Summary
The U.S. passenger rail system is a vital component of the nation's transportation infrastructure, carrying more than 11 million passengers each weekday. The Department of Homeland Security (DHS) and the Department of Transportation (DOT) share responsibility for ensuring the safety and security of rail systems. In this report, GAO addressed (1) DHS actions to assess the risks to the U.S. passenger rail system in the context of prevailing risk management principles, (2) federal actions taken to enhance the security of the U.S. passenger rail system, and (3) security practices that domestic and selected foreign passenger rail operators have implemented.
Within DHS, the Office for Domestic Preparedness has completed 7 risk assessments of passenger rail systems around the country, with 12 more under way. TSA has begun to conduct risk assessments and to establish a methodology for determining how to analyze and characterize risks that have been identified but has not yet completed either effort or set timelines for doing so. TSA will not be able to prioritize passenger rail assets and help guide security investment decisions until these efforts are completed. At the department level, DHS has begun developing, but has not yet completed, a framework to help agencies and the private sector develop a consistent approach for analyzing and comparing risks to transportation and other sectors. Until this framework is finalized and shared with stakeholders, it may not be possible to compare risks across different sectors, prioritize them, and allocate resources accordingly. The Federal Transit Administration and Federal Railroad Administration within DOT have ongoing initiatives to enhance passenger rail security. In addition, in 2004, TSA issued emergency security directives to domestic rail operators after terrorist attacks on the rail system in Madrid, Spain, and piloted a test of explosive detection technology for use in passenger rail systems. However, federal and rail industry officials raised questions about the feasibility of implementing and complying with the directives, citing limited opportunities to collaborate with TSA to ensure that industry best practices were incorporated. In September 2004, DHS and DOT signed a memorandum of understanding to improve coordination between the two agencies, and they are developing agreements to address specific rail security issues. Domestic and foreign passenger rail operators we contacted have taken a range of actions to help secure their systems. We also observed security practices among certain foreign passenger rail systems or their governments that are not currently used by the domestic rail operators we contacted, or by the U.S. government, and which could be considered for use in the United States. For example, some foreign rail operators randomly screen passengers, and some foreign governments maintain centralized clearinghouses on rail security technologies and best practices.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change
from "In process" to "Implemented" or "Not implemented" based on our follow up work.
Director:
Team:
Phone:
Cathleen A. Berrick
Government Accountability Office: Homeland Security and Justice
No phone on record
Recommendations for Executive Action
Recommendation: In order for the Department of Homeland Security to have the information needed to fully evaluate, compare, and prioritize risk mitigation activities across sectors, the Secretary of the Department of Homeland Security should establish a timeline for completing the department's framework for analyzing sector risks and ensure that the risk assessment methodologies used by sector-specific agencies are consistent with this framework.
Agency Affected: Department of Homeland Security
Status: Implemented
Comments: In previous reports and testimonies, we reported that the Transportation Security Administration (TSA) had not issued the Transportation Sector Specific Plan (TSSP) or supporting plans for securing all modes of transportation. We also reported that until TSA issued the TSSP and supporting plans, it lacked a clearly communicated strategy with goals and objectives for securing the transportation sector. In addition, in March 2007, we testified that as of September 2005, DHS had begun developing, but had not yet completed a framework to help federal agencies and the private sector develop a consistent approach for analyzing and comparing risks to transportation and other critical sectors. However, in May 2007, DHS issued the TSSP for transportation systems and supporting annexes for surface transportation assets, and reported taking actions to adopt the strategic approach outlined by the TSSP. The TSSP and its supporting modal implementation plans and appendixes establish a strategic approach based on the National Infrastructure Protection Plan and Executive Order 13416, Strengthening Surface Transportation Security. The TSSP describes the security framework that is intended to enable sector stakeholders to make effective and appropriate risk-based security and resource allocation decisions. In addition, during the course of our ongoing work assessing mass transit security we have identified that DHS had begun to implement some of the security initiatives outlined in the TSSP and supporting mass transit annex.
Recommendation: In order for the Transportation Security Administration to have the information needed to more fully evaluate, select, and implement risk mitigation activities, and complete its transportation sector-specific plan and other strategic risk based plans, the Secretary of the Department of Homeland Security should direct the Assistant Secretary of the Transportation Security Administration to establish a plan for completing its methodology for conducting risk assessments that includes timelines and addresses how it will work with passenger rail stakeholders and leverage existing federal expertise in Department of Homeland Security components, including the Office for Domestic Preparedness, as well as the Department of Transportation modal administrations, including the Federal Railroad Administration and the Federal Transit Administration.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: In process
Comments: Awaiting additional documentation and discussion with agency officials regarding the status of this recommendation.
Recommendation: In order for the Transportation Security Administration to have the information needed to more fully evaluate, select, and implement risk mitigation activities, and complete its transportation sector-specific plan and other strategic risk based plans, the Secretary of the Department of Homeland Security should direct the Assistant Secretary of the Transportation Security Administration to evaluate whether the risk assessment methodology used by the Office for Domestic Preparedness should be leveraged to facilitate the completion of risk assessments for rail and other transportation modes.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: In process
Comments: Awaiting additional documentation and discussion with agency officials regarding the status of this recommendation.
Recommendation: To ensure that future rail security directives are enforceable, transparent, and feasible, the Secretary of the Department of Homeland Security should direct the Assistant Secretary of the Transportation Security Administration, in collaboration with the Department of Transportation and the passenger rail industry, to develop security standards that reflect industry best practices and can be measured, monitored, and enforced by Transportation Security Administration rail inspectors and, if appropriate, by rail asset owners. This could be accomplished by using the rule-making process, with notice in the Federal Register and an opportunity for interested stakeholders to comment, to promulgate long-term regulations that incorporate these standards.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: Implemented
Comments: We reported in August 2007 that TSA has developed security action items (recommended measures for passenger rail operators to implement as part of their security programs to improve both security and emergency preparedness) for passenger rail. TSA also issued a proposed rule in December 2006 on passenger and freight rail security requirements. In April 2007, DHS provided us with updated information on TSA?s efforts to issue standards for securing surface transportation modes. According to DHS, TSA uses transit agency site visits to assess compliance with security directives and implementation of noncompulsory security standards and protective measures with the objective of ensuring a broad-based enhancement of passenger rail and rail transit security. More specifically, through the Baseline Assessment for Security Enhancement, TSA inspectors review mass transit and passenger rail systems? implementation of the 17 Security and Emergency Management Action Items (security action items) that TSA and the Federal Transit Administration jointly developed, in coordination with the Mass Transit Sector Coordinating Council. Additionally, we testified in May 2008 that DHS and other federal partners have also been collaborating with the American Public Transportation Association (APTA) and public and private security professionals to develop industry-wide security standards for mass transit systems. APTA officials reported that they expect several of the voluntary standards to be released in 2008.
Recommendation: To ensure that future rail security directives are enforceable, transparent, and feasible, the Secretary of the Department of Homeland Security should direct the Assistant Secretary of the Transportation Security Administration, in collaboration with the Department of Transportation and the passenger rail industry, to set timelines for completing the memorandum of understanding modal agreements for rail, mass transit, and research and development, which both the Department of Homeland Security and the Department of Transportation have agreed to pursue.
Agency Affected: Department of Homeland Security: Directorate of Border and Transportation Security: Transportation Security Administration
Status: In process
Comments: Awaiting additional documentation and discussion with agency officials regarding the status of this recommendation.
Recommendation: To help strengthen the security of passenger rail systems in the United States and potentially leverage the knowledge and practices employed by foreign rail operators, the Secretary of the Department of Homeland Security, in collaboration with the Department of Transportation and the passenger rail industry, should evaluate the feasibility of establishing and maintaining an information clearinghouse on existing and emergency security technologies and security best practices used in the passenger rail industry both in the United States and abroad.
Agency Affected: Department of Homeland Security
Status: Implemented
Comments: Since we issued this recommendation, the Transportation Security Administration (TSA) has integrated a public transit portal into the Homeland Security Information Network (HSIN) - a secure website that transit agencies can use to access information on a variety of topics, including security technologies. Senior TSA officials reported that they created the mass transit portal for the HSIN in part to respond to GAO's recommendation in the passenger rail report that they create a clearinghouse for transit agencies to learn about security technologies. TSA officials noted that about 65% of the top 100 transit agencies - by annual ridership - have accounts with HSIN. Additionally, TSA officials noted that they have been gathering security best practices as they conduct their Baseline Assessment and Security Enhancement reviews at transit agencies across the country. A senior TSA official commented that they will be publishing a report on these best practices - entitled Smart Security Practices - for distribution to transit agencies. This report highlights best practices from the top 50 transit agencies, and includes contact information for those agencies, so information can be shared. GAO received a final copy of this document, dated June 2008, and TSA officials noted that they planned to distribute the document at the August 2008 Transit Security Roundtable meeting.
Recommendation: To help strengthen the security of passenger rail systems in the United States and potentially leverage the knowledge and practices employed by foreign rail operators, the Secretary of the Department of Homeland Security, in collaboration with the Department of Transportation and the passenger rail industry, should evaluate the potential benefits and applicability--as risk analyses warrant and as opportunities permit--of implementing covert testing processes to evaluate the effectiveness of rail system security personnel; implementing practices used by foreign rail operators that integrate security into infrastructure design; and implementing random searches or screening of passengers and their baggage, pending the results of an ongoing joint federal and industry review of the impact of random screening on passenger rail operators.
Agency Affected: Department of Homeland Security
Status: In process
Comments: Awaiting additional documentation and discussion with agency officials regarding the status of this recommendation.
