Prevention

The first stage of emergency management is prevention. Prevention is an on-going activity meant to reduce the risk of health, life, property and the environment from hazards. The goal of prevention is to identify and minimize risks to protect the agency from disaster. Prevention involves making sure that your agency is prepared to handle an emergency (through an Emergency Management Plan or Continuity of Operations Plan), has the resources to operate during an emergency, and has the proper systems available to continue operations in the event that normal facilities are rendered unavailable.

Best Practices for Government Intervention to Enhance the Security of National Critical Infrastructures - This report from the DHS National Infrastructure Advisory Council focuses on how selected sectors differ in their physical and cybersecurity needs, the advantages and disadvantages of market intervention, and identifying the conditions under which government intervention should occur.
Blue Ribbon Panel on Bridge and Tunnel Security - This joint FHWA/AASHTO study provides national recommendations for improving the security of our nation's bridges and tunnels.
Critical Foundations--The Report of the President's Commission on Critical Infrastructure Protection: October 13, 1997 - The report addresses the following critical infrastructures: energy; banking and finance; transportation; vital human services; and, telecommunications. Transportation is covered in Chapters 1, 3, 7, 9 and Appendix A, but appears throughout the report as a critical security area.
Cybersecurity
DHS Protected Critical Infrastructure Information Program - TSA isn't the only part of DHS that focuses on infrastructure protection. The Protected Critical Infrastructure Information (PCII) Program is designed to encourage private industry and others with knowledge about our critical infrastructure to share sensitive and proprietary business information about this critical infrastructure with the Government. PCII is used in pursuit of a more secure homeland, focusing primarily on analyzing and securing critical infrastructure and protected systems, developing risk assessments and vulnerabilities and assisting with recovery.
FEMA Mitigation Best Practices Portfolio - This portfolio is a collection of ideas, activities, projects, and funding sources that can help reduce or prevent the impacts of disasters. This Web page also invites users to submit their own mitigation best practices for review and possible inclusion in the portfolio.
Hazardous Materials Safety & Security Field Operational Test - Following the September 11, 2001 terrorist attacks on the U.S., the Department of Transportation was asked to identify areas within the transportation system that were vulnerable to terrorist attack. FMCSA conducted a field operational test (FOT) to quantify the security costs and benefits of an operational concept that applied technology and improved enforcement procedures to hazmat transportation.
Preventing Damage to Buildings
Responding to Threats: A Field Personnel Manual (NCHRP Report 525 Volume 1) - This document includes a draft template that contains basic security awareness training. It emphasizes noticing and reporting behavior that may be part of the planning stages of an event, and explains how an increased level of attention on the part of employees can deter criminal and terrorist plans prior to implementation.
Risk Assessment and Reduction

Risk Assessment and Reduction

ASIS General Security Risk Assessment Guidelines - ASIS International (ASIS), in response to a concerted need for guidelines and standards regarding security issues in the U.S., has created the ASIS Commission on Guidelines. Its first mission is "to advance the practice of security through the development of risk mitigation guidelines."
Cross Sector Interdependencies and Risk Assessment Guidelines - This report from the DHS National Infrastructure Advisory Council concluded that cross-sector crisis management coordination is fundamental to the rapid restoration of critical infrastructure(s) and integral to sustain the public's confidence in those infrastructures.
DHS IAIP Risk Analysis and Management for Critical Asset Protection (RAMCAP) - This effort, led by the American Society of Mechanical Engineers working for DHS IAIP, is intended to give the federal government a means of evaluating risk across the country.
Transportation Agency-Owned Communication System Vulnerability Reduction (Fall 2005) - This project looked at typical telecommunications systems implemented by transportation agencies and actions that could be taken to reduce the risks they face from natural and deliberate disasters.
TMC Vulnerability Reduction (Fall 2005) - This project develops a risk assessment methodology tailored to the unique characteristics of transportation management facilities and provides potential countermeasures for improving their physical security. Typical implementation costs are included.
TSA Transportation Security Self-Assessment Risk Module (VSAT) - TSA is developing a suite of transportation asset risk self assessment tools.
TSA Risk Assessment Program - This website provides information on other risk management tools TSA is developing.

Preventing Damage to Buildings

Although the assets most often associated with transportation agencies are roads, bridges, and tunnels, DOT operational capability depends on things that go on in buildings, including headquarters facilities, maintenance offices, and operations centers. Below are several resources that should help to make sure that those buildings are as safe as possible when we need them most. All can be found at http://www.fema.gov/fima/rmsp.shtm
- FEMA 426 - Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings
- FEMA 427 - Primer for Design of Commercial Buildings to Mitigate Terrorist Attacks
- FEMA 429 - Insurance, Finance, and Regulation Primer for Terrorism Risk Management in Buildings
- E155 - Building Design for Homeland Security
- FEMA 452 - Methodology for Preparing Threat Assessments for Commercial Buildings
- FEMA 453 - Multihazard Shelter (Safe Havens) Design
- FEMA 455 - Rapid Visual Screening for Building Security
- FEMA 459 - Incremental Rehabilitation to Improve Security in Buildings
Blast Mitigation - This website from the National Memorial Institute for the Prevention of Terrorism contains a highly useful set of reports, case studies, and links focused on mitigating blast effects on various types of structures.
DoD Minimum Antiterrorism Standards for Buildings - The Department of Defense has just approved its new "Minimum Antiterrorism Standards for Buildings" for release to the general public. The standards will be applied to all new buildings constructed on DoD installations, will be applied to major retrofits of existing buildings on DoD installations, as well as to leased commercial buildings that have a high concentration of DoD employees. The Department of Defense produced this special public version of its standards for the expressed purpose of sharing non-sensitive infrastructure security knowledge for possible application to commercial buildings where the private sector finds them applicable.
Protecting People and Buildings from Terrorism: Technology Transfer for Blast-effects Mitigation - Report of the Committee for Oversight and Assessment of Blast-effects and Related Research, Board on Infrastructure and the Constructed Environment, National Research Council.
The Challenge of Making Safer Structures - This report, more than two years in the making, is part of an ongoing NIST project that seeks to construct a set of well-grounded data to serve as a foundation for building high rises with improved structural integrity, better fireproofing, and enhanced evacuation capabilities.

Cybersecurity

CERT Coordination Center - The CERT Coordination Center, part of the Networked Systems Survivability Program of the Software Engineering Institute, started in 1988 after the Morris Worm incident crippled approximately 10 percent of all computers connected to the Internet. The center develops incident-response teams, coordinates response to large-scale incidents, trains incident-response professionals, and researches security vulnerabilities, system improvements, and the survivability of large-scale networks.
Common Vulnerability Scoring System - There has often been a lack cohesion or interoperability among systems to rank information system vulnerabilities. Also, existing systems tend to be limited in scope as to what they cover, and these systems tend to be Internet-centric. The DHS National Infrastructure Advisory Council commissioned this project to propose an open and universal vulnerability scoring system to address and solve these shortcomings, with the ultimate goal of promoting a common understanding of vulnerabilities and their impact.
Federal Computer Incident Response Capability - The Federal Computer Response Capability (fedCIRC) coordinates and analyzes computer security for the federal government's civilian agencies and departments. Through FedCIRC, federal agencies cooperate to handle security incidents, share information, solve common security problems, and also collaborate with National Infrastructure Protection Center to plan protection strategies and deal with criminal threats to the critical information infrastructure.
National Strategy to Secure Cyberspace - This document provides a framework for improving cybersecurity.
NIST Recommended Security Controls for Federal Information Systems - The purpose of Special Publication 800-53 is to provide guidelines for selecting and specifying security controls for information systems supporting the executive agencies of the federal government
NIST Risk Management Guide for Information Technology Systems
NIST Security Self-Assessment Guide for Information Technology Systems - NIST Special Publication (SP) 800-26, Security Self-Assessment Guide for Information Technology Systems, utilizes an extensive questionnaire containing specific control objectives and techniques against which an unclassified system or group of interconnected systems can be tested and measured.
Research to Improve Freight Transportation Information Systems Security - The vulnerability of U.S. freight transportation information systems to terrorist cyberattack presents a potentially serious homeland security concern, says a new report from the National Academies' Transportation Research Board and Computer Science and Telecommunications Board. The report outlines the research necessary to strengthen the security of these systems, which facilitate the efficient movement and delivery of goods and materials.
Supervisory Control and Data Acquisition (SCADA) Systems - The DOD's Technical Support Working Group provides resources to help address the vulnerability of SCADA systems, which have similarities to traffic control systems.
The Information, Systems, and Automation Society (ISA) - ISA is a major standards developer in the supervisory control and data acquisition (SCADA) industry. Their standards ISA-TR99.00.01-2004 and ISA-TR99.00.02-2004 may be highly useful in understanding how to protect traffic control systems.
U.S. Computer Systems Are Vulnerable to Attack - Computer systems across the country are increasingly vulnerable to cyber attacks, says a new report from the National Academies' Computer Science and Telecommunications Board. The report highlights previous Academy studies that call for better authentication systems, training, and monitoring to help make information systems more secure.

You will need the Adobe Acrobat Reader to view the PDFs on this page.

Search Operations: Home About Operations Office Directory Program Areas Regulation/Policy Publications Speeches Press Room Links Subject Index Feedback	Prevention ETO Home The first stage of emergency management is prevention. Prevention is an on-going activity meant to reduce the risk of health, life, property and the environment from hazards. The goal of prevention is to identify and minimize risks to protect the agency from disaster. Prevention involves making sure that your agency is prepared to handle an emergency (through an Emergency Management Plan or Continuity of Operations Plan), has the resources to operate during an emergency, and has the proper systems available to continue operations in the event that normal facilities are rendered unavailable. Best Practices for Government Intervention to Enhance the Security of National Critical Infrastructures - This report from the DHS National Infrastructure Advisory Council focuses on how selected sectors differ in their physical and cybersecurity needs, the advantages and disadvantages of market intervention, and identifying the conditions under which government intervention should occur. Blue Ribbon Panel on Bridge and Tunnel Security - This joint FHWA/AASHTO study provides national recommendations for improving the security of our nation's bridges and tunnels. Critical Foundations--The Report of the President's Commission on Critical Infrastructure Protection: October 13, 1997 - The report addresses the following critical infrastructures: energy; banking and finance; transportation; vital human services; and, telecommunications. Transportation is covered in Chapters 1, 3, 7, 9 and Appendix A, but appears throughout the report as a critical security area. Cybersecurity DHS Protected Critical Infrastructure Information Program - TSA isn't the only part of DHS that focuses on infrastructure protection. The Protected Critical Infrastructure Information (PCII) Program is designed to encourage private industry and others with knowledge about our critical infrastructure to share sensitive and proprietary business information about this critical infrastructure with the Government. PCII is used in pursuit of a more secure homeland, focusing primarily on analyzing and securing critical infrastructure and protected systems, developing risk assessments and vulnerabilities and assisting with recovery. FEMA Mitigation Best Practices Portfolio - This portfolio is a collection of ideas, activities, projects, and funding sources that can help reduce or prevent the impacts of disasters. This Web page also invites users to submit their own mitigation best practices for review and possible inclusion in the portfolio. Hazardous Materials Safety & Security Field Operational Test - Following the September 11, 2001 terrorist attacks on the U.S., the Department of Transportation was asked to identify areas within the transportation system that were vulnerable to terrorist attack. FMCSA conducted a field operational test (FOT) to quantify the security costs and benefits of an operational concept that applied technology and improved enforcement procedures to hazmat transportation. Preventing Damage to Buildings Responding to Threats: A Field Personnel Manual (NCHRP Report 525 Volume 1) - This document includes a draft template that contains basic security awareness training. It emphasizes noticing and reporting behavior that may be part of the planning stages of an event, and explains how an increased level of attention on the part of employees can deter criminal and terrorist plans prior to implementation. Risk Assessment and Reduction Risk Assessment and Reduction ASIS General Security Risk Assessment Guidelines - ASIS International (ASIS), in response to a concerted need for guidelines and standards regarding security issues in the U.S., has created the ASIS Commission on Guidelines. Its first mission is "to advance the practice of security through the development of risk mitigation guidelines." Cross Sector Interdependencies and Risk Assessment Guidelines - This report from the DHS National Infrastructure Advisory Council concluded that cross-sector crisis management coordination is fundamental to the rapid restoration of critical infrastructure(s) and integral to sustain the public's confidence in those infrastructures. DHS IAIP Risk Analysis and Management for Critical Asset Protection (RAMCAP) - This effort, led by the American Society of Mechanical Engineers working for DHS IAIP, is intended to give the federal government a means of evaluating risk across the country. Transportation Agency-Owned Communication System Vulnerability Reduction (Fall 2005) - This project looked at typical telecommunications systems implemented by transportation agencies and actions that could be taken to reduce the risks they face from natural and deliberate disasters. TMC Vulnerability Reduction (Fall 2005) - This project develops a risk assessment methodology tailored to the unique characteristics of transportation management facilities and provides potential countermeasures for improving their physical security. Typical implementation costs are included. TSA Transportation Security Self-Assessment Risk Module (VSAT) - TSA is developing a suite of transportation asset risk self assessment tools. TSA Risk Assessment Program - This website provides information on other risk management tools TSA is developing. Preventing Damage to Buildings Although the assets most often associated with transportation agencies are roads, bridges, and tunnels, DOT operational capability depends on things that go on in buildings, including headquarters facilities, maintenance offices, and operations centers. Below are several resources that should help to make sure that those buildings are as safe as possible when we need them most. All can be found at http://www.fema.gov/fima/rmsp.shtm FEMA 426 - Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings FEMA 427 - Primer for Design of Commercial Buildings to Mitigate Terrorist Attacks FEMA 429 - Insurance, Finance, and Regulation Primer for Terrorism Risk Management in Buildings E155 - Building Design for Homeland Security FEMA 452 - Methodology for Preparing Threat Assessments for Commercial Buildings FEMA 453 - Multihazard Shelter (Safe Havens) Design FEMA 455 - Rapid Visual Screening for Building Security FEMA 459 - Incremental Rehabilitation to Improve Security in Buildings Blast Mitigation - This website from the National Memorial Institute for the Prevention of Terrorism contains a highly useful set of reports, case studies, and links focused on mitigating blast effects on various types of structures. DoD Minimum Antiterrorism Standards for Buildings - The Department of Defense has just approved its new "Minimum Antiterrorism Standards for Buildings" for release to the general public. The standards will be applied to all new buildings constructed on DoD installations, will be applied to major retrofits of existing buildings on DoD installations, as well as to leased commercial buildings that have a high concentration of DoD employees. The Department of Defense produced this special public version of its standards for the expressed purpose of sharing non-sensitive infrastructure security knowledge for possible application to commercial buildings where the private sector finds them applicable. Protecting People and Buildings from Terrorism: Technology Transfer for Blast-effects Mitigation - Report of the Committee for Oversight and Assessment of Blast-effects and Related Research, Board on Infrastructure and the Constructed Environment, National Research Council. The Challenge of Making Safer Structures - This report, more than two years in the making, is part of an ongoing NIST project that seeks to construct a set of well-grounded data to serve as a foundation for building high rises with improved structural integrity, better fireproofing, and enhanced evacuation capabilities. Cybersecurity CERT Coordination Center - The CERT Coordination Center, part of the Networked Systems Survivability Program of the Software Engineering Institute, started in 1988 after the Morris Worm incident crippled approximately 10 percent of all computers connected to the Internet. The center develops incident-response teams, coordinates response to large-scale incidents, trains incident-response professionals, and researches security vulnerabilities, system improvements, and the survivability of large-scale networks. Common Vulnerability Scoring System - There has often been a lack cohesion or interoperability among systems to rank information system vulnerabilities. Also, existing systems tend to be limited in scope as to what they cover, and these systems tend to be Internet-centric. The DHS National Infrastructure Advisory Council commissioned this project to propose an open and universal vulnerability scoring system to address and solve these shortcomings, with the ultimate goal of promoting a common understanding of vulnerabilities and their impact. Federal Computer Incident Response Capability - The Federal Computer Response Capability (fedCIRC) coordinates and analyzes computer security for the federal government's civilian agencies and departments. Through FedCIRC, federal agencies cooperate to handle security incidents, share information, solve common security problems, and also collaborate with National Infrastructure Protection Center to plan protection strategies and deal with criminal threats to the critical information infrastructure. National Strategy to Secure Cyberspace - This document provides a framework for improving cybersecurity. NIST Recommended Security Controls for Federal Information Systems - The purpose of Special Publication 800-53 is to provide guidelines for selecting and specifying security controls for information systems supporting the executive agencies of the federal government NIST Risk Management Guide for Information Technology Systems NIST Security Self-Assessment Guide for Information Technology Systems - NIST Special Publication (SP) 800-26, Security Self-Assessment Guide for Information Technology Systems, utilizes an extensive questionnaire containing specific control objectives and techniques against which an unclassified system or group of interconnected systems can be tested and measured. Research to Improve Freight Transportation Information Systems Security - The vulnerability of U.S. freight transportation information systems to terrorist cyberattack presents a potentially serious homeland security concern, says a new report from the National Academies' Transportation Research Board and Computer Science and Telecommunications Board. The report outlines the research necessary to strengthen the security of these systems, which facilitate the efficient movement and delivery of goods and materials. Supervisory Control and Data Acquisition (SCADA) Systems - The DOD's Technical Support Working Group provides resources to help address the vulnerability of SCADA systems, which have similarities to traffic control systems. The Information, Systems, and Automation Society (ISA) - ISA is a major standards developer in the supervisory control and data acquisition (SCADA) industry. Their standards ISA-TR99.00.01-2004 and ISA-TR99.00.02-2004 may be highly useful in understanding how to protect traffic control systems. U.S. Computer Systems Are Vulnerable to Attack - Computer systems across the country are increasingly vulnerable to cyber attacks, says a new report from the National Academies' Computer Science and Telecommunications Board. The report highlights previous Academy studies that call for better authentication systems, training, and monitoring to help make information systems more secure. You will need the Adobe Acrobat Reader to view the PDFs on this page.
	US DOT Home \| FHWA Home \| Operations Home \| Privacy Policy