Public Transit Security Information Sharing: DHS Could Improve Information Sharing through Streamlining and Increased Outreach
Highlights
The Transportation Security Administration (TSA), in the Department of Homeland Security (DHS), is committed to sharing information with public transit agencies. The Implementing Recommendations of the 9/11 Commission Act directed GAO to report on public transit information sharing. This report describes (1) the primary mechanisms used to share security information with public transit agencies; and evaluates (2) public transit agencies' satisfaction with federal efforts to share security-related information (e.g., security threats) and opportunities to improve these efforts; and (3) the extent to which DHS has identified goals and measures for sharing information. GAO surveyed 96 of the 694 U.S. public transit agencies based on 2008 ridership and received 80 responses. The 96 public transit agencies surveyed represent about 91 percent of total 2008 ridership. GAO also reviewed documents, such as DHS's Information Sharing Strategy, and interviewed agency officials.
According to the American Public Transportation Association (APTA)--which represents the public transit industry--and TSA officials, the Public Transportation Information Sharing and Analysis Center (PT-ISAC) and the public transit subportal on DHS's Homeland Security Information Network (HSIN-PT) were established as primary mechanisms for sharing security-related information with public transit agencies. The public transit agencies GAO surveyed also cited additional mechanisms for obtaining such information, including other public transit agencies. Further, in March 2010 TSA introduced the Transportation Security Information Sharing and Analysis Center (TS-ISAC), which is a subportal on HSIN focused on sharing security-related information with transportation stakeholders. Seventy-five percent of the public transit agencies GAO surveyed reported being generally satisfied with the security-related information they received; however, federal efforts to share security-related information could be improved. Specifically, three-fourths of public transit agencies reported being either very satisfied or somewhat satisfied with the information they received. Public transit agencies also reported that among the 12 most frequently cited mechanisms, they were the least satisfied with HSIN in terms of general satisfaction (19 of 33) and for each of six dimensions of quality--relevance, validity, timeliness, completeness, actionability, and ease of use. Twenty-four survey respondents also cited the need to streamline the information they received. GAO identified the potential for overlap between the PT-ISAC, the HSIN-PT, and the TS-ISAC, which all communicate similar unclassified and security-related information to public transit agencies. Federal and transit industry officials that GAO interviewed reported the need to streamline information sharing. Moreover, a greater proportion of survey respondents who were unaware of the PT-ISAC or HSIN were from midsize agencies, nonrail agencies, and those without their own police department. Federal and industry officials formed a working group to assess the effectiveness of information-sharing mechanisms, including developing options for streamlining these mechanisms. TSA officials stated that these options will also impact future outreach activities; however, no time frame has been established for completing this effort. Establishing such a time frame could help to ensure that this effort is completed. DHS and TSA have established goals and performance measures for some of their information-sharing activities to help gauge the effectiveness of their overall information-sharing efforts; however, they have not developed goals and outcome-oriented measures of results of activities for the mechanisms established as primary information sources for the public transit industry. TSA officials acknowledged the importance of establishing such goals and measures, but were unable to provide time frames for doing so. Establishing time frames for developing goals and outcome measures, once the working group effort is complete, could assist TSA in gauging the effectiveness of its efforts to share information with public transit agencies. GAO recommends that DHS, among other things, (1) establish time frames for its working group to develop options for improving information sharing, including assessing opportunities to streamline mechanisms and conducting targeted outreach; and (2) establish time frames for developing goals and outcome-oriented measures of results. DHS concurred. GAO is issuing an electronic supplement with this report--GAO-10-896SP--which provides survey results.
Recommendations
Recommendations for Executive Action
Agency Affected | Recommendation | Status |
---|---|---|
Department of Homeland Security | To help strengthen information sharing with public transit agencies, the Secretary of Homeland Security should direct the Assistant Secretary for the Transportation Security Administration in coordination with FTA and public transit agencies to establish time frames for the Sector Coordinating Council/Government Coordinating Council (SCC/GCC) Information Sharing Working Group to develop options for improving information sharing to public transit agencies and complete this effort, including the Working Group's efforts to (1) assess opportunities to streamline existing information-sharing mechanisms that target similar user groups with similar information to reduce overlap, where appropriate; and (2) conduct targeted outreach efforts to increase awareness of the PT-ISAC and HSIN among agencies that are not currently using or aware of these systems. |
In September 2010, we reported that there was potential overlap among the Public Transit Information Sharing and Analysis Center (PT-ISAC), the public transit portal on the Department of Homeland Security's (DHS) information network (HSIN-PT), and the Transportation Security Administration's (TSA) page on DHS's information network (formerly known as TS-ISAC), which all communicate similar unclassified and security-related information to public transit agencies. As a result, we recommended that DHS establish time frames for its information-sharing working group to develop options for improving its information sharing efforts with transit agencies. DHS concurred. In response, DHS and the transit industry have taken steps to streamline information sharing. TSA and key industry groups developed the Transit and Rail Intelligence Awareness Daily (TRIAD) report and associated Transportation Information Library. The intent of TRIAD is to streamline the analysis, sharing, and exchange of intelligence and security information that had been disseminated by multiple sources. Among other things, TRIAD includes a daily publication to enhance situational awareness and an alert message notifying users of a developing threat or incident. In March 2012, the American Public Transportation Association (APTA) reported that in an effort to incorporate feedback received through surveys conducted of public transit agencies in August 2011 and January 2012, it initiated discussions with TSA related to further streamlining security-related information through TRIAD, such as including links to DHS security-related information that is posted to HSIN-CS and HSIN-PT. However, an APTA official we spoke to stated that for law enforcement sensitive or sensitive security information, users would still have to log-on to HSIN because it is a secure portal. In addition, security officials from transit agencies we spoke with from February through June 2012 said that they continue to receive overlapping information from a variety of federal sources and have difficulty sorting through it to find what is useful. More recently, in November 2012, the Director of TSA's Surface Transportation Division, Office of Security Policy and Industry Engagement, stated that the agency is developing an enterprise information-sharing strategy that will discuss ways to streamline information sharing with the surface transportation industry, including public transit. As TSA develops this strategy, the agency plans to identify opportunities to streamline existing information-sharing mechanisms, including HSIN-PT and the PT-ISAC. According to the Director of TSA's Surface Transportation Division, TSA plans to employ this strategy and resulting implementation plan in June 2013. Because the strategy has not been developed and implemented, it is too early to determine its effectiveness. We will continue to monitor TSA's efforts to streamline information sharing with public transit agencies. In the meantime, however, TSA has provided us with sufficient information about planned actions and time frames to meet the intent of our recommendation. Regarding their outreach efforts, in August 2012, TSA reported that the agency had compiled a "superlist" of contact information for more than 1,000 public transit agencies of various sizes and modes, including nonrail and small and midsized agencies. TSA sent members of the superlist a PT-ISAC and HSIN membership campaign letter and requested that they complete a survey on the quality of information provided by PT-ISAC and HSIN. Another survey was conducted in November and December 2012. These outreach efforts may increase public transit agencies' awareness of the PT-ISAC and HSIN to obtain security information. This recommendation is closed as implemented.
|
Department of Transportation | To help ensure that the PT-ISAC is meeting its objectives for sharing security-related information with public transit agencies, the Secretaries of Homeland Security and Transportation should direct the Assistant Secretary of the Transportation Security Administration and Administrator of the Federal Transit Administration to take steps to ensure the PT-ISAC fulfills its responsibilities and completes agreed-upon tasks. |
We found that the Public Transportation Information Sharing and Analysis Center (PT-ISAC) was not performing all of its responsibilities as agreed upon through a cooperative agreement between its contractor and the Department of Transportation (DOT), and that while the Department of Homeland Security (DHS) and DOT oversee the expenditures of the PT-ISAC, DHS and DOT could not be assured that this mechanism was meeting the security information needs of public transit agencies. As a result, we recommended that DHS and DOT take steps to ensure the PT-ISAC fulfills its responsibilities and completes its agreed-upon tasks. In January 2011, DOT reported that, as necessary, it will request documentation from the contractor of the cooperative agreement concerning any questions it has about the progress of the PT-ISAC, and provide this documentation to DHS in order to make any performance determinations. In March 2012, TSA and FTA provided documentation to support that the PT-ISAC was fulfilling the responsibilities outlined in the interagency agreement with TSA and FTA. In April 2012, FTA further reported that APTA is also controlling access to the HSIN-PT subportal, per the interagency agreement, including vetting those individuals who submit requests to access HSIN-PT. As a result, this recommendation is closed as implemented.
|
Department of Homeland Security | To help strengthen DHS's efforts to share security-related information with public transit agencies, the Secretary of Homeland Security should develop a process for systematically gathering feedback on public transit agencies' satisfaction with the PT-ISAC and HSIN-PT. |
In September 2010, we reported that the Transportation Security Administration (TSA) had not established a systematic process to obtain public transit agencies' feedback on information shared through the Public Transit Information Sharing and Analysis Center (PT-ISAC) and through the public transit portal on the Homeland Security Information Network (HSIN-PT), which are the primary mechanisms designed to share security-related information with public transit agencies. We recommended that the Department of Homeland Security (DHS) develop such a process. In January 2011, DHS officials stated that updates to HSIN will enable the department to efficiently capture user feedback, and that DHS's new, consolidated information sharing summary document will solicit user feedback for continuous improvement. In March 2012, TSA reported that the American Public Transportation Association (APTA) conducted a survey of public transit agencies in August 2011 and a follow-up survey in January 2012 to obtain their feedback on their satisfaction with PT-ISAC and HSIN-PT. The format of this survey was based on the survey we conducted for our report. According to APTA, the survey was distributed to small, medium, and large public transit agencies and overall, agencies reported general satisfaction with these two mechanisms. The APTA official responsible for implementing this survey told us that, to the extent possible, APTA incorporated the feedback provided through the survey to help improve the quality of information provided through the PT-ISAC and HSIN-PT. This APTA official also told us that the association plans to conduct additional feedback surveys of public transit agencies' satisfaction with the PT-ISAC and HSIN-PT in the future, with the next survey estimated to be released in summer 2012. This recommendation is closed as implemented.
|
Department of Homeland Security | To help ensure that the PT-ISAC is meeting its objectives for sharing security-related information with public transit agencies, the Secretaries of Homeland Security and Transportation should direct the Assistant Secretary of the Transportation Security Administration and Administrator of the Federal Transit Administration to take steps to ensure the PT-ISAC fulfills its responsibilities and completes agreed-upon tasks. |
We found that the cooperative agreement between the Department of Transportation's Federal Transit Administration (FTA) and the American Public Transportation Association (APTA) that provides funding for the Public Transit Information Sharing and Analysis Center (PT-ISAC) specifies that the ISAC perform several functions related to the Homeland Security Information Network public transit subportal (HSIN-PT), but the PT-ISAC was not performing these functions. For example, the agreement states that the PT-ISAC is to control access to the HSIN-PT subportal, manage the information that is available on the subportal, and take steps to enhance its user-friendliness. In January 2012, TSA reported that APTA is now managing administrative responsibilities to maintain HSIN-PT. Specifically, TSA officials stated that the PT-ISAC is now serving as the HSIN-PT Mass Transit Portal List Serve Manager, the HSIN-PT Mass Transit Portal Content Manager, and the HSIN-PT Mass Transit Portal User Interface Manager. In March 2012, TSA and FTA provided documentation to support that the PT-ISAC was fulfilling the responsibilities outlined in the interagency agreement with TSA and FTA. In April 2012, FTA further reported that APTA is also controlling access to the HSIN-PT subportal, per the interagency agreement, including vetting those individuals who submit requests to access HSIN-PT. This recommendation is closed as implemented.
|
Department of Homeland Security | To help strengthen DHS's efforts to share security-related information with public transit agencies, the Secretary of Homeland Security should take steps to ensure that public transit agencies can access and readily utilize HSIN and that the HSIN-PT subportal contains security-related information that is of value to public transit agencies. |
We reported that concerns among public transit agencies about the Department of Homeland Security's (DHS) Homeland Security Information Network's (HSIN) accessibility may reduce its value as a source of security-related information. Industry officials characterized HSIN as a "pull" system that requires users to log in and extract what is relevant to their agency, but public transit security personnel do not necessarily have time to log into such a system every day and sift through excess information to extract what is relevant to their agency. In addition, users had to call the HSIN help desk to obtain a new password when theirs expired, but the contact information for the HSIN help desk was not located on the main HSIN log-in page. We also reported that certain aspects of HSIN, such as setting up E-mail alerts, were not user-friendly, and the security-related information available on the HSIN public transit subportal (HSIN-PT) was not always valuable to public transit agencies. We recommended that DHS take steps to ensure that public transit agencies can access and readily utilize HSIN and that the HSIN-PT subportal contains information of value to public transit agencies. In response to this recommendation, in November 2010, DHS began providing the contact information for the HSIN help desk on the main log-in page when users try to access HSIN using an expired or inaccurate password. In September 2011, TSA reported that it continually updates HSIN-PT with security-related information, including the Transit and Rail Intelligence Awareness Daily, Daily Cyber Report, all-hazard information, and security standards. The agency added that TSA-related Security Awareness Messages are also updated on the portal along with other pertinent public transit and cross-sector reports. In January 2012, TSA officials stated that they have been working with DHS to enhance HSIN-PT. Specifically, they provided screen shots of the HSIN-PT homepage that was redesigned to have better icons and be easier to navigate, making it more user friendly. TSA officials also provided us with a user guide that DHS developed for the Critical Sectors portal on HSIN (HSIN-CS), which includes HSIN-PT. This guide includes instructions for how to sign up for HSIN and refine alerts. In March 2012, TSA reported that the public transit information sharing working group is working with the HSIN-CS support team to develop a specific HSIN-PT standard operating procedures document, which provides guidance on how new users to HSIN-PT would be nominated, vetted, and validated. In March 2012 TSA also reported that, as the content manager of HSIN-PT, the American Public Transportation Association (APTA) was working with TSA and DHS to ensure that HSIN-PT serves as a static reference source that will house cross-sector best practices, additional intelligence, and threat information as well as transit security standards and all hazards information. In August 2011 and January 2012, APTA surveyed public transit agencies of various sizes to obtain feedback on, among other things, the quality of security-related information provided on HSIN-PT. APTA and TSA officials told us that the survey we had conducted for our report was the model for this survey. APTA also reported that it took steps to enhance the information on HSIN-PT, based on feedback obtained through this survey. As a result, this recommendation is closed as implemented.
|
Department of Homeland Security | To help strengthen DHS's efforts to share security-related information with public transit agencies, the Secretary of Homeland Security should once the SCC/GCC Information Sharing Working Group has developed options for improving information sharing with public transit agencies, establish time frames for developing goals and related outcome-oriented performance measures specific to the PT-ISAC, HSIN-PT, and TS-ISAC. |
In September 2010, we reported that the Department of Homeland Security (DHS) and the Transportation Security Administration (TSA) had established goals and output-oriented performance measures for their overall information-sharing activities but not for gauging the effectiveness of their information-sharing efforts specific to public transit agencies. Specifically, DHS and TSA had not developed such goals and measures for the Homeland Security Information Network public transit portal (HSIN-PT) and the Public Transit Information Sharing and Analysis Center (PT-ISAC) - mechanisms designed to serve as the primary information sources for the public transit agencies - or for TSA's page on HSIN (formerly known as the TS-ISAC). While TSA officials recognized the importance of establishing specific goals and developing outcome-oriented measures, they were in the beginning stages of doing so and could not provide time frames for when they plan to complete these efforts. We recommended that they develop such measures. In March 2012, TSA reported that the American Public Transportation Association (APTA) conducted a survey of public transit agencies in August 2011 and a follow-up survey in January 2012 to obtain their feedback on their satisfaction with PT-ISAC and HSIN-PT. In January 2012, TSA officials stated that the results from this survey, which was modeled after the survey we used for our report, would be used to refine HSIN-PT, as well as to get a sense from stakeholders on what has improved since the time of our report. In August 2012, TSA reported that it worked with APTA to develop a set of goals and corresponding performance measures. TSA reported that these measures will be tracked quarterly, beginning in September 2012, and will measure (1) outreach efforts to the transit industry, (2) security information relevance, (3) timeliness of reports, (4) need for product improvement, (5) number of reports produced, and (6) frequency and growth of system access by industry members. Such goals and measures will assist TSA in obtaining more meaningful information with which to gauge the effectiveness of HSIN-PT and the PT-ISAC.
|