Summary

The July 2005 bombing attacks on London's subway system dramatically highlighted the vulnerability of passenger rail systems worldwide to terrorist attacks, and the need for an increased focus on security for these systems. This testimony provides information on how the Department of Homeland Security (DHS), including the Transportation Security Administration (TSA) and the Office for Domestic Preparedness (ODP), have assessed risks posed by terrorism to the U.S. passenger rail system using risk management principles; actions federal agencies have taken to enhance the security of U.S. rail systems; and rail security practices implemented by domestic and selected foreign passenger rail operators and differences among these practices.

Within DHS, ODP has completed numerous risk assessments of passenger rail systems around the country, and TSA has begun to conduct risk assessments as well as establish a methodology for determining how to analyze and characterize risks that have been identified. Until TSA completes these efforts, however, the agency will not be able to prioritize passenger rail assets and help guide security investment decisions. At the department level, DHS has begun developing, but has not yet completed, a framework to help agencies and the private sector develop a consistent approach for analyzing and comparing risks to transportation and other sectors. Until this framework is finalized and shared with stakeholders, it may not be possible to compare risks across different sectors, prioritize them, and allocate resources accordingly. In addition to the ongoing initiatives to enhance passenger rail security conducted by the Department of Transportation's (DOT) Federal Transit Administration and Federal Railroad Administration, such as providing security training to passenger rail operators, TSA issued emergency security directives in 2004 to domestic rail operators after terrorist attacks on the rail system in Madrid and piloted a test of explosive detection technology for use in passenger rail systems. However, federal and rail industry officials raised questions about the feasibility of implementing and complying with the security directives, citing limited opportunities to collaborate with TSA to ensure that industry best practices were incorporated. Domestic and foreign passenger rail operators we contacted have taken a range of actions to help secure their systems. Most, for example, had implemented customer awareness programs to encourage passengers to report suspicious activities, increased the number and visibility of their security personnel, upgraded security technology, and improved rail system design to enhance security. We also observed security practices among certain foreign passenger rail systems or their governments not currently used by the domestic rail operators we contacted, or by the U.S. government, which could be considered for use in the United States. For example, some foreign rail operators randomly screen passengers or utilize covert testing to help keep employees alert to security threats, and some foreign governments maintain centralized clearinghouses on rail security technologies. While introducing any of these security practices into the U.S. rail system may pose political, legal, fiscal, and cultural challenges, they may nevertheless warrant further examination.