GAO-06-557T, Passenger Rail Security: Evaluating Foreign Security Practices and Risk Can Help Guide Security Efforts


This is the accessible text file for GAO report number GAO-06-557T 
entitled 'Passenger Rail Security: Evaluating Foreign Security 
Practices and Risk Can Help Guide Security Efforts' which was released 
on March 29, 2006. 

This text file was formatted by the U.S. Government Accountability 
Office (GAO) to be accessible to users with visual impairments, as part 
of a longer term project to improve GAO products' accessibility. Every 
attempt has been made to maintain the structural and data integrity of 
the original printed product. Accessibility features, such as text 
descriptions of tables, consecutively numbered footnotes placed at the 
end of the file, and the text of agency comment letters, are provided 
but may not exactly duplicate the presentation or format of the printed 
version. The portable document format (PDF) file is an exact electronic 
replica of the printed version. We welcome your feedback. Please E-mail 
your comments regarding the contents or accessibility features of this 
document to Webmaster@gao.gov. 

This is a work of the U.S. government and is not subject to copyright 
protection in the United States. It may be reproduced and distributed 
in its entirety without further permission from GAO. Because this work 
may contain copyrighted images or other material, permission from the 
copyright holder may be necessary if you wish to reproduce this 
material separately. 

Testimony before the Committee on Transportation and Infrastructure, 
Subcommittee on Highways, Transit, and Pipelines, House of 
Representatives: 

United States Government Accountability Office: 

GAO: 

For Release on Delivery Expected at 2:00 p.m. EST: 

Wednesday, March 29, 2006: 

Passenger Rail Security: 

Evaluating Foreign Security Practices and Risk Can Help Guide Security 
Efforts: 

Statement of JayEtta Z. Hecker, Director, Physical Infrastructure 
Issues: 

GAO-06-557T: 

GAO Highlights: 

Highlights of GAO-06-557T, a testimony before the Committee on 
Transportation and Infrastructure, Subcommittee on Highways, Transit, 
and Pipelines, House of Representatives: 

Why GAO Did This Study: 

The July 2005 bombing attacks on London’s subway system dramatically 
revealed the vulnerability of passenger rail systems worldwide to 
terrorist attacks and demonstrated the need for an increased focus on 
security for these systems. 

This testimony, which is based primarily on GAO’s September 2005 report 
on passenger rail security (GAO-05-851), provides information on (1) 
the security practices that domestic and selected foreign rail transit 
operators have implemented to mitigate risks and enhance security; (2) 
the Department of Homeland Security’s (DHS) and the Department of 
Transportation’s (DOT) funding of rail transit security and use of risk 
management in funding decisions; and (3) the steps DHS and DOT have 
taken to improve coordination on rail transit security matters. As part 
of its 2005 report, GAO contacted 32 U.S. rail transit operators and 13 
passenger rail operators in seven European and Asian countries. 

What GAO Found: 

Domestic and foreign rail transit operators GAO contacted have taken 
similar actions to help secure their systems, including implementing 
customer awareness programs, increasing the number and visibility of 
their security personnel, and upgrading security technology. Also, both 
domestic and foreign operators have used risk assessments to guide 
security-related activities and spending. However, GAO also observed 
security practices that were used by certain foreign passenger rail 
operators, but were not employed in the United States at the time of 
GAO’s review. For example, some foreign rail operators use covert 
testing to help keep employees alert to security threats or randomly 
screen passengers. Centralized clearinghouses on rail security 
technologies, such as chemical sensors, and best practices are also 
maintained in some foreign countries. While introducing any of these 
security practices into the U.S. rail system may pose political, legal, 
fiscal, and cultural challenges, the practices may nevertheless warrant 
further examination. 

Both DHS and DOT help fund rail transit security investments, and DHS 
has promoted risk-based funding decisions in the allocation of transit 
security grants. DHS’s Office of Grants and Training is the primary 
source of security funding for passenger rail systems, providing over 
$320 million in grants to rail transit agencies for fiscal years 2003 
to 2006. The Office of Grants and Training has leveraged its grant-
making authority to promote risk-based funding decisions for passenger 
rail by requiring, for example, that operators complete a risk 
assessment to be eligible for a transit security grant. As we have 
noted in previous reports, using assessments of risk to target 
resources to the highest priority is especially critical given the 
competition for resources within the rail transit sector, and between 
the rail transit sector and the other modes of transportation. DOT’s 
Federal Transit Administration (FTA) also helps fund rail transit 
security efforts by providing financial assistance to transit agencies 
and requiring that they spend 1 percent of their urbanized area formula 
funds on security improvements. 

To improve coordination on transportation security matters, including 
rail transit security, DHS and DOT signed a memorandum of understanding 
(MOU) in September 2004. DHS and DOT also signed a transit security 
annex to the MOU in September 2005 that delineates specific security-
related roles, responsibilities, resources, and commitments for transit 
issues. In GAO’s view, these actions are positive steps forward in 
addressing the coordination problems GAO previously identified. For 
instance, federal and rail industry officials raised questions about 
the feasibility of implementing and complying with TSA’s May 2004 
security directives, citing limited opportunities to collaborate with 
TSA to ensure that industry best practices were incorporated. Effective 
coordination between DHS and DOT will continue to be important as both 
departments move forward with existing programs and new security 
initiatives. 

What GAO Recommends: 

GAO’s September 2005 report on passenger rail security recommended, 
among other things, that the Secretary of Homeland Security, in 
collaboration with DOT, determine the feasibility of implementing 
certain rail security practices used in foreign countries. DHS and DOT 
generally agreed with the report’s recommendations. 

www.gao.gov/cgi-bin/getrpt?GAO-06-557T. 

To view the full product, including the scope and methodology, click on 
the link above. For more information, contact JayEtta Z. Hecker at 
(202) 512-2834 or Cathleen A. Berrick (202) 512-3404. 

[End of section] 

Mr. Chairman and Members of the Subcommittee: 

Thank you for inviting me to participate in today's hearing on rail 
transit security. The London rail bombings that took place in July 
2005--resulting in over 50 fatalities and more than 700 injuries--made 
clear that even when a variety of security precautions are in place, 
rail transit systems that move high volumes of passengers each day 
remain vulnerable to terrorist attack. While securing the U.S. rail 
transit system is a daunting task--a shared responsibility requiring 
coordinated action on the part of federal, state, and local governments 
and the private sector--it is important nonetheless to take the 
necessary steps to identify and mitigate risks to rail transit systems. 

As we have reported previously, the sheer number of stakeholders 
involved in securing these systems can lead to communication 
challenges, duplication of effort, and confusion about roles and 
responsibilities. Key federal stakeholders with critical roles to play 
within the rail sector include the Transportation Security 
Administration (TSA), which is responsible for transportation security 
overall, and the Office of Grants and Training,[Footnote 1]which 
provides grant funds to rail operators and conducts risk assessments 
for passenger rail agencies, both within the Department of Homeland 
Security (DHS); and the Federal Transit Administration (FTA) and 
Federal Railroad Administration (FRA), both within the Department of 
Transportation (DOT). One of the critical challenges facing these 
federal agencies, and the rail system operators they oversee or 
support, is finding ways to protect rail systems from potential 
terrorist attacks without compromising the accessibility and efficiency 
of rail transit. 

At the federal level, another significant challenge to securing rail 
systems involves the allocation of resources. Rail transit systems 
represent one of many modes of transportation--along with aviation, 
maritime, and others--competing for limited federal security resources. 
Within the rail transit sector itself, there is competition for 
resources, as federal, state, and local agencies and rail operators 
seek to identify and invest in appropriate security measures to 
safeguard these systems while also investing in other capital and 
operational improvements. Moreover, given competing priorities and 
limited homeland security resources, difficult policy decisions have to 
be made by Congress and the executive branch to prioritize security 
efforts and direct resources to the areas of greatest risk within the 
rail transit system, among all transportation modes, and across other 
nationally critical sectors. 

To help federal decision makers determine how to best allocate limited 
resources, we have advocated, the National Commission on Terrorist 
Attacks Upon the United States (the 9/11 Commission) has recommended, 
and the subsequent Intelligence Reform and Terrorism Prevention Act of 
2004 requires, that a risk management approach be employed to guide 
security decision making.[Footnote 2] A risk management approach 
entails a continuous process of managing risks through a series of 
actions, including setting strategic goals and objectives, assessing 
and quantifying risks, evaluating alternative security measures, 
selecting which measures to undertake, and implementing and monitoring 
those measures. In July 2005, in announcing his proposal for the 
reorganization of DHS, the Secretary of Homeland Security declared that 
as a core principle of the reorganization, the department must base its 
work on priorities driven by risk. 

My testimony will cover three areas: (1) the security practices that 
domestic and selected foreign rail transit operators have implemented 
to mitigate risks and enhance security, and any differences in these 
practices; (2) DHS's and DOT's funding of rail transit security and use 
of risk management in funding decisions; and (3) the steps DHS and DOT 
have taken to improve coordination on rail transit security matters. My 
comments today are based on our body of work on passenger rail security 
issues, including our September 2005 report to the Chairman of the 
House Transportation and Infrastructure's Subcommittee on Railroads, 
Senators Snowe and Boxer, and Representative Castle.[Footnote 3] For 
this report, we contacted 32 U.S. rail transit operators and 13 
passenger rail operators in seven European and Asian countries. These 
domestic and foreign rail agencies and the areas they serve are listed 
in appendix I. All of the reports on which this statement is based were 
prepared in accordance with generally accepted government auditing 
standards. 

In summary: 

Domestic and foreign rail transit operators we contacted have taken 
similar actions to help secure their systems, such as implementing 
customer awareness programs, upgrading security technology, and 
tightening access controls. Also, both domestic and foreign operators 
have used risk assessments to guide security-related activities and 
funding. However, we also observed rail security practices in foreign 
countries that were not in use domestically at the time of our review. 
For example, some foreign rail operators use covert testing to help 
keep employees alert to security threats or randomly screen passengers. 
In addition, centralized clearinghouses on rail security technologies, 
such as chemical sensors, and best practices are maintained in some 
foreign countries. While introducing any of these security practices 
into the U.S. rail system may pose political, legal, fiscal, and 
cultural challenges, the practices may nevertheless warrant further 
examination. In our September 2005 report on passenger rail security, 
we recommended, among other things, that the Secretary of Homeland 
Security, in collaboration with DOT and the passenger rail industry, 
determine the feasibility, in a risk management context, of 
implementing certain rail security practices used in foreign countries, 
including covert testing and random screening, an information 
clearinghouse for security technologies and best practices, and 
practices that integrate security into infrastructure design.[Footnote 
4] DHS and DOT generally agreed with the report's recommendations. 

* Both DHS and DOT help fund rail transit security investments, and DHS 
has promoted risk-based funding decisions in the allocation of transit 
security grants. DHS's Office of Grants and Training is the primary 
source of security funding for passenger rail systems. From fiscal year 
2003 through fiscal year 2006, the Office of Grants and Training 
provided over $320 million in grants to rail transit agencies through 
the Urban Area Security Initiative (UASI) and the Transit Security 
Grant Programs. The Office of Grants and Training has leveraged its 
grant-making authority to promote risk-based funding decisions for 
passenger rail by requiring, for example, that operators complete a 
risk assessment to be eligible for a transit security grant. Using 
assessments of risk to target resources to the highest priority is 
especially critical given the competition for resources within the rail 
transit sector, and between the rail transit sector and the other modes 
of transportation. Moreover, as the 2005 London rail bombings 
dramatically illustrated, even when a variety of security precautions 
are put in place, passenger rail systems remain vulnerable and 
attractive targets given their open designs and the high volumes of 
passengers they transport each day. Thus, it is important that limited 
resources are targeted to security activities that have the greatest 
impact on reducing overall risk. DOT's FTA also helps fund rail transit 
security efforts through the financial assistance it provides to 
transit agencies. In addition, FTA requires that a certain percentage 
of federal funds be devoted to security activities. Specifically, 
transit agencies are required to spend 1 percent of their urbanized 
area formula funds on security improvements.[Footnote 5] 

* To improve coordination on transportation security matters, including 
rail transit security, DHS and DOT signed a memorandum of understanding 
(MOU) in September 2004. The MOU defines broad areas of responsibility 
for each department. The two departments also signed a transit security 
annex to the MOU in September 2005 that delineates the specific 
security-related roles, responsibilities, resources, and commitments 
for transit issues. We believe these actions are positive steps forward 
in addressing the coordination problems we have previously identified. 
For instance, in 2004, TSA issued emergency security directives to 
domestic rail operators after terrorist attacks on the rail system in 
Madrid. However, federal and rail industry officials raised questions 
about the feasibility of implementing and complying with these 
directives, citing limited opportunities to collaborate with TSA to 
ensure that industry best practices were incorporated. Effective 
coordination between DHS and DOT will continue to be important as both 
departments move forward with existing programs and new security 
initiatives. For example, to avoid duplication and confusion, it will 
be important that TSA coordinate the oversight activities of its rail 
inspectors with those of the state auditors from FTA's State Safety 
Oversight program and FRA's rail safety inspectors. 

Background: 

Each weekday, 11.3 million passengers in 35 metropolitan areas and 22 
states use some form of rail transit--that is, heavy, commuter, and 
light rail. Heavy rail systems--subway systems like New York City's 
transit system and Washington, D.C.'s Metro--typically operate on fixed 
rail lines within a metropolitan area and have the capacity for a heavy 
volume of traffic. Commuter rail systems generally operate on railroad 
tracks and provide regional service (e.g., between a central city and 
adjacent suburbs)--and are traditionally associated with older 
industrial cities, such as Boston, New York, and Chicago. Light rail 
systems are typically characterized by lightweight passenger rail cars 
that operate on track that is not separated from vehicular traffic for 
much of the way. Figure 1 identifies the geographic location of rail 
transit systems within the United States. 

Figure 1: Geographic Distribution of Rail Transit Systems: 

[See PDF for image] 

[End of figure] 

According to rail transit officials and experts, certain 
characteristics of rail transit systems make them inherently vulnerable 
to terrorist attacks and therefore difficult to secure. By design, rail 
transit systems are open (i.e., have multiple access points, hubs 
serving multiple carriers, and, in some cases, no barriers) so that 
they can move large numbers of people quickly. In contrast, the U.S. 
commercial aviation system is housed in closed and controlled locations 
with few entry points. The openness of rail transit systems can leave 
them vulnerable because operator personnel cannot completely monitor or 
control who enters or leaves the systems. Other characteristics of some 
rail transit systems--high ridership, expensive infrastructure, 
economic importance, and location (e.g., large metropolitan areas or 
tourist destinations)--also make them attractive targets for terrorists 
because of the potential for mass casualties and economic damage and 
disruption. Moreover, some of these same characteristics make rail 
transit systems difficult to secure. For example, the numbers of riders 
that pass through a subway system--especially during peak hours--may 
make the sustained use of some security measures, such as metal 
detectors, difficult because their use could result in long lines that 
could disrupt scheduled service. In addition, multiple access points 
along extended routes could make the cost of securing each location 
prohibitive. Balancing the potential economic effects of security 
enhancements with the benefits of such measures is a difficult 
challenge. 

Securing the nation's rail transit systems is a shared responsibility 
requiring coordinated action on the part of federal, state, and local 
governments; the private sector; and the passengers who ride these rail 
systems. Since the September 11 attacks, the role of federal government 
agencies in securing the nation's transportation systems, including 
rail transit, have continued to evolve. Before September 11, DOT--
namely, FTA--was the primary federal entity involved in rail transit 
security matters. In response to the attacks of September 11, Congress 
passed the Aviation and Transportation Security Act (ATSA), which 
created TSA within DOT and defined its primary responsibility as 
ensuring security in all modes of transportation.[Footnote 6] The act 
also gave TSA regulatory authority for security over all transportation 
modes. ATSA does not specify TSA's roles and responsibilities in 
securing the maritime and land transportation modes at the level of 
detail it does for aviation security. Instead, the act broadly 
identifies TSA as responsible for ensuring the security of all modes of 
transportation. With the passage of the Homeland Security Act of 2002, 
TSA was transferred, along with over 20 other agencies, to 
DHS.[Footnote 7] While TSA is the lead federal agency for ensuring the 
security of all transportation modes, FTA conducts nonregulatory safety 
and security activities, including safety-and security-related 
training, research, technical assistance, and demonstration projects. 
In addition, FTA promotes safety and security through its grant-making 
authority. 

U.S. and Foreign Rail Transit Operators Have Taken Similar Actions to 
Secure Rail Systems, and Opportunities for Additional Domestic Security 
Actions May Exist: 

U.S. rail transit operators have taken numerous actions to secure their 
rail systems since the terrorist attacks of September 11, 2001, in the 
United States and the March 11, 2004, attacks in Madrid. These actions 
included both improvements to system operations and capital 
enhancements to system facilities, such as track, buildings, and train 
cars. All of the U.S. rail transit operators we contacted have 
implemented some security measures--such as customer awareness programs 
and more, and more visible, security personnel--that were generally 
consistent with those we observed in Europe and Asia. We also 
identified three rail security practices--covert testing, random 
screening of passengers and their baggage, and maintaining a 
centralized clearinghouse on rail security technologies--used in 
foreign countries but not, at the time or our review, 
domestically.[Footnote 8] 

U.S. and Foreign Rail Operators Employ Similar Security Practices: 

Both U.S. and foreign rail transit operators we contacted have 
implemented similar improvements to enhance the security of their 
systems. To guide security actions and spending, domestic and foreign 
operators--even the privatized foreign systems--consider risk 
assessments, budget constraints, and other factors. For example, one 
foreign rail operator with a daily ridership of 2.3 million passengers 
used a risk management methodology to assess risks, threats, and 
vulnerabilities to rail in order to guide security spending. According 
to the operator, the methodology employs a "risk informed" approach to 
support management's business decision process regarding security. A 
summary of domestic and foreign security practices follows. 

Customer awareness: Customer awareness programs we observed used signs 
and announcements to encourage riders to alert train staff if they 
observed suspicious packages, persons, or behavior. Of the 32 domestic 
rail operators we interviewed, 30 had implemented a customer awareness 
program or made enhancements to an existing program. Foreign rail 
operators we visited also attempt to enhance customer awareness. For 
example, 11 of the 13 operators we interviewed had implemented a 
customer awareness program. Similar to programs of U.S. operators, 
these programs used signs, announcements, and brochures to inform 
passengers and employees about the need to remain vigilant and report 
any suspicious activities. 

More, and more visible security personnel: Of the 32 U.S. rail 
operators we interviewed, 23 had increased the number of security 
personnel they used since September 11, to provide security throughout 
their system or had taken steps to increase the visibility of their 
security personnel. For example, several U.S. and foreign rail 
operators we spoke with had instituted policies such as requiring their 
security staff to wear brightly colored vests and patrol trains or 
stations more frequently, so they are more visible to customers and 
potential terrorists or criminals. These policies make it easier for 
customers to contact security personnel in the event of an emergency, 
or if they have spotted a suspicious item or person. At foreign sites 
we visited, 10 of the 13 operators had increased the number of their 
security officers throughout their systems in recent years because of 
the perceived increase in the risk of a terrorist attack. 

Increased use of canine teams: Of the 32 U.S. rail transit operators we 
contacted, 21 had begun to use canine units, which include both dogs 
and human handlers, to patrol their facilities or trains or had 
increased their use of such teams. In foreign countries we visited, 
rail transit operators' use of canine units varied. In some Asian 
countries, dogs were not culturally accepted by the public and thus 
were not used for rail security purposes. Most European rail transit 
operators used canine units for explosives detection or as deterrents. 

Employee training: All of the domestic and foreign rail operators we 
interviewed had provided some type of security training to their staff, 
either through in-house personnel or an external provider. In many 
cases, this training consisted of ways to identify suspicious items and 
persons and to respond to events once they occur. For example, the 
London Underground and the British Transport Police developed the "HOT" 
method for Underground employees to identify suspicious items in the 
rail system. In the HOT method, employees are trained to look for 
packages or items that are Hidden, Obviously suspicious, and not 
Typical of the environment. If items meet all of these criteria, 
employees are to notify station managers, who are to call in the 
authorities and potentially shut down the station or take other action. 
According to London Underground officials, the HOT method has 
significantly reduced the number of system disruptions caused when a 
suspicious item was identified. Several rail transit operators in the 
United States and abroad have trained their employees in the HOT 
method. It is important to note that such training is not designed to 
prevent acts of terrorism like the July 2005 London attacks, in which 
suicide bombers killed themselves rather than leaving bombs behind. 

Passenger and baggage screening practices: Some domestic and foreign 
rail operators have trained employees to recognize suspicious behavior 
as a means of screening passengers. Eight U.S. rail transit operators 
we contacted were using some form of behavioral screening. For example, 
the Massachusetts Bay Transportation Authority (MBTA), which operates 
Boston's T system, has adopted a behavioral screening system to 
identify passengers exhibiting suspicious behavior. The Massachusetts 
State Police train all MBTA personnel to be on the lookout for behavior 
that may indicate someone has criminal intent, and to approach and 
search such persons and their baggage when appropriate. Abroad, we 
found that 4 of the 13 operators we interviewed had implemented forms 
of behavioral screening similar to MBTA's system. All of the domestic 
and foreign rail operators we contacted have ruled out an airport-style 
screening system for daily use in heavy traffic. According to the 
operators, such a system, in which each passenger and the passenger's 
baggage are screened by a magnetometer or X-ray machine, raised 
concerns about cost, staffing, and customer convenience, among other 
factors. 

Upgrading technology: Many rail operators we interviewed had embarked 
on programs designed to upgrade their existing security technology. For 
example, we found that 29 of the 32 U.S. operators had implemented a 
form of closed-circuit television (CCTV) to monitor their stations, 
yards, or trains. While these cameras cannot be monitored closely at 
all times, because of the large number of staff the operators said 
would be required, many rail operators told us the cameras act as a 
deterrent, assist security personnel in determining how to respond to 
incidents that have already occurred, and can be monitored if an 
operator has received information that an incident may occur at a 
certain time or place in a system. One rail operator, New Jersey 
Transit, had installed "smart" cameras, which were programmed to alert 
security personnel when suspicious activity occurred, such as if a 
passenger left a bag in a certain location or a boat docked under a 
bridge. According to the New Jersey Transit officials, this technology 
was relatively inexpensive and not difficult to implement. Several 
other operators said they were interested in exploring this technology. 
Abroad, all 13 of the foreign rail operators we visited had CCTV 
systems in place. As in the United States, foreign rail operators use 
these cameras primarily to deter crime and to respond to incidents 
after they occur, because they do not have enough staff to monitor all 
the cameras continuously. 

Most rail operators we spoke with had not installed equipment for 
detecting chemical or biological agents because of the costs involved, 
but a few operators had this equipment or were exploring its purchase. 
For example, the Washington Metropolitan Area Transit Authority 
(WMATA), in Washington, D.C., has installed these sensors in some of 
its stations, thanks to a program jointly sponsored by DOT and the 
Department of Energy that provided this equipment to WMATA because of 
the high perceived likelihood of an attack in Washington, D.C. Also, at 
the time of our review, at least three other domestic rail operators we 
spoke with were exploring the possibility of partnering with federal 
agencies to install such equipment in their facilities on an 
experimental basis. Also, as in the United States, a few foreign 
operators had implemented chemical or biological detection devices at 
rail stations, but their use was not widespread. Two of the 13 foreign 
operators we interviewed had implemented these sensors, and both were 
doing so on an experimental basis. In addition, police officers from 
the British Transport Police--responsible for policing the rail system 
in the United Kingdom--were equipped with pagers to detect chemical, 
biological, or radiological elements in the air, allowing them to 
respond quickly in case of a terrorist attack using one of these 
methods. The British Transit Police also have three vehicles carrying 
devices to determine if unattended baggage contains explosives. These 
vehicles patrol the system 24 hours per day. 

Access control: Tightening access procedures at key facilities or 
rights-of-way is another way many rail operators have attempted to 
enhance security. A majority of domestic and selected foreign passenger 
rail operators had invested in enhanced systems to control unauthorized 
access at employee facilities and stations. Specifically, 23 of the 32 
U.S. operators had installed a form of access control at key facilities 
and stations. This often involved installing a system requiring 
employees to swipe an access card to gain access to control rooms, 
repair facilities, and other key locations. All 13 foreign operators 
had implemented some system to control access to their critical 
facilities or rights-of-way. 

Rail system design and configuration: In an effort to reduce 
vulnerabilities to terrorist attack and increase overall security, rail 
transit operators in the United States and abroad have been, or are now 
beginning to, incorporate security features into the design of new and 
existing rail infrastructure, primarily rail stations. For example, of 
the 32 domestic rail operators we contacted, 22 had removed their 
conventional trash bins entirely, or replaced them with transparent or 
bomb-resistant trash bins, as TSA directed in May 2004. Foreign rail 
operators had taken steps to remove traditional trash bins from their 
systems. Of the 13 operators we visited, 8 had either removed their 
trash bins entirely or replaced them with blast-resistant cans or 
transparent receptacles. 

Many foreign rail operators are also incorporating aspects of security 
into the design of their rail infrastructure. Of the 13 operators we 
visited, 11 have attempted to design new facilities with security in 
mind and have attempted to retrofit older facilities to incorporate 
security-related modifications. For example, one foreign operator we 
visited is retrofitting its train cars with windows that passengers can 
open in the event of a chemical attack. In addition, the London 
Underground, one of the oldest rail systems in the world, incorporates 
security into the design of all its new stations as well as of 
modifications to existing stations. We observed several security 
features in the design of Underground stations, such as the use of 
vending machines that have no holes that someone could use to hide a 
bomb, and sloped tops to reduce the likelihood that a bomb can be 
placed on top of the machine. In addition, stations are designed to 
provide staff with clear lines of sight to all areas of the station, 
such as underneath benches or ticket machines, and station designers 
try to eliminate or restrict access to any recessed areas where a bomb 
could be hidden. 

In the United States, several rail transit operators said they were 
taking security into account when designing new facilities or 
remodeling older ones. Twenty-two of 32 rail operators we interviewed 
told us that they were incorporating security into the design of new or 
existing rail infrastructure. For example, New York City Transit and 
Port Authority Trans-Hudson (PATH) officials told us they are 
incorporating security into the design of its new stations, including 
the redesigned Fulton Street station and the World Trade Center Hub 
that were damaged or destroyed during the September 11 attacks. In 
addition, in June 2005, FTA issued guidelines for use by the transit 
industry encouraging the incorporation of particular security features 
into the design of transit infrastructure. These guidelines include, 
for example, increasing visibility for onboard staff, reducing the 
areas where someone could hide an explosive device on a transit 
vehicle, and enhancing emergency exits in transit stations. Figure 2 
illustrates several security measures that we observed in rail transit 
stations both in the United States and abroad. It should be noted that 
this figure represents an amalgam of stations we visited, not any 
particular station. 

Figure 2: Composite of Selected Security Practices in the Rail Transit 
Environment: 

[See PDF for image] 

[End of figure] 

Three Foreign Rail Security Practices Are Not Currently Used in the 
United States: 

While many of the security practices we observed in foreign rail 
systems are similar to those U.S. rail transit operators are 
implementing, we encountered three practices in other countries that 
were not currently in use among the domestic rail transit operators we 
contacted as of June 2005, nor were they performed by the U.S. 
government. These practices are discussed below. 

Covert testing: Two of the 13 foreign rail systems we visited use 
covert testing to keep employees alert about their security 
responsibilities. Covert testing involves security staff staging 
unannounced events to test the response of railroad staff to incidents 
such as suspicious packages or alarms. In one European system, security 
staff place suspicious items throughout their system to see how long it 
takes operating staff to respond to the items. Similarly, one Asian 
rail operator's security staff break security seals on fire 
extinguishers and open alarmed emergency doors randomly to see how long 
it takes staff to respond. Officials of these operators stated that 
these tests are carried out daily and are beneficial because the staff 
know they could be tested at any moment and are therefore more likely 
to be vigilant about security. 

Random screening: Of the 13 foreign operators we interviewed, 2 
conducts some form of random screening of passengers and their baggage. 
In the systems where this practice is used, security personnel can 
approach passengers either in stations or on the trains and ask them to 
submit their persons or their baggage to a search. Passengers declining 
to cooperate must leave the system. For example, in Singapore, rail 
agency officials rotate the stations where they conduct random searches 
so that the searches are carried out at a different station each day. 
Before the July 2005 London bombings, no rail transit operators in the 
United States were randomly screening passengers or baggage every day. 
However, during the Democratic National Convention in 2004, MBTA began 
randomly screening every 11th passenger at certain stations and times 
of the day, asking the passenger to provide his or her bags to be 
screened. Those who refused were not allowed to ride the system. MBTA 
officials recognized that it is impossible to implement such a system 
comprehensively throughout the rail network without major staffing 
increases, and that even doing random screening regularly would be a 
drain on resources. However, officials stated that such a system is 
workable during special events and times of heightened security but 
would have to be designed very carefully to ensure that passengers' 
civil liberties were not violated. After the July 2005 London bombings, 
four rail transit operators--PATH, New York Metropolitan Transportation 
Authority, New Jersey Transit, and Utah Transit Authority in Salt Lake 
City--implemented limited forms of random baggage screening in their 
system. 

National government maintains clearinghouse on technologies and best 
practices: According to passenger rail operators in five countries we 
visited, their national governments have centralized the process for 
performing research and developing passenger rail security technologies 
and maintaining a clearinghouse on these technologies and security best 
practices. According to these officials, this practice allows rail 
operators to have one central source for information on the merits of a 
particular passenger rail security technology, such as chemical 
sensors, CCTVs, and intrusion detection devices. No federal agency has 
compiled or disseminated best practices to rail operators to aid in 
this process. Some U.S. rail operators we interviewed expressed 
interest in there being a more active centralized federal research and 
development authority in the United States to evaluate and certify 
passenger rail security technologies and make that information 
available to rail operators. We have also previously reported that 
stakeholders have stated that the federal government should play a 
greater role in testing transportation security technology and making 
this information available to industry stakeholders.[Footnote 9] 
Currently, many operators said they informally ask other rail operators 
about their experiences with a certain technology, perform their own 
research via the Internet or trade publications, or perform their own 
testing. TSA and DOT agree that making the results of research testing 
available to industry stakeholders could be a valuable use of federal 
resources because it would reduce the need for multiple rail operators 
to perform the same research and development efforts, but they have not 
taken steps to implement this practice.[Footnote 10] 

Implementing these three practices--covert testing, random screening, 
and a government-sponsored clearinghouse for technologies and best 
practices--in the United States could pose political, legal, fiscal, 
and cultural challenges because of the differences between the United 
States and these foreign nations. For instance, many foreign nations 
have dealt with terrorist attacks on their public transportation 
systems for decades, compared with the United States, where rail 
transportation has not been specifically targeted during terrorist 
attacks. According to foreign rail operators, these experiences have 
resulted in greater acceptance of certain security practices, such as 
random searches, which the U.S. public may view as a violation of their 
civil liberties or which may discourage the use of public 
transportation. The impact of security measures on passengers is an 
important consideration for domestic rail transit operators, since most 
passengers could choose another means of transportation, such as a 
personal automobile. As such, security measures that limit 
accessibility, cause delays, increase fares, or otherwise cause 
inconvenience could push people away from transit and into their cars. 
In contrast, the citizens of the European and Asian countries we 
visited are more dependent on public transportation than most U.S. 
residents and therefore, according to the rail operators we spoke with, 
may be more willing to accept more intrusive security measures, simply 
because they have no other choice for getting from place to place. 
Nevertheless, in order to identify innovative security measures that 
could help further mitigate terrorism-related risk to rail assets it is 
important to at least consider assessing the feasibility and costs and 
benefits of implementing in the United States the three rail security 
practices we identified in foreign countries. Officials from DHS, DOT, 
passenger rail industry associations, and rail systems we interviewed 
told us that operators would benefit from such an evaluation. 
Furthermore, the passenger rail association officials told us that such 
an evaluation should include practices used by foreign rail operators 
that integrate security into infrastructure design. 

Differences in the business models and financial status of some foreign 
rail operators could also affect the feasibility of adopting certain 
security practices in the United States. Several foreign countries we 
visited have privatized their passenger rail operations. Although most 
of the foreign rail operators we visited--even the privatized systems-
-rely on their governments for some type of financial assistance, two 
foreign rail operators generated significant revenue and profits in 
other business endeavors, which they said allowed them to invest 
heavily in security measures for their rail systems. 

Another important difference between domestic and foreign rail 
operators is the structure of their police forces. In particular, 
England, France, Belgium, and Spain all have national police forces 
patrolling rail systems in these countries. The use of a national 
police force is a reflection that these foreign countries often have 
one nationalized rail system, rather than over 30 rail transit systems 
owned and operated by numerous state and local governments, as is the 
case in the United States. For example, in France, the French National 
Railway operates all intercity passenger rail services in the country, 
and the French Railway police provide security. According to foreign 
rail operators, the use of one national rail police force allows for 
consistent policing and security measures throughout the country. In 
the United States, by contrast, some transit agencies maintain 
individual polices forces, while others rely on their city or county 
police forces for security. 

DHS and DOT Help Fund Security Efforts, and Some Funding Decisions Are 
Risk-Based: 

Both DHS and DOT help fund rail transit security investments, and DHS 
has promoted risk-based funding decisions in the allocation of transit 
security grants. DHS's Office of Grants and Training administers the 
UASI and Transit Security grant programs. These programs have provided 
over $320 million in grants to rail transit agencies for certain 
security activities since fiscal year 2003. The Office of Grants and 
Training has leveraged its grant-making authority to promote risk-based 
funding decisions for passenger rail by requiring, for example, that 
operators complete a risk assessment to be eligible for a transit 
security grant. FTA also helps fund rail transit security efforts 
through the financial assistance it provides to transit agencies, with 
the stipulation that a certain percentage of federal funds be used for 
security activities. 

DHS and DOT Help Fund Rail Transit Security Efforts: 

With the creation of DHS in 2002, one of its components, the Office of 
Grants and Training, became the primary federal source for security 
funding for passenger rail systems. The Office of Grants and Training 
is the principal component of DHS responsible for preparing the United 
States for acts of terrorism and has primary responsibility within the 
executive branch for assisting and supporting DHS, in coordination with 
other directorates and entities outside the department, in conducting 
risk analysis and risk management activities for state and local 
governments. In carrying out its mission, the Office of Grants and 
Training provides training, funds for the purchase of equipment, 
support for the planning and execution of exercises, technical 
assistance, and other support to assist states, local jurisdictions, 
and the private sector to prevent, prepare for, and respond to acts of 
terrorism. Through the UASI grant program, the Office of Grants and 
Training has provided grants to urban areas to help enhance their 
overall security and preparedness level to prevent, respond to, and 
recover from acts of terrorism. In 2003 and 2004, $65 million and $50 
million, respectively, were allocated to rail transit agencies through 
the UASI program. In addition, the DHS Appropriations Act of 2005 
appropriated $150 million for rail transit, intercity passenger rail, 
freight rail, and transit agency security grants.[Footnote 11] This 
funding has allowed the Office of Grants and Training to build upon the 
work under way through the UASI program and create and administer new 
programs focused specifically on transportation security, including the 
Transit Security Grant Program. This program provides financial 
assistance to address security preparedness and enhancements for 
transit (to include commuter, heavy, and light rail systems; intracity 
buses, and ferries). Table 1 summarizes the funding provided to rail 
transit providers through the UASI and Transit Security Grant Program 
from 2003 through 2006. 

Figure 3: Security Grants Provided by the Office of Grants and Training 
to Rail Transit Providers, 2003 through 2006: 

[See PDF for image] 

Source: DHS Office of Grants and Training. 

[End of figure] 

Although FTA now plays a supporting role in rail transit security 
matters since the creation of TSA, it remains an important partner in 
funding security efforts. FTA provides financial assistance to rail 
transit agencies to plan and develop new systems and operate, maintain, 
and improve existing systems. Rail transit agencies can use some of 
this funding for security activities, although the agencies have to 
balance investments in security against other competing priorities. In 
addition, FTA promotes safety and security through its grant-making 
authority. FTA stipulates conditions of grants, such as certain safety 
and security statutory and regulatory requirements, and FTA may 
withhold funds for noncompliance with the conditions of a grant. For 
example, transit agencies must spend 1 percent of their urbanized area 
formula funds--which is FTA's largest grant program--on security 
improvements.[Footnote 12] 

Using Risk Management Approach Can Help Direct Federal Funds to Highest 
Rail Transit Security Priorities: 

In recent years, we, along with Congress, the executive branch, and the 
9/11 Commission have required or advocated that federal agencies with 
homeland security responsibilities use a risk management approach to 
help ensure that finite national resources are dedicated to assets or 
activities considered to have the highest security priority. A risk 
management approach entails a continuous process of managing risk 
through a series of actions, including setting strategic goals and 
objectives, performing risk assessments, evaluating alternative actions 
to reduce identified risks by preventing or mitigating their impact, 
selecting actions to undertake by management, and implementing and 
monitoring those actions. We have concluded that without a risk 
management approach, there is limited assurance that programs designed 
to combat terrorism are properly prioritized and focused. Targeting 
resources to the highest priority is especially critical given the 
competition for resources within the rail transit sector, and between 
the rail transit sector and the other modes of transportation. 
Moreover, as the 2005 London rail bombings dramatically illustrated, 
even when a variety of security precautions are put in place, passenger 
rail systems remain vulnerable and attractive targets given their open 
designs and the high volumes of passengers they transport each day. 
Thus, it is important that limited resources are targeted to security 
activities that have the greatest impact on reducing overall risk. 

DHS' Office of Grants and Training has leveraged its grant-making 
authority to promote risk-based funding decisions for passenger rail. 
For example, passenger rail operators must have completed a risk 
assessment to be eligible for financial assistance through the fiscal 
year 2005 Transit Security Grant program administered by the Office of 
Grants and Training. To receive these funds, rail transit operators are 
also required to have a security and emergency preparedness plan that 
identifies how the operator intends to respond to security gaps 
identified by risk assessments. This plan, along with a regional 
transit security strategy prepared by regional transit stakeholders, 
will serve as the basis for determining how the grant funds are to be 
allocated. 

Coordination between Federal Agencies Has Faced Challenges and Will 
Continue to Be Important: 

Prior to the creation of DHS, DOT modal agencies, such as FTA and FRA, 
were the primary federal agencies involved in rail transit security 
matters. Since Congress passed ATSA in 2001, creating TSA and giving it 
regulatory authority over the security of all modes of transportation, 
federal agencies have had some difficulty coordinating their activities 
and communicating to industry stakeholders about their role and 
responsibilities. In response to a GAO recommendation, DOT and DHS 
entered into an MOU to better coordinate their activities and have 
embarked on a number of initiatives to improve their coordination with 
each other and with industry stakeholders. Coordination between DHS and 
DOT will continue to be important as both departments move forward with 
existing programs and new security initiatives, such as TSA's 
deployment of its rail inspectors. 

DHS and DOT Have Worked to Improve Coordination on Transit Security 
Matters: 

Although DOT modal administrations have played supporting roles in 
transportation security matters since the creation of TSA, they remain 
important partners in the federal government's efforts to improve rail 
security, given DOT's role in funding and overseeing the safety of rail 
transit systems. For example, as previously mentioned, FTA provides 
financial assistance to rail transit agencies, and some of this funding 
can, and in some cases must, be used for security activities. In 
addition, FTA has regulatory authority for state safety oversight of 
rail fixed-guideway systems and for a drug and alcohol program, and FRA 
has regulatory authority for rail safety over commuter rail operators. 
As we have previously reported, it could be difficult to distinguish 
DOT's role in maintaining and improving transportation safety from 
DHS's role in securing the transportation system because security is 
often intertwined with safety.[Footnote 13] Moreover, FTA and FRA are 
continuing their rail transit security efforts as TSA moves ahead with 
its rail transit security initiatives.[Footnote 14] 

We have previously reported that coordination between DHS and DOT, as 
well as between DHS and rail transit stakeholders, could be improved. 
For example, in our September 2005 report on rail security, we noted 
that TSA provided limited opportunities for other federal agencies and 
the rail industry to collaborate in the development of its passenger 
rail security directives, which were issued in May 2004 to provide a 
consistent baseline standard of protective measures for all passenger 
rail operators.[Footnote 15] Federal and rail industry officials have 
raised questions about the feasibility of implementing and complying 
with the directives, noting, among other things, that the directives do 
not reflect a complete understanding of the rail transit environment or 
necessarily incorporate industry best practices. In addition, in 2003, 
we noted that representatives from several associations told us that 
they have received conflicting messages from the federal agencies 
involved in transportation security, including rail transit.[Footnote 
16] We further noted that representatives from several associations 
also stated that their members were unclear about which agency to 
contact for their various security concerns and which agency has 
oversight for certain issues. We concluded that a lack of clearly 
defined roles and responsibilities can lead to problems such as 
duplication and conflicting efforts, gaps in preparedness, and 
confusion. Moreover, a lack of coordination can strain 
intergovernmental relationships, drain resources, and raise the 
potential for problems in responding to terrorism. Therefore, we 
recommended that DHS and DOT use a mechanism, such as a memorandum of 
agreement, to clearly delineate their roles and responsibilities. At a 
minimum, we recommended that this mechanism establish the 
responsibilities of each entity in setting, administering, and 
implementing security standards and regulations; determining funding 
priorities; and interfacing with the transportation industry, as well 
as define each entity's role in the inevitable overlap of some safety 
and security activities. 

In response to our 2003 recommendation, DHS and DOT signed a memorandum 
of understanding (MOU) in September 2004 to develop procedures through 
which the two departments could improve their cooperation and 
coordination in promoting the safe, secure, and efficient movement of 
people and goods throughout the transportation system. The MOU defines 
broad areas of responsibility for each department. For example, it 
states that DHS, in consultation with DOT and affected stakeholders, 
will identify, prioritize, and coordinate the protection of critical 
infrastructure. The MOU between DHS and DOT represents an overall 
framework for cooperation that is to be supplemented by additional 
signed agreements, or annexes, between the departments. These annexes 
are to delineate the specific security-related roles, responsibilities, 
resources, and commitments for mass transit, rail, research and 
development, and other matters. The annex for mass transit security was 
signed in September 2005.[Footnote 17] According to DHS and DOT 
officials, this annex is intended to ensure that the programs and 
protocols for incorporating stakeholder feedback and making 
enhancements to security measures are coordinated. For example, the 
annex requires that DHS and DOT consult on such matters as regulations 
and directives that affect security. The annex also identifies points 
of contact for coordinating this consultation. 

In addition to their work on the MOU and related annexes, DHS and TSA 
have taken other steps to improve collaboration with DOT and industry 
stakeholders. In April 2005, DHS officials stated that better 
collaboration with DOT and industry stakeholders was needed to develop 
strategic security plans associated with various homeland security 
presidential directives and statutory mandates, such as the 
Intelligence Reform and Terrorism Prevention Act of 2004, which 
required DHS to develop a national strategy for transportation security 
in conjunction with DOT. Responding to the need for better 
collaboration, DHS established a senior-level steering committee in 
conjunction with DOT to coordinate the development of this national 
strategy. In addition, senior DHS and TSA officials stated that 
industry groups would also be involved in developing the national 
strategy for transportation security and other strategic plans. 
Moreover, according to TSA's assistant administrator for intermodal 
programs, TSA intends to work with APTA and other industry stakeholders 
in developing security standards for the rail transit 
industry.[Footnote 18] 

Coordination between Federal Agencies Will Continue to Be Important: 

DOT's and DHS's efforts to enhance coordination between their agencies 
and with industry stakeholders on security matters are welcome. 
Effective coordination between the two departments will continue to be 
important as both move forward in implementing existing programs as 
well as new security initiatives. For example, FTA administers the 
State Safety Oversight program, which mandates that state-designated 
agencies oversee the safety of rail transit agencies. Although ATSA 
gave TSA final regulatory authority over all modes of transportation, 
including rail transit, in the program, FTA sets out minimum 
requirements the state oversight agencies must ensure that transit 
agencies meet. FTA's mandated minimum requirements include security 
components, one of which directs rail transit agencies to maintain a 
system security plan that includes controls to address employee and 
passenger security and a process for conducting internal security 
reviews. Several rail transit operators told us that they were confused 
by having to answer to both FTA and TSA for transportation security 
matters. We have ongoing work for the full Committee examining the 
State Safety Oversight program--and, as part of this review, we will be 
exploring the extent to which FTA and TSA work together in implementing 
this program. We expect to issue our report later this summer. 

Another area that will require continued coordination is DHS's and 
DOT's security and safety oversight efforts. TSA has hired rail 
inspectors to, among other things, monitor and enforce compliance with 
its May 2004 passenger rail security directives. As of March 2006, TSA 
had filled 99 of up to 100 inspector positions authorized by 
Congress.[Footnote 19] However, TSA has not yet established processes 
or criteria for determining and enforcing compliance. TSA has also not 
determined how its rail inspectors will be used to enforce the 
directives or how they will coordinate with existing FRA safety 
inspectors or state oversight auditors involved in the State Safety 
Oversight Program. The Director of TSA's Surface Transportation 
Inspection Program, which oversees the rail inspectors, and a local 
rail inspector program supervisor told us that they looked forward to 
coordinating with FTA on the State Safety Oversight program and would 
be open to a formalized role in the program, but had not held any 
discussions with FTA about what that role would be. In fact, both the 
Director and the local supervisor admitted that they were not familiar 
with the program's requirements. In addition, the transit security 
annex to the MOU between DHS and DOT does not explicitly mention the 
State Safety Oversight program as a program for which the two agencies 
will collaborate, and officials from several state oversight agencies 
said they were unsure what their role would be in overseeing security 
once the TSA rail inspectors began their duties. Also, FRA and TSA 
officials told us that the details of how TSA rail inspectors will 
coordinate with the approximately 400 existing FRA safety inspectors 
and 160 state employees enforcing FRA passenger rail rules and 
regulations remain to be determined. Both FRA and TSA stated that they 
were committed to avoiding duplication of effort and would work to 
communicate their respective roles and responsibilities to transit 
agency officials. 

Another area requiring continued coordination is the funding of rail 
transit security activities. Specifically, the Safe, Accountable, 
Flexible, Efficient Transportation Equity Act: A Legacy for Users 
(SAFETEA-LU)[Footnote 20] included a provision mandating that DOT and 
DHS collaborate on a joint rulemaking for the Transit Security Grant 
Program. The joint rulemaking is to establish the characteristics of 
and requirements for transit security grants, including funding 
priorities, eligible activities, methods for awarding grants, and 
limitations on administrative expenses. The rule is currently being 
drafted, and officials from DHS' Office of Grants and Training told us 
they expected it to be finalized in summer 2006. 

Concluding Observations: 

In conclusion, Mr. Chairman, the 2005 London rail bombings made clear 
that even when a variety of security precautions are put in place, rail 
transit systems that move high volumes of passengers daily remain 
vulnerable to attack. Security cannot be guaranteed. Nevertheless, it 
is important that we take steps to identify and mitigate risks to 
passenger rail systems. While domestic rail agencies have implemented a 
number of security practices that are generally consistent with those 
of foreign rail operators, they have not adopted some practices used in 
other countries, including covert testing, random screening, and 
information clearinghouses for new security technologies and best 
practices. Despite the potential political, legal, fiscal, and cultural 
challenges that implementing these additional practices in the United 
States could pose, we continue to believe that the practices may 
warrant further examination, and we stand by our September 2005 
recommendations that DHS, in collaboration with DOT and the passenger 
rail industry, evaluate the feasibility of implementing them. 

As we move forward with efforts to enhance rail transit security, it is 
important that we do not examine rail transit security actions and 
funding in isolation. Rail transit systems represent one of many modes 
of transportation competing for limited federal security resources. 
Given competing priorities and finite resources, difficult policy 
decisions will have to be made by Congress and the executive branch to 
prioritize security efforts and direct resources to the areas of 
greatest risk within the passenger rail system, across all 
transportation modes, and across other sectors of the economy. As we 
have previously noted in past reports, adopting a risk management 
approach can help guide and inform these difficult decisions--and help 
ensure that finite national resources are dedicated to assets or 
activities considered to have the highest security priority. DHS has 
taken steps to adopt a risk management approach. 

Finally, the sheer number of stakeholders involved in securing rail 
transit systems can lead to communication challenges, duplication of 
effort, and confusion about roles and responsibilities. With the 
execution of the MOU and transit security annex, DHS and DOT have taken 
important steps forward in improving coordination among the federal 
entities involved in rail transit security matters. These new 
agreements will be tested as both departments proceed with new security 
initiatives and existing programs, such as FTA's State Safety Oversight 
program. We stand ready to assist the Committee and Subcommittee in 
monitoring these developments. 

Mr. Chairman, this concludes my statement. I would be pleased to answer 
any questions that you or other members of the Subcommittee may have at 
this time. 

Contact Information: 

For further information on this testimony, please contact JayEtta Z. 
Hecker at (202) 512-2834 or Cathleen A. Berrick at (202) 512-3404. 
Individuals making key contributions to this testimony include Nikki 
Clowers, Colin Fallon, Kirk Kiester, and Ray Sendejas. 

Appendix I--Domestic and Foreign Rail Agencies GAO Contacted for GAO-05-
851: 

Table 1: Domestic Passenger Rail Agencies We Visited or Interviewed: 

Passenger rail agency: Altamont Commuter Express (ACE); 
Urban area served: Stockton and San Jose, California. 

Passenger rail agency: Alaska Railroad Corporation; 
Urban area served: Anchorage and Fairbanks, Alaska. 

Passenger rail agency: Bay Area Rapid Transit (BART); 
Urban area served: San Francisco -Oakland, California. 

Passenger rail agency: CALTRAIN; 
Urban area served: San Francisco and San Jose, California. 

Passenger rail agency: San Diego Transit Corp. (Coaster); 
Urban area served: San Diego, California. 

Passenger rail agency: Dallas Area Rapid Transit/Trinity Railway 
Express (DART); 
Urban area served: Dallas, Texas. 

Passenger rail agency: Greater Cleveland Regional Transportation 
Authority (GCRTA); 
Urban area served: Cleveland, Ohio. 

Passenger rail agency: Los Angeles County Metropolitan Transportation 
Authority (LACMTA); 
Urban area served: Los Angeles, California. 

Passenger rail agency: Metropolitan Atlanta Rapid Transit Authority 
(MARTA); 
Urban area served: Atlanta, Georgia. 

Passenger rail agency: Maryland Transit Administration (MTA); 
Urban area served: Greater Washington, DC, and Maryland. 

Passenger rail agency: Massachusetts Bay Transportation Authority 
(MBTA); 
Urban area served: Boston, Massachusetts. 

Passenger rail agency: METRA Commuter Rail; 
Urban area served: Chicago, Illinois. 

Passenger rail agency: Southern California Regional Rail Authority 
(Metrolink); 
Urban area served: Greater Los Angeles, California. 

Passenger rail agency: Long Island Railroad (LIRR); 
Urban area served: New York, New York. 

Passenger rail agency: Metro North Railroad (MNR); 
Urban area served: New York, New York. 

Passenger rail agency: New York City Transit (NYCT); 
Urban area served: New York, New York. 

Passenger rail agency: Staten Island Railway (SIR); 
Urban area served: New York, New York. 

Passenger rail agency: San Francisco Municipal Railway (MUNI); 
Urban area served: San Francisco, California. 

Passenger rail agency: Northern Indiana Commuter District; 
Urban area served: Chicago, Illinois --Northern Indiana. 

Passenger rail agency: Delaware River Port Authority (PATCO); 
Urban area served: New Jersey and Philadelphia, Pennsylvania. 

Passenger rail agency: Port Authority Trans Hudson (PATH); 
Urban area served: New York, New York --New Jersey. 

Passenger rail agency: San Diego Trolley; 
Urban area served: San Diego, California. 

Passenger rail agency: Southeastern Pennsylvania Transportation 
Authority (SEPTA); 
Urban area served: Philadelphia, Pennsylvania. 

Passenger rail agency: South Florida Regional Transportation Authority 
(SFRTA); 
Urban area served: Miami, Florida. 

Passenger rail agency: Connecticut Department of Transportation (Shore 
Line East); 
Urban area served: New Haven, Connecticut. 

Passenger rail agency: Sound Transit (Sounder); 
Urban area served: Seattle, Washington. 

Passenger rail agency: TRIMET; 
Urban area served: Portland, Oregon. 

Passenger rail agency: Virginia Railway Express (VRE); 
Urban area served: Northern Virginia, Greater Washington, D.C. 

Passenger rail agency: Washington Metropolitan Area Transit Authority 
(WMATA); 
Urban area served: Washington, D.C. 

Passenger rail agency: New Jersey Transit (NJT); 
Urban area served: Newark, New Jersey --New York, New York. 

Passenger rail agency: Miami Dade Transit; 
Urban area served: Miami, Florida. 

Passenger rail agency: Chicago Transit Authority (CTA); 
Urban area served: Chicago, Illinois. 

Source: National Transit Database: 

[End of table] 

Table 2: Foreign Passenger Agencies We Contacted: 

Passenger rail agency: Paris Metro; 
Area served: Paris, France. 

Passenger rail agency: French National Railway; 
Area served: France. 

Passenger rail agency: London Underground; 
Area served: London, United Kingdom. 

Passenger rail agency: Network Rail; 
Area served: United Kingdom. 

Passenger rail agency: Channel Tunnel Rail Link; 
Area served: United Kingdom/France. 

Passenger rail agency: Belgian National Railway; 
Area served: Belgium. 

Passenger rail agency: Madrid Metro; 
Area served: Madrid, Spain. 

Passenger rail agency: RENFE (Spanish National Railway); 
Area served: Spain. 

Passenger rail agency: JR Central; 
Area served: Japan. 

Passenger rail agency: Tokyo Metro; 
Area served: Tokyo, Japan. 

Passenger rail agency: SBS Transit Corporation; 
Area served: Singapore. 

Passenger rail agency: Singapore Mass Rapid Transit; 
Area served: Singapore. 

Passenger rail agency: Hong Kong Mass Transit Railway; 
Area served: Hong Kong. 

Source: GAO: 

[End of table] 

FOOTNOTES 

[1] DHS's Office of Grants and Training was formerly called the Office 
of Domestic Preparedness. 

[2] Pub. L. No. 108-458, 118 Stat. 3638. For more information on risk 
management, see GAO, Transportation Security: Systematic Planning 
Needed to Optimize Resources, GAO-05-357T (Washington, D.C.: Feb. 15, 
2005); Homeland Security: A Risk Management Approach Can Guide 
Preparedness Efforts, GAO-02-208T (Washington, D.C.: Oct. 31, 2001); 
and Combating Terrorism: Threat and Risk Assessments Can Help 
Prioritize and Target Program Investments, GAO/NSIAD-98-74 (Washington, 
D.C.: Apr. 9, 1998). 

[3] GAO, Passenger Rail Security: Enhanced Federal Leadership Needed to 
Prioritize and Guide Security Efforts, GAO-05-851 (Washington, D.C.: 
Sept. 9, 2005); GAO, Rail Security: Some Actions Taken to Enhance 
Passenger and Freight Rail Security, but Significant Challenges Remain, 
GAO-04-598T (Washington, D.C.: Mar. 24, 2004); GAO, Transportation 
Security: Federal Action Needed to Help Address Security Challenges, 
GAO-03-843 (Washington, D.C.: June 30, 2003); and GAO, Mass Transit: 
Federal Actions Could Help Transit Agencies Address Security 
Challenges, GAO-03-263 (Washington, D.C.: Dec. 13, 2002). 

[4] GAO-05-851. 

[5] FTA's urbanized area formula grant program provides federal funds 
to urbanized areas (jurisdictions with populations of 50,000 or more) 
for transit capital investments, operating expenses, and transportation-
related planning. 

[6] Pub. L. No. 107-71, 115 Stat. 597 (2001). 

[7] Pub. L. No. 107-296, 116 Stat. 2135 (2002). 

[8] At the time we completed our work in June 2005, these three 
practices were not utilized. However, as discussed later in this 
testimony, some rail operators began using random screening in the 
aftermath of the July bomb attacks on the London subway system and 
others may have begun utilizing this or other security practices since 
our report. 

[9] GAO-03-843. 

[10] GAO-03-843. 

[11] Pub. L. No. 108-334, 118 Stat. 1298 (2004). 

[12] FTA is to verify that agencies comply with the requirement to 
spend 1 percent of their urbanized area formula funds on security 
improvements and may withhold funding from agencies that it finds are 
not in compliance. Agencies are not required to comply with this 
spending rule if a valid justification can be documented, such as state 
and local funds for security are inadequate or security trend data do 
not warrant security spending. 

[13] GAO-03-843. 

[14] For information about TSA's, FTA's, and FRA's rail transit 
security initiatives, see GAO-05-851. 

[15] GAO-05-851. 

[16] GAO-03-843. 

[17] Congress required that an annex to the MOU be signed that would, 
among other things, define and clarify the respective transit security 
roles and responsibilities of each department. Pub. L. 109-59, § 3028 
(2005). 

[18] APTA is a standards development organization recognized by DOT 
that has set standards for commuter rail, mass transit, and bus safety 
and operations. 

[19] These positions were funded through the DHS Appropriations Act of 
2005 and its accompanying conference report, which provided TSA with 
$12 million in funding for rail security activities. 

[20] P.L. 109-59.