As a DC Metropolitan Police Officer in 2002, I was certified as an instructor for a new program called “CAT Eyes”; short for the Community Anti-Terrorism Training Institute. The program, created by Air Force Col. Michael Licata, was designed to educate citizens on how to look out for the pre-attack indicators of terrorism, and how to harden the targets in their own communities. I later became their National Training Coordinator, certifying instructors in law enforcement agencies who rolled the program out in community meetings; as well as to the Coach USA bus conglomerate; who received a grant from TSA to train bus operators on how to prevent terrorist attacks on their routes while simultaneously conducting threat and vulnerability analyses of their operations and facilities.
My experience working with Coach USA for the CAT Eyes program led to my being hired as an Intelligence Analyst for the Highway Information Sharing & Analysis Center (ISAC), in 2004, on a $40M partnership between the Department of Homeland Security and American Trucking Associations to provide an avenue for the highway transportation sector to report suspicious activity to the homeland security community. After a year there, I was brought over to the Surface Transportation Security Inspector Program (STSIP) assigned by TSA to enforce security directives and strengthen transit security infrastructure in the more vulnerable rail and transit modes.
Recently, I revisited the state of transportation security twelve years later. Unfortunately, I found an inertia regarding security improvements to many of our nation’s transit systems, ports, railways, and buses; especially outside the larger metro areas. This is largely because our nation’s transportation systems are designed for convenience and accessibility; which make them highly vulnerable to possible attacks. Developing a better security posture for the transportation sector is difficult, but there are measures that can be taken to deter crime and terrorism.
One of the major problems is that the transportation sector is run by a patchwork of private, county/local, and state authorities that run on a minimal, if any, profit margin. Most of the security directives that came after 9/11 were funded by non-recurring formula grants and/or were totally unfunded mandates. Therefore, the dilemma facing these transportation entities is how best to construct and finance a system of deterrence, protection, and response that effectively reduces the possibility and consequences of another terrorist attack without unduly interfering with travel, commerce, and civil liberties.
Since the attacks of September 11, 2001, the principal focus of federal transportation security policy has been in aviation security. The Transportation Security Administration (TSA) was mandated to create a federalized security workforce to inspect airline passengers and their baggage. However, the agency has been plagued with dysfunction, with scandals and scathing performance audits and investigation reports by Inspectors General. A major concern of TSA is their high turnover rate, a side effect when a screener workforce receives background investigations and professional training; but relatively low pay considering the vital nature of their job. This high attrition rate led to unstable staffing levels; which led to extremely long security lines at major airports causing throughput to halt and passengers to miss their flights. Congress responded to this with the FAA Extension, Safety, and Security Act of 2016 which expanded the PreCheck program to expedite screening for known travelers and enhance background checks of airport workers. However, when dealing with management issues in an organization of more than 55,000 employees; new laws and funding do not provide a “quick fix”. This is felt at my home airport of Philadelphia, where TSA PreCheck lanes do not exist in half of the airport’s terminals.
If TSA is the federal agency responsible for Transportation Security in the United States, it needs to pay more attention to threats outside aviation more carefully. For decades, bombings of passenger trains and buses in Europe, the Middle-East and Asia have illustrated the clear vulnerability and impending threats faced by the surface and maritime transportation sectors. Consider buses and passenger rail systems, such as commuter bus/rail, subway/elevated transit, light rail and Amtrak carry about ten times as many passengers each day as do airlines, over many thousands of miles of track, serving stations that are designed primarily for convenience and quick access.
TSA sought to address this issue with STSIP in 2005. At its inception, it was designed to operate in partnership with local transportation organizations, autonomous from TSA’s aviation operations, and provide robust inspection of the security posture of the surface transportation sector; so they can assist in making effective improvements therein. However, less than three years after their roll-out, the surface transportation inspectors in most cities lost their offices and were told to report to airports, and were detailed to Visible Intermodal Prevention and Response teams (VIPR) when threats arise. This, of course, would make sense if these TSA inspectors were trained, empowered and equipped as law enforcement; but they weren’t; so there has been word from local law enforcement and transit officials at transit stations questioning why they were responding other than to advertise the TSA.
In addition to our need to improve surface transportation security, consider the intricate inter-connections of our non-passenger forms of transportation. The security posture at our Ports is essential as the cargo coming through them also rides on our private freight rail systems and in our trucking community. While existing law mandated the scanning of all incoming maritime containers with non-intrusive inspection equipment (x-rays, dogs, radiation detectors, etc.) at overseas ports of loading by July 2012; this deadline was not met as many Ports simply do not have the equipment or manpower to accomplish this daunting task. Furthermore, DHS is in favor of a risk-based, layered strategy to port security screening that augments non-intrusive screening with physical screening and increased background checks, like the Transportation Worker Identification Credential (TWIC) for port and maritime workers; which also appears to be experiencing continuing difficulties in meeting the needs for truckers, stevedores, port employees, etc. to receive background checks and credentials in a timely manner; given the high-turnover rates and varied backgrounds in those occupations.
So, while problems clearly exist in the current state of transportation security; what are some possible solutions? Let’s examine:
It’s not all about aviation
Following the 9/11 attacks, Congress took swift action to create the TSA and federalized all airline passenger and baggage screening functions. As previously mentioned, the efficiency and effectiveness of federalized airport screening remains a controversial topic. For example, Representative Bill Shuster, chairman of the House Transportation & Infrastructure Committee, said in 2015 that, “in hindsight, the decision to create TSA as a federal agency functionally responsible for passenger and baggage screening was a “big mistake,” and that frontline screening responsibilities should have been left in the hands of private security companies”. While airports have explored the option of opting out of federal screening, alternative private screening under TSA contracts has been limited to 21 airports out of approximately 450 commercial passenger airports. After the throughput scandals at major US hubs in 2016, private screening has been explored by some airports, but proposals seeking more extensive reforms of passenger screening have not been extensively debated. Rather, aviation security legislation has largely focused on specific mandates to comprehensively screen for explosives and carry out background checks and threat assessments. If TSA were to study management principals of large organizations to better staff, supervise and retain these posts more effectively; attrition would decline. Furthermore, a balanced funding strategy between TSA and airports can ensure better staffing of local airport law enforcement and a more professional private security supplement to TSA’s screening and throughput mission; as opposed to the current, low-paid security guard at the top of the line simply looking at the size of carry-on bags.
The intelligence and security communities have been calling on TSA to diversify their approach to transportation security for over twelve years, leading to the creation of the Surface Transportation Security Inspector Program (STSIP) in 2005. In 2012, the House Committee on Homeland Security’s Subcommittee on Transportation Security held a hearing to examine the STSIP. What they found was that TSA management issues relating to attrition in Aviation Operations was also present at STSIP, as the number of inspectors had increased from 175 in FY2008 to 404 in FY2011, then decreased back to 260 in FY2016 to inspect modes of transportation that see twenty times more people than the estimated 1.73 million air passengers each day. Issues considered at the hearing included the lack of surface transportation expertise among the inspectors, many of whom were promoted from positions as screening officers at airports; the administrative challenge of having the surface inspectors managed by federal security directors at airports and who themselves have no surface transportation experience; and the security value of the tasks performed by surface inspectors overall.
GAO reported in 2014 that a lack of effective guidance to STSIP resulted in an inconsistent reporting of rail security incidents; largely because TSA had not consistently enforced the requirement that transportation agencies report security incidents. This resulted in poor data on the number and types of incidents and threats faced nationally by the transportation sector. GAO further found that TSA did not have a systematic process for collecting and addressing feedback from surface transportation stakeholders regarding the effectiveness of the information-sharing effort.
Triaging Priorities: Securing Surface Transportation
Following 9/11, increased security in the aviation sector led to concerns that terrorists may turn their attention to “softer” targets, such as surface transportation. Unfortunately, this is a reality felt overseas; with bombings of buses and trains in Israel, the UK, Russia and Spain. A key challenge faced by transportation administrators is balancing the desire for increased rail passenger security with the efficient (timely) functioning of these systems, with the potential costs and damages of an attack, and with other organizational priorities.
In many major transportation systems, the volume of ridership and number of access points make it impractical to subject all bus and rail passengers to the type of screening all airline passengers undergo. This drove much of the discussion a decade ago to the “low-hanging fruit” which led much of the emphasis on transit security measures to focus on the response and mitigation of an attack. While some steps have been taken to try to reduce the risks, as well as the consequences, of a terrorist attack; a more holistic approach may be more effective.
As someone who worked heavily over the last nine years in protecting sensitive information and intellectual property, I coined the following phrase when communicating security needs to executives, IT-centric professionals, and academics; “If I can neutralize your security plan by simply pulling a fire alarm and stealing from unlocked offices and common areas while everyone is in the fire exists; how comprehensive was your plan to begin with?”. To apply that common sense approach to transportation security, it’s vital that we do not silo the threat of terrorism with the general security and/or law enforcement functions of these organizations. Consider the Southeastern Pennsylvania Transportation Authority (SEPTA) who deploys cameras and technological measures on their buses and trains to aid a professional, accredited transit police force. The primary focus of this strategy is to secure a busy transit system that has lines passing through high crime areas; which are used to combat violent flash mobs that occur when city youth use transportation to gather en-masse in Center City and secure commuters on the Market-Frankford elevated line who pass through the epicenter of the opioid crisis as well as the day-to-day threats of robberies, pickpockets, and safety issues that may occur. So, if agencies like SEPTA are used to looking for suspicious or criminal behavior on a daily basis, implementing proactive security improvements throughout their system should be easier than a suburban bus, trucking, or ferry boat operation that is only starting to approach security to address potential terrorist threats.
Therefore, all transportation organizations should start by appointing someone with responsible charge of the security of their organization. This person should be certified in security management and start my looking at current plans, policies and procedures existing within the operation. Not all transportation agencies need a fully-accredited police agency; but if the primary law enforcement agencies where they operate do not have the appropriate agreements and training in place to respond to and protect your system; that may be a good place to start. Other steps should include threat & vulnerability assessments; emergency planning; emergency response training and drilling of transit personnel (ideally in coordination with the aforementioned law enforcement, and emergency services personnel); increasing the overall transit security posture; which includes installing security technology (CCTV, sensors, silent alarms, and GPS tracking devices) in vehicles and stations; and the possible deployment of security personnel.
It is of note to mention the inexplicable focus on rail security over other transit operations when this issue is discussed. While rail security is of concern, the transportation sector needs to stay focused on hardening the targets of their entire operations in synchronous. While not all local transit agencies have commuter rail, subway, or light rail systems; there are some 76,000 buses carrying 19 million passengers every weekday in the United States. Some transit systems, like SEPTA, have installed video cameras on their buses which have had ancillary benefits in addressing spurious accident injury claims and obtaining evidence in criminal investigations, but most bus operations on a national level have little (such a manager with shared duties of security and other functions) to no active security oversight on their bus operations, creating a significant opportunity for improvement.
In 2010 and 2011, the aforementioned TSA surface transportation security inspectors through their Baseline Assessment for Security Enhancement (BASE) program and the security training and security exercise program for transit (I-STEP) completed a national threat assessment for transit and passenger rail, and updated transportation systems sector-specific plan, which established three primary goals and objectives for a secure transportation system:
1. Increase system resilience by protecting high-risk/high-consequence assets (i.e., critical tunnels, stations, and bridges);
2. Expand visible deterrence activities (i.e., canine teams, passenger screening teams, and anti-terrorism teams); and
3. Engage the public and transit operators in the counter-terrorism mission.
What this sweeping federal assessment didn’t address is who at the local transit agency, freight rail companies, bus and/or trucking company will actually accomplish these three initiatives given the fact that there are so few full-time, professional security resources afforded to the surface transportation sector. Furthermore, if these resources could be identified; how can the federal grant processes be streamlined and simplified to assist these operators in funding any capital improvements needed to secure their systems?
While DHS provides grants for security improvements for public transit, passenger rail, and occasionally other surface transportation modes under the Transit Security Grant Program; the vast majority of the funding goes to public transit providers after a lengthy process. The Congressional Research Service estimates that funding for this program (on an inflation-adjusted basis) has declined 84% since 2009, when Congress allocated $150 million in the American Recovery and Reinvestment Act, in addition to routine appropriations
Port and Maritime Security & its Effect on Overall Transportation Security
The majority of U.S. imports and exports are carried by ships and are brought to and from our nation’s ports through an intricate inter-relationship between highway and rail transportation. Therefore, the economic consequences of port security vulnerabilities are significant; in addressing the threats of terrorist attacks and losses due to theft in a highly competitive marketplace. A key challenge for Port Authorities is prioritizing security activities in a landscape that is far more porous than at airports, presenting a large number of security risks.
Another issue is of security responsibility. Every international port has a detachment of US Customs and Border Protection (CBP), but their responsibility lies with the inspection of people and cargo entering the US. This leaves the physical security, law enforcement and loss prevention duties at the port to a patchwork of various policies ranging from full-service law enforcement agencies (like the NY/NJ Port Authority Police, Los Angeles Port Police, and Maryland Transportation Authority) to private loss prevention designees employed by private terminals. In order to address serious priorities ranging from multi-million dollar container theft to the prevention of the smuggling of contraband, human trafficking, or even a weapon of mass destruction in a shipping container; Port Authorities should at least have an Office of Security/Public Safety to address these threats with uniformity. The serious risks & threats at our ports could be meaningfully addressed with limited counterterrorism resources, given the matrixed working relationship already in place with CBP, the Coast Guard, the private sector as well as railroad, state and local law enforcement.
While congressional port security initiatives may continue to examine are the 100% container scanning requirement and the effectiveness of the TWIC card system and cybersecurity concerns, it’s important to recognize the dangers of an over-reliance on the federal government for support in port or transportation security. In contrast with the aviation sector, where TSA provides operational security, the surface & maritime transportation sector security is provided primarily by the transit and rail operators and local law enforcement agencies. The federal government’s role in surface transportation security is one of oversight, coordination, intelligence sharing, training, and assistance.
The Implementing Recommendations of the 9/11 Commission regarding provisions on passenger rail and transit security; Congress authorized $3.5 billion for grants for public transportation security in FY2008-FY2011. This required public transportation agencies and railroads considered to be high-risk targets by DHS to have DHS-approved security plans, a name-based security background check and an immigration status check on all public transportation and railroad frontline employees, and gave DHS the authority to regulate rail and transit employee security training standards.
What is cause for debate is whether this was accomplished effectively. If an “al-Qaeda approach” to which transit systems were deemed “high-risk” by DHS in grant selection was used, what resources do smaller transportation organizations have in protecting themselves against the “ISIS approach” to using smaller attacks by online-motivated assailants on softer targets?
What is needed is a baseline, best-practice approach to transportation security. The New York, Philadelphia, DC, Boston, San Francisco and Atlanta don’t have the market cornered on risks to transit security; they just have the transit law enforcement infrastructure present to address these threats. In the same vein, not all Ports are the size of Los Angeles, Seattle, or New York. However, some Ports like Philadelphia are large and visible; but haven’t yet clearly defined Port Security roles and responsibilities within their respective Port Authorities. The tasks of doing so in the surface transportation, trucking, or maritime transportation sector is not as daunting as it seems; but starts with a firm commitment on the part of that local organizational leader to make a call and address the problem. If they do, they’ll find a myriad of experienced security professionals at the federal, state, local and/or private levels willing to help them; myself included.