jail A local government’s detention center where persons awaiting trial or those convicted of misdemeanors are confined. Jersey barrier A protective concrete barrier initially and still used as a highway divider that now also functions as an expedient method for traffic speed control at entrance gates and to keep vehicles away from buildings. Joint Information Center (JIC) A central point of contact for all news media near the scene of a large-scale disaster. News media representatives are kept informed of activities and events by Public Information Officers who represent all participating federal, state, and local agencies that are collocated at the JIC. Joint Information System (JIS) 1 Under the FRP, connection of public affairs personnel, decision-makers, and news centers by electronic mail, fax, and telephone when a single federal-state-local JIC is not a viable option.

240 Joint Information System (JIS) 2 Integrates incident information and public affairs into a cohesive organization designed to provide consistent, coordinated, accurate, accessible, timely, and complete information during crisis or incident operations. The mission of the JIS is to provide a structure and system for developing and delivering coordinated interagency messages; developing, recommending, and executing public information plans and strategies on behalf of the IC; advising the IC concerning public affairs issues that could affect a response effort; and controlling rumors and inaccurate information that could undermine public confidence in the emergency response effort. Joint Interagency Intelligence Support Element (JIISE) An interagency intelligence component designed to fuse intelligence information from the various agencies participating in a response to a WMD threat or incident within an FBI JOC. The JIISE is an ex- panded version of the investigative/intelligence component that is part of the standardized FBI command post structure. The JIISE manages five functions, including: security, collections management, current intelligence, exploitation, and dissemination. Joint Operations Center (JOC) Established by the LFA under the operational control of the federal OSC, as the focal point for management and direction of on-site activities, coordination/establishment of state requirements/priorities, and coordination of the overall federal response. Jurisdiction A range or sphere of authority. Public agencies have jurisdiction at an incident related to their legal responsibilities and authority. Jurisdictional authority at an incident can be political or geographic (e.g., city, county, tribal, state, or federal boundary lines) or functional (e.g., law enforcement, public health) Jurisdictional Agency The agency having jurisdiction and responsibility for a specific geographical area, or a mandated function. K9 Supervisor Law enforcement officer or management personnel responsible for oversight of the K9 unit and deployment of resources within the unit. K9 team The handler and the assigned service dog. K9 unit A specialized unit within a law enforcement agency or other organization that is responsible for administration of the program that deploys service dogs. Key The numerical value used to control cryptographic operations, such as decryption, encryption, signature generation, or signature verification.(CNSSI 4009) Key asset An organization, group of organizations, system, or group of systems, the loss of which would have widespread and dire strategic, economic or social impact

241 Key pair A public key and its corresponding private key. Two mathematically related keys having the property that one key can be used to encrypt a message that can only be decrypted using the other key. (Adapted from CNSSI 4009, Federal Bridge Certificate Authority Certification Policy 2.25) Key resources Publicly or privately controlled resources essential to the minimal operations of the economy and government. Keylogger or keystroke logger Software or hardware that tracks keystrokes and keyboard events, usually surreptitiously / secretly, to monitor actions by the user of an information system. Cybercriminals install them on computers to clandestinely record the computer user's passwords and other confidential information. Kiloton (Kt) The energy of an explosion that is equivalent to an explosion of 1,000 tons of TNT. One kiloton equals 1 trillion (1012) calories. Knot The unit of speed equivalent to one nautical mile, or 6,080.20 feet per hour. Laminated glass Multiple sheets of glass bonded together by a bonding interlayer. Landscaping The use of plantings (shrubs and trees), with or without landforms and/or large boulders, to act as a perimeter barrier against defined threats. Large object size The ability to detect guns and large knives concealed on an individual that are constructed of either ferromagnetic or nonferromagnetic metal. Large knives are defined for this purpose as knives with blade lengths exceeding 7.5 cm. Large object size test objects Test objects used to test the large object size detection performance of walk-through metal detectors used as weapon detectors. Laser card A card technology that uses a laser reflected off a card for uniquely identifying the card. Latent period The time between exposure to a toxic material and the appearance of a resultant health effect. Law enforcement incident command system (LEICS) The incident command system modified to reflect specific operating requirements of law enforcement. Layers of protection A traditional approach in security engineering using concentric circles extending out from an area to be protected as demarcation points for different security strategies.

242 Lead agency The federal department or agency assigned lead responsibility under U.S. law to manage and coordinate the federal response in a specific functional area. Lead federal agency (LFA) Leads and coordinates the emergency response activities of other federal agencies during a nuclear emergency. After a nuclear emergency, the Federal Radiological Emergency Response Plan (FRERP, available at ttp://www.fas.org/nuke/guide/usa/doctrine/national/frerp.htm) will determine which federal agency will be the LFA. Lens format The approximate size of a lens projected image. In most cases, the lens will project an image slightly greater than the designated image size to insure the pickup device is completely covered. It is recommended that camera and lenses are the same format size. A lens a larger format size can be used on a smaller format camera; however, a smaller format lens should never be used with a larger format camera. Letter of Expectation See Delegation of Authority. Level A A military level of packing that provides protection required to meet the most severe worldwide shipment, handling, and storage conditions. Level B A military level of packing that provides protection required to meet moderate worldwide shipment, handling, and storage conditions. Level of protection 1 The degree to which an asset (person, equipment, object, etc.) is protected against injury or damage from an attack. Level of protection 2 The degree to which an asset is protected against injury or damage from a CBR event. Liaison An agency official sent to another agency to facilitate interagency communications and coordination. Liaison officer A member of the Command Staff responsible for coordinating with representatives from cooperating and assisting agencies or organizations. Life-cycle cost (LCC) A technique of economic evaluation that sums over a given study period the costs of initial investment (less resale value), replacements, operation (including energy use) and maintenance of an investment decision. Life-cycle costs may be expressed in either present value terms or annual value terms. Limited area A restricted area within close proximity of a security interest. Uncontrolled movement may permit access to the item. Escorts and other internal restrictions may prevent access to the item. See controlled area and exclusion area. Line of sight (LOS) Direct observation between two points with the naked eye or hand-held optics.

243 Line supervision A data integrity strategy that monitors the communications link for connectivity and tampering. In Intrusion Detection System sensors, line supervision is often referred to as two-state, three-state, or four- state in respect to the number of conditions monitored. The frequency of sampling the link also plays a big part in the supervision of the line. Linear service Ferry service with multiple stops (e.g., along a waterfront). Line-of-sight sensor A pair of devices used as an intrusion detection sensor that monitor any movement through the field between the sensors. Local emergency operations plan Plan developed by designated local emergency planning agencies to comply with State and/or local requirements. EOPs typically follow the general format specified by the Federal Emergency Management Agency (FEMA) in the Federal Response Plan, and often include a Basic Plan and supporting Annexes. Local Emergency Planning Agencies: Includes those agencies of local government with authority to plan for, and manage the consequences of, a major emergency within their jurisdictional boundaries. The agencies vary by community, and often include: local emergency management agencies (EMAs); local emergency planning committees (LEPCs); municipal offices of emergency management (OEMs) and local departments of public safety (DPS). Local government Any county, city, village, town, district, or political subdivision of any state, and Indian tribe or authorized tribal organization, or Alaska Native village or organization, including any rural community or unincorporated town or village or any other public entity. Local radiation injury (LRI) Acute radiation exposure (more than 1,000 rads) to a small, localized part of the body. Most local radiation injuries do not cause death. However, if the exposure is from penetrating radiation (neutrons, x- rays, or gamma rays), internal organs may be damaged and some symptoms of acute radiation syndrome (ARS), including death, may occur. Local radiation injury invariably involves skin damage, and a skin graft or other surgery may be required. Lockdown/shelter-in- place Are terms that refer to securing a facility or vehicle from people entering or exiting the area to protect those in the lockdown or shelter-in-place from a threat outside of the secured area. This may also include securing the threat in a vehicle or facility. Logic bomb A software application or series of instructions that cause a system or network to shut down and/or to erase all data or software on the network. A logic bomb is a type of malware. Logistics Providing resources and other services to support incident management.

244 Logistics section The section responsible for providing facilities, services, and material support for the incident. Low-level waste (LLW) Radioactively contaminated industrial or research waste such as paper, rags, plastic bags, medical waste, and water-treatment residues. It is waste that does not meet the criteria for any of three other categories of radioactive waste: spent nuclear fuel and high-level radioactive waste; transuranic radioactive waste; or uranium mill tailings. Its categorization does not depend on the level of radioactivity it contains. Luminance contrast Refers to the relationship or difference between the object and its immediate background, defined by the ratio: L1-L2 Where: L1 = luminance of background. Luminance contrast The amount of light reflected from an area or surface or the amount of light emitted from a surface, e.g., electroluminescent or LED material. English units are foot-lamberts (fl). International (SI) units are candela per square meter (cd/ m2) and milli-candela per square meter (mcd/m2). (1 fl = 3.426 cd/m2 or 3426 mcd/ m2.) Luminescence The emission of light other than incandescent, as in phosphorescence or fluorescence by processes that derive energy from essentially non-thermal sources through excitation by radiation. Macro virus A type of malicious code that attaches itself to documents and uses the macro programming capabilities of the document’s application to execute, replicate, and spread or propagate itself. Magnetic lock An electromagnetic lock that unlocks a door when power is removed. Magnetic stripe A card technology that uses a magnetic stripe on the card to encode data used for unique identification of the card. Mail-bomb delivery Bombs or incendiary devices delivered to the target in letters or packages. Major disaster As defined under the Robert T. Stafford Disaster Relief and Emergency Assistance Act (42 U.S.C. 5122), a major disaster is any natural catastrophe (including any hurricane, tornado, storm, high water, wind- driven water, tidal wave, tsunami, earthquake, volcanic eruption, landslide, mudslide, snowstorm, or drought) or, regardless of cause, any fire, flood, or explosion, in any part of the United States, which in the determination of the President causes damage of sufficient severity and magnitude to warrant major disaster assistance under this act to supplement the efforts and available resources of States, local governments, and disaster relief organizations in alleviating the damage, loss, hardship, or suffering caused thereby. Major event Refers to domestic terrorist attacks, major disasters, and other emergencies. (HSPD-8)

245 Malicious applet A small application program that is automatically downloaded and executed and that performs an unauthorized function on an information system. Malicious code Program code intended to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system. Includes software, firmware, and scripts. (Adapted from CNSSI 4009, NIST SP 800-53 Rev 4) Malicious logic Hardware, firmware, or software that is intentionally included or inserted in a system to perform an unauthorized function or process that will have adverse impact on the confidentiality, integrity, or availability of an information system. (Adapted from CNSSI 4009) Malware Software that compromises the operation of a system by performing an unauthorized function or process. (Adapted from CNSSI 4009, NIST SP 800-83) Manageable span of control Because the responsibility of each individual supervisor is limited, the span of control typically ranges from three to seven persons, depending on the type of incident, the nature of the response, and the distance involved. Management by objective A management approach that involves a five-step process for achieving the incident goal. The management-by-objectives approach includes the following: establishing overarching incidents objectives; developing strategies based on overarching incidents objectives; developing and issuing assignments, plans, procedures, and protocols; establishing specific, measurable tactics or tasks for various incident management, functional activities, and directing efforts to attain them, in support of defined strategies; and documenting results to measure performance and facilitate corrective action. Managers Individuals within ICS organizational Units that are assigned specific managerial responsibilities (e.g., Staging Area Manager or Camp Manager). Man-trap An access control strategy that uses a pair of interlocking doors to prevent tailgating. Only one door can be unlocked at a time. Marine transportation system A national network of waterway systems, ports, and their intermodal landside connections that allows the various modes of transportation (i.e., vessels, vehicles, and other system users) to move people and goods on the water. This system includes extensive regional and local passenger ferry systems. Maritime security directive An instruction issued by the commandant or his/her delegate mandating specific security measures for vessels and facilities that may be involved in a transportation security incident.

246 Maritime security levels The levels reflecting the prevailing threat environment to the marine elements of the national transportation system, including ports, vessels, facilities, and critical assets and infrastructure located on or adjacent to water subject to the jurisdiction of the United States. Maritime Transportation Security Act Legislation passed as public law 107-295 on November 25, 2002, that implements, mandates, and regulates the security for maritime transportation vessels, assets, and facilities. Marking A visible notice, sign, symbol, line or trace. MARSEC Level 1 The level for which minimum appropriate protective security measures shall be maintained at all times. MARSEC Level 2 The level for which moderate protective security measures shall be maintained for a period of time as a result of heightened risk of a transportation security incident. MARSEC Level 3 The level for which maximum protective security measures shall be maintained for a limited period of time as a result of heightened risk of a transportation security incident. Mass notification Capability to provide real-time information to all building occupants or personnel in the immediate vicinity of a building during emergency situations. Master The holder of a license that authorizes the individual to serve as a master, operator, or person in charge of the rated vessel. Materiality Materiality is a function of consequence and likelihood. Strategic risks have a very high materiality (i.e., very significant consequence and high likelihood), whereas traditional risks have low materiality (i.e., low consequence and/or low likelihood). Mean A measure of central tendency, usually referred to as the average. Measure of central tendency A number that represents the average of a group of data. Measurement coordinate system A mutually orthogonal three-dimensional Cartesian coordinate system referenced to the detector axis and the detector plane. The three axes are labeled “x,” “y,” and “z,” where the y axis is parallel to the detector axis and the x and z axes are in the detector plane. The orientation of the test objects and direction of the magnetic field is referenced to the measurement coordinate system. Median A measure of central tendency that represents the middle number of a group of data that is arranged from smallest to largest.

247 Medical transitional structures and spaces Structures that are erected or leased for temporary occupancy to maintain mission-critical medical care during construction, renovation, modification, repair or restoration of an existing medical structure. Examples include urgent, ambulatory, and acute care operations. Medium object size The ability to detect small weapons and contraband items concealed on an individual that are constructed of either ferromagnetic or nonferromagnetic metal. Small weapons and contraband items are defined as any item that can be used to injure another person or to defeat security devices. Objects in this category include razor blades, hacksaw blades, handcuff keys, etc. Medium object size test objects Test objects used to test the medium object size detection performance of walk-through metal detectors used as weapon detectors. Mega-node The single point at which multiple modes intersect. In transportation systems, a mega-node is a place of potential failure or bottleneck, with the potential for wide-ranging disruptions and losses. Megaton (Mt) The energy of an explosion that is equivalent to an explosion of 1 million tons of TNT. One megaton is equal to a quintillion (1018) calories. See also kiloton. Memoranda of understanding Written or oral mutual aid agreements that serve as the basis of mutual acknowledgment of the resources that each organization will provide during response and recovery efforts. (MOU) or Memorandum of agreement (MOA) A formal written agreement between the public transportation system and a participating agency, or among multiple agencies and the transit system, which defines respective roles during emergency situations Methodology An open system of procedures. Metrics Measurable standards that are useful in describing a resource’s capability. Metropolitan medical strike teams (MMSTs) Teams that are being developed to manage the immediate medical consequences of CBN terrorist events. The United States Public Health Service (USPHS) will sponsor these MMSTs in partnership with local and public safety response agencies. Metropolitan routes Routes located in and serving areas designated as metropolitan. These routes are used to transport individuals from one point in a metropolitan area to another. For example, New York City is a metropolitan area and the ferry systems support the transportation of the city. Microwave motion sensor An intrusion detection sensor that uses microwave energy to sense movement within the sensor’s field of view. These sensors work similar to radar by using the Doppler effect to measure a shift in frequency.

248 Microwave sensor An IDS sensor that uses the disturbance of microwave energy to annunciate an intrusion Military installations Army, Navy, Air Force, and Marine Corps bases, posts, stations, and annexes (both contractor and government operated), hospitals, terminals, and other special mission facilities, as well as those used primarily for military purposes. Military protective construction Military facilities designed to resist military conventional and nuclear weapons to the NATO (or equivalent) standards of hardened, protected, semi-hardened, collaterally protected, or splinter protected Minimum essential infrastructure resource elements The broad categories of resources, all or portions of which constitute the minimal essential infrastructure necessary for a department, agency, or organization to conduct its core mission(s). Minimum measures Protective measures that can be applied to all buildings regardless of the identified threat. These measures offer defense or detection opportunities for minimal cost, facilitate future upgrades, and may deter acts of aggression. Minimum object distance (M.O.D.) The closest distance a given lens will be able to focus upon an object. Generally the smaller the focal length the shorter the M.O.D. This distance can be altered with use of extension tubes. Misdemeanor A crime that is less serious than a felony and is usually punishable by fine, penalty, forfeiture, or confinement (usually for a brief term) in a place other than prison (such as a county jail). Mission areas Groups of core capabilities, including Prevention, Protection, Mitigation, Response, and Recovery. These mission areas are identified in the National Preparedness Goal. Mitigation The application of one or more measures to reduce the likelihood of an unwanted occurrence and/or lessen its consequences. Implementing appropriate risk-reduction controls based on risk management priorities and analysis of alternatives. Mitigation 1 Sustained action that reduces or eliminates long-term risk to people and property and limits the effects of criminal and terrorist activity.

249 Mitigation 2 The activities designed to reduce or eliminate risks to persons or property or to lessen the actual or potential effects or consequences of an incident. Mitigation measures may be implemented prior to, during, or after an incident. Mitigation measures are often informed by lessons learned from prior incidents. Mitigation involves ongoing actions to reduce exposure to, probability of, or potential loss from hazards. Measures may include zoning and building codes, floodplain buyouts, and analysis of hazard related data to determine where it is safe to build or locate temporary facilities. Mitigation can include efforts to educate governments, businesses, and the public on measures they can take to reduce loss and injury. Mitigation 3 Provides a critical foundation in the effort to reduce the loss of life and property from natural and/or man-made disasters by avoiding or lessening the impact of a disaster and providing value to the public by creating safer communities. Mitigation seeks to fix the cycle of disaster damage, reconstruction, and repeated damage. These activities or actions, in most cases, will have a long−term sustained effect. Mitigation strategies Implementation of measures to lessen or eliminate the occurrence or impact of a crisis. Mitigation strategy One of the four core components of the cost-accounting framework (bearer of costs; budget category; building/facility component; mitigation strategy). Means of classifying/allocating costs within the CET software in regards to risk management. The three mitigation strategy classifications include engineering alternatives; management practices; financial mechanisms. Mobilization The process and procedures used by all organizations—federal, state, tribal, and local—for activating, assembling, and transporting all resources that have been requested to respond to or support an incident. Mobilization guide Reference document used by organizations outlining agreements, processes, and procedures used by all participating agencies/organizations for activating, assembling, and transporting resources. Mode 1 A specific form or variety of something. In the context of transportation, there are six modes: aviation, maritime, mass transit, highway, freight rail, and pipeline. Mode 2 A measure of central tendency that represents the number most frequently encountered within a group of numbers.

250 Mode of service A system for carrying transit passengers described by specific right-of-way, technology and operational features. Typically includes the following: ⇒ Aerial Tramway: An electric system of aerial cables with suspended powerless passenger vehicles. The vehicles are propelled by separate cables attached to the vehicle suspension system and powered by engines or motors at a central location not onboard the vehicle. ⇒ Automated Guideway: An electric railway (single or multi-car trains) comprised of guided transit vehicles that operate without transit personnel onboard. Service may be on a fixed schedule or in response to a passenger activated call button. Automated guideway transit includes personal rapid transit, group rapid transit and people mover systems. ⇒ Bus: A transit mode comprised of rubber tired passenger vehicles operating on fixed routes and schedules over roadways. Vehicles are powered by diesel, gasoline, battery, or alternative fuel engines contained within the vehicle. ⇒ Bus Rapid Transit: A type of bus service that operates on exclusive transit ways, HOV lanes, expressways, or ordinary streets. A BRT system combines intelligent transportation systems technology, priority for transit, rapid and convenient fare collection, and integration with land use policy in order to substantially upgrade bus system performance. ⇒ Cable Car: An electric railway with individually controlled transit vehicles attached to a moving cable located below the street surface and powered by engines or motors at a central location not onboard the vehicle. ⇒ Commuter Rail: A transit mode that is an electric or diesel propelled railway for urban passenger train service consisting of local short-distance travel operating between a central city and adjacent suburbs. Service must be operated on a regular basis by, or under contract with, a transit operator for the purpose of transporting passengers within urbanized areas, or between urbanized areas and outlying areas. Such rail service, using either locomotive hauled or self propelled railroad passenger cars, is generally characterized by multi-trip tickets, specific station to station fares, railroad employment practices and usually only one or two stations in the central business district. ⇒ Demand Response: A transit mode comprised of passenger cars, vans or Class C buses operating in response to calls from passengers or their agents to the transit operator, who then dispatches a vehicle to pick up the passengers and transport them to their destinations. A demand response operation is characterized by the following: (a) The vehicles do not operate over a fixed route or on a fixed schedule except, perhaps, on a temporary basis to satisfy a special need; and (b) typically, the vehicle may be dispatched to pick up several passengers at different pickup points before taking them to their respective destinations and may even be interrupted en route to these destinations to pick up other passengers. The

251 following types of operations fall under the above definitions provided they are not on a scheduled fixed- route basis: many origins-many destinations, many origins-one destination, one origin-many destinations, and one origin-one destination. “Paratransit” is another name for "Demand Response" service. ⇒ Ferryboat: A transit mode comprised of vessels carrying passengers and/or vehicles over a body of water, and that are generally steam or diesel-powered. ⇒ Heavy Rail: A transit mode that is an electric railway with the capacity for a heavy volume of traffic. It is characterized by high speed and rapid acceleration passenger rail cars operating singly or in multi-car trains on fixed rails; separate rights-of-way from which all other vehicular and foot traffic are excluded; sophisticated signaling, and high platform loading. ⇒ Inclined Plane: A transit mode that is a railway operating over exclusive right-of-way on steep grades (slopes) with powerless vehicles propelled by moving cables attached to the vehicles and powered by engines or motors at a central location not onboard the vehicle. Special tramway t vehicles have passenger seats that remain horizontal while the undercarriage (truck) is angled parallel to the slope. ⇒ Jitney: A transit mode comprised of passenger cars or vans operating on fixed routes (sometimes with minor deviations) as demand warrants without fixed schedules or fixed stops. ⇒ Light Rail: Lightweight passenger rail cars operating singly (or in short, usually two-car, trains) on fixed rails in right-of-way that is not separated from other traffic for much of the way. Light rail vehicles are driven electrically with power being drawn from an overhead electric line via a trolley or a pantograph. Also known as "streetcar," "tramway," or "trolley car." ⇒ Monorail: A transit mode that is an electric railway of guided transit vehicles operating singly or in multi-car trains. The vehicles are suspended from or straddle a guideway formed by a single beam, rail, or tube. ⇒ Trolleybus: Electric rubber tired passenger vehicles, manually steered and operating singly on city streets. Vehicles are propelled by a motor drawing current through overhead wires via trolleys, from a central power source not onboard the vehicle. Molecule A combination of two or more atoms that are chemically bonded. A molecule is the smallest unit of a compound that can exist by itself and retain all of its chemical properties. Monohull A vessel with a single hull. Monostatic sensor An IDS sensor that consists of one part, with transmitter and receiver mounted in the same physical device.

252 Monte Carlo simulation A technique used to evaluate models that are too complicated for an analytical solution. It involves the use of numerous trials to find the equilibrium of a system. Mooring line A cable or line to tie up a ship. Motion detector An intrusion detection sensor that changes state based on movement in the sensor’s field of view. Moving vehicle bomb An explosive-laden car or truck driven into or near a building and detonated. Multiagency coordination (MAC) group Typically, administrators/executives, or their appointed representatives, who are authorized to commit agency resources and funds, are brought together and form MAC Groups. MAC Groups may also be known as multiagency committees, emergency management committees, or as otherwise defined by the System. It can provide coordinated decision making and resource allocation among cooperating agencies, and may establish the priorities among incidents, harmonize agency policies, and provide strategic guidance and direction to support incident management activities. Multiagency coordination entity A multiagency coordination entity functions within a broader multiagency coordination system. It may establish the priorities among incidents and associated resource allocations, deconflict agency policies, and provide strategic guidance and direction to support incident management activities. Multiagency coordination system(s) (MACS) Multiagency coordination systems provide the architecture to support coordination for incident prioritization, critical resource allocation, communications systems integration, and information coordination. The elements of multiagency coordination systems include facilities, equipment, personnel, procedures, and communications. Two of the most commonly used elements are EOCs and MAC Groups. These systems assist agencies and organizations responding to an incident. Multijurisdictional incident An incident requiring action from multiple agencies that each have jurisdiction to manage certain aspects of an incident. In ICS, these incidents will be managed under Unified Command. Mutual aid agreements and/or assistance agreements: Written or oral agreements between and among agencies/organizations and/or jurisdictions that provide a mechanism to quickly obtain emergency assistance in the form of personnel, equipment, materials, and other associated services. The primary objective is to facilitate rapid, short−term deployment of emergency support prior to, during, and/or after an incident. NAR Nuisance alarm rate A rate or ratio of nuisance alarms compared to other alarm types.

253 National Of a nationwide character, including the federal, state, local and tribal aspects of governance and polity. National Disaster Recovery Framework A guide that enables effective recovery support to disaster-impacted states, tribes, territorial and local jurisdictions. National Disaster Medical System A cooperative, asset-sharing partnership between the Department of Health and Human Services, the Department of Veterans Affairs, the Department of Homeland Security, and the Department of Defense. NDMS provides resources for meeting the continuity of care and mental health services requirements of the Emergency Support Function 8 in the Federal Response Plan. National Incident Management System (NIMS) Provides a systematic, proactive approach guiding government agencies at all levels, the private sector, and nongovernmental organizations to work seamlessly to prepare for, prevent, respond to, recover from, and mitigate the effects of incidents, regardless of cause, size, location, or complexity, in order to reduce the loss of life or property and harm to the environment. National Mitigation Framework A framework that sets the strategy and doctrine for how the whole community builds, sustains, and delivers the mitigation core capabilities identified in the National Preparedness Goal in an integrated manner with the other mission areas. National Preparedness Goal "A secure and resilient Nation with the capabilities required across the whole community to prevent, protect against, mitigate, respond to, and recover from the threats and hazards that pose the greatest risk." The National Preparedness Goal document describes a vision for preparedness nationwide and identifies the core capabilities necessary to achieve that vision across the five mission areas—Prevention, Protection, Mitigation, Response and Recovery. National Prevention Framework A framework that describes what the whole community—from community members to senior leaders in government—should do upon the discovery of an imminent threat to the homeland. National Protection Framework A framework that describes the way that the whole community safeguards against acts of terrorism, natural disasters, and other threats or hazards. National Response Framework A guide to how the nation responds to all types of disasters and emergencies. National Response Plan A plan mandated by HSPD-5 that integrates federal domestic prevention, preparedness, response, and recovery plans into one all-discipline, all-hazards plan.

254 Natural A term which refers to deriving access control and surveillance as a by-product of the normal and routine use of the environment. Natural disaster A physical capability with the ability to destroy or incapacitate critical infrastructures. Natural disasters differ from threats due to the absence of intent Natural filtration Filtering that occurs when an agent is deposited in the building shell or on interior surfaces as air passes into and out of the building; generally, the tighter the building, the greater the effect of natural filtration. Natural hazard Naturally occurring events such as floods, earthquakes, tornadoes, tsunami, coastal storms, landslides, and wildfires that strike populated areas. A natural event is a hazard when it has the potential to harm people or property (FEMA 386-2, Understanding Your Risks). The risks of natural hazards may be increased or decreased as a result of human activity; however, they are not inherently human-induced. Natural protective barriers Natural protective barriers are mountains and deserts, cliffs and ditches, water obstacles, or other terrain features that are difficult to traverse. Natural ventilation The exchange of the building’s internal air with outside air by means of intentional openings in the building envelope such as open doors and windows Naval vessel protection zone A 500-yard regulated area of water surrounding large U.S. naval vessels that is necessary to provide for the safety or security of these U.S. naval vessels. Network A group of assets or systems that share information or interact with each other in order to provide infrastructure services within or across sectors. Network resilience The ability of a network to: (1) provide continuous operation (i.e., highly resistant to disruption and able to operate in a degraded mode if damaged); (2) recover effectively if failure does occur; and (3) scale to meet rapid or unpredictable demands. (Adapted from CNSSI 4009) Network services Installs, configures, tests, operates, maintains, and manages networks and their firewalls, including hardware (e.g., hubs, bridges, switches, multiplexers, routers, cables, proxy servers, and protective distributor systems) and software that permit the sharing and transmission of all spectrum transmissions of information to support the security of information and information systems. Neutron A small atomic particle possessing no electrical charge typically found within an atom's nucleus. Neutrons are, as the name implies, neutral in their charge. That is, they have neither a positive nor a

255 negative charge. A neutron has about the same mass as a proton. See also alpha particle, beta particle, gamma ray, nucleon, x-ray. New Starts Project Any rail fixed guideway system funded under FTA’s 49 U.S.C. 5309 discretionary construction program. Node A network intersection or junction (e.g., a subway station). Nolo contendere The name of a plea in a criminal action, having the same legal effect as a plea of guilty, so far as regards all proceedings on the indictment, and on which the defendant may be sentenced. (Latin for ‘‘I will not contest it.’’) Non-exclusive zone An area around an asset that has controlled entry, but shared or less restrictive access than an exclusive zone. Nongovernmental organization (NGO) An entity with an association that is based on interests of its members, individuals, or institutions. It is not created by a government, but it may work cooperatively with government. Such organizations serve a public purpose, not a private benefit. Examples of NGOs include faith−based charity organizations and the American Red Cross. Non-ionizing radiation Radiation that has lower energy levels and longer wavelengths than ionizing radiation. It is not strong enough to affect the structure of atoms it contacts but is strong enough to heat tissue and can cause harmful biological effects. Examples include radio waves, microwaves, visible light, and infrared from a heat lamp. Non-persistent agent An agent that, upon release, loses its ability to cause casualties after 10 to 15 minutes. It has a high evaporation rate, is lighter than air, and will disperse rapidly. It is considered to be a short-term hazard; however, in small, unventilated areas, the agent will be more persistent. Non-repudiation A property achieved through cryptographic methods to protect against an individual or entity falsely denying having performed a particular action related to data. Provides the capability to determine whether a given individual took a particular action such as creating information, sending a message, approving information, and receiving a message. Non-stochastic effects Effects that can be related directly to the radiation dose received. The effect is more severe with a higher does. It typically has a threshold, below which the effect will not occur. These are sometimes called deterministic effects. For example, a skin burn from radiation is a non-stochastic effect that worsens as the radiation dose increases. Normal User Persons whom you desire to be in a certain space.

256 Notification The formal advising, by voice or in writing, of specific information about an incident by the process described in the emergency response procedure governing the incident. Nuclear detonation An explosion resulting from fission and/or fusion reactions in nuclear material, such as that from a nuclear weapon. Nuclear energy The heat energy produced by the process of nuclear fission within a nuclear reactor or by radioactive decay. Nuclear fuel cycle The steps involved in supplying fuel for nuclear power plants. It can include mining, milling, isotopic enrichment, fabrication of fuel elements, use in reactors, chemical reprocessing to recover the fissile material remaining in the spent fuel, reenrichment of the fuel material refabrication into new fuel elements, and waste disposal. Nuclear, biological, or chemical weapons Also called Weapons of Mass Destruction (WMD). Weapons that are characterized by their capability to produce mass casualties. Nucleus The central part of an atom that contains protons and neutrons. The nucleus is the heaviest part of the atom. Nuisance alarm Alarm annunciation from the detection of an intruder that is NOT an intrusion. Example is an authorized worker who enters a protected area with proper suppression of the IDS alarm. Object A passive information system-related entity containing or receiving information. (Adapted from CNSSI 4009, NIST SP 800-53 Rev 4) Object size classes A classification method based on the ability to detect metal objects of a minimum size. A detector may meet the requirements for one or both object size classes. Officers The ICS title for the personnel responsible for the Command Staff positions of Safety, Liaison, and Public Information. On-scene coordinator The person at the scene of an emergency who is responsible for coordinating all disaster recovery activities and vehicle movements at the scene. On-scene coordinator (OSC) The federal official pre-designated by the EPA and U.S. Coast Guard to coordinate and direct response and removals under the National Oil and Hazardous Substances Pollution Contingency Plan. Open systems architecture A term borrowed from the IT industry to claim that systems are capable of interfacing with other systems from any vendor, which also uses open system architecture. The opposite would be a proprietary system.

257 Operating cost The expenses incurred during the normal operation of a building or a building system or component, including labor, materials, utilities, and other related costs. Operational period The time scheduled for executing a given set of operation actions, as specified in the Incident Action Plan. Operational periods can be of various lengths, although usually they last 12–24 hours. Operations (OPS) Begins with the initiation of the completed project in service and concludes with the determination that the project has fulfilled its service requirements and must be replaced or removed from operations. Operations control center (OCC) A central or designated regional location of a railroad with responsibilities for directing the safe movement of trains. Operations-based exercises Operations-based exercises - drills, functional exercises (FEs), and full-scale exercises (FSEs) – are conducted in a simulated operational environment and “validate plans, policies, agreements, and procedures; clarify roles and responsibilities; and identify resource gaps.” Operations section One of the five primary functions found in the ICS and at all emergency management levels. The Section is responsible for all tactical operations at the incident, or for the coordination of operational activities at an EOC. The Operations Section at field response level may include branches, divisions, and/or groups, task forces, teams, and single resources. Operations security The co-mingling of computer, technical counterintelligence security measures developed and implemented to augment traditional security programs (physical security, information or personnel security and communications security) as a means of eliminating or minimizing vulnerabilities that impact on technical programs. Operations support vehicles Vehicles such as airfield support equipment whose purpose is direct support to operations and which are operated only within a restricted access area. Operator interface The part of a security management system that provides that user interface to humans. Organic security Security that is part of the organization itself rather than contracted services. Organization Any association or group of persons with like objectives. Examples include, but are not limited to, governmental departments and agencies, private sector, and/or nongovernmental organizations.

258 Organizational areas of control Controls consist of the policies, procedures, practices, and organization structures designed to provide reasonable assurance that business objectives will be achieved and that undesired events will be prevented or detected and corrected. Original equipment manufacturer (OEM) The enterprise that initially designs and builds a piece of equipment. Outside(r) threat A person or group of persons external to an organization who are not authorized to access its assets and pose a potential risk to the organization and its assets. (Adapted from CNSSI 4009) Overpressure The difference in static pressure between the inside of a building and the ambient pressure outside of the building. Oversight agency The entity, other than the rail transit agency, designated by the state or several states to implement this part. Owner operator Any person or entity that owns or maintains operational control over any facility subject to 33 CFR Subchapter H. Parking Designated areas where vehicles may be left unattended. Participating agency Any fire, law enforcement, medical, governmental, or humanitarian agency that participates in any portion of a public transportation system’s emergency response. Passenger A person who is onboard, boarding, or alighting from a rail transit vehicle for the purpose of travel. Passenger operations The period of time when any aspect of rail transit agency operations are initiated with the intent to carry passengers. Passenger vessel (1) On an international voyage, a vessel carrying more than 12 passengers, including at least one passenger-for-hire; and (2) on a domestic voyage, (i) a vessel of at least 100 gross register tons carrying more than 12 passengers, including at least one passenger-for-hire; (ii) a vessel of less than 100 gross register tons carrying more than six passengers, including at least one passenger-for-hire; (iii) a vessel that is chartered and carrying more than 12 passengers; (iv) a submersible vessel that is carrying at least one passenger-for-hire; or (v) a wing-in-ground craft, regardless of tonnage, that is carrying at least one passenger-for-hire.

259 Passenger-only ferries Vessels having only passenger decks, though they may also have space for bicycles. They can range from small boats about 50 feet long holding about 50 people to the 310-foot-long Staten Island ferries in New York, which can accommodate 6,000 people. Because they do not have vehicle decks, they need not be square-ended and may be side loading and have pointed bows. Catamaran (double hull) and hydrofoil (skimming the surface of the water) styles may be used for high-speed services. Passive attack An actual assault perpetrated by an intentional threat source that attempts to learn or make use of information from a system, but does not attempt to alter the system, its resources, its data, or its operations. (Adapted from IETF RFC 4949, NIST SP 800-63 Rev 1) Passive infrared motion sensor A device that detects a change in the thermal energy pattern caused by a moving intruder and initiates an alarm when the change in energy satisfies the detector’s alarm-criteria. Passive vehicle barrier A vehicle barrier that is permanently deployed and does not require response to be effective. Password A string of characters (letters, numbers, and other symbols) used to authenticate an identity or to verify access authorization. (FIPS 140-2) Patch panel A concentrated termination point that separates backbone cabling from devices cabling for easy maintenance and troubleshooting. Pathogens Living disease-producing agents of biological origin, including bacteria, viruses, and fungi Pathways Pathways: the routes by which people are exposed to radiation or other contaminants. The three basic pathways are inhalation, ingestion, and direct external exposure. See also exposure pathway. Patrol dog A service dog selected by the trainer and qualified by recognized standards to perform basic patrol functions. Pen test or penetration testing An evaluation methodology whereby assessors search for vulnerabilities and attempt to circumvent the security features of a network and/or information system. (Adapted from NCSD Glossary, CNSSI 4009, NIST SP 800-53 Rev 4) Penetrating radiation Radiation that can penetrate the skin and reach internal organs and tissues. Photons (gamma rays and x- rays), neutrons, and protons are penetrating radiations. However, alpha particles and all but extremely high-energy beta particles are not considered penetrating radiation.

260 Perimeter barrier A fence, wall, vehicle barrier, landform, or line of vegetation applied along an exterior perimeter used to obscure vision, hinder personnel access, or hinder or prevent vehicle access. Persistent agent An agent that, upon release, retains its casualty-producing effects for an extended period of time, usually anywhere from 30 minutes to several days. A persistent agent usually has a low evaporation rate and its vapor is heavier than air; therefore, its vapor cloud tends to hug the ground. It is considered to be a long- term hazard. Although inhalation hazards are still a concern, extreme caution should be taken to avoid skin contact as well. Personal identifying information / personally identifiable information The information that permits the identity of an individual to be directly or indirectly inferred. Personal responsibility All responders are expected to use good judgment and be accountable for their actions. Personnel accountability The ability to account for the location and welfare of incident personnel. It is accomplished when supervisors ensure that ICS principles and processes are functional and that personnel are working within established incident management guidelines. Pharming A technique used by hackers to redirect users to false websites without their knowledge. Phishing A digital form of social engineering to deceive individuals into providing sensitive information such as usernames, passwords, social security numbers and credit card details. Common phishing tactics include posing as a known contact, a legitimate company, or an otherwise trusted entity in an electronic communication. (Adapted from NCSD Glossary, CNSSI 4009, NIST SP 800-63 Rev 1) Photon Discrete "packet" of pure electromagnetic energy. Photons have no mass and travel at the speed of light. The term "photon" was developed to describe energy when it acts like a particle (causing interactions at the molecular or atomic level), rather than a wave. Gamma rays and x-rays are photons. Physical security The part of security concerned with measures/concepts designed to safeguard personnel; to prevent unauthorized access to equipment, installations, materiel, and documents; and to safeguard them against espionage, sabotage, damage, and theft.

261 Piezoelectric An IDS sensor that uses the physical effect of voltage generation caused by the exertion of pressure on certain materials. Pilot house The enclosed space on the navigating bridge from which a ship is controlled when underway. Pinhole lens Lenses used primarily in covert applications where the camera/lens must remain out of sight. Pixel A pixel (short for picture element, using the common abbreviation "pix" for picture) is a single point in a graphic image. Plain language Communication that can be understood by the intended audience and meets the purpose of the communicator. For the purpose of NIMS, plain language is designed to eliminate or limit the use of codes and acronyms, as appropriate, during incident response involving more than a single agency. Plaintext Unencrypted information.(CNSSI 4009) Planned event A planned, nonemergency activity (e.g., sporting events, concerts, parades, etc.). Planning Begins with research conducted into the feasibility of a project and concludes with the creation of a concept and the decision to develop a preliminary design. This phase is managed through the local transportation planning function and proceeds through alternative analysis and special research, environmental impact assessments, corridor analyses, and major investment studies. It concludes with the formal adoption of a locally preferred alternative and the request to enter Preliminary Engineering. Planning meeting A meeting held as needed before and throughout the duration of an incident to select specific strategies and tactics for incident control operations and for service and support planning. For larger incidents, the Planning Meeting is a major element in the development of the Incident Action Plan. Planning section The section responsible for the collection, evaluation, and dissemination of operational information related to the incident, and for the preparation and documentation of the IAP. This Section also maintains information on the current and forecasted situation and on the status of resources assigned to the incident. Planning/intelligence This section is responsible for the collection, evaluation, and dissemination of information related to the incident or an emergency, and for the preparation and documentation of incident action plans. This section also maintains information on the current and forecasted situation, and on the status of resources assigned to the incident. At the field response level, the section will include the situation, resource, documentation, and demobilization units, as well as technical specialists.

262 Planter barrier A passive vehicle barrier, usually constructed of concrete and filled with dirt (and flowers for aesthetics). Planters, along with bollards, are the usual street furniture used to keep vehicles away from existing buildings. Overall size and the depth of installation below grade determine the vehicle stopping capability of the individual planter. Plume 1 Airborne material spreading from a particular source; the dispersal of particles, gases, vapors, and aerosols into the atmosphere. Plume 2 The material spreading from a particular source and traveling through environmental media, such as air or ground water. For example, a plume could describe the dispersal of particles, gases, vapors, and aerosols in the atmosphere, or the movement of contamination through an aquifer (For example, dilution, mixing, or adsorption onto soil). Plutonium (Pu) A heavy, man-made, radioactive metallic element. The most important isotope is Pu-239, which has a half-life of 24,000 years. Pu-239 can be used in reactor fuel and is the primary isotope in weapons. One kilogram is equivalent to about 22 million kilowatt-hours of heat energy. The complete detonation of a kilogram of plutonium produces an explosion equal to about 20,000 tons of chemical explosive. All isotopes of plutonium are readily absorbed by the bones and can be lethal depending on the dose and exposure time. Point sensors A sensor that is used to monitor a single point such as door position (open or closed). Point-to-point ferry route segment/service Serving only two locations, in which case the route consists of a single nonstop ferry route segment. Polonium (Po) A radioactive chemical element and a product of radium (Ra) decay. Polonium is found in uranium (U) ores. Polycarbonate glazing A plastic glazing material with enhanced resistance to ballistics or blast effects. Population Everyone or everything defined to be within a class, category, or grouping of subjects or data. Portability Facilitates the interaction of systems that are normally distinct. Portability of radio technologies, protocols, and frequencies among emergency management/response personnel will allow for the successful and efficient integration, transport, and deployment of communications systems when necessary. Portability includes the standardized assignment of radio channels across jurisdictions, which allows responders to participate in an incident outside their jurisdiction and still use familiar equipment.

263 Ported coaxial An IDS sensor that uses a leaky (purposely designed cable with poor shield) to detect intrusion. A RF signal is injected into the cable and interference of the field produced around the ported cable causes an IDS alarm Practical field test A non-theoretical experiment designed to produce results which can be applied or used to make decisions. Precursor An observable occurrence or sign that an attacker may be preparing to cause an incident. Prefilter A low- to medium-efficiency filter that precedes the HEPA filter to remove large particulates. Preliminary damage assessment (PDA) A mechanism used to determine the impact and magnitude of damage and the resulting unmet needs of individuals, businesses, the public sector, and the community as a whole. Information collected is used by the state as a basis for the Governor’s request for a Presidential declaration, and by FEMA to document the recommendation made to the President in response to the Governor’s request. PDAs are made by at least one state and one federal representative. A local government representative familiar with the extent and location of damage in the community often participates; other state and federal agencies and voluntary relief organizations also may be asked to participate, as needed. Prenatal radiation exposure Radiation exposure to an embryo or fetus while it is still in its mother’s womb. At certain stages of the pregnancy, the fetus is particularly sensitive to radiation and the health consequences could be severe above 5 rads, especially to brain function. Preparedness 1 Establishing the plans, training, exercises, and resources necessary to enhance mitigation of and achieve readiness for response to, and recovery from all hazards, disasters, and emergencies, including WMD incidents. Preparedness 2 The range of deliberate, critical tasks and activities necessary to build, sustain, and improve the operational capability to prevent, protect against, respond to, and recover from domestic incidents. Preparedness is a continuous process. Preparedness involves efforts at all levels of government and between government and private sector and nongovernmental organizations to identify threats, determine vulnerabilities, and identify required resources. Within the NIMS, preparedness is operationally focused on establishing guidelines, protocols, and standards for planning, training and exercises, personnel qualification and certification, equipment certification, and publication management.

264 Preparedness 3 A continuous cycle of planning, organizing, training, equipping, exercising, evaluating, and taking corrective action in an effort to ensure effective coordination during incident response. Within NIMS preparedness focuses on the following elements: planning, procedures and protocols, training and exercises, personnel qualification and certification, and equipment certification. Preparedness organizations 1 Provides coordination for emergency management and incident response activities before a potential incident. These organizations range from groups of individuals to small committees to large standing organizations that represent a wide variety of committees, planning groups, and other organizations (e.g., Citizen Corps, Local Emergency Planning Committees (LEPCs), Critical Infrastructure Sector Coordinating Councils). Preparedness organizations 2 The groups and fora that provide interagency coordination for domestic incident management activities in a nonemergency context. Preparedness organizations can include all agencies with a role in incident management, for prevention, preparedness, response, or recovery activities. They represent a wide variety of committees, planning groups, and other organizations that meet and coordinate to ensure the proper level of planning, training, equipping, and other preparedness requirements within a jurisdiction or area. Pre−positioned resources Resources moved to an area near the expected incident site in response to anticipated resource needs. Pre-revenue (Interim) operations (PRE-REV) Begins with the identification and performance of tests, drills, exercises, and audits designed to verify the functional capability and readiness of the system as a whole, and concludes with verified documentation of readiness for revenue operations. Pressure mat A mat that generates an alarm when pressure is applied to any part of the mat’s surface, such as when someone steps on the mat. Pressure mats can be used to detect an intruder approaching a protected object, or they can be placed by doors and windows to detect entry. Pressure sensor An IDS sensor that detects pressure (usually intruding personnel) and alarms when activated. Pre-testing Administering a measurement instrument to a small group of subjects, prior to administering it to the entire group.

265 Prevention 1 Plans and processes that will allow an organization to avoid, preclude, or limit the impact of a crisis occurring. The tasks included in prevention should include compliance with corporate policy, mitigation strategies, and behavior and programs to support avoidance and deterrence and detection. Prevention 2 Actions to avoid an incident or to intervene to stop an incident from occurring. Prevention involves actions to protect lives and property. It involves applying intelligence and other information to a range of activities that may include such countermeasures as deterrence operations; heightened inspections; improved surveillance and security operations; investigations to determine the full nature and source of the threat; public health and agricultural surveillance and testing processes; immunizations, isolation, or quarantine; and, as appropriate, specific law enforcement operations aimed at deterring, preempting, interdicting, or disrupting illegal activity and apprehending potential perpetrators and bringing them to justice. Prevention 3 The capabilities necessary to avoid, prevent, or stop a threatened or actual act of terrorism. For the purposes of the National Prevention Framework, the term “prevention” refers to preventing imminent threats. Primary asset An asset that is the ultimate target for compromise by an aggressor. Prison A state or federal facility of confinement for convicted criminals, especially felons. Privacy The assurance that the confidentiality of, and access to, certain information about an entity is protected. The ability of individuals to understand and exercise control over how information about themselves may be used by others. (NIST SP 800-130) Private key A cryptographic key that must be kept confidential and is used to enable the operation of an asymmetric (public key) cryptographic algorithm. The secret part of an asymmetric key pair that is uniquely associated with an entity. (Adapted from CNSSI 4009, NIST SP 800-63 Rev 1, FIPS 201-2, FIPS 140-2, Federal Bridge Certificate Authority Certification Policy 2.25) Private sector Organizations and entities that are not part of any governmental structure. It includes for-profit and not- for-profit organizations, formal and informal structures, commerce and industry, and private voluntary organizations (PVO).

266 Private security An independent or proprietary commercial organization whose activities include safeguarding the employing party’s assets, ranging from human lives to physical property (the premises and contents), responding to emergency incidents, performing employee background investigations, performing the functions of detection and investigation of crime and criminals, and apprehending offenders for consideration. Private security officer An individual, other than armored car personnel or a public employee (federal, state, or local government), employed part or full time, in uniform or plain clothes, hired to protect the employing party’s assets, ranging from human lives to physical property (the premises and contents). The definition excludes individuals who are not employed in the capacity of a private security officer. Privately owned and privately operated When the title and operation of the boat and the terminal are vested by a private entity. Probability of detection (POD) A measure of an intrusion detection sensor’s performance in detecting an intruder within its detection zone. Probability of intercept The probability that an act of aggression will be detected and that a response force will intercept the aggressor before the asset can be compromised. Processes Systems of operations that incorporate standardized procedures, methodologies, and functions necessary to provide resources effectively and efficiently. These include resource typing, resource ordering and tracking, and coordination. Program standard A written document developed and adopted by the oversight agency that describes the policies, objectives, responsibilities, and procedures used to provide rail transit agency safety and security oversight.

267 Progressive exercise program Comprised of five categories of activities for testing and evaluating the capabilities of transportation personnel to manage emergency situations using existing plans, procedures and equipment. The categories in a progressive exercise program build on each other, in both complexity and level of assessment provided for transportation management. They include: ⇒ An orientation seminar is an informal discussion designed to familiarize participants with roles, plans, procedures, and resolve questions of coordination and assignment of responsibilities. ⇒ A tabletop exercise simulates an emergency situation in an informal, stress-free environment. It is designed to elicit discussion as participants examine and resolve problems based on existing crisis management plans. ⇒ A drill is a set of supervised activities that test, develop, or maintain skills in a single response procedure (e.g., communications, notification, lockdown, and fire) and the possible or probable interaction with local government agency functions (e.g., incident command posts, rescue squad entry, and police perimeter control) that will involve actual field response. Drills help prepare for more complex exercises in which several functions are simultaneous coordinated and tested. ⇒ A functional exercise is a fully simulated interactive exercise that tests one or more functions in a time-pressured realistic situation that focuses on policies, procedures, roles, and responsibilities. ⇒ A full-scale exercise evaluates the operational capability of emergency response management systems in an interactive manner. It includes the mobilization of emergency personnel and the resources required to demonstrate coordination and response capability. A full-scale exercise tests total response capability in a manner as closely resembling a real emergency as is possible. Progressive collapse The spread of an initial local failure from element to element, eventually resulting in the collapse of an entire structure or a disproportionately large part of it. Proprietary security Any organization, or department of that organization, that provides full-time security officers solely for itself. Protected area of a building The CP area, where personnel are able to work or shelter without wearing IPE during release of a CBR agent. Protected construction Buried or partially buried construction that provides protection against direct hits by large general purpose military bombs. Protection The capabilities necessary to secure the homeland against acts of terrorism and man-made or natural disasters.

268 Protective action guide (PAG) A guide that tells state and local authorities at what projected dose they should take action to protect people from exposure to unplanned releases of radioactive material into the environment. Protective action plan Security measures and operational procedures to protect existing buildings and their occupants from airborne hazards by reducing vulnerability, preventing a release, reducing the likelihood that releases will affect building occupants, and mitigating the hazard once a release has occurred Protective barriers Define the physical limits of a site, activity, or area by restricting, channeling, or impeding access and forming a continuous obstacle around the object. Protective measures Elements of a protective system that protect an asset against a threat. Protective measures are divided into defensive and detection measures. Protective system An integration of all of the protective measures required to protect an asset against the range of threats applicable to the asset. Protocol The research design or specific steps involved in conducting a research project. Protocols Sets of established guidelines for actions (which may be designated by individuals, teams, functions, or capabilities) under various specified conditions. PTZ or P/T/Z pan- tilt-zoom Control of camera systems - pan is side to side motion, tilt is up and down, and zoom is FOV adjustment via camera lens control. Public access facility A facility that (1) is used by the public primarily for purposes such as recreation, entertainment, retail, or tourism, and not for receiving vessels subject to part 104; (2) has minimal infrastructure for servicing vessels subject to part 104 of this chapter; and (3) receives only (i) vessels not subject to part 104 of this chapter, or (ii) passenger vessels, except (A) ferries certified to carry vehicles; (B) cruise ships; or (C) passenger vessels subject to SOLAS Chapter XI. Public information Processes, procedures, and systems for communicating timely, accurate, accessible information on the incident’s cause, size, and current situation; resources committed; and other matters of general interest to the public, responders, and additional stakeholders (both directly affected and indirectly affected). Public information officer A member of the Command Staff responsible for interfacing with the public and media or with other agencies with incident-related information requirements.

269 Public Key Infrastructure A framework consisting of standards and services to enable secure, encrypted communication and authentication over potentially insecure networks such as the Internet. A framework and services for generating, producing, distributing, controlling, accounting for, and revoking (destroying) public key certificates. (Adapted from CNSSI 4009, IETF RFC 2828, Federal Bridge Certificate Authority Cross-certification Methodology 3.0, In Common Glossary, Kantara Identity Assurance Framework 1100, NIST SP 800-63 Rev 1) Public safety Support mechanisms that sustain the life and vitality of a community’s health, safety, and social stability by performing such services as law enforcement, fire prevention, personal and facility security, disaster preparedness, and emergency medical assistance. In some instances, public safety may refer to law enforcement officers, firefighters, rescue squads, and ambulance crews. In other instances, public safety properly encompasses private security officers, as well. Public transportation Transportation by bus, or rail, or other conveyance, either publicly or privately owned, providing to the public general or special service (but not including school buses or charter or sightseeing service) on a regular and continuing basis. This term is also known as "mass transit," “public transit,” and "transit." Public transportation infrastructure All vehicles, equipment, right-of-way, routes, support equipment and facilities, and buildings and real estate belonging to or operated by the public transportation authority. Public transportation operations control center A public transportation system’s central control and communications facility for dispatching operations. Separate control centers are typically be used for different modes (i.e., bus, rail and paratransit/demand response operations). A few transit systems have colocated modal dispatching functions within a single control center. Public transportation system A public entity responsible for administering and managing transit activities and services. Public transportation systems can directly operate transit service or contract out for all or part of the total service provided. Also known as “transit systems” and “public transit systems.” Publications management The publications management subsystem includes materials development, publication control, publication supply, and distribution. The development and distribution of NIMS materials is managed through this subsystem. Consistent documentation is critical to success, because it ensures that all responders are familiar with the documentation used in a particular incident regardless of the location or the responding agencies involved. Publicly owned and privately operated When the title for the boat or terminal is vested in a federal, state, county, town, township, Indian tribe, municipal or other local government and a private entity operates the boat or terminal.

270 Qualification and certification This subsystem provides recommended qualification and certification standards for emergency responder and incident management personnel. It also allows the development of minimum standards for resources expected to have an interstate application. Standards typically include training, currency, experience, and physical and medical fitness. Quality factor (Q) The factor by which the absorbed dose (rad or gray) is multiplied to obtain a quantity that expresses, on a common scale for all ionizing radiation, the biological damage (rem) to an exposed person. It is used because some types of radiation, such as alpha particles, are more biologically damaging internally than other types. For more information, see “Primer on Radiation Measurement” at the end of this document. Quasi-terrorism Activities incidental to the commission of crimes of violence that are similar in form and method to terrorism, but lack an organized social, political, religious, or economic dimension. Rad (radiation absorbed dose) A basic unit of absorbed radiation dose. It is a measure of the amount of energy absorbed by the body. The rad is the traditional unit of absorbed dose. It is being replaced by the unit gray (Gy), which is equivalent to 100 rad. One rad equals the dose delivered to an object of 100 ergs of energy per gram of material. For more information, see “Primer on Radiation Measurement” at the end of this document. Radiation 1 High-energy particles or gamma rays that are emitted by an atom as the substance undergoes radioactive decay. Particles can be either charged alpha or beta particles or neutral neutron or gamma rays. Radiation 2 Energy moving in the form of particles or waves. Familiar radiations are heat, light, radio waves, and microwaves. Ionizing radiation is a very high-energy form of electromagnetic radiation. Radiation sickness See also acute radiation syndrome (ARS), or the CDC fact sheet “Acute Radiation Syndrome,” at http://www.bt.cdc.gov/radiation/ars.asp. Radiation warning symbol A symbol prescribed by the Code of Federal Regulations. It is a magenta or black trefoil on a yellow background. It must be displayed where certain quantities of radioactive materials are present or where certain doses of radiation could be received. Radioactive contamination The deposition of unwanted radioactive material on the surfaces of structures, areas, objects, or people. It can be airborne, external, or internal. See also contamination, decontamination. Radioactive half-life The time required for a quantity of a radioisotope to decay by half. For example, because the half-life of iodine-131 (I-131) is 8 days, a sample of I-131 that has 10 mCi of activity on January 1, will have 5 mCi of activity 8 days later, on January 9. See also: biological half-life, decay constant, effective half-life. Radioactive material Material that contains unstable (radioactive) atoms that give off radiation as they decay.

271 Radioactivity The process of spontaneous transformation of the nucleus, generally with the emission of alpha or beta particles often accompanied by gamma rays. This process is referred to as decay or disintegration of an atom. Radioassay A test to determine the amounts of radioactive materials through the detection of ionizing radiation. Radioassays will detect transuranic nuclides, uranium, fission and activation products, naturally occurring radioactive material, and medical isotopes. Radiogenic Radiogenic: health effects caused by exposure to ionizing radiation. Radiography 1) Medical: the use of radiant energy (such as x-rays and gamma rays) to image body systems. 2) Industrial: the use of radioactive sources to photograph internal structures, such as turbine blades in jet engines. A sealed radiation source, usually iridium-192 (Ir-192) or cobalt-60 (Co-60), beams gamma rays at the object to be checked. Gamma rays passing through flaws in the metal or incomplete welds strike special photographic film (radiographic film) on the opposite side. Radioisotope (radioactive isotope) Isotopes of an element that have an unstable nucleus. Radioactive isotopes are commonly used in science, industry, and medicine. The nucleus eventually reaches a stable number of protons and neutrons through one or more radioactive decays. Approximately 3,700 natural and artificial radioisotopes have been identified. Radiological dispersal device (RDD) A device that disperses radioactive material by conventional explosive or other mechanical means, such as a spray. See also dirty bomb. Radiological monitoring The process of locating and measuring radiation by means of survey instruments that can detect and measure (as exposure rates) ionizing radiation. Radiological or radiologic Related to radioactive materials or radiation. The radiological sciences focus on the measurement and effects of radiation. Radium (Ra) A naturally occurring radioactive metal. Radium is a radionuclide formed by the decay of uranium (U) and thorium (Th) in the environment. It occurs at low levels in virtually all rock, soil, water, plants, and animals. Radon (Rn) is a decay product of radium. Radon (Rn) A naturally occurring radioactive gas found in soils, rock, and water throughout the United States. Radon causes lung cancer and is a threat to health because it tends to collect in homes, sometimes to very high concentrations. As a result, radon is the largest source of exposure to people from naturally occurring radiation.

272 Rail fixed guideway system Any light, heavy, or rapid rail system, monorail, inclined plane, funicular, trolley, or automated guideway that: 1. Is not regulated by the Federal Railroad Administration; and. 2. Is included in FTA’s calculation of fixed guideway route miles or receives funding under FTA’s formula program for urbanized areas (49 U.S.C. 5336); or 3. Has submitted documentation to FTA indicating its intent to be included in FTA’s calculation of fixed guideway route miles to receive funding under FTA’s formula program for urbanized areas (49 U.S.C. 5336). Rail transit agency An entity that operates a rail fixed guideway system. Rail transit system (RTS) The organization or portion of an organization that operates rail transit service and related activities. Syn: operating agency, operating authority, transit agency, transit authority, transit system. Rail transit vehicle The rail transit agency’s rolling stock, including but not limited to passenger and maintenance vehicles. Rail transit- controlled property Property that is used by the rail transit agency and may be owned, leased, or maintained by the rail transit agency. Railroad carfloat A barge equipped with railroad tracks used to move rail cars across water. Typically, a tugboat tows the carfloat. Random Totally by chance. Range A simple measure of dispersion. Ransomware Ransomware is a type of malicious software or malware that threatens to publish the victim's data or perpetually block access to it unless a ransom is paid. Some simple ransomware may lock the system in a way which is not difficult for a knowledgeable person to reverse. More advanced ransomware encrypts the victim's files, making them inaccessible, and demands a ransom payment to decrypt them. Often difficult to trace digital currencies such as Bitcoin are used for the ransoms, making tracing and prosecuting the perpetrators difficult. Ransomware attacks are typically carried out using a Trojan that is disguised as a legitimate file that the user is tricked into downloading or opening when it arrives as an email attachment. However, one high-profile example, the "WannaCry worm", traveled automatically between computers without user interaction. Raw data Data that have not yet been transformed. Readiness The first step of a business continuity plan that addresses assigning accountability for the plan, conducting a risk assessment and a business impact analysis, agreeing on strategies to meet the needs identified in the risk assessment and business impact analysis, and forming Crisis Management and any other appropriate response teams.

273 Reception area A location separate from staging areas, where resources report in for processing and out-processing. Reception Areas provide accountability, security, situational awareness briefings, safety awareness, distribution of IAPs, supplies and equipment, feeding, and bed down. Reconnaissance The surveying of a location and surrounding area to note locations of things of value or interest and security resources. Recover The likelihood of some event occurring. A numerical property attached to an activity or event whereby the likelihood of its future occurrence is expressed or clarified. Recovery The activities after an incident or event to restore essential services and operations in the short and medium term and fully restore all capabilities in the longer term. (Adapted from NIPP) Recovery 1 The development, coordination, and execution of service- and site-restoration plans; the reconstitution of government operations and services; individual, private sector, nongovernmental, and public assistance programs to provide housing and to promote restoration; long-term care and treatment of affected persons; additional measures for social, political, environmental, and economic restoration; evaluation of the incident to identify lessons learned; post-incident reporting; and development of initiatives to mitigate the effects of future incidents. Recovery 2 The long-term activities beyond the initial crisis period and emergency response phase of disaster operations that focus on returning all systems in the community to a normal status or to reconstitute these systems to a new condition that is less vulnerable. Recovery plan A plan developed by a State, local, or tribal jurisdiction with assistance from responding federal agencies to restore the affected area. Recovery/resumption Plans and processes to bring an organization out of a crisis that resulted in an interruption. Recovery/resumption steps should include damage and impact assessments, prioritization of critical processes to be resumed, and the return to normal operations or to reconstitute operations to a new condition. Redundancy Additional or alternative systems, sub-systems, assets, or processes that maintain a degree of overall functionality in case of loss or failure of another system, subsystem, asset, or process. (DHS Risk Lexicon) Redundant communications system A backup system of communications to be used in the event of a failure of the primary communications system. Such redundant systems may consist of a portable radio carried by a train crewmember, a cellular telephone available to a crewmember or multiple hardwired radios in the consist of a train.

274 Reflectance factor The ratio of the luminous flux reflected by a surface to the luminous flux it receives. Region As used in this document, “region” generally refers to a geographic area consisting of contiguous State, local, and tribal entities located in whole or in part within a designated planning radius of a core high threat urban area. The precise boundaries of a region are self defined. Regional operations center (ROC) The temporary operations facility for the coordination of federal response and recovery activities located at the FEMA Regional Office (or Federal Regional Center) and led by the FEMA Regional Director or Deputy Director until the DFO becomes operational. After the ERT-A is deployed, the ROC performs a support role for federal staff at the disaster scene. Regulatory body Any state board, commission, department, or office, except those in the legislative or judicial branches, authorized by law to conduct adjudicative proceedings, issue permits, registrations, licenses, or other forms of authorization to offer or perform private security officer services, or to control or affect the interests of identified persons. Rehearsal The act of training by practicing the act being planned. Reimbursement Provides a mechanism to recoup funds expended for incident−specific activities. Relative risk The ratio between the risk for disease in an irradiated population to the risk in an unexposed population. A relative risk of 1.1 indicates a 10% increase in cancer from radiation, compared with the "normal" incidence. See also risk, absolute risk. Reliability 1 Consistency in data measurement. Reliability 2 To get back; to regain; to get back (a position of readiness). Rem (roentgen equivalent, man) A unit of equivalent dose. Not all radiation has the same biological effect, even for the same amount of absorbed dose. Rem relates the absorbed dose in human tissue to the effective biological damage of the radiation. It is determined by multiplying the number of rads by the quality factor, a number reflecting the potential damage caused by the particular type of radiation. The rem is the traditional unit of equivalent dose, but it is being replaced by the sievert (Sv), which is equal to 100 rem. Remanufactured equipment A car that has been structurally restored and has new or rebuilt components at a cost of 60% or more of vehicle replacement costs to extend its service life. Replacement costs Building component replacement and related costs, included in the capital budget, that are expected to be incurred during the study period.

275 Report printers A separate, dedicated printer attached to the Electronic Security Systems used for generating reports utilizing information stored by the central computer. Request-to-exit device Passive infrared motion sensors or push buttons that are used to signal an Electronic Entry Control System that egress is imminent or to unlock a door. Resilience The capability of an asset, system, or network to maintain its function during or to recover from a terrorist attack, natural disaster, or other incident. Resolution The level to which video details can be determined in a CCTV scene is referred to as resolving ability or resolution. Resource management 1 Efficient incident management requires a system for identifying available resources at all jurisdictional levels to enable timely and unimpeded access to resources needed to prepare for, respond to, or recover from an incident. Resource management under the NIMS includes mutual aid agreements; the use of special federal, state, local, and tribal teams; and resource mobilization protocols. Resource management 2 Those actions taken by a government to: identify sources and obtain resources needed to support disaster response activities; coordinate the supply, allocation, distribution, and delivery of resources so that they arrive where and when most needed; and maintain accountability for the resources used. Resource tracking A standardized, integrated process conducted prior to, during, and after an incident by all emergency management/response personnel and their associated organizations. Resources Personnel and major items of equipment, supplies, and facilities available or potentially available for assignment to incident operations and for which status is maintained. Resources are described by kind and type and may be used in operational support or supervisory capacities at an incident or at an EOC. Resources unit Functional unit within the Planning Section responsible for recording the status of resources committed to the incident. This unit also evaluates resources currently committed to the incident, the effects additional responding resources will have on the incident, and anticipated resource needs.

276 Response Activities that address the short−term, direct effects of an incident. Response includes immediate actions to save lives, protect property, and meet basic human needs. Response also includes the execution of emergency operations plans and of mitigation activities designed to limit the loss of life, personal injury, property damage, and other unfavorable outcomes. As indicated by the situation, response activities include applying intelligence and other information to lessen the effects or consequences of an incident; increased security operations; continuing investigations into nature and source of the threat; ongoing public health and agricultural surveillance and testing processes; immunizations, isolation, or quarantine; and specific law enforcement operations aimed at preempting, interdicting, or disrupting illegal activity, and apprehending actual perpetrators and bringing them to justice. Response The activities that address the short-term, direct effects of an incident and may also support short-term recovery. In cybersecurity, response encompasses both automated and manual activities. (Adapted from National Infrastructure Protection Plan, NCPS Target Architecture Glossary) Response force The people who respond to an act of aggression. Depending on the nature of the threat, the response force could consist of guards, special reaction teams, military or civilian police, an explosives ordnance disposal team, or a fire department. Response time The length of time from the instant an attack is detected to the instant a security force arrives on-site. Restore To bring back to a former or normal position. Restricted area Any area with access controls that is subject to these special restrictions or controls for security reasons. See controlled area, limited area, exclusion area, and exclusion zone. Restricted area The infrastructure or locations identified in an area, vessel, or facility security assessment or by the operator that require limited access and a higher degree of security protection. The entire facility may be designated the restricted area as long as the entire facility is provided the appropriate level of security. Retinal pattern A biometric technology that is based on features of the human eye. Retrofit The modification of an existing building or facility to include new systems or components. Retrograde To return resources back to their original location. Retroreflective material A material that is capable of reflecting light rays back to the light source.

277 Retrospective Looking back at or examining data that have already been acquired. RF data transmission A communications link using radio frequency to send or receive data. Ribbon fuse A cylindrical fuse consisting of a ribbon shaped fusible metal enclosed in a glass or transparent plastic cylinder with end caps. Risk The potential for an unwanted or adverse outcome resulting from an incident, event, or occurrence, as determined by the likelihood that a particular threat will exploit a particular vulnerability, with the associated consequences. (Adapted from: DHS Risk Lexicon, NIPP and adapted from CNSSI 4009, FIPS 200, NIST SP 800-53 Rev 4, SAFE-BioPharma Certificate Policy 2.5) Risk 5 The likelihood that an event will occur which will cause the loss or diminished use of an asset – a function of asset value and the impact and likelihood of threat and vulnerabilities (eenvoy) The combination of two factors: 1) the value placed on an asset and consequence of an undesired on that asset; 2) the likelihood that a specific vulnerability will be exploited by a specific threat (ARM) The probability that a particular critical infrastructure’s vulnerability being exploited by a particular threat weighted by the impact of that exploitation (CIAO) Measure of the potential damage to or loss of an asset based on the probability of an undesirable occurrence (RAM-Wsm) The potential for realization of unwanted, negative consequences of an event. Risk 1 Refers to exposure to conditions (criminal or terrorist) that can cause death, physical harm, or equipment/property damage. Risk 2 A security risk is the potential that a given threat will exploit vulnerabilities to cause loss or damage to an asset. Risk 3 A measure of potential harm that encompasses threat, vulnerability, and consequence. In the context of the Transportation Systems Sector-Specific Plan (SSP), risk is the expected magnitude of loss due to a terrorist attack, natural disaster, or other incident, along with the likelihood of such an event occurring and causing that loss within or utilizing the sector. Risk 4 The potential for loss of, or damage to, an asset. It is measured based upon the value of the asset in relation to the threats and vulnerabilities associated with it. Risk acceptance Willingness of an individual, group, or society to accept a specific level of risk to obtain some gain or benefit.

278 Risk analysis The body of theory and practice that has evolved to help decision-makers assess their risk exposures and risk attitudes so that the investment that is “best for them” is selected. Risk assessment 1 Process of identifying internal and external threats and vulnerabilities, identifying the likelihood of an event arising from such threats or vulnerabilities, defining the critical functions necessary to continue an organization’s operations, defining the controls in place or necessary to reduce exposure, and evaluating the cost for such controls. Risk assessment 2 A systematic process whereby assets are identified and valuated, credible threats to those assets are enumerated, applicable vulnerabilities are documented, potential impacts or consequences of a loss event are described, and a qualitative or quantitative analysis of resulting risks is produced. Risks are generally reported in order of priority or severity and attached to some description of a level of risk. Risk assessment 3 A comprehensive study of a transit agency to identify components most vulnerable to criminal activity, including acts of terrorism and quasi-terrorism, and to assess the impact of such activity on passengers, employees, and the agency. Risk assessment The product or process which collects information and assigns values to risks for the purpose of informing priorities, developing or comparing courses of action, and informing decision making. The appraisal of the risks facing an entity, asset, system, or network, organizational operations, individuals, geographic area, other organizations, or society, and includes determining the extent to which adverse circumstances or events could result in harmful consequences. (Adapted from DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4) Risk level A combination of the two factors pertaining to impact of loss and probability of adverse event (ARM) Risk management 1 The process of selecting and implementing security countermeasures to achieve an acceptable level of risk at an acceptable cost (ARM). Risk management 2 The process of measuring or assessing risk and then developing strategies to manage the risk. Involves a prioritization process through which risks with the greatest adverse consequences and greatest probability of occurring are handled first, and risks with lower probability of occurrence and lower loss are handled later if at all. Requires balancing risks with a high probability of occurrence but lower loss against risks with high loss but lower probability of occurrence. Consists of three base components, Threat Assessment (TA), Criticality Assessment (CA), and Vulnerability Assessment (VA). Risk mitigation The actions or decisions designed to reduce the financial and nonpecuniary risk from uncertain events.

279 Risk views Risk views describe types of systems in terms of mode, geography, function, and ownership. These four views capture multiple ways of addressing systems and allow for a robust assessment of the Transportation Systems Sector. Risk-based data management A structured approach to managing risks to data and information by which an organization selects and applies appropriate security controls in compliance with policy and commensurate with the sensitivity and value of the data. Roadways Any surface intended for motorized vehicle traffic. Roentgen A unit of exposure to x-rays or gamma rays. One roentgen is the amount of gamma or x-rays needed to produce ions carrying 1 electrostatic unit of electrical charge in 1 cubic centimeter of dry air under standard conditions. Roll-On/ Roll-Off (RO/RO) Vessel A vessel with ramps that allows wheeled vehicles to be loaded and discharged without cranes. Root cause analysis A technique used to identify the conditions that initiate the occurrence of an undesired activity or state. Rootkit A set of software tools with administrator-level access privileges installed on an information system and designed to hide the presence of the tools, maintain the access privileges, and conceal the activities conducted by the tools. (Adapted from CNSSI 4009) Rotakin CCTV video target Developed by UK Police Scientific Development Board for testing CCTV system level performance and resolution capabilities, including playback and recordings, end to end. Also known as Rotatest. Rotating drum or rotating plate vehicle barrier An active vehicle barrier used at vehicle entrances to controlled areas based on a drum or plate rotating into the path of the vehicle when signaled. RS-232 data IEEE Recommended Standard 232; a point-to-point serial data protocol with a maximum effective distance of 50 feet. RS-422 data IEEE Recommended Standard 422; a point-to-point serial data protocol with a maximum effective distance of 4,000 feet.

280 RS-485 data IEEE Recommended Standard 485; a multi-drop serial data protocol with a maximum effective distance of 4,000 feet. Rural service Providing transportation across rivers and lakes when the construction of bridges is not warranted. Typically, these routes are short, operate on demand, carry a limited number of vehicles, and accommodate pedestrians and bicycles. S.I. units The Systeme Internationale (or International System) of units and measurements. This system of units officially came into being in October 1960 and has been adopted by nearly all countries, although the amount of actual usage varies considerably. Sacrificial roof or wall Roofs or walls that can be lost in a blast without damage to the primary asset. Safe activity A target neutral activity that results in increased natural surveillance. Safe haven Secure areas within the interior of the facility. A safe haven should be designed such that it requires more time to penetrate by aggressors than it takes for the response force to reach the protected area to rescue the occupants. It may be a haven from a physical attack or air-isolated haven from CBR contamination. Safety Freedom from harm resulting from unintentional acts or circumstances. Safety officer A member of the Command Staff responsible for monitoring incident operations and advising the IC on all matters relating to operational safety, including the health and safety of emergency responder personnel. Scramble keypad A pad that uses keys on which the numbers change pattern with each use to enhance security by preventing eavesdropping observation of the entered numbers. Screening A reasonable examination of persons, cargo, vehicles, or baggage for the protection of the vessel, its passengers, and its crew. The purpose of the screening is to secure the vital government interest of protecting vessels, harbors, and waterfront facilities from destruction, loss, or injury due to sabotage or other causes of similar nature. Such screening is intended to ensure that dangerous substances and devices or other items that pose a real danger of violence or a threat to security are not present. Seasonal service Service provided during a limited period each year. Secondary asset An asset that supports a primary asset and whose compromise would indirectly affect the operation of the primary asset.

281 Secondary enclosure A portable enclosure system that can be installed within a facility if the facility cannot be sealed economically to maintain an overpressure but is suitable as a shell. Secondary hazard A threat whose potential would be realized as the result of a triggering event that of itself would constitute an emergency (e.g., dam failure might be a secondary hazard associated with earthquakes). Section The organizational level having responsibility for a major functional area of incident management, (e.g., operations, planning, logistics, finance/administration, and intelligence, if established). The section is organizationally situated between the branch and the incident command. Sector The logical collection of assets, systems, or networks that provide a common function to the economy, government, or society. The Transportation Systems Sector is one of 17 critical infrastructure and key resources (CI/KR) sectors. Sector coordinating council The private sector counterpart to the GCC, this council is a self organized, self-run, and self-governed representative of the sector’s key stakeholders Sector partnership model The framework used to promote and facilitate sector and cross-sector planning, coordination, collaboration, and information sharing for CI/KR protection involving all levels of government and private sector entities. Sector-specific agency (SSA) Federal departments and agencies identified in Homeland Security Presidential Directive 7 (HSPD-7) as responsible for CI/KR protection activities in specified CI/KR sectors. The sector-specific agency for transportation is the Transportation Security Administration (TSA). Sector-specific plan (SSP) The augmenting plan that complements and extends the National Infrastructure Protection Plan (NIPP) Base Plan, detailing the application of the NIPP framework specific to each CI/KR sector. SSPs are developed by the SSAs in close collaboration with other security partners. This document is the SSP for the Transportation Systems Sector. Secure/access mode The state of an area monitored by an intrusion detection system in regards to how alarm conditions are reported. Security Freedom from harm resulting from intentional acts or circumstances. Security analysis The method of studying the nature of and the relationship between assets, threats, and vulnerabilities. Security awareness Security awareness focuses attention on security. It differs from security training, in that security awareness informs and draws attention to a security issue, but security training teaches the skills necessary to improve security.

282 Security and emergency preparedness plan The formal plan that documents the transportation’s system security program and also addressed the elements of that program that affect emergency preparedness for events resulting from intentional acts. Security breach An unforeseen event or occurrence that endangers life or property and may result in the loss of services or system equipment. Security console Specialized furniture, racking, and related apparatus used to house the security equipment required in a control center. Security engineering The process of identifying practical, risk managed short- and long-term solutions to reduce and/or mitigate dynamic man-made hazards by integrating multiple factors, including construction, equipment, manpower, and procedures. Security engineering design process The process through which assets requiring protection are identified, the threat to and vulnerability of those assets is determined, and a protective system is designed to protect the assets. Security incident An unforeseen event or occurrence that does not necessarily result in death, injury, or significant property damage but may result in minor loss of revenue. Security management system database In a security management system, a database that is transferred to various nodes or panels throughout the system for faster data processing and protection against communications link downtime. Security management system distributed processing In a security management system, a method of data processing at various nodes or panels throughout the system for faster data processing and protection against communications links downtime. Security partner Federal, state, regional, territorial, local, or tribal governmental entities; private sector owners and operators; and representative organizations, academic and professional entities, and certain not-for-profit private volunteer organizations that share in the responsibility for protecting the nation’s CI/KR. Security policy A rule or set of rules that govern the acceptable use of an organization's information and services to a level of acceptable risk and the means for protecting the organization's information assets. A rule or set of rules applied to an information system to provide security services.(Adapted from CNSSI 4009, NIST SP 800-53 Rev 4, NIST SP 800-130, OASIS SAML Glossary 2.0) Security screen An IDS sensor that utilizes a mesh of breakwires to alarm an IDS when open or broken. Security sweep A walkthrough to visually inspect unrestricted areas to identify unattended packages, briefcases, or luggage and determine that all restricted areas are secure.

283 Security threat Any intentional action with the potential to cause harm in the form of death, injury, destruction, disclosure, interruption of operations, or denial of services. Segmentation for fingerprints The separation of an N finger image into N single finger images Segmented routes Portions of a fixed route. When a ferry stops in between the two fixed points, it has just completed a segment of the overall route. Segregation of duties Policies, procedures, and an organizational structure established so that one individual cannot control key aspects of physical and/or computer-related operations and thereby conduct unauthorized actions or gain unauthorized access to minimum essential infrastructure resource elements. Selection The act or process of choosing individuals who possess certain characteristics or qualities. Semi-hardened construction Construction that provides protection against near-miss detonations of large general purpose military bombs and direct hits from smaller munitions. Semi-isolated fenced perimeters Fence lines where approach areas are clear of obstruction for 60 to 100 feet outside of the fence and where the general public or other personnel seldom have reason to be in the area. Seminar Seminars generally orient participants to, or provide an overview of, authorities, strategies, plans, policies, procedures, protocols, resources, concepts, and ideas. As a discussion-based exercise, seminars can be valuable for entities that are developing or making major changes to existing plans or procedures. Seminars can be similarly helpful when attempting to gain awareness of, or assess, the capabilities of interagency or interjurisdictional operations. Senior FEMA Official (SFO) The official appointed by the Director of FEMA, or his representative, that is responsible for deploying to the JOC to serve as the senior interagency consequence management representative on the Command Group, and to manage and coordinate activities taken by the Consequence Management Group. Sensitive information Information or knowledge that might result in loss of an advantage or level of security if disclosed to others. Sensitive security information (SSI) A specific category of transportation security information that the Transportation Security Administration has determined must be protected from improper disclosure to ensure transportation security as defined by 49 CFR Part 1520. Sensitivity Ability of an analytical method to detect small concentrations of radioactive material.

284 Sensor processing Equipment and computer processors that receives sensor inputs and determines if an alarm condition exists. Provides binary output of processing decision. Serial interface An integration strategy for data transfer where components are connected in series. Service area The geographic boundaries which define the legal and/or management commitment of a public transportation system to provide service to passengers. Service dog A dog owned, trained, certified, and insured by a transportation system, its designees, or its contractors to perform work. Shelter-in-place The process of securing and protecting people and assets in the general area in which a crisis occurs. Shelter-in-place protection mode Mode that consists of de-energizing the ventilation system and closing the outside air intake and exhaust dampers using a master control capability. Shielded wire Wire with a conductive wrap used to mitigate electromagnetic emanations. Shielding Shielding: the material between a radiation source and a potentially exposed person that reduces exposure. Sievert (Sv) Unit used to derive a quantity called dose equivalent. This relates the absorbed dose in human tissue to the effective biological damage of the radiation. Not all radiation has the same biological effect, even for the same amount of absorbed dose. Dose equivalent is often expressed as millionths of a sievert, or micro-sieverts (μSv). One sievert is equivalent to 100 rem. For more information, see “Primer on Radiation Measurement” at the end of this document. Significance levels The likelihood that numerical correlation values are reflective of real relationships and are not due to chance occurrences. Simulation exercise A test in which participants perform some or all of the actions they would take in the event of plan activation. Simulation exercises are performed under conditions as close as practicable to ‘‘real world’’ conditions. Single resource An individual, a piece of equipment and its personnel complement, or a crew/team of individuals with an identified work supervisor that can be used on an incident.

285 Situation assessment/size up Includes information developed by the first person at the scene of an emergency and is basic information transmitted to the communications center, and then conveyed to other agency elements concerned with the control of the event. Situation assessments should be updated as the event changes and control measures are implemented to return the situation to normal. Situation report Often contain confirmed or verified information regarding the specific details relating to the incident. Situational awareness Comprehending information about the current and developing security posture and risks, based on information gathered, observation and analysis, and knowledge or experience. Situational crime prevention A crime prevention strategy based on reducing the opportunities for crime by increasing the effort required to commit a crime, increasing the risks associated with committing the crime, and reducing the target appeal or vulnerability (whether property or person). This opportunity reduction is achieved by management and use policies such as procedures and training, as well as physical approaches such as alteration of the built environment. Smart card A newer card technology that allows data to be written, stored, and read on a card typically used for identification and/or access. Social security number A nine-digit number resembling "123-00-1234" that is issued to an individual by the U. S. Social Security Administration. The original purpose of this number was to administer the Social Security program, but it has come to be used as a “primary key” (a de facto national ID number) for individuals within the United States. The nine-digit Social Security number is divided into three parts. The first three digits are the area number. Prior to 1973, the area number reflected the state in which an individual applied for a Social Security number. Since 1973, the first three digits of a Social Security number are determined by the ZIP code of the mailing address shown on the application for a Social Security number. The middle two digits are the group number. They have no special geographic or data significance but merely serve to break the number into conveniently sized blocks for orderly issuance. The last four digits are serial numbers. They represent a straight numerical sequence of digits from 0001-9999 within the group. Software assurance The level of confidence that software is free from vulnerabilities, either intentionally designed into the software or accidentally inserted at any time during its life cycle, and that the software functions in the intended manner. (CNSSI 4009) Software level integration An integration strategy that uses software to interface systems. An example of this would be digital video displayed in the same computer application window and linked to events of a security management system.

286 Somatic effects Effects of radiation that are limited to the exposed person, as distinguished from genetic effects, which may also affect subsequent generations. See also teratogenic effects. Spam The abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages. (Adapted from CNSSI 4009) Span of control The number of individuals a supervisor is responsible for, usually expressed as the ratio of supervisors to individuals. (Under the NIMS, an appropriate span of control is between 1:3 and 1:7.) Spatial definition A natural form of access control that relies on space to control access to property. Special needs population Pertaining to a population whose members may have additional needs before, during, and after an incident in one or more of the following functional areas: maintaining independence, communication, transportation, supervision, and medical care. Individuals in need of additional response assistance may include those who have disabilities; who live in institutionalized settings; who are elderly; who are children; who are from diverse cultures, who have limited English proficiency, or who are non−English speaking; or who are transportation disadvantaged. Specific threat Known or postulated aggressor activity focused on targeting a particular asset. Splinter protected construction Construction that provides protection against weapon fragments and small arms fire and also prevents magnification of blast pressure from reflection off vertical surfaces. Spoofing Faking the sending address of a transmission to gain illegal [unauthorized] entry into a secure system. The deliberate inducement of a user or resource to take incorrect action. Note: Impersonating, masquerading, piggybacking, and mimicking are forms of spoofing. (CNSSI 4009) Spyware Software that is secretly or surreptitiously installed into an information system without the knowledge of the system user or owner. Stack effect Thermally driven air density differences between the building indoor and outdoor ambient conditions Staging area 1 Established for the temporary location of available resources. A Staging Area can be any location in which personnel, supplies, and equipment can be temporarily housed or parked while awaiting operational assignment. Staging area 2 Location established where resources can be placed while awaiting a tactical assignment. The Operations Section manages Staging Areas.

287 Standard operating guidelines A set of instructions having the force of a directive, covering those features of operations which lend themselves to a definite or standardized procedure without loss of effectiveness. Standard operating procedure (SOP) Complete reference document or an operations manual that provides the purpose, authorities, duration, and details for the preferred method of performing a single function or a number of interrelated functions in a uniform manner. Standby mode Mode in which the CP system is energized only when there is a known threat of attack Standoff distance A distance maintained between a building or portion thereof and the potential location for an explosive detonation or other threat. Standoff weapons Weapons such as anti-tank weapons and mortars that are launched from a distance at a target. State When capitalized, refers to any State of the United States, the District of Columbia, the Commonwealth of Puerto Rico, the Virgin Islands, Guam, American Samoa, the Commonwealth of the Northern Mariana Islands, and any possession of the United States. State Coordinating Officer (SCO) The person appointed by the governor to coordinate state, commonwealth, or territorial response and recovery activities with FRP-related activities of the federal government, in cooperation with the FCO. State liaison A FEMA official assigned to a particular state, who handles initial coordination with the state in the early stages of an emergency. Stationary vehicle bomb An explosive-laden car or truck stopped or parked near a building. Statistical analysis The application of mathematics to large amounts of raw data to yield meaningful summary measurements. Stochastic effect Effect that occurs on a random basis independent of the size of dose. The effect typically has no threshold and is based on probabilities, with the chances of seeing the effect increasing with dose. If it occurs, the severity of a stochastic effect is independent of the dose received. Cancer is a stochastic effect. See also non-stochastic effect, deterministic effect. Strategic Strategic elements of incident management are characterized by continuous long-term, high-level planning by organizations headed by elected or other senior officials. These elements involve the adoption of long-range goals and objectives, the setting of priorities; the establishment of budgets and other fiscal decisions, policy development, and the application of measures of performance or effectiveness.

288 Strategic risk Those risks that affect the entire transportation systems sector, threatening disruption across multiple stakeholder communities. The consequences of strategic risks can cross multiple sectors and can have far-reaching, long-term effects on the national economy, natural environment, or public confidence. Strategic risks are those that breach the threshold of risks that stakeholders are reasonably expected to manage on their own and move into an area of risk management. Illustrative examples of strategic risks to the sector could include: disruption of a mega-node in the transportation system (large-scale impact on national economic security), use of a component of the transportation system as a weapon of mass destruction (terrorism event leading to loss of life and of public confidence), and release of a biological agent at a major rail transfer station or hub airport (terrorism event affecting national public health and safety). Strategic risk objective (SRO) A measurable target that, when attained, contributes to the accomplishment of a strategic goal. Strategy The general plan or direction selected to accomplish incident objectives. Strike team A set number of resources of the same kind and type that have an established minimum number of personnel. Structural glazed window systems Window systems in which glazing is bonded to both sides of the window frame using an adhesive such as a high-strength, high performance silicone sealant. Substate region A grouping of jurisdictions, counties, and/or localities within a State brought together for specified purposes (e.g., homeland security, education, public health), usually containing a governance structure. Superstructure The supporting elements of a building above the foundation. Supervisor The ICS title for an individual responsible for a Division or Group. Supervisory control and data acquisition (SCADA) A generic name for a computerized system that is capable of gathering and processing data and applying operational controls to geographically dispersed assets over long distances. (Adapted from NCSD Glossary, CNSSI 4009) Supporting agency An agency that provides support and/or resource assistance to another agency. Supporting technologies Any technology that may be used to support the NIMS is included in this subsystem. These technologies include orthophoto mapping, remote automatic weather stations, infrared technology, and communications, among various others.

289 Surface burst A nuclear weapon explosion that is close enough to the ground for the radius of the fireball to vaporize surface material. Fallout from a surface burst contains very high levels of radioactivity. Survey An on-scene examination and evaluation of the physical characteristics of a vessel or facility and its security systems, processes, procedures, and personnel. System 1 A collection of assets that comprises a dynamic, complex, and unified whole. A system maintains its existence and functions as a whole through the interaction of its parts. System 2 A composite of people (employees, passengers, others), property (facilities and equipment), environment (physical, social, institutional), and procedures (standard operating, emergency operating, and training), which are integrated to perform a specific operational function in a specific environment. System integrity The attribute of an information system when it performs its intended function in an unimpaired manner, free from deliberate or inadvertent unauthorized manipulation of the system. (CNSSI 4009) System security The application of operating, technical, and management techniques and principles to the security aspects of a system throughout its life to reduce threats and vulnerabilities to the most practical level through the most effective use of available resources. System security management An element of management that defines the system security requirements and ensures the planning, implementation, and accomplishments of system security tasks and activities. System security plan A document developed and adopted by the rail transit agency describing its security policies, objectives, responsibilities, and procedures. System security program The combined tasks and activities of system security management and system security analysis that enhance operational effectiveness by satisfying the security requirements in a timely and cost-effective manner through all phases of a system life cycle. Systems-based risk management (SBRM) A risk management framework that helps define and clarify countermeasure programs aimed at a specific SRO, which will be integrated into the sector’s strategic plan. SBRM is an important element of the sector’s approach to determining its risk priorities, documenting them as SROs, determining approaches for achieving these objectives, and defining what success means for each of the SROs through performance measures. The SBRM process yields strategic countermeasures.

290 Tabletop exercise A TTX is typically held in an informal setting intended to generate discussion of various issues regarding a hypothetical, simulated emergency. TTXs can be used to enhance general awareness, validate plans and procedures, rehearse concepts, and/or assess the types of systems needed to guide the prevention of, protection from, mitigation of, response to, and recovery from a defined incident. Generally, TTXs are aimed at facilitating conceptual understanding, identifying strengths and areas for improvement, and/or achieving changes in attitudes. Tactics The specific methods of achieving the aggressor’s goals to injure personnel, destroy assets, or steal materiel or information. Tamper switch Intrusion detection sensor that monitors an equipment enclosure for breach. Tangle-foot wire Barbed wire or tape suspended on short metal or wooden pickets outside a perimeter fence to create an obstacle to approach. Target/asset Persons, facilities, activities, or physical systems that have value to the owner or to society as a whole. Task force Any combination of resources assembled to support a specific mission or operational need. All resource elements within a Task Force must have common communications and a designated leader. Taut wire sensor An intrusion detection sensor utilizing a column of uniformly spaced horizontal wires, securely anchored at each end and stretched taut. Each wire is attached to a sensor to indicate movement of the wire. Technical assistance 1 The provisioning of direct assistance to states and local jurisdictions to improve capabilities for program development, planning, and operational performances related to responses to WMD terrorist incidents. Technical assistance 2 Support provided to State, tribal, and local jurisdictions when they have the resources but lack the complete knowledge and skills needed to perform a required activity (such as mobile−home park design or hazardous material assessments). Technical security Measures taken to identify, prevent or neutralize technical threats including electronic or electro-optic eavesdropping, wiretapping, bugging, signal intercept, covert/illicit surveillance, and attacks on Information Technology (IT) or telecommunications systems. Technical specialists Personnel with special skills that can be used anywhere within the ICS organization. No minimum qualifications are prescribed, as technical specialists normally perform the same duties during an incident that they perform in their everyday jobs, and they are typically certified in their fields or professions.

291 Technical surveillance countermeasures Employment of services, equipment, and techniques designed to locate, identify, and neutralize the effectiveness of technical surveillance activities. Technological hazards Incidents that can arise from human activities such as manufacture, transportation, storage, and use of hazardous materials. For the sake of simplicity, it is assumed that technological emergencies are accidental and that their consequences are unintended. Technology standards Standards for key systems may be required to facilitate the interoperability and compatibility of major systems across jurisdictional, geographic, and functional lines. Technology support Facilitates incident operations and sustains the research and development programs that underpin the long−term investment in the nation’s future incident management capabilities. Telephoto A term used to describe lenses that have a high focal number causing the reproduced image to appear larger than human eye reproduction. Tempest An unclassified short name referring to investigations and studies of compromising emanations. It is sometimes used synonymously for the term “compromising emanations” (e.g., TEMPEST tests, TEMPEST inspections). Terrestrial radiation Radiation emitted by naturally occurring radioactive materials, such as uranium (U), thorium (Th), and radon (Rn) in the earth. Terrorism 1 An intentional act of violence that is intended to inflict significant damage to property, inflict casualties, and produce panic and fear. Terrorism 2 The unlawful use of force and violence against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social objectives. Terrorism 3 Under the Homeland Security Act of 2002, terrorism is defined as activity that involves an act dangerous to human life or potentially destructive of critical infrastructure or key resources and is a violation of the criminal laws of the United States or of any State or other subdivision of the United States in which it occurs and is intended to intimidate or coerce the civilian population or influence a government or affect the conduct of a government by mass destruction, assassination, or kidnapping. See Section 2 (15), Homeland Security Act of 2002, Pub. L. 107-296, 116 Stat. 2135 (2002).

292 Terrorism 4 The FBI defines terrorism as, "the unlawful use of force against persons or property to intimidate or coerce a government, the civilian population, or any segment thereof, in the furtherance of political or social objectives. Terrorist activity Includes a number of activities (including casing, reconnaissance, rehearsal, surveillance, and actual acts of violence) that are used to further a plan to perform an act of terrorism. Test object An item used to test the walk-through detection performance. The test object is an encased replica of a metallic item that is either a weapon, can be used as a weapon, or can be used to defeat security devices. The shape of the encasement is a parallelepiped. The encasement has up to 12 holes that allow the replica to be oriented with respect to the measurement coordinate system; no more than nine possible orientations are allowed, one to three orientations for each, but no more than three, unique orthogonal surfaces of the parallelepiped. Testing Testing evaluates the operability of plans, systems or components including specific security and cybersecurity measures. Unannounced tests may be used to test employee behavior. Testing is executed in an environment separate from the operational or production environment, and may be part of an exercise. The general risk equation RISK = PROBABILITY x CONSEQUENCE “Probability” is an indication of the frequency and severity of an event – a characterization of “threat”. “Consequence” is an indication of the effects of that event on people, assets, or functions – a characterization of “value”. Thermally tempered glass (TTG) Glass that is heat-treated to have a higher tensile strength and resistance to blast pressures, although with a greater susceptibility to airborne debris. Thermonuclear device A “hydrogen bomb.” A device with explosive energy that comes from fusion of small nuclei, as well as fission. Thorium (Th) A naturally occurring radioactive metal found in small amounts in soil, rocks, water, plants, and animals. The most common isotopes of thorium are thorium-232 (Th-232), thorium-230 (Th-230), and thorium- 238 (Th-238).

293 Threat 1 The potential intentional act capable of disrupting or negatively affecting an asset. In other words, threats are deliberate attempts of a person or group to achieve various criminal or terrorist ends that may involve loss of life, loss of function, loss of visibility, and other objectives. Threats are distinct from hazards because they are not acts of nature, accidents, or organic happenstances for which tunnels are normally designed. Rather, threats are typically characterized as acts of intrusion; placement of explosive devices; and/or chemical, biological, or radiological attacks. In the case of terrorism, a threat consists of a scenario that combines a weapon, a host (i.e., an aggressor), a delivery mode, and tactics (i.e., a path of approach, the use of stealth or force, and the actual target of weapon placement). While hazards are associated with safety, threats are associated with security. Threat 2 Any verbal or physical behavior or communication that reasonably could be interpreted as communicating or conveying intent to cause physical harm to a person or property. Threat actor or threat agent An individual, group, organization, or government that conducts or has the intent to conduct detrimental activities. (Adapted from DHS Risk Lexicon) Threat aggressors Delivery tactics, and associated weapons, tools, or explosives against which a facility is protected; established by evaluating aggressor likelihood and objectives with respect to the assets. Threat analysis A continual process of compiling and examining all available information concerning potential threats and human-caused hazards. A common method to evaluate terrorist groups is to review the factors of existence, capability, intentions, history, and targeting. Threat analysis The detailed evaluation of the characteristics of individual threats. Threat and vulnerability assessment An evaluation performed to consider the likelihood that a specific threat will endanger the system, and to prepare recommendations for the elimination or mitigation of all threats with attendant vulnerabilities that meet predetermined thresholds. These assessments typically include both revenue and non-revenue operations. Critical elements of these assessments include: ⇒ Threat Analysis: Defines the level or degree of the threats against a specific facility by evaluating the intent, motivation, and possible tactics of those who may carry them out. ⇒ Threat Probability: The probability a threat will occur at a specific facility during its life cycle (typically quantified as 25 years). Threat probability may be expressed in quantitative or qualitative terms. An example of a qualitative threat-probability ranking system is as follows: o Frequent: Event will occur will occur within the system’s life cycle (25 years) o Probable: Expect event to occur within the system’s life cycle (25 years) o Occasional: Circumstances expected for that event; it may or may not occur within the system’s life cycle (25 years)

294 o Remote: Possible but unlikely to occur within the system’s life cycle (25 years) o Improbable: Event will not occur within the system’s life cycle (25 years) ⇒ Threat Severity: A qualitative measure of the worst possible consequences of a specific threat in a specific facility: o Category 1 -Catastrophic. May cause death or loss of a significant component of the transit system, or significant financial loss. o Category 2 - Critical. May cause severe injury, severe illness, major transit system damage, or major financial loss. o Category 3 -Marginal. May cause minor injury or transit system damage, or financial loss. o Category 4 -Negligible. Will not result in injury, system damage, or financial loss. ⇒ Threat Resolution: The analysis and subsequent action taken to reduce the risks associated with an identified threat to the lowest practical level. ⇒ Scenario analysis: An interpretive methodology that encourages role-playing by transportation personnel, emergency responders, and contractors to brainstorm ways to attack the system. This analysis uses the results of threat analysis, paired with the system’s list of critical assets. Transportation personnel use this analysis to identify the capabilities required to support specific types of attacks. This activity promotes awareness and highlights those activities that can be preformed to recognize, prevent, and mitigate the consequences of attacks. ⇒ Vulnerability Analysis: The systematic identification of physical, operational and structural components within transportation facilities and vehicles that can be taken advantage of to carry out a threat. This includes vulnerabilities in the design and construction of a given transit facility or vehicle, in its technological systems, and in the way it is operated (e.g., security procedures and practices or administrative and management controls). Vulnerability analysis identifies specific weaknesses with respect to how they may invite and permit a threat to be accomplished. Threat assessment The process to identify threat categories and adversaries, assessing the intent of each adversary, the capability of each adversary, the frequency of past incidents and an estimation of the threat relative to each critical asset Threat assessment (TA) Threats fall into three categories: (1) Natural Disaster Events; (2) Unintentional Events (failures, incidents); and (3) Intentional Acts or Attacks. While generalized threat information can help in risk assessment, well constructed scenario-based threat analysis represents the most effective method of establishing an effective threat threshold for a given target. Questions such as: “How likely is the event or an attack to occur?” or “How susceptible is the location to adverse weather?” or “How attractive is the target?” all help inform scenario-based threat assessment.

295 Threat assessment The product or process of identifying or evaluating entities, actions, or occurrences, whether natural or man-made, that have or indicate the potential to harm life, information, operations, and/or property. (From DHS Risk Lexicon and adapted from CNSSI 4009, NIST SP 800-53, Rev 4) Threat management team Also termed an Incident Management Team. Personnel designated within an organization to receive, respond to, and resolve reported situations made under an organization’s workplace violence program. Threat A circumstance or event that has or indicates the potential to exploit vulnerabilities and to adversely impact (create adverse consequences for) organizational operations, organizational assets (including information and information systems), individuals, other organizations, or society. Includes an individual or group of individuals, entity such as an organization or a nation), action, or occurrence. (Adapted from DHS Risk Lexicon, NIPP, CNSSI 4009, NIST SP 800-53 Rev 4) Tier Groupings of jurisdictions that account for reasonable differences in expected capability levels among entities based on assessments of total population, population density, critical infrastructure, and other significant risk factors. Time/date stamp Data inserted into a CCTV video signal with the time and date of the video as it was created. TNT equivalent weight The weight of TNT (trinitrotoluene) that has an equivalent energetic output to that of a different weight of another explosive compound. Tone generator An inaudible cue, which alerts radio relay stations to activate themselves to allow the transmission of a message. Tools Those instruments and capabilities that allow for the professional performance of tasks, such as information systems, agreements, doctrine, capabilities, and legislative authorities. Toxic-free area An area within a facility in which the air supply is free of toxic chemical or biological agents. Toxicity A measure of the harmful effects produced by a given amount of a toxin on a living organism. Toxins Metabolic byproducts of living organisms that are classified as biological agents even though they are nonliving substances. Tracking A zoom lenses ability to remain in focus throughout the entire zoom range.

296 Tracking and reporting resources A standardized, integrated process conducted throughout the duration of an incident. This process provides incident managers with a clear picture of where resources are located, helps staff prepare to receive resources, protects the safety of personnel and security of supplies and equipment, and enables the coordination of movement of personnel, equipment, and supplies. Trade secret All forms and types of financial, business, scientific, technical, economic, or engineering information, including patterns, plans, compilations, program devices, formulas, designs, prototypes, methods, techniques, processed, procedures, programs, or codes, whether tangible or intangible, and whether or how stored, compiled, or memorialized physically, electronically, graphically, photographically, or in writing if (a) the owner thereof has taken reasonable measures to keep such information secret; and (b) the information derives independent economic value, actual or potential, from not being generally known to, and not being readily ascertainable through proper means by, the public. Traffic light protocol A set of designations employing four colors (RED, AMBER, GREEN, and WHITE) used to ensure that sensitive information is shared with the correct audience. (Adapted from US-CERT) Train crewmember Railroad employee involved with the train movement of railroad rolling equipment and working together with other train crewmembers as an operating crew. This operating crew unit is under the charge and control of one crewmember, generally the conductor of the train, and is subject to the railroad operating rules and program of operational tests and inspections, as well as governed by the Hours of Service Act. Trainer An officer, contractor, or other employee qualified by a professional training center or certification agency as an expert in the training and use of service dogs and their handlers. Training An act, method, or process of instruction; to teach so as to make fit, qualified, or proficient. Transit bus A bus designed for frequent-stop service with front and center doors, normally with a rear-mounted diesel engine and low-back seating, and without luggage storage compartments or restroom facilities. Transit buses include motorbus and trolley coach. Transit operator A transportation system employee who is certified by the system to drive or operate a transit vehicle in passenger service, and who must comply with the procedures and rules specified by the system. Transit Supervisor A transportation system manager who has specific responsibilities in an emergency situation. The term supervisor typically refers to either a Line Supervisor (Rail) or a Street Supervisor (Bus), defined by the emergency response procedure governing a specific incident.

297 Transitional structures and spaces Structures or spaces within buildings that are used to temporarily (less than 1 year) relocate occupants of another building while that building undergoes renovations, modifications, repairs, or restorations. Transportation Conveyance of passengers or goods. There are six modes of transportation: aviation, maritime, mass transit, highway, freight rail, and pipeline. Transportation infrastructure Travel ways (e.g., pavements or fixed guideways such as rails), structures (e.g., bridges, tunnels, plazas and buildings), fixtures and appurtenances (e.g., signals, signs, sensors, gates, controllers and computers) and rolling stock (e.g., transit vehicles and support service vehicles). Transportation security incident A security incident resulting in a significant loss of life, environmental damage, transportation system disruption, or economic disruption in a particular area. Tribal Any Indian tribe, band, nation, or other organized group or community, including any Alaskan Native Village as defined in or established pursuant to the Alaskan Native Claims Settlement Act (85 stat. 688) [43 U.S.C.A. and 1601 et seq.], that is recognized as eligible for the special programs and services provided by the United States to Indians because of their status as Indians. Triple-standard concertina (TSC) wire This type of fence uses three rolls of stacked concertina. One roll will be stacked on top of two other rolls that run parallel to each other while resting on the ground, forming a pyramid. Tritium (Chemical symbol H-3) A radioactive isotope of the element hydrogen (chemical symbol H). See also deuterium. Trojan horse A computer program that appears to have a useful function, but also has a hidden and potentially malicious function that evades security mechanisms, sometimes by exploiting legitimate authorizations of a system entity that invokes the program. (CNSSI 4009) Twisted pair wire Wire that uses pairs of wires twisted together to mitigate electromagnetic interference. Two-person rule A security strategy that requires two people to be present in or gain access to a secured area to prevent unobserved access by any individual. Type A classification of resources in the ICS that refers to capability. Type 1 is generally considered to be more capable than Types 2, 3, or 4, respectively, because of size; power; capacity; or, in the case of incident management teams, experience and qualifications. Ultrasonic An IDS sensor system that utilizes high frequency sound for intrusion detection.

298 Unaccompanied baggage Any baggage, including personal effects, not accompanied by a person who is boarding the vessel. Unauthorized access Any access that violates the stated security policy. (CNSSI 4009) Unified area command Established when incidents under an area command are multijurisdictional. See area command. Unified command An ICS application used when more than one agency has incident jurisdiction or when incidents cross political jurisdictions. Agencies work together through the designated members of the UC, often the senior person from agencies and/or disciplines participating in the UC, to establish a common set of objectives and strategies and a single IAP. Unified command system A unified team effort which allows all agencies with responsibility for the incident, either geographical or functional, to manage an incident by establishing a common set of incident objectives and strategies. Uniformat II An elemental format based on major components common to most buildings. It serves as a consistent reference for analysis, evaluation, and monitoring of buildings during the planning, feasibility, and design stages. It also enhances reporting at all stages in construction. The two cost types, building/facility elements and building/facility site work, under the building/facility component cost classification are associated with the elemental classification UNIFORMAT II. Subcategories under UNIFORMAT II include: substructure, shell, interiors, services, equipment & furnishings, special construction/demolition. Unit An organizational element having functional responsibility. Units are commonly used in planning, logistics, or finance/administration incident sections and can be used in operations for some applications. Units are also found in EOC organizations. Unit leader The individual in charge of managing Units within an ICS functional section. The Unit can be staffed by a number of support personnel providing a wide range of services. Some of the support positions are pre−established within ICS (e.g., Base Camp Manager), but many others will be assigned as Technical Specialist. Unity of command The concept by which each person within an organization reports to one and only one designated person. The purpose of unity of command is to ensure unity of effort under one responsible commander for every objective. Universal task list A comprehensive menu of tasks from all sources that may be performed in major events illustrated by the National Planning Scenarios. Entities at all levels of government should use the UTL as a reference to help them develop proficiency through training and exercises to perform their assigned missions and tasks in major events.

299 Unsafe condition or act Any condition or act which endangers life or property. Unshielded wire Wire that does not have a conductive wrap. Unstable nucleus A nucleus that contains an uneven number of protons and neutrons and seeks to reach equilibrium between them through radioactive decay (i.e., the nucleus of a radioactive atom). See also stable nucleus. UPS Uninterruptible power supply System used to provide backup power in the event of loss of AC line power. Usually a system of AC to DC and DC to AC converters with a battery supply source. Uranium (U) A naturally occurring radioactive element whose principal isotopes are uranium-238 (U-238) and uranium-235 (U-235). Natural uranium is a hard, silvery-white, shiny metallic ore that contains a minute amount of uranium-234 (U-234). Urban services Services that provide trips into major cities or within their metropolitan commuting areas and experience periods of demand similar to those associated with other transportation services. Operators provide point- to-point transit or stops (e.g., across a harbor), linear service with multiple stops (e.g., along a waterfront), circulator service (e.g., fixed route, not fixed schedule), and water taxi service (e.g., fixed landings, passenger pickup on demand). Useful field of view (UFOV) Useful field of view refers to the sensory, perceptual and attentional processes that address the ability to attend to one’s surroundings, detect information and identify that which demands action. In terms of behavior, UFOV includes that information which can be extracted from a glance. VA Vulnerability assessment A study to determine potential vulnerabilities to a defined area or system Validity The extent to which differences in scores reflect true differences among subjects or groups of data in the characteristic that the measurement instrument attempts to measure. Vault A reinforced room for securing items. Vehicle ferries Vessels having at least one deck for vehicles, with additional decks for passengers. The largest vehicle ferries—which are in the Seattle, Washington, area—are more than 460 feet long and accommodate 2,500 passengers and 218 vehicles. Such ferries are normally square-ended to allow vehicle access and egress. Vehicle ramming attack A form of attack in which a perpetrator deliberately aims a motor vehicle at a target with the intent to inflict fatal injuries or significant property damage by striking with concussive force. (2017 TSA)

300 Vertical rod Typical door hardware often used with a crash bar to lock a door by inserting rods vertically from the door into the doorframe. Vessel security officer The person onboard the vessel, accountable to the master, and designated by the company as responsible for (a) security of the vessel, including implementation and maintenance of the vessel security plan, and (b) liaison with the facility security officer and the vessel’s company security officer. Vessel security plan The plan developed to ensure the application of security measures designed to protect the vessel and the facility that the vessel is servicing or interacting with the vessel’s cargoes and persons onboard at the respective MARSEC levels. Vessel stores (1) Materials onboard a vessel for the upkeep, maintenance, safety, operation, or navigation of the vessel and (2) materials onboard for the safety or comfort of the vessel’s passengers or crew, including any provisions for the vessel’s passengers or crew. Vessel traffic service (VTS) A national transportation system that collects, processes, and disseminates information on the marine operating environment and maritime vessel traffic in major U.S. ports and waterways. Vessel-to-port interface The interaction that occurs when a vessel is directly and immediately affected by actions involving the movement of persons, cargo, or vessel stores or the provisions of port services to or from the vessel. Vibration sensor An intrusion detection sensor that changes state when vibration is present. Video intercom system An intercom system that also incorporates a small CCTV system for verification. Video motion An IDS sensor system that analyzes and compares video signal for the detection of intrusion. Video motion detection Motion detection technology that looks for changes in the pixels of a video image. Video multiplexer A device used to connect multiple video signals to a single location for viewing and/or recording. Video type lens An auto-iris lens with internal circuitry for processing of the video signal which controls the iris movements. Violence risk assessment Also termed a ‘‘Threat Assessment.’’ A Violence Risk Assessment refers to the investigative and analytical process followed by a specifically qualified professional to determine the nature of the threat and level of risk of violence presented by an individual and the steps to be taken to mitigate the risk. Virus A computer program that can replicate itself, infect a computer without permission or knowledge of the user, and then spread or propagate to another computer. (Adapted from CNSSI 4009)

301 Visual displays A display or monitor used to inform the operator visually of the status of the electronic security system. Visual surveillance The aggressor uses ocular and photographic devices (such as binoculars and cameras with telephoto lenses) to monitor facility or installation operations or to see assets. Vital records 1 Records or documents, for legal, regulatory, or operational purposes, that if irretrievably damaged, destroyed, or lost, would materially impair the organization’s ability to continue business operations. Vital records 2 The essential agency records that are needed to meet operational responsibilities under national security emergencies or other emergency or disaster conditions (emergency operating records), or to protect the legal and financial rights of the government and those affected by government activities (legal and financial rights records). VMS Video monitoring system A complete video system including cameras, lenses, camera control, camera and control power, signal transmission, video display, video switching, video control, and video recording. Voice recognition A biometric technology that is based on nuances of the human voice. Volume sensors Sensor used to monitor a physical space such as a room interior, volume around a door, or volume adjacent to a fence. Volumetric motion sensor An interior intrusion detection sensor that is designed to sense aggressor motion within a protected space. Volunteer For purposes of NIMS, a volunteer is any individual accepted to perform services by the lead agency (which has authority to accept volunteer services) when the individual performs services without promise, expectation, or receipt of compensation for services performed. See 16 U.S.C. 742f(c) and 29 CFR 553.101. Vulnerability A characteristic or specific weakness that renders an organization or asset (such as information or an information system) open to exploitation by a given threat or susceptible to a given hazard. Characteristic of location or security posture or of design, security procedures, internal controls, or the implementation of any of these that permit a threat or hazard to occur. (Adapted from DHS Risk Lexicon, CNSSI 4009, NIST SP 800-53 Rev 4) Vulnerability 1 Any weakness which can be exploited by an adversary to gain access to an asset (ARM) An exploitable security weakness or deficiency at a facility (RAM-Wsm) The level of exposure of human life, property, and resources to damage from hazards (NOAA). A feature of a system, which, if exploited by an attacker, would enable the attacker to breach security (eenvoy) A characteristic of a critical infrastructure’s design, implementation, or operation of that renders it susceptible to destruction or incapacitation by a threat.

302 Vulnerability 2 A characteristic or flaw that renders an asset or system susceptible to destruction, incapacitation, or exploitation. Vulnerability assessment Systematic examination of a critical infrastructure, the interconnected systems on which it relies, its information, or product to determine the adequacy of security measures, identify security deficiencies, evaluate security alternatives, and verify the adequacy of such measures after implementation A systematic evaluation process in which qualitative and/or quantitative techniques are applied to arrive at an effectiveness level for a safeguards and security system to protect specific targets from specific adversaries and their acts. Vulnerability assessment (VA) In general, determining the vulnerability of a critical asset is the least difficult area of risk assessment. Both quantifiable and qualitative analysis can be performed to measure the current vulnerability status of the asset, as well as the effect of ongoing risk management improvements. Similarly, the return on investment of future actions can be forecasted with some level of certainty. Vulnerability assessment considers the likeliness of a given scenario occurring by chance or intention. VA also postulates susceptibility and resultant damage. Vulnerability assessment and management In cybersecurity work where a person conducts assessments of threats and vulnerabilities, determines deviations from acceptable configurations, enterprise or local policy, assesses the level of risk, and develops and/or recommends appropriate mitigation countermeasures in operational and non-operational situations. Waivers Exemptions from requirements. Prior to operating, any facility owner or operator may apply for a waiver for any requirement that the facility owner or operator considers unnecessary in light of the nature or operating conditions of the facility. Warning The alerting of emergency response personnel and the public to the threat of extraordinary danger and the related effects that specific hazards may cause. Water taxis Very small passenger-only ferries (about 50 feet or less in length) that may operate in both fixed-route and on-demand service, depending on the time of day and patronage levels. They can load and unload very quickly and operate very frequently, sometimes to several different points around a harbor or along a river. Waterborne contamination Chemical, biological, or radiological agent introduced into and fouling a water supply.

303 Weakness A shortcoming or imperfection in software code, design, architecture, or deployment that, under proper conditions, could become a vulnerability or contribute to the introduction of vulnerabilities. (Adapted from ITU-T X.1520 CWE, FY 2013 CIO FISMA Reporting Metrics) Weapon of mass destruction (WMD) 1 Title 18, Section 2332a of U.S.C. defines WMD as bombs, grenades, rockets, missiles or similar devices, large-bore weapons, or parts to assemble such weapons; poison gas; any weapon involving a disease organism; any weapon that is designed to release radiation or radioactivity at a level dangerous to human life. Weapons of nass destruction (WMD) 2 Any device, material, or substance used in a manner, in a quantity or type, or under circumstances showing an intent to cause death or serious injury to persons, or significant damage to property. An explosive, incendiary, or poison gas, bomb, grenade, rocket having a propellant charge of more than 4 ounces, or a missile having an explosive incendiary charge of more than 0.25 ounce, or mine or device similar to the above; poison gas; weapon involving a disease organism; or weapon that is designed to release radiation or radioactivity at a level dangerous to human life. Weapons-grade material Nuclear material considered most suitable for a nuclear weapon. It usually connotes uranium enriched to above 90 percent uranium-235 or plutonium with greater than about 90 percent plutonium-239. Weigand protocol A security industry standard data protocol for card readers. Whitelist A list of entities that are considered trustworthy and are granted access or privileges. Whole body count The measure and analysis of the radiation being emitted from a person’s entire body, detected by a counter external to the body. Whole body exposure An exposure of the body to radiation, in which the entire body, rather than an isolated part, is irradiated by an external source. Whole Community A focus on enabling the participation in national preparedness activities of a wider range of players from the private and nonprofit sectors, including nongovernmental organizations and the general public, in conjunction with the participation of all levels of government in order to foster better coordination and working relationships. Used interchangeably with “all-of-Nation". (National Preparedness Goal, 2015)

304 Working radio A radio that can communicate 2-ways (transmit and receive), with the operations control center (OCC) of the railroad (through repeater stations, if necessary) from any location within the rail system, with the exception of limited segments of territory where topography or transient weather conditions temporarily prevent effective communication. Working wireless communications A hardwired radio, portable radio, cellular telephone, or other means of two-way communication, with the capability to communicate with either the OCC or an emergency responder of the railroad from any location within the rail system (with the exception of limited segments of territory where topography or transient weather conditions temporarily prevent effective communication). Workplace violence Workplace violence refers to a broad range of behaviors falling along a spectrum that, due to their nature and/or severity, significantly affect the workplace, generate a concern for personal safety, or result in physical injury or death. Workplace violence program A collection of policies, structures, and practices adopted by an organization to help prevent workplace violence and to assist the organization in effectively managing reported incidents of workplace violence or threats. Workplace violence typology U.S. occupational health and safety agencies have developed a workplace violence classification system, or Workplace Violence Typology, that categorizes workplace violence incidents according to the relationship of perpetrator to victim. Workshop Although similar to seminars, workshops differ in two important aspects: participant interaction is increased, and the focus is placed on achieving or building a product. Effective workshops entail the broadest attendance by relevant stakeholders. Products produced from a workshop can include new standard operating procedures, emergency operations plans, continuity of operations plans, and mutual aid agreements. To be effective, workshops should focus on a specific issue, and the desired objective, product, or goal must be clearly defined. Worm A self-replicating, self-propagating, self-contained program that uses networking mechanisms to spread itself. (CNSSI 4009)

305 X-ray Electromagnetic radiation caused by deflection of electrons from their original paths, or inner orbital electrons that change their orbital levels around the atomic nucleus. X-rays, like gamma rays can travel long distances through air and most other materials. Like gamma rays, x-rays require more shielding to reduce their intensity than do beta or alpha particles. X-rays and gamma rays differ primarily in their origin: x-rays originate in the electronic shell; gamma rays originate in the nucleus. Zero-day Attack A cyberattack that uses previously unknown coding (malware, etc.) or exploits a previously unknown security vulnerability. This type of attack is particularly dangerous because existing patches, antivirus software, and other defenses are not programmed to defend against it. It is called a zero-day attack, because it occurs on “day zero” of learning of the vulnerability. Zombie Computers on botnets are frequently referred to as “zombies” and are often employed in digital denial of service attacks. Zoom The ability of a CCTV camera to close and focus or open and widen the field of view. Zoom Ratio The ratio of the starting focal length (wide) to the ending focal length (telephoto) of a zoom lens. A 10X zoom will magnify the image at the wide end by 10 times. Examples of a 10X zoom lenses; 8mm~80mm, 12mm~120mm.