Summary

The 2005 London subway bombings and 2006 rail attacks in Mumbai, India highlighted the vulnerability of passenger rail and other surface transportation systems to terrorist attack and demonstrated the need for greater focus on securing these systems. This testimony is based primarily on GAO's September 2005 passenger rail security report and selected program updates obtained in January 2007. Specifically, it addressees (1) the extent to which the Department of Homeland Security (DHS) has assessed the risks facing the U.S. passenger rail system and developed a strategy based on risk assessment for securing all modes of transportation, including passenger rail; (2) the actions that the Transportation Security Administration (TSA) and other federal agencies have taken to enhance the security of the U.S. passenger rail system, improve federal coordination, and develop industry partnerships; and (3) the security practices that domestic and selected foreign passenger rail operators have implemented to enhance security.

The DHS Office of Grants and Training and TSA have begun to assess the risks facing the U.S. passenger rail system. However, we reported in September 2005 that TSA had not completed a comprehensive risk assessment of passenger rail assets. We found that, until TSA does so, the agency may be limited in its ability to prioritize passenger rail assets and help guide security investments. We also reported that DHS had begun, but not yet completed, a framework to help agencies and the private sector develop a consistent approach for analyzing and comparing risks among and across various critical sectors. Since that time, TSA has reported taking additional steps to assess the risks to the passenger rail system. However, TSA has not yet issued the required Transportation Sector Specific Plan and supporting plans that address passenger rail and other surface transportation modes, based on a risk assessment. Until TSA does so, the agency lacks a clear strategy with goals and objectives for securing the overall transportation sector, including passenger rail. After September 11, DOT initiated efforts to strengthen passenger rail security. TSA has also taken actions to strengthen rail security, including issuing security directives, testing security technologies, developing security training, and issuing a proposed rule for passenger and freight rail security, among other efforts. However, federal and rail industry stakeholders have questioned the extent to which TSA's directives were based on industry best practices. TSA has also taken steps to better coordinate with DOT and develop partnerships with industry stakeholders. DHS and DOT have updated their memorandum of understanding to clarify their respective security-related roles and responsibilities for passenger rail. TSA also established an Office of Transportation Sector Network Management and offices for each mode of transportation to develop security policies and work to strengthen partnerships with industry stakeholders for passenger rail and other surface modes. U.S. and foreign passenger rail operators GAO visited have also taken actions to secure their rail systems. Most had implemented customer security awareness programs, increased security personnel, increased the use of canines to detect explosives, and enhanced employee training programs. GAO also observed security practices among foreign passenger rail systems that are not currently used by U.S. rail operators or by the U.S. government, which could be considered for use in the U.S. For example, some foreign rail operators randomly screen passengers or use covert testing to help keep employees alert to security threats. While introducing these security practices in the U.S may pose political, legal, fiscal, and cultural challenges, they warrant further examination. TSA has reported taking steps to identify foreign best practices for rail security.