Summary

The July 2005 London subway bombings and July 2006 rail attacks in Mumbai, India dramatically revealed the vulnerability of passenger rail and other surface transportation systems worldwide to terrorist attack and demonstrated the need for increased focus on the security of these systems. This testimony, which is based primarily on GAO's September 2005 report on passenger rail security (GAO-05-851) and selected program updates obtained in January 2007 provides information on (1) how the Department of Homeland Security (DHS) has assessed the risks posed by terrorism to the U.S. passenger rail system; (2) actions TSA and other federal agencies have taken to enhance the security of U.S. rail systems; and (3) rail security practices implemented by domestic and selected foreign passenger rail operators.

The DHS Office of Grants and Training has conducted risk assessments of passenger rail systems to identify and protect rail assets that are vulnerable to attack, such as stations and bridges. TSA has also begun to conduct risk assessments of passenger rail assets. While TSA has begun to establish a methodology for analyzing and characterizing risks, as of January 2007, the agency has not completed a comprehensive risk assessment of the U.S. passenger rail system. Until TSA does so, the agency may be limited in its ability to prioritize passenger rail assets and help guide security investments. DHS has also begun developing a framework to help agencies and the private sector develop a consistent approach for analyzing and comparing risks among and across different transportation sectors. However, until this framework is finalized, it may not be possible to compare risks across different sectors, prioritize them, and allocate resources accordingly. After September 11, 2001, the Department of Transportation initiated a number of efforts to improve passenger rail security. After its creation, TSA also took a number of actions, including issuing rail security directives, testing rail security technologies, developing training tools for rail workers, and issuing a proposed rule in December 2006 regarding passenger and freight rail security, among other efforts. However, federal and rail industry stakeholders have questioned the extent to which TSA's directives were based on industry best practices and expressed confusion about how TSA would monitor compliance with the directives. DHS and DOT also signed a memorandum of understanding (MOU) that delineated the two departments' respective roles and responsibilities for promoting the safe, secure, and efficient movement of people and goods throughout the transportation system. TSA has recently completed specific agreements with the Federal Transit Administration (FTA) and the Federal Railroad Administration (FRA) to further delineate security-related roles and responsibilities for passenger rail. U.S. and foreign passenger rail operators GAO visited have also taken actions to secure their rail systems. Most had implemented customer security awareness programs, increased security personnel, increased the use of canines to detect explosives, and enhanced employee training programs. GAO also observed security practices among foreign passenger rail systems that are not currently used by U.S. rail operators or by the U.S. government, which could be considered for use in the U.S. For example, some foreign rail operators randomly screen passengers or use covert testing to help keep employees alert to security threats. While introducing these security practices in the U.S may pose political, legal, fiscal, and cultural challenges, they warrant further examination. TSA has reported taking steps to identify foreign best practices for rail security.