Skip to main content

Transportation Security: Key Actions Have Been Taken to Enhance Mass Transit and Passenger Rail Security, but Opportunities Exist to Strengthen Federal Strategy and Programs

GAO-09-678 Published: Jun 24, 2009. Publicly Released: Jul 24, 2009.
Jump To:
Skip to Highlights

Highlights

Terrorist incidents worldwide have highlighted the need for securing mass transit and passenger rail systems. The Department of Homeland Security's (DHS) Transportation Security Administration (TSA) is the primary federal entity responsible for securing these systems. GAO was asked to assess (1) the extent to which federal and industry stakeholders have assessed risks to these systems since 2004, and how TSA has used this information to inform its security strategy; (2) key actions federal and industry stakeholders have taken since 2004 and the extent to which federal actions are consistent with TSA's security strategy, and the challenges TSA faces in implementing them; and (3) TSA's reported status in implementing 9/11 Commission Act provisions for mass transit and passenger rail security. GAO reviewed documents including TSA's mass transit and passenger rail strategic plan, and interviewed federal officials and industry stakeholders from 30 systems and Amtrak--representing 75 percent of U.S. mass transit and passenger rail ridership.

Recommendations

Recommendations for Executive Action

Agency Affected Recommendation Status
Transportation Security Administration The Assistant Secretary for TSA should help ensure that the TSA is successfully prioritizing resources and collaborating with federal and industry stakeholders in implementing actions to secure the mass transit and passenger rail systems from acts of terrorism, and that its strategy is consistent with the characteristics of a successful national strategy. To help ensure that the federal strategy to secure the mass transit and passenger rail systems considers assessment information within the context of risk, TSA, as the sector-specific agency for mass transit and passenger rail, should conduct a risk assessment that integrates all three elements of risk--threat, vulnerability, and consequence. As part of this assessment, TSA should, to the extent feasible, fully leverage existing assessment information from its own sources as well as those provided by other federal and industry stakeholders, as appropriate, and use this information to inform its security strategy.
Closed – Implemented
In June 2010, the Transportation Security Administration (TSA) produced the Transportation Sector Security Risk Assessment (TSSRA), which assessed risk within and across the various aviation and surface transportation modes, including rail, and incorporated threat, vulnerability, and consequence. However, TSA noted limitations in the June 2010 TSSRA report that could limit its usefulness in guiding investment decisions across the transportation sector as a whole. For example, the TSSRA excluded the maritime sector and certain types of threats, such as from lone wolf operators. In June 2011, agency officials stated that TSA is working to address these limitations in the next version, which is scheduled for completion in 2012. TSA also noted that it is strengthening and enhancing the TSSRA methodology based on an ongoing independent verification and validation that was scheduled for completion in 2011. In addition, TSA officials noted that other DHS components, such as the U.S. Coast Guard, conduct risk assessments of the maritime sector that complement the TSSRA. As a result, this recommendation is closed as implemented.
Transportation Security Administration The Assistant Secretary for TSA should help ensure that the TSA is successfully prioritizing resources and collaborating with federal and industry stakeholders in implementing actions to secure the mass transit and passenger rail systems from acts of terrorism, and that its strategy is consistent with the characteristics of a successful national strategy. To better achieve the security strategy laid out in its Mass Transit Modal Annex--TSA's security strategy for the mass transit and passenger rail systems--TSA should, to the extent feasible, incorporate into future updates of the Modal Annex the characteristics of a successful national strategy and the elements outlined in Executive Order 13416, including: (1) measuring the agency's and industry's performance in achieving the goals of preventing and deterring acts of terrorism and enhancing the resiliency of mass transit and passenger rail systems and (2) incorporating information on what the strategy will cost along with specifying the sources and types of resources and investments needed, and identifying where those resources and investments should be targeted.
Closed – Implemented
In June 2009, we reported that while the Transportation Security Administration's (TSA) mass transit and passenger rail security strategy contained some information, such as goals and objectives, that is consistent with our prior work on characteristics of a successful national strategy, it could be strengthened by including performance measures to help TSA track progress in securing these systems, among other things. We recommended that TSA incorporate the characteristics of a successful national strategy and the elements outlined in Executive Order 13415, including measuring the agency's and industry's performance, into updates of the Mass Transit Modal Annex. In response, DHS provided its updated Mass Transit Modal Annex to us in August 2011. TSA also provided technical corrections to its modal annex in August 2012. The modal annex (including the corrected version) contains characteristics of a successful national strategy and the elements outlined in Executive Order 13416. For example, the modal annex introduces an outcome-based performance measure for TSA's Baseline Assessment for Security Enhancement (BASE) review program that is a proxy measure for risk reduction. TSA calculates this measure by comparing the results from first and second round BASE reviews for the nation's 100-largest transit agencies. The revised annex is consistent with our recommendation. As a result, this recommendation is closed as implemented.
Transportation Security Administration The Assistant Secretary for TSA should help ensure that the TSA is successfully prioritizing resources and collaborating with federal and industry stakeholders in implementing actions to secure the mass transit and passenger rail systems from acts of terrorism, and that its strategy is consistent with the characteristics of a successful national strategy. To help ensure that DHS security technology research and development efforts reflect the security technology needs of the nation's mass transit and passenger rail systems, TSA should expand its outreach to the mass transit and passenger rail industry in the planning and selection of related security technology research and development projects.
Closed – Implemented
In our 2009 report, we found that the Transportation Security Administration (TSA) had taken some initial actions to reach out to mass transit and passenger rail systems regarding their security technology needs, but TSA's outreach efforts could be expanded and improved by more fully leveraging existing forums to solicit a wider range of input. One of the mechanisms TSA reported using to gather industry input was the Mass Transit Sector Coordinating Council Security Technology Working Group. However, we reported that other than occasional telephone discussions, there was no ongoing structure that brought the federal government and transit industry together to discuss transit security technology priorities, needs, and areas of potential interest for technology advancement and research. As a result, we recommended that TSA should expand its outreach to the mass transit and passenger rail industry in the planning and selection of related security technology research and development projects. In May 2012, TSA officials told us that for a variety of reasons the Mass Transit Sector Coordinating Council Security Technology Working Group was suspended, and that TSA's primary outreach vehicle for collecting industry input on technology capability gaps is the Transportation System Research & Development Working Group (RDWG), which includes rail industry participants. According to TSA officials, the RDWG has met on a scheduled basis for over 4 years collecting information on technology capability gaps from industry and government members. In August 2012, the chair of the RDWG (from the transit industry) told us that industry representatives had been participating meaningfully in working group meetings to plan and select security technology research and development projects. In addition, TSA further stated that it has regularly consulted with the Mass Transit and Passenger Rail Transit and Policing Peer Advisory Group (PAG) on rail technology needs. For example, the PAG identified a need for a bus operator awareness research and development program. TSA and the Department of Homeland Security's Science and Technology Directorate worked with industry to develop the program and briefed PAG members on its progress, according to TSA. This recommendation is closed as implemented.
Transportation Security Administration The Assistant Secretary for TSA should help ensure that the TSA is successfully prioritizing resources and collaborating with federal and industry stakeholders in implementing actions to secure the mass transit and passenger rail systems from acts of terrorism, and that its strategy is consistent with the characteristics of a successful national strategy. To meet the needs of mass transit and passenger rail agencies regarding information on available security technologies, TSA should explore the feasibility of expanding the security technology product information on the Public Transit Portal of the Homeland Security Information Network, and consider including information such as product performance in a rail or bus venue, cost, maintenance needs, and other information to support mass transit and passenger rail agencies purchasing and deploying new security technologies.
Closed – Implemented
We reported that TSA could strengthen its approach by providing more information to support transit agencies that are considering deploying new security technologies. To meet the needs of mass transit and passenger rail agencies regarding information on available security technologies, we recommended that TSA explore the feasibility of expanding the security technology product information on the public transit portal of the Homeland Security Information Network (HSIN-PT). In response, in February 2012, TSA officials told us that TSA began the process of updating HSIN-PT and including additional technology product information. In June 2012, TSA standardized and completed the technology product information on HSIN-PT. The technology product information on HSIN-PT is now more accessible and includes information about the technology products, such as their performance in a rail or bus venue, cost, and maintenance needs, that would support rail agencies purchasing and deploying new technologies. This recommendation is closed as implemented.
Transportation Security Administration The Assistant Secretary for TSA should help ensure that the TSA is successfully prioritizing resources and collaborating with federal and industry stakeholders in implementing actions to secure the mass transit and passenger rail systems from acts of terrorism, and that its strategy is consistent with the characteristics of a successful national strategy. To better ensure that DHS consistently funds sound and valid security training delivery programs for mass transit and passenger rail employees, TSA should consider enhancing its criteria for evaluating whether security training vendors meet the performance standards of federally sponsored training providers and whether the criteria could be used by transit agencies for training under the transit security grant program. As part of this effort, TSA should consider coordinating with other federal agencies that have developed criteria for similar programs, such as the Federal Transit Administration.
Closed – Implemented
In 2009, we reported that TSA had not established the necessary criteria to effectively manage its mass transit security training program. As a result, we recommended that TSA should consider enhancing its criteria for evaluating whether security training vendors meet the performance standards of federally-sponsored training providers and whether the criteria could be used by transit agencies for training under the Transit Security Grant Program. In September 2011, TSA organized a joint task force comprised of training subject matter experts from transit agencies, the American Public Transportation Association (APTA), the Federal Transit Administration, and TSA to develop specific criteria to be used in identifying security training courses that cover the subjects identified in sections 1408 and 1517 of the Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Commission Act). The criteria were then used to evaluate an inventory of courses offered by federal agencies, academic institutions, and other entities in order to develop a list of training courses that meet those criteria. These actions will better ensure that TSA consistently funds sound and valid security training delivery programs for mass transit and passenger rail employees. This recommendation is closed as implemented.
Transportation Security Administration The Assistant Secretary for TSA should help ensure that the TSA is successfully prioritizing resources and collaborating with federal and industry stakeholders in implementing actions to secure the mass transit and passenger rail systems from acts of terrorism, and that its strategy is consistent with the characteristics of a successful national strategy. To better ensure DHS's ability to satisfy the provisions of the 9/11 Commission Act related to mass transit and passenger rail, DHS should develop a plan with milestones for implementing provisions of the 9/11 Commission Act related to mass transit and passenger rail security.
Closed – Implemented
In June 2009, we reported that the Transportation Security Administration (TSA) had missed several legislative deadlines for issuing mass transit and passenger rail security regulations required by the Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Commission Act), and in some cases had not established time frames for doing so. Without such time frames, it was difficult for TSA to provide reasonable assurance that the provisions of the act were being developed. We recommended that TSA develop a plan with milestones for implementing provisions of the 9/11 Commission Act related to mass transit and passenger rail security. In response, in June 2011, TSA provided us with a plan for addressing uncompleted 9/11 Commission Act requirements. The plan contains internal project milestones and projected timelines for each of the remaining 9/11 Commission Act requirements, as called for by project management best practices. TSA officials also reported to us that they provide the Department of Homeland Security (DHS) with monthly updates on the status of implementation of the 9/11 Act requirements, including specific actions taken to meet the statutory mandates. As a result of these actions, TSA and DHS will be better able to track progress and challenges in addressing the remaining 9/11 Act requirements. This recommendation is closed as implemented.

Full Report

Office of Public Affairs

Topics

AccountabilityCritical infrastructureCritical infrastructure protectionEmergency preparednessFederal agenciesFederal regulationsInformation managementMass transitPassenger trainsPublic key infrastructureRail securityRequirements definitionRisk assessmentRisk factorsRisk managementSecurity assessmentsSecurity regulationsSecurity threatsStrategic planningTransportation industryTransportation planningTransportation securityInformation sharingProgram coordinationProgram goals or objectives