Freight Rail Security: Actions Have Been Taken to Enhance Security, but the Federal Strategy Can Be Strengthened and Security Efforts Better Monitored
GAO-09-243
Published: Apr 21, 2009. Publicly Released: May 21, 2009.
Skip to Highlights
Highlights
An attack on the U.S. freight rail system could be catastrophic because rail cars carrying highly toxic materials often traverse densely populated urban areas. The Department of Homeland Security's (DHS) Transportation Security Administration (TSA) is the federal entity primarily responsible for securing freight rail. GAO was asked to assess the status of efforts to secure this system. This report discusses (1) stakeholder efforts to assess risks to the freight rail system and TSA's development of a risk-based security strategy; (2) actions stakeholders have taken to secure the system since 2001, TSA's efforts to monitor and assess their effectiveness, and any challenges to implementing future actions; and (3) the extent to which stakeholders have coordinated efforts. GAO reviewed documents, including TSA's freight rail strategic plan; conducted site visits to seven U.S. cities with significant rail operations involving hazardous materials; and interviewed federal and industry officials.
Recommendations
Recommendations for Executive Action
| Agency Affected | Recommendation | Status |
|---|---|---|
| Transportation Security Administration | To ensure that the federal strategy to secure the freight rail system is comprehensive and considers a wider range of risk information, DHS's Assistant Secretary for the Transportation Security Administration should develop a plan for addressing identified security threats to freight rail other than Toxic Inhalation (TIH), such as destruction of or sabotage to freight rail bridges and tunnels and cyberattacks to the rail system, and incorporate this information and other related strategic updates into TSA's Freight Rail Modal Annex. As part of this effort, further evaluate methods for estimating the likelihood of various threats occurring and ensure that this information is also considered when developing future risk assessments and strategic updates. | In response to our recommendation that the Transportation Security Administration (TSA) develop a plan for addressing security threats to freight rail other than Toxic Inhalant Hazard (TIH) chemicals, such as the destruction of or sabotage to freight rail bridges and tunnels or cyber attacks to the rail system, TSA has taken several actions. Specifically, TSA developed a Critical Infrastructure Risk Tool for measuring the criticality and vulnerability of freight railroad bridges, and coordinated development of the tool with Class 1 rail carriers. TSA formally introduced the tool to the rail industry at a Department of Homeland Security I-step workshop in October 2009, and since then has... conducted assessments of numerous freight rail bridges throughout the United States. In addition, TSA is also taking steps to address the risk of cyber attacks to the rail system and has developed a TSA cyber risk team, (Cyber Security Awareness Outreach Team), which is working with the rail industry at quarterly I-Step meetings and has used the Freight Rail Sector Coordinating Council (FRSCC) meetings to collaborate on cyber security, including the sharing of information, with rail carriers and other industry stakeholders. As part of this effort, we also recommended that TSA further evaluate methods for estimating the likelihood of various threats occurring and ensure that this information is also considered when developing future risk assessments and strategic updates. To address this, TSA issued the Transportation Sector Security Risk Assessment (TSSRA) on June 30, 2010, which defines and quantitatively weighs various security threats among the transportation modes, including freight rail. Specifically, the TSSRA states that Threat (T) is defined as the likelihood that an attacker will attempt a particular attack scenario, given the intent and capability of the attacker. Intent (I) is defined as the likelihood that an adversary will choose a given attack scenario once they are committed to an attack; and Capability (C) is defined as the likelihood that an adversary will have the resources and skills to undertake a given attack scenario within a defined time frame. The TSSRA uses this formula to provide the estimated likelihood of various threats occurring in the freight rail mode. This recommendation is therefore closed as implemented.
View More |
| Transportation Security Administration | To better ensure that relevant federal and industry partners effectively leverage their resources to achieve the strategic vision of TSA's Freight Rail Modal Annex, DHS's Assistant Secretary for the Transportation Security Administration should ensure that future updates to TSA's annex more comprehensively address factors contained in Executive Order 13416 and identified key characteristics of a successful national strategy, including (1) describing the methodology used to develop the strategy and which organizations and entities contributed to its development; (2) more clearly defining federal and industry roles and responsibilities; (3) ensuring that performance measures have defined targets and are linked to fulfilling goals and objectives; (4) more systematically addressing specific milestones for completing activities and measuring progress toward meeting identified goals; (5) more thoroughly identifying the resources and investments required to implement the strategy, including priorities for allocating future grants; and (6) more comprehensively identifying linkages with other developed strategies, such as those that guide DHS IP, whose responsibilities overlap with TSA for protecting freight rail critical infrastructure. | In 2009, we reported that the Transportation Security Administration's (TSA) strategic priorities for securing freight contained some information that is consistent with our prior work on characteristics of a successful national strategy and that is called for in executive requirements. However, these strategic priorities lacked other information that if incorporated, could strengthen the strategy. Specifically, we found that TSA's Freight Rail Model Annex (Annex), which was developed in 2007 as a part of the Transportation Sector Specific Plan (TSSP), could more fully address factors contained in Executive Order 13416 and GAO-identified key characteristics of a successful national...
|
| Transportation Security Administration | To ensure that TSA is consistently and accurately measuring agency and industry performance in reducing the risk associated with TIH rail shipments in major cities, DHS's Assistant Secretary for the Transportation Security Administration should take steps to revise the baseline year associated with its TIH risk reduction performance measure to enable the agency to more accurately report results for this measure. | In April 2009, we reported that the Transportation Security Administration's (TSA) had limited ability to measure the impact of federal and industry efforts on achieving the agency's key performance measure for the freight rail security program because the agency was unable to obtain critical data necessary to consistently measure results. Specifically, TSA's key performance measure for its freight rail security program was to reduce the cumulative risk of the shipment of toxic inhalation hazards (TIH) by 81 percent by the end of 2013. To measure its progress, TSA collects risk data in major U.S. cities and compares it with the same data from preceding years. However, when establishing...
|
| Transportation Security Administration | To ensure that TSA is able to more effectively assess the progress being made in securing freight rail, DHS's Assistant Secretary for the Transportation Security Administration should balance future activities against the various security risks to freight rail, and use its and industry's resources in the most cost-effective manner, take steps to more fully track and assess the implementation and effectiveness of security actions being taken to secure freight rail. | To address our recommendation that the Transportation Security Administration (TSA) take steps to more fully track and assess the implementation and effectiveness of security actions being taken to secure freight rail, TSA initiated various efforts, including developing a database that captures every security control point location where toxic inhalation hazard (TIH) rail cars were standing unattended in major cities. As we reported, TSA determined that TIH rail cars' vulnerability in major cities (identified as high threat urban areas or HTUAs) could be partially mitigated by freight rail operators (1) reducing the overall time that TIH spent in the major cities, or (2) having freight...
|
| Transportation Security Administration | To better ensure that federal agencies are coordinating as effectively as possible, work with federal partners, such as Department of Homeland Security Office of Infrastructure Protection (DHS IP) and Federal Railroad Administration (FRA), DHS's Assistant Secretary for the Transportation Security Administration should ensure that all relevant assessments and information are shared and TSA and FRA field inspector resources are fully leveraged. | TSA has taken several steps to better ensure federal agencies are coordinating as effectively as possible, including ensuring relevant assessments and information are shared and TSA and FRA field inspector resources are leveraged. Specifically, TSA, prior to assessing a railroad bridge will now obtain any prior DHS Infrastructure Protection (IP) assessments of the same bridge in order to fully leverage relevant information and analysis before conducting their own assessment, which TSA said has helped them expedite their assessments in some cases. In addition, in 2012, TSA and DHS IP signed an Information Sharing and Access Agreement (ISAA) to define the roles and responsibilities of IP...
|
Full Report
Public Inquiries
Topics
Cargo securityCritical infrastructureCritical infrastructure protectionFacility securityFreight transportationFreight transportation facilitiesGround transportationHazardous substancesHomeland securityInteragency relationsPerformance measuresRail (Railroads)Rail securityRailroad industryRailroad regulationRisk assessmentRisk managementSecurity assessmentsSecurity regulationsSecurity threatsShipping industryStrategic planningTerrorismTransportation safetyTransportation securityTransportation terminalsProgram coordination