Figure courtesy of Charles Weber, Homeland Security Institute, who holds a Ph.D. in operations research

On September 11, 2001, government and private-sector efforts to secure the transportation system were relatively small. We cannot help but reflect that the nation has devoted considerable energy and resources to transportation security. Unfortunately, the main effort has been with aviation and relatively little devoted to other modes of transportation. Moreover, and more important, we continue to think about the security of the transportation network by mode and, therefore, are not treating it as a system that is interrelated.

The transportation network is a complex critical infrastructure system where people and commerce move and congregate within and between modes of transportation. That network depends on other critical infrastructure systems such as the energy sector. Therefore, we need to accept the notion that the security of the transportation network be managed from a system perspective and that the federal government, in close partnership with the private sector, is the only entity that can facilitate the management of its security. That requires that we view the transportation network as an integrated system that incorporates resources, use of technology, utility of people, and appropriate policies and procedures to manage risk.

The Transportation Security Administration is the key regulatory agency with primary responsibility for transportation security. On November 19, 2001, the President signed into law the Aviation and Transportation Security Act, which among other things established TSA within the Department of Transportation. TSA was later moved into DHS.² TSA has all the necessary authorities from Congress to manage the transportation network as a system, in close cooperation with the U.S. Coast Guard, the Department of Transportation, and the private sector. TSA has already instituted a number of security measures needed to implement the management of security across the network, particularly in aviation. DHS, particularly TSA, can facilitate the management of security across the transportation network through a systems approach and a national concept of operations.

Managing security across the national transportation system requires an overall operational planning approach to transportation security, consistent with DHS strategy, implemented by DHS components and the Department of Transportation’s modal administrators, and in close cooperation with public and private stakeholders (owners and operators of the nation’s transportation infrastructure). A systems approach would describe how DHS, in cooperation with the Department of Transportation and other federal agencies, would prevent, mitigate, and respond to intentional disruption of the nation’s aviation, maritime, and surface transportation systems while ensuring freedom of movement for people and commerce. The goals of the approach would be to

1. reduce the risk of terrorism to the nation’s critical transportation infrastructure and operations and the people who use it
2. ensure the establishment of consistent and mutually supporting intermodal security standards in cooperation with respective modal administrators and in collaboration with stakeholders
3. incorporate the President’s guidance as outlined in the National Strategy for Homeland Security
4. comport with DHS’s National Infrastructure Protection Plan, the National Response Plan, and National Incident Management System.

With these goals met, the nation would have a coordinated approach to preventing intentional disruption to aviation, maritime, and surface transportation assets while reducing the risk to critical transportation infrastructure or operations.

The approach would then serve as the operational planning tool for DHS to administer transportation security on behalf of the nation. It would

1. provide national guidance for transportation security plans for all transportation modes
2. establish requirements for subordinate national modal security plans, specify responsibilities for drafting supporting plans, outline required plan elements, and provide a mechanism for those plans to be reviewed and coordinated
3. ensure coordination and cooperation between lead modal agents (that is, the Coast Guard for the maritime domain and TSA for the aviation sector) in developing national modal security plans
4. describe the principles that guide activities along the full spectrum of transportation security: awareness, prevention and protection, and response and recovery, including preparedness
5. detail the approach each modal security plan should take to improve the nation’s ability to protect transportation infrastructure
6. outline the overarching process each entity—federal or local, public or private—should use to mitigate risk
7. describe the approach DHS would take to evaluate and ensure adherence to the approach
8. describe methods for resource management to support the approach
9. prescribe requirements to evaluate standards, compliance, procedures, and preparedness

A systems approach would provide the blueprint for how DHS, while working closely with federal, state, local, and private stakeholders, would achieve these goals. Among the challenges are the multitude of attractive targets, the openness of the system, the diversity of design and structure, the vast size of the system and volume of traffic it carries, the numerous stakeholders, balancing security and convenience of the system, distributing costs equitably, and devising a plan that promotes a rapid post-incident recovery.

The utility of technology should be leveraged in the plan, but only as part of the answer. Current detection equipment and methods are costly and limited in number, capability, and ease of use. Users of these technologies would need to design ways to optimize current capability while maintaining the flexibility to capitalize upon future technological innovation. Incorporating performance-based standards that transportation infrastructure owners and operators should meet—but leaving flexibility in how those standards should be met—sets the stage for refreshing technology investments. There is no doubt that securing the national transportation system can be both costly and time consuming. Distributing these costs fairly and equitably would be a constant challenge—and a constant goal.

Convenience of the system must be balanced with security measures. Stifling commerce and free movement to meet security requirements would not meet the needs or expectations of the nation. DHS’s challenge is to balance the need for security against the need to minimize congestion and delays within the transportation system. In the event of an incident or attack, maintaining commerce and free movement throughout the entire system is vital. The system must not only easily and rapidly support the response of personnel and resources into or out of an affected area, but other transportation modes and infrastructure must be able to absorb redirected transportation capacity after an event within an acceptable risk envelope. Finally, DHS would need to take steps to ensure that terrorists could not exploit the openness of the national transportation system.

As noted above, the overall approach would define the strategy by which DHS manages risk throughout the transportation sector through close collaboration with government agencies, industry owners, and operators. In early 2005, Homeland Security Secretary Michael Chertoff emphasized in his very first speech that “risk management must guide our decision-making,”³ noting in a subsequent speech that “resources are not unlimited”⁴ and calling for tough choices using “objective measures of risk.”⁵

Taking a systems approach to the transportation sector is critical to managing risk across the network. In Figure 1 below, one can demonstrate the key macro elements of the transportation sector. As illustrated, a specific block within the national transportation system environment represents an area of responsibility for security to be addressed by lead government “agents”—typically modal administrators. DHS would set the acceptable baseline level of risk for given threats to the national transportation system to which the risks are managed. Lead government agents would then engage in efforts to mitigate risk if that risk rises to unacceptable levels. That may require devoted government resources, particularly if the risks are near term, and working with the private sector when the risks are likely in the mid- to long term. Owner and operator security plans, deployment of governmental resources, leveraging of technology, and changes in business practices, audits, and inspections are examples of ways to manage or mitigate risk. Ultimately, DHS would ensure that transportation security risk is uniformly managed from a transportation systems perspective. A risk-managed approach would allow DHS to allocate scarce security resources to optimally manage the system. Risk assessment is a critical component of systems security management. Risk assessment helps determine the likely sources of threat, infrastructure vulnerability to that threat, and consequences of an incident. DHS’s efforts to build national planning scenarios provide for an excellent planning tool for understanding the range of potential terrorist attacks and natural disasters.

Since the approach would be based on a comprehensive, uniform approach to security, DHS would ensure that security standards are consistent across the transportation modes and that they are risk-based; that is, the standards are appropriate to the risk level of the threat being mitigated. DHS would encourage the use of performance-based standards to provide flexibility to owners and operators in meeting mandated security standards without encountering undue economic burden.

Again, as noted in Figure 1, security activity in each mode of transportation (mode-axis in the figure), from origin to destination, would be specifically addressed. Security crosses the functional areas in each mode (cargo, passenger, infrastructure security, and response preparedness). This systems approach also would address how security is achieved throughout the domains of security, from awareness through recovery—that is, the security spectrum. Therefore, DHS could achieve the necessary holistic security systems management by assessing the risk to the transportation system along its dimensions of mode, function, and security domain. The cube design represents the overlaps and intersections between modes, the security spectrum, and functions and is a depiction of the concept necessary for managing risk across the sector.⁶

Figure 1

With regard to a transportation security incident contingency, there are substantial uncertainties about how prior preparations would translate into actual performance.⁷ DHS would seek to reduce these uncertainties through preparedness initiatives.⁸ These initiatives include planning, training, equipping, exercising, and evaluating capability to ensure sustainable performance as the system sets about to prevent, prepare for, and respond to incidents. Such initiatives lend themselves to real-time risk modeling by commodity, geographical region, or threat. These activities occur across the functional areas (cargo, passenger, infrastructure security, and response preparedness) in each mode and across the modes. The results and ultimate measure of readiness is represented by the response preparedness “lane” of the cube. These efforts include planning, assessing, and exercising the system, as well as knowing what the specific threats and vulnerabilities to the system are. These efforts also include feedback for lessons observed after a transportation security incident.

In addition to awareness and prevention measures implemented across the modes and functional areas, overall preparedness must ensure the nation’s readiness to address the immediate effects of an attack on the system and to restore its vitality. Preparedness to respond is an important subset of the overall preparedness backdrop, in that it encompasses all the actions taken before a transportation security incident in order to ready the system to respond. It includes pre-staging resources, planning and exercising with first responders, and planning for the restoration of transportation services.

DHS would use a comprehensive strategy for implementing response preparedness activities across all modes of transportation in each of the domains. For example, in the awareness domain, DHS would gather and analyze threat information so that it can be shared with law enforcement and industry in order to preempt attacks on transportation assets. In the prevent-and-protect domain, DHS would develop standardized planning formats for industry to build integrated prevention and response plans, ensuring a robust capability to prevent and respond to events. DHS would also conduct exercises to test the industry’s ability to implement their plans. Finally, DHS would develop a readiness assessment system to measure, in real time, the industry’s and the nation’s security posture in response to the threat level established.

Response preparedness presumes that despite the best efforts of industry and all levels of government, a transportation security incident may still take place. Post-incident, in the response domain, DHS would use its multimodal transportation security expertise and TSA’s Aviation and Transportation Security Act statutory authority to coordinate the multiple jurisdictions that may be involved in responding to a transportation security incident, including federal, state, and local jurisdictions, non-governmental organizations, and the private sector. In addition, DHS would work with law enforcement agencies to investigate the cause of a transportation security incident and to determine how to improve prevention measures and to improve domain awareness activities in the future. In the recovery domain, DHS would work to restore vital transportation assets, and perhaps their supported supply and passenger chains, to basic working order.

The federal government needs to take the next major step in managing risk across the transportation sector by taking a systems approach to security. While DHS should be recognized for establishing a number of elements necessary for that approach, much work needs to be done. Thus, a national debate among all stakeholders must begin to discuss how best to manage risk across the transportation sector.

References

Click on an end note number to return to the article.

1. For a detailed discussion of this approach, see the forthcoming article by Theophilos Gemelas and Mark Johnson, “Systems Approach to Transportation Security,” Journal of Transportation Law, Logistics and Policy (June 2007).

2. Public Law 107-71, Nov. 19, 2001.

3. Secretary Michael Chertoff, U.S. Department of Homeland Security, remarks to the George Washington University Homeland Security Policy Institute, Washington, DC, March 16, 2005.

4. Secretary Michael Chertoff, U.S. Department of Homeland Security, Second Stage Review remarks, Washington, DC, July 13, 2005.

5. Ibid.

6. The shaded blocks indicate functional areas that do not exist within a mode—for example, passenger security for pipeline, cargo security for pipeline and mass transit.

7. See Richard Falkenrath, “Problems of Preparedness: U.S. Readiness for a Domestic Terrorist Attack,” International Security, spring 2001, p. 13, based on a previous work by Richard Falkenrath, “The Problems of Preparedness: Challenges Facing the U.S. Domestic Preparedness Program,” Belfer Center for Science and International Affairs Discussion Paper 2000-28, Harvard University, December 2000.

8. See Homeland Security Presidential Directive 8, National Preparedness (Dec. 17, 2003), for preparedness planning guidance. DHS is also moving forward to create a “culture of preparedness.”