Passenger Rail Security

Consistent Incident Reporting and Analysis Needed to Achieve Program Objectives

GAO-13-20, Dec 19, 2012

Additional Materials:

Share This:

  1. Share with Facebook 
  2. Share with Twitter 
  3. Share with mail 

Contact:

Stephen M. Lord
(202) 512-4379
LordS@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

What GAO Found

The Transportation Security Administration (TSA) has inconsistently overseen and enforced its rail security incident reporting requirement because it does not have guidance and its oversight mechanisms are limited, leading to considerable variation in the types and number of incidents reported. Though some variation is expected in the number and type of incidents reported because of differences in rail agency size, location, and ridership, local TSA inspection officials have provided rail agencies with inconsistent interpretations of the reporting requirement. For example, local TSA officials instructed one rail agency to report all incidents related to individuals struck by trains. However, local TSA officials responsible for another rail agency said these incidents would not need to be reported as they are most often suicides with no nexus to terrorism. Providing guidance to local TSA inspection officials and rail agencies on the types of incidents that are to be reported could improve consistency across different TSA field offices. GAO also found inconsistency in TSA compliance inspections and enforcement actions because TSA has not utilized limited headquarters-level mechanisms as intended for ensuring consistency in these activities. TSA's rail security inspection policies do not specify inspection frequency but call for performing a "reasonable number" of inspections. However, 3 of the 19 rail agencies GAO contacted were not inspected from January 2011 through June 2012, including a large metropolitan rail agency, although local officials said it was unlikely that no incidents had occurred at that agency. Without inspections, TSA's assurance that rail agencies are reporting security incidents, as required, is reduced. In addition, TSA took enforcement action against an agency for not reporting an incident involving a knife, but did not take action against another agency for not reporting similar incidents, though the agency had been inspected. Enhancing headquarters-level mechanisms for overseeing inspection and enforcement actions in the field could help ensure more consistency in these activities and improve TSA's ability to use the information for trend analysis.

TSA has not conducted trend analysis of rail security information, and weaknesses in TSA's rail security incident data management system, including data entry errors, inhibit TSA's ability to search and extract information. Data entry errors occur in part because the guidance provided to officials responsible for entering incident information does not define the available data field options. Without the ability to identify information from the data, such as the number of incidents reported by incident type, TSA faces challenges determining if patterns or trends exist. Additional guidance for officials who enter the incident information could help to reduce data entry errors and improve users' ability to search and extract information from the system, ultimately improving TSA's ability to analyze the incident information. These weaknesses notwithstanding, TSA has made limited use of the incident information it has collected, in part because it does not have a systematic process for conducting trend analysis. TSA's purpose for collecting the rail security incident information was to allow TSA to "connect the dots" by conducting trend analysis. TSA has used the rail security incident information for situational awareness, but has conducted limited analysis of the information, missing an opportunity to identify any security trends or patterns in the incident information, or to develop recommended security measures to address any identified issues.

Why GAO Did This Study

Terrorist attacks on foreign passenger rail systems, which include rail transit and intercity rail, have underscored the importance of collecting and analyzing security incident information to identify potential vulnerabilities. Within the federal government, TSA is the primary agency responsible for overseeing and enhancing passenger rail security, and has several programs to fulfill this responsibility. In 2008, TSA issued a regulation requiring U.S. passenger rail agencies to report all potential threats and significant security concerns to TSA, among other things. GAO was asked to assess the extent to which (1) TSA has overseen and enforced this reporting requirement and (2) TSA has analyzed passenger rail security incident information to identify security trends. GAO reviewed TSA policy documents, guidance, and incident data from January 2011 through June 2012, and interviewed federal officials and security officials from 19 passenger rail agencies. GAO selected these agencies, in part, because of their ridership volume. The results of these interviews are not generalizable but provide insights.

What GAO Found

GAO recommends, among other things, that TSA (1) develop guidance on the types of incidents that should be reported, (2) enhance existing oversight mechanisms for compliance inspections and enforcement actions, (3) develop guidance to reduce errors from data entry problems, and (4) establish a process for regularly conducting trend analysis of incident data. TSA concurred and is taking actions in response.

For more information, contact Stephen M. Lord, (202)-512-4379, lords@gao.gov.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: To help ensure that the rail security incident reporting process is consistently implemented and enforced, the Administrator of TSA should develop and disseminate written guidance for local TSA inspection officials and rail agencies that clarifies the types of incidents that should be reported to the TSA's Transportation Security Operations Center (TSOC).

    Agency Affected: Department of Homeland Security: Transportation Security Administration

    Status: Review Pending

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To help ensure that the rail security incident reporting process is consistently implemented and enforced, the Administrator of TSA should enhance and utilize existing oversight mechanisms at the headquarters level, as intended, to provide management oversight of local compliance inspections and enforcement actions.

    Agency Affected: Department of Homeland Security: Transportation Security Administration

    Status: Review Pending

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To help fulfill TSA's stated purpose for collecting rail security incident information and improve the accuracy and completeness of the incident data in TSA's incident management system, WebEOC, the Administrator of TSA should establish a process for updating the database when incidents that had not previously been reported are discovered through compliance activities.

    Agency Affected: Department of Homeland Security: Transportation Security Administration

    Status: Review Pending

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To help fulfill TSA's stated purpose for collecting rail security incident information and improve the accuracy and completeness of the incident data in TSA's incident management system, WebEOC, the Administrator of TSA should develop guidance for TSOC officials that includes definitions of data entry options to reduce errors resulting from data entry problems.

    Agency Affected: Department of Homeland Security: Transportation Security Administration

    Status: Review Pending

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.

    Recommendation: To help fulfill TSA's stated purpose for collecting rail security incident information and improve the accuracy and completeness of the incident data in TSA's incident management system, WebEOC, the Administrator of TSA should establish a systematic process for regularly conducting trend analysis of the rail security incident data, in an effort to identify potential security trends that could help the agency anticipate or prevent an attack against passenger rail and develop recommended security measures.

    Agency Affected: Department of Homeland Security: Transportation Security Administration

    Status: Review Pending

    Comments: When we confirm what actions the agency has taken in response to this recommendation, we will provide updated information.