MTI Report 04-05

(CNN)--U.S. mass transit systems were put on higher alert after Thursday's bombings in London, with officials in major cities urging Americans to go about their business but be on the lookout for anything suspicious... New York Police Commissioner Ray Kelly told CNN his officers were "doing everything that's prudent, everything that we reasonably can do to protect the city." But he said it was impossible to put a police officer "on every train all the time, or one on every station all the time."

( http://www.cnn.com/2005/US/07/07/us.response/ ; Posted: Thursday, July 7, 2005, 11:41 pm EDT (03:41 GMT))

While the most significant terrorist attacks--such as the sarin attack in Tokyo or the bombing of the Paris Metro--garnered worldwide public attention during the 1990s, popular and political response in the United States was generally muted. Perhaps this was because attacks on U.S. transit systems were still quite rare; perhaps this was due to Americans' legendary parochialism; or perhaps it simply reflected wishful thinking. Whatever the reasons for this indifference, it was not justified.

During the mid-1990s, four separate acts of terrorism and extreme violence on U.S. transit and rail systems killed fourteen and injured more than one thousand.1 While police and intelligence officials who oversee transit properties grew much more vigilant and vocal in the late-1990s in calling for increased attention to the vulnerability of public transit systems to terrorist acts, the issue still had not caught the attention of most transit passengers, voters, members of the media, or elected officials.

This all changed, of course, on September 11, 2001. While the focus of the 9/11 attacks was on a different part of the transportation system, the effects on the affected public transit systems were dramatic and, in the case of New York, long-lasting. The vulnerability of open, accessible public transit systems and their passengers to terrorist acts was cast in the sharpest possible relief. Concern over the vulnerability of transit systems has been heightened further by the more recent, deadly, March 11, 2004, attacks on commuter rail trains in Madrid, Spain, and the July 2005 attacks on the London Underground and bus systems. The London attacks, in particular, dominated news coverage for at least a week and raised popular concern over transit terrorism in the United States such that transit security in the United States is now widely viewed as an important public policy issue.

The attention and subsequent fear generated by these attacks have clearly motivated policymakers into action. Indeed, one of the more sobering lessons from the research reported here is that significant system- or industry-wide changes in security planning have often required either prolonged exposure to lower-scale attacks (such as those perpetrated by the Irish Republican Army (IRA) against transit systems in greater London) or a mass casualty event (such as in Tokyo, Madrid, or most recently, London). Absent such events, concerns--even repeated, dire warnings by vigilant police and intelligence officials--have too often gone unheeded by many elected officials.

Research Approach

Research on transit security in the United States has mushroomed since 9/11; this study is part of that new wave of research. This study contributes to our understanding of transit security in several ways. Perhaps most important, we employ a wide array of approaches and methods to examine a complicated issue: How are transit managers around the United States and around the world working to better protect their systems and passengers from terrorist attacks? To address this question, we have pursued a multipronged research approach.

We reviewed and synthesized nearly all previously published research on transit terrorism and updated previous efforts to systematically chronicle previous terrorist attacks on transit systems around the globe.

We complemented these detailed case studies and interviews with a comprehensive survey of 113 of the largest transit operators in the United States regarding prior threats and attacks, past and current security planning and policing efforts, and approaches to four security strategies: policing, technology/hardware, public education/outreach, and crime prevention through environmental design (CPTED).

We conducted detailed interviews with federal officials here in the United States responsible for overseeing transit security, and with transit industry representatives both here and abroad, to learn about efforts to coordinate and finance transit security planning.

We conducted detailed case studies of terrorist attacks on transit systems in London (prior to July 2005), Madrid, New York, Paris, Tokyo, and Washington, D.C. These case studies involved reviews of documentary evidence and other written materials, and in-depth interviews with transit officials and other key stakeholders.

Thus, our multipronged research approach is both domestic and international, as well as qualitative and quantitative, all in an effort to increase the reliability of our findings on this complex issue.

A second distinguishing feature of this research reflects the experience and expertise of the research team. We are scholars of architecture and urban design, civil and transportation engineering, and transportation and urban planning, and not intelligence, policing, or security. We have, therefore, approached this research from the perspective of the people who finance, design, build, operate, and use public transit systems, rather than from the perspective of those who police them.

For example, the role of system design in transit security has received far less attention in most previous research on transit security than policing or surveillance. A specific focus of this work is on system design. We conducted inspections of transit stations in each of the systems studied, and we collected detailed information on attitudes toward and applications of CPTED strategies in our survey of U.S. transit operators.

A third and final distinguishing feature of this research is that it updates the findings and conclusions of many previous studies in this fast moving and rapidly evolving literature. We found from our survey, for example, that security planning efforts have progressed significantly at U.S. transit systems since a 2002 U.S. Government Accountability Office (GAO) survey of transit operators was published in 2003.

Layout of the Study

The study is composed of six sections. Following the introduction, the second section presents a comprehensive look at This research-literature review gives particular emphasis to design strategies. Building on two earlier Mineta Transportation Institute reports, the section includes a history and chronology of terrorist attacks on railway systems, extending the inventory of terrorist attacks to 2004,2 and providing basic information about the medium of attack, the type of transit system attacked (heavy rail, commuter rail, light rail), and the impact of the attack (number of casualties).

The next section, See Securing Transit Systems in the Post-9/11 Era: A Survey of U.S. Transit Operators presents the results of a Web-based survey administered to 120 transit agencies in 108 cities in the United States. The survey assesses (1) how the threat of terrorism affects the transportation security decisions of agencies; (2) how such decisions have changed after the events of September 11, 2001; (3) how agencies effectively identify and assess vulnerabilities in their transportation systems; (4) what measures they are taking to increase transit security; and (5) the relative importance they place on different security strategies such as CPTED, public education and user outreach, policing, and security hardware and technology.

Transit agencies do not operate in a policy vacuum. Their planning efforts against terrorism are determined largely by policies and funding allocations at the state and federal levels. The fourth section, See Institutional Responses to Increasing Transit Security Threats: Interviews with Key U.S. Stakeholders assesses the federal government's role in the security of urban rail transit in the United States. Drawing from interviews with officials in a number of federal agencies, this section discusses and analyzes initiatives taken by the Department of Homeland Security, the Federal Transit Administration, and the Federal Railroad Administration. The section also reports on interviews with officials from the American Public Transportation Association (APTA) and security personnel from Amtrak, the New York Metropolitan Transportation Authority (MTA), and the Port Authority of New York and New Jersey.

"Case Studies of Contemporary Terrorist Incidents," the next section, draws from the literature and first-hand interviews with transit officials in five cities--London, New York, Tokyo, Paris, and Madrid--to present five case studies of contemporary terrorist incidents: (1) the terrorist attacks waged by the Irish Republican Army against the London Underground, (2) the Fulton Street Station fire bombing in New York, (3) the sarin chemical agent release by members of the Aum Shinrikyo cult on the Tokyo subway system, (4) the bombings on the Paris rail system by Algerian terrorists, and (5) the Al Qaeda attack on the Madrid rail line. The case studies detail the incidents and discuss the emergency and long-term design and policy responses to them.

The last section, "Transit Security Strategies of International Agencies," reports on interviews with transit officials from Paris, Tokyo, London, Madrid, and Brussels to better assess the role of transit system design and operation in both exacerbating and minimizing terrorist attacks. This section also compares transit security policies in different countries and elaborates the goals of the different international transit agencies, their security measures and strategies, and the challenges they face in securing their systems.

From the hundreds of pages of interview transcripts, survey results, and fieldwork notes, we distill the analyses in these six sections into what we see as twelve important lessons from the recent experience of efforts to prepare for, discourage, mitigate, and respond to terrorist attacks on urban public transit systems around the world.

Findings: A Dozen Lessons Learned

1. Public transit systems are open, dynamic, and inherently vulnerable to terrorist attacks; they simply cannot be closed and secured like other parts of the transportation system.

Public transit systems are a central part of urban life. They assemble strangers from diverse economic, social, ethnic, and religious backgrounds and convey them though a wide array of neighborhoods and districts. They are, by definition, open, dynamic systems that cannot be closed and regulated like the air transport system.3 Such sentiments were expressed repeatedly by the hundreds of people interviewed and surveyed for this research. Not surprisingly, most of the transit managers and security officials who responded to our survey viewed their transit systems as "very vulnerable" to terrorist attacks.

While public officials understandably call for efforts to make transit systems 100 percent safe, it is simply impossible to secure the thousands of bus stops, hundreds of miles of bus routes, many dozens of miles of rail rights-of-way, and the hundreds of stations used daily by millions of passengers in most large metropolitan areas. The challenge is especially daunting given a growing wave of suicide bombers who are willing to risk capture or death to execute an attack. According to an official interviewed in Madrid,

I have to say that security does not exist. What does exist are methods to lessen insecurity. You never know what is going to happen. I am telling you this because when the politicians tell you that these methods will guarantee our security, it is all false.

Said another Madrid official,

You should accept that there is an inherent vulnerability to the system, and if you want to run an open mass transit system you live with the vulnerabilities and try to tackle them through intelligence and stopping these people before they actually get in.

Such sentiments raise legitimate, and perhaps troubling, questions about whether transit security planning efforts are perceived by transit officials as more symbolically effective (at creating a sense of safety among the public) than substantively effective (in reducing the likelihood and/or magnitude of a terrorist attack). At the very least, they reflect the daunting challenges to security planning for open, accessible transit systems.

2. The threat of transit terrorism is probably not universal; most attacks in the developed world have been on the largest systems in the largest cities.

While the chronology of terrorist attacks on transit systems reviewed in the section "Securing Urban Rail Transit Systems against Terrorism: A Review of the Literature" documents hundreds of incidents occurring over many decades, the deadliest and most politically influential of these have occurred on the largest transit systems in the most politically and economically powerful world cities, such as London, Madrid, Moscow, New York, Paris, and Tokyo. This suggests that efforts to combat transit terrorism should be focused on cities and transit systems where the likelihood and potential effects of terrorism are greatest.

This observed asymmetry of risk likely reflects both the symbolic importance of particular world cities, and the fact that transit use tends to be concentrated in the largest and most densely developed metropolitan areas. As noted in the third section, See Securing Transit Systems in the Post-9/11 Era: A Survey of U.S. Transit Operators the ten largest U.S. transit systems (operating in nine metropolitan areas) carried 65 percent of all transit trips reported to the Federal Transit Administration for 2002, while the hundreds of remaining transit systems carry the remaining 35 percent. Of all 2002 U.S. transit trips, 39 percent occurred in one metropolitan area, New York, and 31 percent of all U.S. transit trips were carried by just one system, the New York MTA.4

While the most dramatic attacks have occurred mostly on major systems in world cities, this does not mean, of course, that local bus service or smaller cities are safe from attack. In the developing world, terrorist attacks on transit are more likely to occur on buses than on trains. Further, as noted in the sections and See Institutional Responses to Increasing Transit Security Threats: Interviews with Key U.S. Stakeholders security experts report that some terrorists have on occasion chosen to attack unexpected targets in order to elevate fear and anxiety among the general population. But while smaller U.S. cities--like Oklahoma City--are clearly not safe from terrorist attacks, the very small role played by public transit in these cities (where the mode share of trips can dip below 1 percent) suggests that they are a far less likely venue for an attack than larger cities where the role and visibility of public transit are proportionally much greater.

3. The asymmetry of transit terrorism risk is at odds with a political system of public finance that favors distributing funding somewhat equally across jurisdictions.

Given the observed asymmetry of risk, how should security resources be deployed? If strategic transit security policies start from the premise that attacks will inevitably occur, then "success" is not elimination of all attacks, but preventing and/or minimizing the most damaging attacks, which are most likely and most deadly on the largest transit systems. While focusing security efforts on large transit systems in New York, Washington, D.C., and Los Angeles, for example, may motivate terrorists to shift their focus to smaller systems and smaller cities, such a shift could be viewed as evidence of success in securing the most symbolically significant and attractive targets.

However, there is a strong tendency in the public finance of transportation, and indeed in most realms of public finance, to distribute funding widely among political districts and jurisdictions. This helps to explain why federal per-rider transit subsidies tend to be far higher in places like Chapel Hill, North Carolina, than in places like New York City. This natural tendency to spread out money evenly does not square with the asymmetry of transit systems' risk of terrorist attack, and may undermine the effectiveness of federal and state transit security policies and programs. Thus, despite New York's domination of U.S. public transit patronage, it is unlikely that the U.S. Congress--comprising entirely geographically based representatives concerned with the distribution of resources among their competing jurisdictions--will see fit to devote a third or more of all federal transit security resources to the New York metropolitan area.

4. Transit managers are struggling to balance the costs and (uncertain) benefits of increased security against the costs and (certain) benefits of attracting passengers.

Transit managers are in the business of attracting and conveying paying customers. They endeavor to provide safe, fast, and reliable service at a reasonable price, but transit systems worldwide have struggled in a losing, century-long battle with private vehicles for market share in urban travel--especially in most U.S. cities. Thus, from the perspective of transit system planners and managers, safety and security are important, albeit intermediate, means to the end goal of carrying passengers. As one transit industry official put it, "What's important to remember is that public transport companies are responsible for satisfying the mobility needs of citizens. They are not security agencies."

With respect to the sometimes competing objectives of maximizing security versus maximizing ridership, one London interviewee noted,

Our primary function is to get loads of people to use trains. Security, I would suggest, is still seen as a secondary but integral function. So you won't have the world's most secure station built, but you'll have the world's most cost-effective station built with security enhancements.

Calls for increased attention to security have come in recent years from passengers, the media, local officials, and state and federal governments. With respect to the latter, mandates for regular and comprehensive security planning, more formalized safety and emergency response procedures, increased policing and surveillance, and so on were criticized by many of the transit officials we interviewed (both domestic and international) as unfunded mandates that strain already depleted transit system budgets. Indeed, the need for increased security funding was the central finding of the 2003 GAO study of transit security in the United States, and such calls for increased funding were echoed in this research.

According to one transit official interviewed, transit terrorism is a tremendous burden for agencies because they "have to be lucky all the time, while the terrorists only have to be lucky once." Regarding the need for public subsidies to support security expenditures, another interviewee noted, "In the end, public transport is a business...There comes a point at which the businessman will say that the security measures will cost him more than the revenues. The key issue for addressing risk is to get things down to `ALARP' as we call it, `as low as reasonably practical.'"

In addition to concerns over the costs of security programs, many of the transit officials also expressed concerns over the uncertain nature of the risks and the uncertain effectiveness of increased security expenditures. "How," several of those interviewed asked, "should systems evaluate costs and benefits in such uncertain environments?" Further, what techniques or approaches offer systems the most security bang for the buck? In response to such questions, the transit systems examined for this study have pursued an array of ways to prioritize expenditures on security:

customizing security measures based on a detailed evaluation of risk for each site (Paris).

assessing risks based on station location, socio-demographics of the region, and delinquency rates of surrounding population (Madrid).5

focusing efforts on terminal stations, the most heavily patronized stations, and stations near government buildings (Tokyo).

giving top priority to securing sites with concentrations of hazardous materials (Paris).

conducting public surveys of riders' perceptions and concerns to help prioritize needs (Madrid).

5. Given the varying roles and mandates of agencies of the central government (ministries, federal agencies, and so on), intelligence services, police agencies, and transit operators on matters of security, close coordination and cooperation are critical to effective transit security planning.

Many of our interviewees spoke of the need for a multilayered and multipronged system of security in which various agencies play very different roles. Many transit officials with whom we spoke suggested that interagency cooperation is common to the industry, which bodes well for increased coordination with police and security agencies in the years ahead. One U.S. transit industry representative put it this way:

The transit industry, because it's public, is very mutually supportive. Transit agencies aren't in competition with each other. In fact, we have a long history of aiding one another with training programs. Even if you've hired a consultant to help you with a program, we've seen people really sharing that program or that information. One of the roles that [the American Public Transportation Association plays is that] we're a conduit for the sharing of a lot of that information.

Many of those interviewed emphasized the importance of clearly defining roles and responsibilities among actors. Several also stressed the need for frequent and regular interaction among agencies to share information and agree on common strategies and tactics. Concluded one London interviewee,

Partnership is not easy. You have to invest time, and emergencies are not the time to meet your counterpart in different agencies.... Resilience is about coordinating and facilitating efforts of all the disparate, separate agencies to ensure better quality of performance, aiding and leading to a more effective prevention or recovery than might otherwise be the case.

Finally, several of the transit officials interviewed noted that APTA, the leading U.S. transit industry organization, has come to play an increasingly central security coordinating and information-brokering role, and, in doing so, has come to more closely resemble the activities of the International Union of Public Transport (UITP) outside of the United States.

6. An important benefit of improved coordination is standardization of emergency training, security audits, and disaster preparedness procedures, and the issuance of common guidelines about security.

While the airline industry has adopted common international security standards and procedures, many other modes--and in particular public transit--have not done so. For example, several of our European interviewees noted that while many European Union (EU) member countries have developed highly integrated international passenger rail service, similarly integrated systems of rail security have been slow in coming.

Likewise, while the many transit agencies typically operating in larger metropolitan areas have developed reciprocal integrated fare and passenger information protocols, efforts to integrate and standardize security practices and procedures among transit systems within metropolitan areas and between them are relatively new.

Such standardization can be particularly helpful to smaller transit operators that do not have the resources to independently develop security standards and procedures. For example, standardizing safety guidelines and signage, the structure and content of security announcements, and the marking of emergency exits on trains and in stations can all help passengers avoid confusion in times of emergency. Likewise, standardizing security training of personnel--drivers, supervisors, and managers--can improve coordination with police, fire, and intelligence officials in times of emergency. Many of the respondents from U.S. transit agencies surveyed for this research noted that, under the guidance of the federal government, standardized security plans and training programs were being integrated into already established emergency response training programs traditionally aimed at responding to personal and property crime and smaller-scale emergencies.

7. Despite significant progress in increasing coordination between transit and police/
intelligence agencies, much work remains.

Despite significant and ongoing efforts to improve the coordination and cooperation between the many, largely independent transit agencies operating in large U.S. metropolitan areas, seamless integration of routes, schedules, and fares has long proven elusive. Given the widely divergent goals and objectives of public transit and police/intelligence agencies, the challenges to increased coordination and cooperation are even greater.

Perhaps the greatest challenge to improved coordination identified in this study concerns ambiguity and uncertainty over lines of authority and responsibility. Put simply, it is not always clear who is responsible for what. Said one European transit industry representative we interviewed,

The public authorities are responsible for security. If there is a terrorist incident or attack, the transit authorities are responsible for restoring traffic as soon as possible. They [the transit agencies] should also help the public authorities to organize first aid and emergency response, but they are not responsible to follow up the threat or to investigate the threat.

Despite the many challenges, nearly everyone queried agreed that increased coordination was needed. Such coordination can take many forms: (1) coordination between neighboring transit agencies; (2) coordination among local, state, and federal law enforcement officials; (3) information sharing with the media and the public; (4) the improved dissemination of best practices in security planning; (5) consistent emergency response procedures and protocols; (6) improved integration of different security-related technologies; and (7) increased international cooperation in sharing information and best practices. With regard to the latter, one official interviewed noted, "The threat is international and the way you need to deal with it is an international effort," although several other interviewees cautioned that while international threats call for international collaboration, security measures should not be applied equally in all places; they should be customized according to local organizational/governmental structures, transit system size, age, and characteristics, and the specifics of local cultures and norms.

8. Passenger education and outreach is a challenge; informed passengers can increase surveillance and safety, but fearful passengers may stop using public transit.

Although most of the officials surveyed and interviewed agreed that public education and outreach had become an important part of transit security planning, respondents were in general more ambivalent about education and outreach than about policing, technologies, or CPTED. In particular, many cited the challenge of raising awareness without raising fear. One of the officials we interviewed in Madrid said that their goal following the March 11, 2004, attacks was to augment feelings of security and diminish feelings of insecurity: "The methods we chose and implemented after the March attack were not so much about combating terrorism; rather they were used to help riders recover a feeling of security."

While our interviews suggest that passenger outreach efforts on security have been more common outside the United States, nearly all those to whom we spoke agreed that it is a delicate balance between creating a perception of excessive, pervasive security (which is both costly and can incite fear among passengers) and too little security (which can promote a sense of danger and unchecked lawlessness). Said one transit industry official, "You have to reassure but not scare off passengers, because if you exceed a certain level [of police activity] it might be considered that you are in a very insecure place."

Enlisting the public's help in security surveillance can be effective, but entails risks. Excessive marketing of vigilance can create an environment of paranoia, where everything and everyone can be viewed as potential threats. Such paranoia can suppress ridership while overwhelming transit officials with security tips, and panicked passengers can compound damage after an attack.

Further, a strong emphasis on police and public surveillance can lead to social profiling, and with it losses of privacy and civil rights. Said one interviewee,

Here [in Spain] there would be a lot of problems and it wouldn't be convenient to start screening passengers. People will not accept being identified, profiled, and searched, even if it is a random manner, because when you select, you elect and you have to do this with a certain objective and clear parameters. You will be accused of discrimination because this is labeling, marking people with certain physical features.

9. The role of crime prevention through environmental design in security planning is waxing.

Most of our survey and interview respondents were familiar with the concept of CPTED, and most viewed CPTED--which considers how the physical design of spaces can affect both the likelihood and impact of criminal or terrorist activity--as an important longer-term strategy to address both crime and terrorism on transit systems. According to the respondents to our survey, CPTED was given much less weight in security planning prior to 9/11. Since 9/11, however, over 80 percent of the respondents now believe that CPTED is a somewhat or very effective strategy in preventing terrorist attacks. This ranking of effectiveness is similar to both policing and security hardware and technology strategies, and well ahead of public education and outreach.

According to one of our interviewees in Madrid, "Security is based on prevention, and prevention begins with design. A station designed without security criteria would be much more insecure and expensive to protect."

While the potential effectiveness of CPTED was widely touted by those queried, many also noted that design is a longer-term strategy. CPTED strategies can be cost-effectively incorporated into new stations and terminals, such as in the new Météor and Eole Lines in Paris, the new Line 11 in Madrid, and the new Bilbao subway in Spain. On the other hand, most interviewees thought retrofitting old stations to be extremely costly for the most part. Concluded one interviewee regarding the retrofit of older stations, "The best you can do is to use some passive methods such as mirrors, cameras, and increased lighting."

Even among officials interviewed who work primarily in policing and security, knowledge of and enthusiasm for CPTED principles was widespread. For example, one London transit police official said,

If you take a station like Baker Street, it's very dark [and listed as a historically significant] building so there are limitations on what can be done to change the appearance and structure. Not very much can be done at all. We'd like better lighting, more CCTV [closed-circuit television]. We'd like cleaner lines. Any vending machines that are brought in, we'd like them to have sloping tops so nothing can be put on top of them. We'd like them to be totally accessible or totally enclosed so they're easy to search or impossible to put something in. We look at tamper-evident seals [on entryways to areas closed to the public], which can't be physically locked. When it comes to new stations, bigger, brighter areas, clear sight lines, certainly those are the kinds of things that we would seek to influence.

10. Since 9/11, transit agencies are more likely to adopt comprehensive, multipronged
approaches to security planning than in years past.

Our survey and interviews focused in detail on four types of security strategies--policing, technology, education and outreach, and CPTED. We found that attention to all these strategies has increased since 9/11, and over half of the respondents now view all four strategies as central or significant parts of security planning efforts.

Prior to 9/11, most of the respondents to our national survey of large transit operators said they had emphasized policing and hardware/technology in security planning, and placed far less stock in either public education or CPTED. While the survey respondents believed that the importance of policing and hardware/technology increased after 9/11, their assessments of the importance of public education and, especially, CPTED increased even more.

This broad support for all four security strategies reflects a consensus among those surveyed and interviewed regarding the need for a comprehensive, multipronged approach to transit security planning. Several interviewees cautioned against becoming too reliant on just one or two strategies. As one of our London interviewees noted,

Each one (strategy) on its own can't work in isolation. I don't think that one of them sits out on its own. You've got to do each one. And you've got to have an element of each one in terms of being able to combat terrorism or crime in general.

11. The public transit industry is vulnerable to security policies or programs that reduce the speed, comfort, or convenience of transit, and may benefit significantly from policies that increase the attractiveness of transit.

Despite significant public investments over the past three decades, public transit systems around the United States continue to lose market share to private vehicles. Many transit systems have made important strides in increasing the comfort, safety, and convenience of using transit, but matching the speed and flexibility of private autos remains a challenge. Transit security policies and programs that increase the hassle of, or delays in, riding buses and trains may significantly undermine an already vulnerable and distressed industry. For example, the random bag and parcel inspections instituted on the New York transit system following the July 2005 attacks on the London public transit systems will add stress and delays on the United States' most heavily patronized transit system--stress and delays that inevitably make traveling by other modes relatively more attractive.

Many transit system managers said that new security measures should enhance the perceived safety and attractiveness of their systems, and not add to delays, inconvenience, or perceptions of heightened risk. The importance of creating safe, attractive systems for passengers, report some transit officials, is sometimes lost on security officials; as one interviewee from London said prior to the July 2005 attacks,

It's trying to balance providing maximum security while still providing the kind of service people expect. People still want to go from point A to point B as fast as possible. They don't want to be delayed, even for security reasons. So that's the balance...it's still a struggle... I think that is something that in the future has to evolve, to where you have that perfect balance where you can say, "I think we're providing as much security as we can," but it's also seamless to the customer so you don't have an operational slowdown.

12. Given the uncertain effectiveness of antitransit terrorism efforts, the most tangible benefits of increased attention to and spending on transit security may be a reduction in transit-related personal and property crimes.

Terrorist attacks on transit systems in the United States and abroad have increased in recent years in both frequency and severity. Likewise, public and political concern over the issue has skyrocketed since 9/11. The fact remains, however, that transit patrons remain far more likely to be victimized by personal crime than a terrorist act.

According to Federal Transit Administration data, an average of 279 people have been killed on or by public transit each year over the past decade. In addition, an annual average of 18,748 people have been injured on or by public transit over the same period. Crimes ostensibly unrelated to transit use--such as being robbed or killed while waiting at a bus stop--would push these figures far higher. This means that, between September 11, 2001, and August 11, 2005, more than 1,100 people have been killed on or by public transit, and more than 75,000 have been injured on or by transit in the United States6

Further, studies have repeatedly shown that fear of crime is a significant deterrent to transit use for many people.7 So while political attention and public resources are currently focused on transit terrorism, reductions of personal and property crimes on public transit systems could prove to be a significant collateral benefit of safer, more secure public transit systems.

In both our review of the research literature and in several of our interviews were repeated suggestions for a "dual-use strategy," whereby antiterrorism measures may be effective in reducing transit crime. Coincident with new security measures on the Tokyo Metro, both robberies and thefts are down substantially. Likewise, fewer crimes were reported in the period following the implementation of random parcel inspections in Madrid.

Such complementary benefits, however, are not assured without careful attention to congruency between anticrime and antiterrorism measures. Some of those interviewed suggested that anticrime and antiterrorism efforts are not always reciprocal and complementary. "By preparing your system to react to terrorist attacks, you also prepare it to react to different types of crime...But the other way around is not always true" (Madrid transit official).

However, others argued that anticrime and antiterrorism efforts worked very much hand in hand. Said one London transit official:

It's easier for a terrorist to operate in an environment that is disorderly, that does not give the appearance that someone is in charge; the area does not look secure. Actually taking care of the little things, and insuring that there is order and maintenance, sends a signal that it's hard to operate illegally or carry out an attack in this environment. There's a deterrent effect.

Postscript

Whether these findings are discouraging or heartening depends on one's perspective. The stakes are high, the risks uncertain, and the solutions unclear. The July 7 and 21, 2005, subway and bus attacks in London offer a sobering reminder that transit systems remain inherently vulnerable to terrorist actions, even on systems where security and vigilance have been the modus operandi for decades. While public transit systems are likely to remain attractive and vulnerable targets for terrorists, U.S. transit systems are today better coordinated, policed, monitored, and designed, and staff and passengers are better informed and prepared than just a few years ago. How effective these efforts will be (or have already been) in deterring or minimizing a terrorist attack is unclear. What is clear, however, is that crimes of all types--political, personal, and property--drive riders away from transit systems. So if the recent rise in transit security planning deters a major terrorist attack, or simply the activities of a lone pickpocket, the transit industry will be better off as a result.

Introduction

For those determined to kill in quantity and willing to kill indiscriminately, public transportation offers an ideal target.

--Jenkins and Gerston, 2001

The events of September 11, 2001, brought the issue of transportation security and terrorism to the forefront of civil society. While transportation security officials had been aware of the possible threat of terrorist attacks on transportation networks for some time, these tragic events revealed both vulnerabilities in security systems and the previously unimaginable consequences of such breaches. Public surface transportation systems are especially attractive targets for would-be terrorists wanting to cause the maximum amount of disruption and harm.See Balog, Devost, and Sullivan 1997. Such systems serve very large numbers of people over extensive networks of stations, stops, and facilities. In the United States, 74 rail transit systems operate 18,000 vehicles in 38 cities; collectively, these systems carry 3.4 billion passenger trips annually. The wide use of rail transit systems by many segments of the public makes them especially attractive targets for terrorists wanting to maximize disruption and harm. Accordingly, concerns about transit security rank high among transportation officials and transit riders.

The vulnerability of railway systems lies in the fact that they are very open and accessible, with fixed, predictable routes and access points. Their openness and anonymity make it easy for potential terrorists to hide in crowds without arousing suspicion. Securing such open and public systems presents a series of problems. The volume of passengers makes it impossible for transit operators to employ many of the security tactics used by commercial aviation.See Norman Y. Mineta International Institute for Surface Transportation Policy Studies 1996. Preventive security measures on public transit, such as the screening of passengers and luggage with X-ray machines and metal detectors, hand searches, passenger profiling, chemical- and bomb-sniffing dogs, and armed guards, would lead to intolerable delays and costs. The need for transit agencies to offer transit systems that are accessible, convenient, and affordable for daily users thus conflicts with many security goals. In cities around the globe, people choose between public transit and private automobiles for many trips. Private vehicle use is growing in most cities, resulting in worsening congestion and air pollution. Attractive, convenient public transit systems help to mitigate many of the problems of widespread auto use, and provide mobility for those who do not have access to automobiles, including the young, elderly, disabled, and poor. Security measures that cause inconvenience, delay, or added cost to travel by public transit are likely to shift travelers and cities toward greater dependence on private vehicles. Therefore, balancing transit riders' desire for convenience, accessibility, and affordability with security measures presents a challenge to transit operators.See United States General Accounting Office 2002 (b).

A 1997 survey sponsored by the Transportation Research Board assessed both the perceptions of transit system managers regarding terrorism and security as well as the status of agencies' existing emergency preparedness, planning, and response procedures. Over 40 U.S. transportation agencies participated in the survey, including agencies that provide rail service and coordinate bus systems. Urban and commuter rail systems ranked the highest in terms of the perceived risk as targets of terrorism. Detonation of explosive devices was perceived to pose the greatest threat to transit systems. A majority of the agencies surveyed had actually dealt with bomb threats in addition to a variety of other security threats.See Boyd and Sullivan 1997.

Transit Security in an International Context

Security on mass transit is a global issue. Indeed, many transit systems around the world have been victimized by terrorists, including the railway systems of New York, London, Paris, Tokyo, Madrid, and Moscow. An analysis of terrorist attack trends indicates that their lethality has increased over time. In addition, the number of attacks against transportation systems increased in the 1990s. In 1991, transportation systems were the target of 20 percent of all violent attacks. This rose to almost 40 percent by 1998. Jenkins' (1997, 2001) comprehensive chronology of 900 terrorist attacks involving surface transportation from 1920 to 2000 provides an analytical model useful in identifying the most salient patterns and trends. He finds that about two-thirds of the attacks were intended to kill people (as opposed to simply disrupting transit operations), while 37 percent of the attacks actually resulted in fatalities. Of the incidents with fatalities, about three-fourths caused more than one death, and 23 percent caused 10 or more deaths.

International case studies of surface transportation systems that have suffered terrorist attacks can offer examples of both vulnerabilities to terrorist threats, and effective measures for their prevention, mitigation, and response. Such case studies offer lessons on preparedness, response, and recovery that may apply to other transportation systems with similar physical and organizational characteristics, including those in the United States. While some case studies of transit terrorist attacks exist, such as Jenkins (1997) or Jenkins and Gerston (2001), they are almost exclusively descriptive narratives of the events or assessments of the police and emergency responses that followed them. The existing literature on transit terrorism does not identify and compare the social and environmental characteristics of the transit systems that have been hit by terrorism, or the strategies that transit agencies around the world are adopting to offer protection to their riders. While intelligence systems have globalized rapidly in response to recent terrorist attacks, planning to prevent and mitigate terrorist attacks on transit systems is far more insular. Additionally, most research on transit terrorism has centered on the role of policing and technology in mitigating terrorist attacks.See Policastro and Gordon 1999; and Alternative Technologies 1993. There has been far less investigation of how system design and public education may be employed to both reduce the likelihood of attacks and minimize the impact of attacks when they occur. Resources such as the public outreach tool kit for "Transit Watch" and the Volpe Center's "Security Design Considerations for Transit Vehicles and Facilities" have more recently been funded by the Federal Transit Administration (FTA).

Conceptual Model of Transit Terrorist Events

Following the July 2005 bombings in London, concerns with transit security rank very high among transportation officials and transit riders. Deterring and minimizing terrorist attacks involves assessments of vulnerabilities, the mitigation of weaknesses in the system, and the development of effective response and emergency plans. Yet planning for transit security to date has largely been ad hoc and often ambiguous. For example, surface transportation security tends to focus less on deterrence and more on mitigation, quick response, and the rapid restoration of services after an incident.

In contrast, the study that follows examines and compares responses to transit terrorist incidents, conceptualizing a process that extends over a very long time frame, approximating the life of the transit system. The analysis of international terrorist incidents that follows has gathered information relevant to each of the four stages described below:

Stage One--Planning, Designing, and Building: It is important to incorporate into the planning and physical design of a transit system the best current knowledge of terrorist threats, thereby minimizing through system design the potential damage of incidents that could occur at any time, even decades later. The choice of materials for the construction of stations and vehicles, for example, should be made on the basis of full consideration of terrorist attacks; the provision of ventilation systems should include considerations of fire suppression, anthrax, and possible chemical attacks; the selection of computerized communications and control systems should be informed by their potential vulnerabilities; and the architecture of stops, stations, and vehicles should incorporate design principles that minimize their vulnerabilities, maximize their ability to continue functioning under difficult circumstances, and facilitate responses by emergency personnel.

Stage Two--Planning for Incident Response: The vulnerability of transit systems to terrorist attacks should be reviewed periodically throughout the operational life of a transit system so security officials can refine planning in response to evolving threats. For example, interagency cooperation should be encouraged and staff training should be updated. Sufficient information also must be provided to passengers so, in the event of an incident, they will know how to respond. In addition to the actions of transit operators and their funding agencies, law enforcement and intelligence efforts by agencies charged with counterterrorism should be ongoing.

Stage Three--Immediate Response to Incidents: If and when an incident occurs, the immediate response--including clearance, search, rescue, recovery, and the restoration of service--constitutes a critical stage. While the actions in this stage may last only a few weeks, they provide invaluable information for security planners as terrorist incidents are such infrequent events. With respect to this research, deconstructing the role of system design and operations in exacerbating or minimizing the effects of the attack can be used to help plan and operate safer public transit systems in the future and provide for continuity of operations in emergency situations.

Stage Four--Long-Term Recovery: The final stage in responding to a terrorist incident may last for years, and constitutes the redesign, reconstruction, and operation of the system under new rules and procedures that are influenced by the incident and what has been learned during the planning and rebuilding process. This stage also involves restoring public trust in the security of the transit system.

Scope of the Problem, This Research, and Policy Responses

The goal of this study, which uses transit authorities and transportation agencies as units of analysis, is to research global responses to the threat of transit terrorism by:

comparing policies and strategies employed by transit agencies in the United States and around the world.

contrasting the larger policy framework of transit security funding as exercised by different transit authorities and ministries of transport.

evaluating the importance of transit station design for transit security.

assessing the lessons learned from the different contexts for a more effective future response and prevention of terrorist attacks.

Implicit in our research design--and indeed in nearly all policy discussions surrounding the issue of transit security--is that public transit systems, or transportation and infrastructure systems more broadly, are the right way to think about the problem, the appropriate unit of analysis for study, and the correct venue for policymaking. At the very least, such assumptions warrant reflection.

We can think about three ways that acts of terrorism intersect with transportation systems:

when transportation is the means by which a terrorist attack is executed.

when transportation is the end, or target, of a terrorist attack.

when the crowds that many transportation modes generate are the focus of a terrorist attack.

Examples of transportation as the means of a terrorist attack include the use of cars, buses, or trains to convey explosives, or when cars, buses, or planes are used as weapons. Examples of transportation as the end of a terrorist attack include attacks on bridges or tunnels to disrupt transit, railroad, or highway operations, exact economic costs, and attract attention. In each of these cases, the unique characteristics of transportation (and other infrastructure) networks define many aspects of the attacks, emergency response, and system protection. As such, the logic of defining both the problem and proposed policy solutions in terms of transportation, or in our case public transit, is clear.

But when crowds are the target, which is the case in many recent suicide bomb attacks, the logic of defining the problem and its solutions in terms of transportation is less clear. Airports, rail stations, and bus and ferry terminals all congregate large numbers of people in small, often enclosed, spaces. But such crowding is in no way unique to transportation stations and terminals. Skyscrapers, shopping malls, and major shows, concerts, and sporting events likewise congregate large numbers of people in small spaces--as do major celebrations (such as the 4th of July on the Mall in Washington, D.C.) and parades (such as the Tournament of Roses on New Year's Day). In such cases, even if it were possible to completely close and secure public transit systems, the potential venues for tragic and devastating attacks on large crowds of people would hardly be dented. Thus, while public transit systems may currently be a favored venue of terrorists in search of crowds to attack, one cannot assume that securing or eliminating crowds on public transit would in any way end or mitigate such attacks. Public assembly is a defining characteristic of free and open civil societies, and the consequences of closing, securing, or eliminating large gatherings of people reach well beyond the scope of this study or of the transportation sector.

Methodology

The study has gathered research data from numerous sources, including the following:

primary and secondary documents and archival information relating to terrorist incidents.

visits to sites of terrorist attacks in New York, London, Paris, Tokyo, and Madrid.

interviews with officials of transit agencies in these same cities.

interviews with officials from ministries of transport and federal transportation authorities in five countries (United States, England, France, Japan, Spain).

interviews with officials from two nongovernmental public interest groups, the American Public Transportation Association (APTA), based in Washington, D.C., and the International Union of Public Transport (UITP), based in Brussels.

a survey of 120 transit agencies in cities throughout the United States.

Layout of the Study

The study is composed of six sections. Following the introduction, the second section presents a comprehensive look at This research-literature review gives particular emphasis to design strategies. Drawing from two Mineta Transportation Institute reports, this section includes an overview of the history and chronology of terrorist attacks on railway systems, extending the inventory of terrorist attacks to 2004, and providing basic information about the medium of attack, the type of transit system attacked (heavy rail, commuter rail, light rail), and the impact of the attack (number of casualties).

The next section, See Securing Transit Systems in the Post-9/11 Era: A Survey of U.S. Transit Operators presents the results of a Web-based survey administered to 120 transit agencies in 108 cities in the United States. The survey assesses (1) how the threat of terrorism affects the transportation security decisions of agencies; (2) how such decisions have changed after the events of September 11, 2001; (3) how agencies effectively identify and assess vulnerabilities in their transportation systems; (4) what measures they are taking to increase transit security; and (5) the relative importance they place on different security strategies such as crime prevention through environmental design (CPTED), public education and user outreach, policing, and security hardware and technology.

Transit agencies do not operate in a policy vacuum. Their planning efforts against terrorism are determined largely by policies and funding allocations at the state and federal levels. The fourth section, See Institutional Responses to Increasing Transit Security Threats: Interviews with Key U.S. Stakeholders assesses the federal government's role in the security of urban rail transit in the United States. Drawing from interviews with officials in a number of federal agencies, this section discusses and analyzes initiatives taken by the Department of Homeland Security (DHS), the Federal Transit Administration (FTA), and the Federal Railroad Administration (FRA). The section also reports on interviews with officials from the American Public Transportation Association (APTA) and security personnel from Amtrak, the New York Metropolitan Transportation Authority (MTA), and the Port Authority of New York and New Jersey (PATH).

See Case Studies of Contemporary Terrorist Incidents the next section, draws from the literature and first-hand interviews with transit officials in five cities--London, New York, Tokyo, Paris, and Madrid--to present five case studies of contemporary terrorist incidents: (1) the terrorist attacks waged by the Irish Republican Army against the London Underground; (2) the Fulton Street Station fire bombing in New York; (3) the sarin chemical agent release by members of the Aum Shinrikyo cult on the Tokyo subway system; (4) the bombings on the Paris rail system by Algerian terrorists, and (5) the Al Qaeda attack on the Madrid subway. The case studies detail the incidents and discuss the emergency and long-term design and policy responses to them.

The last section, See Transit Security Strategies of International Agencies reports on interviews with transit officials from Paris, Tokyo, London, Madrid, and Brussels to better assess the role of transit system design and operation in both exacerbating and minimizing terrorist attacks. This section also compares transit security policies in different countries and elaborates the goals of the different international transit agencies, their security measures and strategies, and the challenges they face in securing their systems.

From the hundreds of pages of interview transcripts, survey results, and fieldwork notes, we distill twelve important lessons, which are summarized in the concluding section of this report.

Securing Urban Rail Transit Systems against Terrorism: A Review of the Literature

This section examines the current research literature on design and planning for terrorist attacks on urban rail systems. There is little dispute that urban rail transportation systems are uniquely attractive to those seeking to cause maximum disruption and harm. The Federal Bureau of Investigation (FBI) issues regular threat assessments that place transit, particularly rail transit, at the top of their list of likely targets.See Balog, Boyd, and Caton 2003. These systems are made vulnerable by the very qualities that make them invaluable to the functioning of our most populous and economically critical metropolitan cores: their ability to move large volumes of people predictably and reliably to a large number of locations in the heart of the metropolitan region.

Efficient transit systems require an openness that prevents agencies and governments from adopting many of the terrorism prevention strategies used in aviation.See Jenkins 1997. Additionally, those charged with protecting transit systems from terrorist attack are often challenged by the scale and interdependency of many of these systems, which can include miles and miles of track in addition to stations and rolling stock. Finally, while the threat of terror has loomed large in the public mind since the 2001 attacks on New York and Washington, D.C., attacks on transit occur rather rarely. This makes it difficult to justify cost or gauge the effectiveness of any particular strategy.See Jenkins 1997; United States General Accounting Office 2002 (a). Nevertheless, some very recent major terrorist attacks on railways in Madrid, Moscow, and London have raised major concerns about the vulnerability of mass transit systems.

In light of these complicating factors, it is not surprising that strategies to protect transit from terrorist attack historically have been reactive and ad hoc. Research in this area, consequently, has focused on policing, response, and rapid restoration of service. Only recently have researchers and transit systems turned their attention to long-range security planning that incorporates the terrorist threat.See Balog 2003; Balog, Boyd, and Caton 2003; Boyd and Sullivan 2000. The focus on guidelines to help management and develop procedures gives agencies tools to assess their needs and develop solutions in the context of their transit systems' unique configurations of threat, risk, and function. However, for information on specific measures and strategies, transit agencies must turn to other literatures provided by the building trades, the Federal Emergency Management Agency (FEMA), and the General Services Administration (GSA). Certainly, the diversity of transit systems and the uniqueness of each transit environment have frustrated efforts to develop comprehensive guidelines on specific security strategies and individual measures.

An ad hoc, reactive approach may have served urban rail transit in an era when the threat of terror was more diffuse and remote. Indeed, further research may reveal that a solid response and recovery program is transit's best defense. However, such research has not yet been done. Additionally, there has been far less investigation of how design may be employed to reduce the likelihood of attack and minimize the impact of attacks when they occur. Therefore, this review will pay particular attention to these longer-term design countermeasures.

Scope of the Literature

Research relevant to urban rail transit security consists of work in a number of disparate disciplines: risk assessment, transit safety planning, emergency response, crime prevention, urban design, and architecture. Materials include government guidelines, specifications and briefings from various federal and state agencies, best practice compendia, academic research, and industry and academic journals. With some notable exceptions, only very recently have researchers examined the threat of rail transit terrorism.See Jenkins 1997; United States General Accounting Office 1988. Late in 2003, the Federal Transit Administration (FTA) unveiled a Website devoted to transit security ( http://transit-safety.volpe.dot.gov/Security/Default.asp ), which assembles many of these varied threads. The Website is a valuable resource that makes available the FTA's publications on the subjects of safety, security, and emergency preparedness, but it also reveals gaps in the literature. Another task of this review will be to examine the utility and potential pitfalls of adapting strategies for addressing the problem of transit terrorism from nonterrorism and nontransit situations.

Case Studies and the History of Transit Terrorism

Curiously, much of the national policy literature that discusses terrorism generally does not dwell on transit terrorism.See The White House, Securing the Homeland, 2003 (b). In fact, most of the literature on transportation terrorism tends to focus on aviation and cargo, despite the fact that mass transit is clearly a target and carries more passengers annually than air transport. A 2000 article in Transportation Research News with the auspicious title "Transportation Security: Agenda for the 21st Century" made no mention of rail transit security issues.See Flynn 2000.

However, recent deadly attacks on subways in Moscow and Madrid, the impact of the events of September 11, 2001, on the transit systems of New York and Washington D.C., and the memory of terrorist attacks on subways in London, Tokyo, and Paris have heightened awareness of rail transit operators of the threat of terrorism. While the magnitude of the threat is the subject of some debate, there is no longer a question that terrorism poses a challenge to urban rail transit systems. Jenkins' research for the Mineta Transportation Institute, which presents a chronology of terrorist attacks on surface transportation systems from 1920 through 2000, concludes that terrorist attacks on transit targets worldwide have increased in frequency and lethality over the past 25 years.See Jenkins 1997. Nontransit events such as the Oklahoma City attack, the Olympic Park bombing in Atlanta, and the September 11, 2001, attack on the World Trade Center and the Pentagon, reveal that the United States is vulnerable to both domestic and international terrorism. Further, while transit systems in the United States have not been the targets of sustained terrorist campaigns, a majority of the agencies surveyed in a 1997 Transportation Research Board study had actually dealt with bomb threats in addition to a variety of other security threats.See Boyd and Sullivan 1997.

For transit operators, the consequences of large-scale violence, or even the threat of such violence, is too dire to allow us to justify debates over the strict definitions of terrorism. The FBI's official definition of terrorism is laid out in the Code of Federal Regulations as "a violent act or an act dangerous to human life, in violation of the criminal laws of the United States or of any state, to intimidate or coerce a government, the civilian population, or any segment thereof, in furtherance of political or social goals."See Federal Bureau of Investigation 1999, ii. The terrorist threat to transit is not limited to plots by international organizations. In fact, even in the United States, the vast majority of terrorist acts are carried out by domestic terrorists such as neo-Nazis, antiabortion extremists, right-wing antigovernment militants, and far-left environmentalists.See Ibid. Although urban rail transit has not been a primary target of such terrorists, the 1995 derailment of Amtrak's Sunset Limited by right-wing militants drew awareness to the possibility of such an attack. Because transit agencies are more concerned with effect, rather than motivation, they also analyze acts of "quasiterrorism," such as the 1994 Fulton Street firebombing in the New York City subway.See Boyd and Sullivan 1997. Bomb threats and acts of mass violence not intended to further political goals are no less crippling to a transit system than nominal terrorist acts.

Chronology

Jenkins and Gerston's research sheds light on the nature of the terrorist threat facing transit systems.See Jenkins 2001; Jenkins and Gerston 2001; Jenkins 1997. Their work--which examines both rail and bus transit--comprises three volumes presenting case studies, an extensive chronology, and an executive overview. The chronology includes more than 800 separate incidents of terrorist attacks and other "significant criminal incidents" involving public transportation, culled from news accounts, books, and databases compiled by the U.S government, the RAND Corporation, and the Kroll-O'Gara Company (see Appendix A). Roughly half of these incidents involved rail and half bus transit. Bombings are the most common mode of attack. Other tactics include ambushes and armed assaults, sabotage, hostage taking, and standoff attacks in which terrorists fire guns from a distance. The 1995 sarin attack on the Tokyo subway was the only incident of chemical or biological attack. However, the attack, which killed twelve people and injured thousands of others, has prompted many transit systems in the industrialized world to include such a scenario in their security planning.

Jenkins discerned a number of important trends in transit, which is thought to make up a third of all terrorist targets worldwide. The findings on the lethality of transit terrorism are disturbing. While only 20 percent of all terrorist incidents involve fatalities, 35 percent of the attacks reported in the 1997 document resulted in one or more deaths. In the 2001 document, the percent of fatal attacks rose to 43 percent. While Jenkins cautions that the data are difficult to compile comprehensively, the combined chronology results in a rate of lethality of 37 percent. Of the 641 incidents reported in the 1997 report, 80 percent involved more than one fatality and 30 percent more than ten. While transit terrorism has increased in the past 25 years, it remained stable during the 42 months between the 1997 and 2001 reports. Jenkins noted that changes in the reporting of terrorist acts may have been a factor.See Jenkins 1997.

The implications for the United States and comparable developed nations are less dire, however, than the numbers above would suggest. Two-thirds of attacks occur in countries with ongoing civil wars or terrorist campaigns. India, Pakistan, Cambodia, Angola, and Israel have suffered the greatest number of fatal attacks. Consideration of total attacks changes the rankings somewhat: Israel, India, the United Kingdom, Pakistan, and Egypt. As a reference to the magnitude, 493 people were killed in 54 incidents in India that occurred from 1920 to 1997. The median fatal incident involved four deaths, and the maximum was more than one hundred. In some sense, it would appear that terrorism on transit is analogous to crime on transit, in that transit crime generally reflects the level of crime of the larger urban area in which it is situated. Jenkins concluded that if such countries were left out of the analysis, the threat would look quite different. Attacks would be less lethal and predictable, and Japan and Germany would move to the top of the list.

Case Studies

Jenkins' 1997 Protecting Surface Transportation Systems and Patrons from Terrorist Activities details the experience of four transit systems that were targets of terrorism: the New York City Transit Authority (NYCTA), the Metropolitan Atlanta Rapid Transit Authority (MARTA), the Réseau Express Régional (RER) in Paris, and Amtrak's Sunset Limited. Jenkins' follow-up report, Protecting Public Surface Transportation Against Terrorism and Serious Crime: Continuing Research on Best Security Practices, documents London's experience with the IRA's seven-year bombing campaign, and the sarin attack on a Tokyo subway in March of 1995.See Jenkins and Gerston 2001. It also reviews the security strategies of greater San Francisco's Bay Area Rapid Transit District (BART) and the Valley Transportation Authority (VTA) in Silicon Valley. While these last two systems have not been the target of any terrorist threat, the authors hoped to shed light on levels of preparedness that may be more useful to the majority of transit agencies outside the largest urban areas. All the research was conducted prior to the 9/11 attacks of 2001.

To make comparison and future analysis easier, Jenkins and Gerston applied a consistent format to all eight of the case studies. The format included a description of the system, existing security elements, crisis management planning, liaisons with authorities, and an account of the immediate response to the threat or attack. Existing security elements described are threat assessment, organization and personnel, environmental design, technology, emergency communications, response, recovery, and the role of the public. Response elements included additional security measures put in place after the communication of threat or attack, emergency response, restoration of services, lessons learned, and problem areas. The applicability of these categories to each of the case studies varies, as does the depth to which they are discussed. However, the format allows the researchers to distill from them a number of "desirable attributes of security." Coordination with authorities is deemed to be most important, followed by dedicated security personnel, security technology, advanced planning, environmental design, communications, training, and public involvement.

In addition to Jenkins and Gerston's work, case studies are also available from other sources. The Federal Highway Administration offers a series of reports, Effects of Catastrophic Events on Transportation System Management, two of which deal with New York's and Washington's transportation response to the events of September 11, 2001.See Carter et al., 2002; DeBlasio et al., 2002. The New York report notes that, despite the significant damage to the PATH World Trade Center Station and the Cortland Street subway station, there were no transit-related injuries or deaths. Credit is given to the immediate activation of rehearsed emergency procedures by the transit agencies.

Finally, Whent's presentation, "Control of Public Space," to the American Public Transportation Association's 1999 annual conference, provides a particularly insightful case study of London's antiterror transit strategy.See Whent 1999, 9. The safety and security strategy employed by railway networks in England, Scotland, Wales, and throughout the London Underground, called "Control of Public Space," was developed in response to the seven-year bombing campaign carried out by the IRA from 1991 to 1998.

Over the course of the seven-year campaign, three people were killed and sixty-seven were injured. The system received 7,000 bomb threats, forty-nine of which resulted in actual detonations. In spite of this, the system was able to operate effectively, which Whent directly credits to the safety and security strategy. By 1994, three years after the initiation of the Control of Public Space strategy, no bombs were placed in railways stations. Although the IRA continued to issue bomb threats, service was disrupted for less than 1.8 percent of the called-in threats. Whent's rough estimate of the saving in economic damage was millions of pounds. He describes the concept of Control of Public Space as "one station stop before zero tolerance." Under this theory, data collection, as well as coordination among agencies and the public, helped to pinpoint concentrations of antisocial behavior where resources could be concentrated before the commission of any crime or bombing.

This is similar to New York's crime tracking and accountability CompStat program. Measurable performance indicators were developed at the outset and reviewed throughout the campaign. The first three of these goals were increasing passenger satisfaction, revenue, and the number of rail users. This is in line with the CPTED principle that security should first support the function of an environment, rather than be an end unto itself. Separating security from an environment's primary function increases the danger, particularly relevant to transit, that security measures themselves will exact too high a cost on the environment that the security strategy is attempting to protect. The next three goals were increasing arrests and the number of detected offenses, and decreasing the number of offenses reported. Among the other strategies that the scheme employed were removal of trash cans from stations, immediate removal of unsupervised packages, announcements and public notices on trains and stations, computer-assisted analysis of threats and bombings, contingency planning, regular searching of facilities, and extensive use of computer-assisted closed-circuit television (CCTV) systems.

Framework for Addressing Rail Transit Terrorism

The overall framework for conceptualizing rail transit security against terrorism has traditionally drawn on agencies' experience with safety, crime prevention, and emergency response.See Jenkins 1997. However, the threat of terrorism is differentiated from all these prior concerns. The type of security concerns transit agencies have confronted in the past, largely personal and property crimes, typically did not result in the need to mobilize a coordinated emergency response effort by the system as a whole. Natural disasters and safety failures were more likely to trigger such a response, but are not deliberate crimes. As the threat of terrorism increases, agencies are charged with incorporating elements of all three--safety, crime prevention, and emergency preparedness--into a comprehensive planning effort.

The transit industry began to formally address issues of emergency preparedness and security in the early 1990s with the development and implementation of the APTA Rail Safety Audit Program. Within the prescribed elements set out for system safety programs plans, were elements specifically noted for emergency preparedness and response and security. This standardized approach to system safety became imbedded in regulation by the FTA (49CFR/ Part 659). Subsequently, in a partnership between APTA, commuter railroads, and the FRA, a similar program, the Commuter Rail Safety Management Program (including elements pertaining to emergency response and preparedness and security) was implemented in 1996. An additional program for bus operations, known as the APTA Bus Safety Management Program, was introduced in 1997.

Initially, the process of planning for terrorist threats against transit targets involved three broad categories of consideration: prevention, response, and recovery.See Ibid.

Prevention includes design, technology, policing, and public education. In the open environment of a transit system, prevention may be too optimistic an expectation when faced with a determined attacker. In this case, a more accurate way to conceive of the security function of prevention is to consider strategies to detect the threat and deter or delay its realization. Policing, technology, and design strategies are all geared to these two functions. The response effort comprises planning for disaster, conducting drills, and designing to facilitate evacuation and minimize damage. Recovery planning focuses on rapid service restoration. By getting the system up and running to minimize disruption, transit agencies reduce the reward of the terrorist act. Within these three broad categories, the literature has given the most attention to response and policing strategies. They are logical first steps that are easily folded into existing programs that have long been in place to address more common incidences of crime and natural disasters. Given the cost of planning, design, and construction, system design responses tend to be or are limited in scale and ad hoc in nature. Often such strategies are sought in the immediate aftermath of an attack or in response to an immediate threat. For example, immediately following the 9/11 attacks, the Metropolitan Transportation Authority placed New Jersey barriers around the perimeter of Grand Central Station, and many systems removed trash bins from stations.

With a longer time horizon, transit operators must now identify what strategies are likely to be most useful given varying levels of threat, vulnerability, and value associated with a system and its components. The literature has begun to reflect this shift with a number of studies that seek to apply risk assessment methodologies used by the military, government agencies, and industry to the context of urban rail transit terrorism.^{See Abkowitz
2002; Federal Transit Administration 2003; Haimes 2002.} These frameworks come under the titles of "hazard analysis," "risk and threat assessment," and "systems approach." Given the diversity of transit systems' designs and needs for security, these frameworks give only general guidance on individual strategies. Rather, they provide procedures to support agency decision making around security.

The FTA first began to comprehensively address transit security related to crime with its 1983 publication, Transit Security: A Description of Problems and Countermeasures, by Mauri, Cooney, and Prowe.See Mauri, Cooney, and Prowe 1983. The report's findings are based on a literature review, site visits and interviews at thirteen transit systems, and contact with nontransit organizations with knowledge of security. The report uses the framework of the Federal Bureau of Investigation's Uniform Crime Reporting (UCR) Program, which provides categories and classifications for criminal acts. Terrorism and sabotage had not yet appeared on transit agencies' radar screens as a serious concern. Instead, the focus was on protecting passengers from individual violence and theft, and on protecting the system from vandalism and theft. When asked about situations involving bomb threats and terrorism, the agencies said they would rely on the police.

The most comprehensive of these frameworks applicable to urban rail transit is listed in the FTA's 2003 publication, Public Transportation System Security and Emergency Preparedness Planning Guide.See Balog, Boyd, and Caton 2003. The guide deals explicitly, but not exclusively, with terrorist threats against rail and bus transit. However, more frequently occurring crime and emergency responses to natural disasters are the basic justifications of these preparations. This is the FTA's main guidance on transit security and the first to marry crime prevention with emergency response. It advocates a systems approach that combines the practices of emergency response planning and criminal security planning. System security has been defined in previous documents as "the application of operating, technical, and management techniques and principles to the security aspects of a system throughout its life to reduce threats and vulnerabilities to the most practical level possible through the most effective use of resources."See Balog et al., 1994, xxix.

The current framework has refined the broad three-phase approach mentioned earlier to include five "Elements of Protection."See Balog et al., 2003. These elements include security planning, security management, emergency response, physical security and procedures, and threat and vulnerability resolution. The guide provides step-by-step procedures for threat and vulnerability resolution and security planning, necessary for implementation of the other three elements. While transit agencies must turn to other sources for more comprehensive guidance for the implementation of specific strategies, the guide does introduce available techniques for implementing security management, emergency response, and physical security measures.

The main component chapters provide detailed methods for developing a Security and Emergency Preparedness Program (SEPP). Under the federal State Safety Oversight Rule, thirty-two transit systems in nineteen states and the District of Columbia must have a SEPP in place. The directive that required the FTA to establish these rules was codified into the Federal Transit Act in 49 U.S. Code, section 5330. The final rule is codified in 49 CFR Part 659, and is referred to as the State Safety Oversight Rule or Part 659. The information on SEPP programs details how agencies develop internal management systems and external coordination systems with local law enforcement as well as state and federal agencies.

To support the development of a SEPP, the guide covers procedures for conducting capability assessments as well as threat and vulnerability assessments. A major goal of these assessments is to rationalize the process of providing security, making it more cost effective and sustainable. They are designed to enable transit operators to strike a balance between security needs and practices and available resources. A capabilities assessment is proposed as a way for transit operators to assess their current procedures and resources to reduce the threat of crime and terror; respond to incidents that do occur; protect passengers, personnel, and the system itself during emergencies; and assist the community in emergency response. A threat and vulnerability assessment is used to analyze the likelihood that a specific threat will occur. The five elements to be included in a threat and vulnerability assessment are asset analysis, target and threat identification, vulnerability assessment, consequence analysis, and countermeasure recommendation. The guide and the accompanying CD-ROM provide checklists to summarize the issues to be considered in all these assessments.

The final chapter of the guide offers an overview of available design and technology strategies to improve security, and briefly describes some of the crime prevention through environmental design (CPTED) and situational crime prevention (SCP) principles and design strategies commonly used in transportation environments: concentric security zones and spatial transitions, natural surveillance, access control, territorial behavior strategies, and good lighting. These principles will be discussed further in the next section.

The sequence of government publications leading up to the Public Transportation System Security and Emergency Preparedness Planning Guide illustrates just how recently terrorism has emerged as a major threat to the security of the U.S. transit environment. The 2003 guide builds on several previous government reports: Transit System Security Program Planning Guide by Balog, Schwarz, and Doyle, 1994; Perspectives on Transit Security in the 1990s by Boyd, Maier, and J. Kenney, 1996; Emergency Preparedness for Transit Terrorism by Boyd and Sullivan, 1997; and the Transit Security Handbook by Boyd, 1998. Terrorism is mentioned only in passing in both a 1994 guide by Balog, Schwartz, and Doyle, and in a 1996 survey by Boyd, Maier, and Kenny. However, by 1997, with Boyd and Sullivan's report, terrorism had become a serious enough concern to warrant its own Transit Cooperative Research Program Synthesis report.See Boyd and Sullivan 1997.

While the Transportation System Security and Emergency Preparedness Planning Guide and its predecessor documents are intended to assist established agencies in meeting state and federal requirements for system security and safety, the FTA also provides guidance for voluntary safety and security certification in the development of transit projects, both new starts and extensions. Handbook for Transit Safety and Security Certification was developed cooperatively by the FTA and the American Public Transportation Association.See Adduci, Boyd, and Caton 2002. Again, because of the diversity of transit systems, the role of this document is to provide agencies with an organizational and management framework that supports the decision making processes necessary to ensure that new projects are as safe, secure, and cost-effective as possible. Most systems engage in some form of self-certification procedure, but this document is intended to help them more fully integrate emerging safety and security considerations into those procedures. While the handbook does not include direct design guidance, it provides useful insight into the categories of design elements of transit projects for which safety and security are a major concern.

Designing for Security

Such frameworks provide useful tools for agencies seeking to define the overall scope of their antiterrorism efforts and enable them to begin to prioritize their approach. However, the strategies agencies choose will, by necessity, be specific to their situations and are beyond the scope of these guides. Designing for terrorism in transit has not received the same amount of attention as emergency management, response, and policing, and it can be difficult for a transit security manager to find comprehensive design guidance to suit his or her particular situation. It is incumbent on the security manager to seek out further guidance in other bodies of literature for these specific strategies, especially in the case of design. The lack of specific research and guidance for transit in this area is unfortunate. Security managers want to be assured that the design elements of their security strategy are effective and do not leave their passengers and personnel unnecessarily at risk. Additionally, as much as threats and acts of terrorism can have serious consequences for a transit system, security strategies themselves may also interfere with the operations of transit. This caution against unintended consequences has been raised numerous times in the general field of antiterrorism physical design.See Federal Emergency Management Agency 2003 (b); National Capital Planning Commission 2001; United States General Services Administration 1999.

There are several reasons why design has not been given much attention in the literature of transit terrorism security. The first is temporal. While the threat of terrorism is not entirely new, the degree of consideration has been minimal compared to other transit issues, such as safety and crime prevention. As late as 1988, the U.S. General Accounting Office (GAO, today known as the United States Government Accountability Office) reported that among the agencies in the seven cities they studied, "transit officials had no direct experience of terrorist incidents, perceived the likelihood of incidents to be remote, and had no antiterrorism programs."See United States General Accounting Office 1988, 3. In the 1990s, the first order of business in addressing the emerging threat was to put systems into place to deal with the consequences of an attack, and only now do agencies have the dubious luxury of an indefinite time horizon that necessitates and facilitates design consideration.

Second, the most vulnerable systems are by far the largest; the task of retrofitting security design is a daunting one. Jenkins and Gerston were careful to include a security criterion category, called "environmental design and construction features," for each of the eight case studies, so that they could compare each system's efforts. However, Savage of the New York City Transit Authority (NYCTA), interviewed in one of the case studies, notes that, "NYC Transit suffers from a disadvantage due to the sheer size of the system because its 468 stations were constructed over a span of 120 years. Security was not previously a major consideration in design and construction and the cost of systemwide remedial construction would be enormous."See Jenkins 1997, 40.

Further reading on the NYCTA case does, in fact, show that the agency takes design into consideration. For example, a security task force from NYCTA visited England, Italy, France, and Japan, to study those systems' experiences with terrorism.See Savage 1996. The agency implemented the task force's management suggestions, such as the establishment of ventilation procedures, but held off on the resulting design recommendations. Changes to station layout were considered infeasible, again, due to the scale of the system. Additionally, a recommendation to remove trash receptacles from stations was thought to be counterproductive. The heightened risk of track fires resulting from trash buildup was considered more dire than the perceived-as-remote risk of a bomb being placed in a trash can. Thus, the decision not to implement security measures can be as important as the decision to move forward with such measures.

A third reason for the limited attention design has received is that, as one author notes in a recent issue of Passenger Transport, "Preparedness is the best defense" against terrorism.See Gaier 2004. The expense of capital construction for physical security and the potential for such measures to be counterproductive in the transit environment may suggest that other alternatives take priority. This is coupled with the sense that in an era of suicide bombing, security is illusory and there is no defense against a determined terrorist.See Jenkins 1997; United States General Services Administration 1999. In other words, the best hope for transit is to minimize disruption by having a very organized response and recovery strategy.

However, such a pragmatic, fatalist view ignores actual and potential roles that design plays in security planning for individual crimes and terrorism. Most terror experts call for "layering" protective strategies so that no single strategy is responsible for the entire system, and the failure of one layer does not necessarily jeopardize the security of the system overall.See American Institute of Architects 2003; Federal Emergency Management Agency 2003 (c); Federal Transit Administration 2003 (a); Gaier 2004. Physical security and design dictate the location of system components and the layers of security encompassing them. Further, on a conceptual level, design is itself one of these many layers of security strategies, along with policing and response planning. Even if the consensus is that good policing is the best defense against terrorism and effective emergency response the best way to minimize the effect of terrorism, design serves the important function of ensuring that those primary resources are fully utilized.See Whent 1999. In this light, the task of minimizing opportunities for crime and terrorism through design becomes critical.

Design Strategies

Security design involves two areas of facility design: the spatial layout of transit facilities, and the structural design of buildings, track, and rolling stock. Since very little has been written that is directly applicable to transit vehicles and stations, the most useful guidance in the area of designing for antiterror security comes mainly from the building trades. The GSA, in its capacity as the federal government's landlord, and FEMA provide excellent advice and specifications for building antiterror security in the areas of target hardening, fire safety, blast resistance, and situational crime prevention strategies (SCP) such as crime prevention through environmental design (CPTED).See Federal Emergency Management Agency 2003 (b), 2003 (c); United States General Services Administration 1999, 2003. The American Institute of Architects (AIA) offers guidance through its 2003 publication, Security Planning and Design: A Guide for Architects and Building Design Professionals.See American Institute of Architects 2003. Additionally, the latest edition of Architectural Graphic Standards includes a chapter on design criteria for security against terror.See Atlas 2002.

Academia has provided a number of case studies and best practice guidelines that list strategies employed by selected transit operators.See Jenkins 1997, Jenkins and Gerston 2001. At least one state, Florida, through the work of the Center for Urban Transportation Research at the University of South Florida in 2001, has developed a list of recommended design measures in its own antiterror analysis.

Environmental Design

The important role that environmental design plays in reducing or supporting crime in the transit environment is well documented.See Felson 1996; LaVigne 1996, 1997; Loukaitou-Sideris et al., 2002, 135-151; Loukaitou-Sideris et al., 2001, 255-280. According to Felson and LaVigne, the Washington Metropolitan Area Transit Authority (WMATA or Metro) and the Port Authority Bus Terminal are classic examples of success stories of applied security design against crime in rail transit environments.See Felson 1996; LaVigne 1996, 1997. In each case, environmental design shares the credit for increased security with strategic policing, strict maintenance procedures, and "zero tolerance" policies in enforcing rules and regulations. However, the applicability of these successes to terrorist threat must be viewed cautiously. Effective design against crime will not necessarily provide sufficient protection against terrorist threats because there are significant differences between criminals' motivations and the effects of the crimes they seek to commit and those of terrorists.

CPTED and SCP are both aimed at reducing opportunities for specific types of crime, particularly in public or semiprivate environments. The goal of CPTED is to influence the social and physical use of space through environmental design that discourages antisocial and criminal behavior.See Crowe and Zahm 1994, 22-27; Newman 1972.

The main CPTED principles are natural surveillance, natural access control, and territorial reinforcement. Natural surveillance refers to the use of building design and layout to increase the ability of legitimate users and security personnel to observe activity. Clear sight lines have the effect of increasing visibility of users and limiting opportunities for hidden activities.See Clarke 1983; Crowe 1991. Natural access control is achieved by using building elements to limit or channel access to the facility; for example, allowing for only one entrance into a facility and providing an extended "standoff distance" between the building and the street. Territorial reinforcement strategies encourage desired users to take "ownership" of certain spaces under the theory that people pay more attention to their surroundings if they are invested in that space. These strategies concentrate public uses and amenities to increase the likelihood that improper use of the space will not be tolerated by the critical mass of legitimate users. Situational crime prevention takes CPTED one further step by incorporating design strategies with strategic management policy and policing functions.See Clarke 1983, 1995.

LeVigne, Clarke, and Felson are each very careful to note that the successes recorded in their work are evidence of one of CPTED and SCP's fundamental principles: that management procedures and the environment be tailored to highly specific crime problems.See LaVigne 1996, 1997; Clarke 1983, 1995; Felson 1996. Balog, Boyd, and Caton also make note of this in their work.See Balog, Boyd, and Caton 2003. The type of designs prescribed for individual crimes relies on well established theories of criminal behavior, motivation, and individual perceptions of risk and reward. However, criminals seeking personal gain will necessarily have very different motivations than those seeking to cause maximum destruction to further a social or political goal. Even on a purely theoretical level, the direct application of measures that have been successful in reducing the threat of crime will not necessarily prove successful against the terrorist threat. For example, LaVigne (1996) notes that CCTV cameras are mounted in very visible locations in the WMATA stations to alert would-be criminals that they are being watched.

The cameras alone appear to be enough to deter offenders, as LaVigne quotes former D.C. Metro Transit Police Chief Angus MacLean as saying, "The cameras mainly serve a psychological purpose because they read out at the station manager's kiosk and often no one is there."See LaVigne 1996, 163-198. It is easy to see where "dummy" cameras and similar devices might not be as effective in deterring a bomber with a different psychological relationship to the risk of being caught. For CPTED to work against the threat of terror, its strategies must be tailored to the motivations and behaviors of terrorists.

The applicability of crime prevention design strategies to the threat of terrorism has not been adequately addressed in the literature. Many sources simply extrapolate the CPTED approach from crime prevention to terrorism prevention. This makes sense where security tactics share common goals, such as in access control and surveillance. However, relying only on successful crime prevention strategies to address the terrorist threat ignores important distinctions in mode, motivation, and magnitude.

In its recent publications on designing buildings against terrorist attack, FEMA takes a more nuanced approach: "In cases where CPTED techniques conflict with security principles, designers should seek innovative solutions tailored to the unique situation."See Federal Emergency Management Agency 2003 (b), 2-61. The authors note that many antiterror design strategies are similar to those prescribed under CPTED principles. For example, using the principle of natural surveillance to limit opportunities to conceal illicit acts is similar to the common antiterror approach of eliminating spaces where an attacker could conceal an explosive. However, they also discuss the possibility that individual crime prevention strategies can conflict with the goals of designing for the threat of an explosive attack. They offer the example of the location of parking facilities. CPTED principles would suggest that a parking lot be located in a place that facilitates casual monitoring by the building's occupants and visitors. However, allowing vehicles too close to the building may increase its vulnerability to a car or truck bomb.See Ibid. Some design elements credited with combating crime can, in fact, become liabilities in the event of an incendiary attack. Both LaVigne and Boyd note the role of trash cans on WMATA's station platforms in maintaining a clean environment in which crime is not tolerated.See Boyd 1998; LaVigne 1996. This may be a good strategy in transit systems with low risk of terrorist attack as trash cans and recycling bins are important passenger amenities. However, Jenkins' chronology reveals trash cans to be a favorite delivery device for terrorist bombings in transit stations.See Jenkins 1997. In response to this threat, the Metropolitan Atlanta Rapid Transit Authority (MARTA) switched from conventional to bomb-resistant trash cans at busy stations during the 1996 Olympics.See Ibid. Other high-risk systems, especially those with underground stations, have removed or sealed their trash cans entirely. Such stations have maintained their standard of cleanliness by adopting a "pack it in/pack it out" policy similar to many state parks, and increasing maintenance rounds.

The use of glass as a design element is particularly problematic in the event of a bombing, but it is cited in many documents dealing with designing out crime in the transit environment.See Felson 1996; LaVigne 1996; Myhre and Rosso 1996. Glass serves an important security function when it enhances formal and informal surveillance by bringing in natural light, providing a sense of openness, and enhancing visibility. In Felson's study of the Port Authority's efforts to bring crime under control in the mid-1990's, a glass-walled café in the Port Authority Bus terminal affords ample opportunity for casual surveillance of a once isolated area.See Felson 1996. Glass is also featured extensively in the security strategies of a proposed subway station in Paris.See Myhre and Rosso 1996. In this case, glass skylights bring in natural light and glass barriers along the platform prevent accidental falls and pushings.

However, when ruptured by a bomb blast, glass can be extremely hazardous. In its book, Security Planning and Design, the AIA offers this gentle caution: "Glass fragments generated during failure are extremely hazardous to building occupants and, if not properly designed, can cause mass casualties when propelled at high speeds into occupied spaces."See American Institute of Architects 2003.

This is not the end of glass, because there are several ways in which it can be made safer, including heat treating and laminating. The AIA book also notes that even if blast resistance is the only consideration (leaving aside aesthetics and building performance), decisions about glazing depend on many factors, from the level of the bomb threat to the integrity of the frame, and the blast load on the facility itself. This caution should serve not as a prohibition against the use of glass in transit station design. Rather, it is an illustration of the tensions among the design requirements of traditional crime security, antiterror security, and aesthetics.

In spite of the hazards inherent in applying crime prevention design strategies directly to the threat of terrorism, the many guiding principles and lessons of CPTED can inform antiterror security strategies. This is especially true in an environment as public and open as transit, where the theories of CPTED can be a valuable countervailing force against traditional target-hardening measures, which can interfere with an agency's mandate to provide efficient public transportation at minimal cost. A goal of CPTED is to provide security while emphasizing the objectives of the organization, rather than focusing solely on target hardening.See Crowe and Zahm 1994. But for design to play a role in securing transit against terrorism, security planners and designers must first understand the nature of the threats posed by criminals who seek large-scale destruction of life and property. Then, they must select among the most effective strategies for each specific threat, according to an evaluation of each measure's tangible and intangible costs and benefits. At the very least, the effects of successful anticrime strategies must be decomposed to see what elements of these anticrime measures would work against the specific requirements of security under the threat of terrorism.

Understanding the Threat to the Physical Environment

To better understand the nature of the threat of terrorism in terms of modes of attack and effects of those attacks on transit's physical structures, planners can turn to the growing body of literature provided by the building trades, the military, and the federal government. Fortunately, the effects of manmade disasters, as well as their mitigations, are well documented and familiar to the emergency management community. One of the more accessible discussions of the current state of the practice is found in FEMA's 2003 publication, Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings. A second 2003 FEMA publication, titled Integrating Manmade Hazards into Mitigation Planning, is part of a series of "how to" guides for communities and states.

In Integrating Manmade Hazards into Mitigation Planning, FEMA provides a set of "Event Profiles for Terrorism" that planners can use to familiarize themselves with the various modes of attack, the extent of their effects, and any mitigating or exacerbating conditions. The list includes attack modes relevant to the transit environment such as conventional bombs or improvised explosive devices, and chemical, biological, or radiological agents. In addition, the guide provides a list of "Terrorism and Technological Hazard Mitigation Actions," which they caution "is by no means exhaustive or definitive; rather, it is intended as a point of departure for identifying potential mitigation techniques and strategies in your community or state." With the foregoing caveat, the recommended actions range from "implement crime prevention through environmental design (CPTED)" and "eliminate potential site access through utility tunnels, corridors, manholes, etc." to "create blast-resistant exterior envelope."See Federal Emergency Management Agency 2003 (a), 3-4. Because the guide is intended for those without specific expertise in antiterrorism security, it does not discuss the degree of effectiveness of these measures in mitigating specific threats.

Even more specific guidance is provided by FEMA's Reference Manual to Mitigate Potential Terrorist Attacks Against Buildings. Just as security design against terror builds on the detection and deterrence functions of anticrime security design measures, FEMA's reports build on its experience in mitigating against natural disasters. As an example of this synthesis, they note that their recommendations for hurricane window design also apply to bomb blasts. However, they are careful to note where a natural hazards approach may be deficient.See Federal Emergency Management Agency 2003 (c). For example, mitigating natural hazards does not require the same attention to access control and surveillance.

The reference manual begins with a threat and hazard analysis methodology similar to those recently developed for transit. Part of this methodology includes an extensive "Building Vulnerability Assessment Checklist" borrowed from the Veterans Administration. The checklist is composed of questions designed to determine the vulnerability of specific elements of the building's design and operation. The questions relate to thirteen categories of building design and operations, many of which are applicable to the transit environment: site, architecture, structural systems, building envelope, utility systems, mechanical systems (heating, ventilation, and air conditioning), plumbing and gas systems, electrical systems, fire alarm systems, communications and information technology (IT) systems, equipment operations and maintenance, security systems, and security master plan. Similar assessment checklists are widely available, including one recently developed specifically for transit systems on behalf of the FTA.See Balog, Boyd, and Caton 2003. FEMA's checklist is unique, however, in that each question is associated with specific guidance and a reference to another guide. For example, question 1.3 asks, "In dense, urban areas, does curb lane parking allow uncontrolled vehicles to park unacceptably close to a building in public rights-of-way?" In response, the guidance offers:

Where distance from the building to the nearest curb provides insufficient setback, restrict parking in the curb lane. For typical city streets, this may require negotiating to close the curb lane. Setback is common terminology for the distance between a building and its associated roadway or parking. It is analogous to stand-off between a vehicle bomb and the building. The benefit per foot of increased stand-off between a potential vehicle bomb and a building is very high when close to a building and decreases rapidly as the distance increases.See Federal Emergency Management Agency 2003 (c), 1-49

This is followed by a reference to a publication providing more detailed guidance: General Services Administration's Facilities Standards for the Public Buildings Service, published in 2003.See Tu 2003.

Security is traditionally addressed from the outside in, from the building's site perimeter to the building envelope and, finally, the interior. FEMA's guide devotes a great deal of its report to site selection and site design criteria, which, they note, have limited applicability to dense urban settings. Nonetheless, FEMA does present the potential of urban design to negotiate the tensions among security, aesthetics, and primary use of space around the building's perimeter. Where similar guides have recommended against the use of bus shelters because they can hide illicit activity from view, FEMA simply suggests that they be designed to enhance surveillance. Also unique to this report is its explicit caution against the interference of security measures with pedestrian traffic flow and a reminder that "the design of bollards, fences, light posts, and other streetscape and landscape elements should form an urban ensemble that helps to create a sense of unity and character."See Federal Emergency Management Agency 2003 (c), 2-19. The guide's extensive discussion of considerations in the use and placement of bollards and planters is particularly useful to designing secure perimeters for urban rail transit stations. Parking presents a particular challenge to urban rail transit security because the danger of vehicle bombs demands more stand-off distance between parking and the station than is generally feasible. FEMA suggests that planners be creative and offers a sampling of design, operations, and engineering measures for parking near high-risk facilities.See Federal Emergency Management Agency 2003 (c). Finally, the individual measures discussed throughout the site design chapter are listed and ranked according to their level of cost, effort, and protection. Those same measures are then correlated in a table with specific threats from vehicular bombs to airborne contamination.

Although bombs and other incendiary devices appear to pose the most likely threat to transit systems, there is no specific guidance for the design of rolling stock in relation to the terrorist threat.See Boyd and Sullivan 1997. However, there are two guides available that address fire safety: 1992's Fire Safety Countermeasures for Urban Rail Vehicles by Hathaway, Baker, and Moussa, and Recommended Fire Safety Practices for Rail Transit Materials Selection, from the Urban Mass Transportation Administration, 1984. Both reports assume only accidental ignition. The goal of the fire safety countermeasures prescribed in the reports is to prevent fires from starting, slow down or contain fires if they do start, and evacuate passengers as quickly as possible. The 1992 document focuses on all aspects of fire safety: fire prevention, early detection, fire hardening, and passenger evacuation. The shorter 1984 document recommends fire safety tests for materials used in rail transit--from undercarriage components to seat cushions. Similarly, Fire Safety Countermeasures for Urban Rail Vehicles focuses on replacement components and construction materials of rail cars, rather than the fundamental components such as motors and switches.See Hathaway, Baker, and Moussa 1992. The 1992 report details the major characteristics of rail transit vehicle equipment, the types of fire problems that are likely to occur, and selected countermeasures against fire. In addition, potential research and development opportunities are highlighted. While certainly this is useful in suppressing the devastating secondary effects of fire from a blast, the guide provides no information on the specific effects and countermeasures for blast hazards on rail cars.

Bombs are not the only threat to transit, and terrorists have not historically limited themselves to one mode of attack. The sarin attack in Tokyo in 1995 alerted security managers to the threat of chemical and biological agents. There is a considerable body of research and literature on the behavior of chemical and biological agents in buildings, and mitigations including those by FEMA and Mead and Gressel. However, chemical and biological agents released in moving trains have a different impact from those released in buildings. Therefore, this literature may be of limited use in the transit environment. Fortunately, the potential of a chemical or biological attack on subways has been given serious attention since the Tokyo gas attacks.

Much of the guidance that arose out of that event relates to the emergency response and management functions necessary to reduce the harm done in the event of the release of a chemical or biological agent.See Balog, Boyd, and Caton 2003; Gordon 2000, 5-10; Policastro and Gordon 1999. Policastro and Gordon have documented prospective technologies appropriate for the subway environment. Given the limitations of current automated detection technologies, they note that rapid containment and response are the keys to limiting casualties in the event of a chemical or biological release in a subway system. The need to contain or vent a released chemical or biological agent is determined by the properties of a specific agent. But without highly sensitive detection technologies, subway operators will not likely know the nature of the release in order to make the critical containment/vent decision. Therefore, Poliocastro and Gordon recommend a default policy of immediate containment of the "plume" by stopping the movement of the trains and delaying the activation of emergency fire and smoke fans.See Policastro and Gordon 1999.

They also discuss the system design factors that act to spread or contain a release, noting that moving trains push contaminated air throughout the station, into adjacent stations, and out through any street level vents in a piston effect. Because subway system design factors are assumed to be fixed, they recommend that response strategies be tailored to the design of each track section (for example, single versus multiple tracks). Technologies that detect chemical or biological releases and automate part of the response are receiving an increasing amount of research and testing support because response time is so critical in reducing casualties from an attack. WMATA has plans to pilot test chemical detection equipment in twelve stations as part of the Department of Energy's PROTECTS (Program for Response Options and Technology Enhancements for Chemical/Biological Terrorism in Subways) program.See United States General Accounting Office 2002 (a).

Challenges to the Security Paradigm

As noted in the introduction, transit presents several unique challenges to the security paradigm as it has historically been applied in other theaters such as aviation and federal buildings. In this section, three major challenges as they are presented throughout the literature of transit terrorism will be discussed.

Dual-Use

Given the existing demands placed on transit systems, and the limited resources with which transit operators execute their most basic functions, efficiency and effectiveness must play a large role in any comprehensive approach to security against terrorism. Several articles advocate for a dual-use approach to transportation security that would protect transportation systems against terrorism, while at the same time helping agencies meet their other transportation goals, that is, safety and efficiency.See On the Road to Transportation Security 2003; Morgan and Abramson 2000. In fact, this dual-use approach has been consistent throughout the literature. Transit security for terrorism is considered at once a new problem and an extrapolation of the general problem of transit crime and system safety.See Improving Surface Transportation Security 1999. Some, but not all, of the approaches for securing the system against terrorism will necessarily secure it against general crime and safety. Another reason for approaching transit security from this angle is that it has been historically difficult to justify the expenditures needed for securing a system against terrorism, given the low real incidence of terrorism and the variability of threat levels. Complementary strategies that address other transit goals, in addition to security against terrorist attack, are more likely to receive funding and support.See Morgan and Abramson 2000, Jenkins 1997.

The case studies have suggested that while preparation and planning for terrorism are key, it does not need to be all encompassing to be effective in the event of an attack. More limited efforts that focus on mundane crimes and smaller-scale emergencies such as power outages, technical failures, or natural occurrences have been shown to be as effective in the event of a major catastrophe:

Advance emergency preparations were the backbone of New York City's response on September 11. Representatives of several transportation agencies noted that documented and practiced emergency response procedures could never have accommodated a catastrophic event with such widespread impacts. But it is clear that practicing and preparing for less-significant emergencies did, in fact, help transportation agencies manage and adapt on September 11.See DeBlasio et al., 2002, 48.

In other words, marathoners do not prepare for running a marathon by running 26.2 miles regularly. Doing so would be too taxing and leave them without the resources to perform effectively in daily life and in competition. On the day of the marathon, however, the months of shorter workouts carry them to the finish line.

The promise of dual-use strategies can easily be overstated. However, the consequences of an actual attack, rare as it is, may be too dire to risk ill-conceived measures. The fact that a strategy has a secondary benefit does not eliminate the need to question the assumptions about the applicability of nonterror strategies to the transit terror arena. Similarly, transit agencies must be aware of the danger of being swept up in the search for security so they do not waste resources on what some might call a solution looking for a problem.See Gaier 2004.

Evaluating Costs

The Federal Transit Administration asserts, "Security and emergency preparedness must be accountable for their return on their investment".See Balog, Boyd, and Caton 2003. This is, however, easier said than done. Transit agencies have figured out how to quantify the economic impact of crime on their systems, both in terms of loss of life and property as well as revenue lost from passengers choosing other modes.

Transit crime has both financial and social costs. The financial costs, directly borne by the systems themselves, but indirectly passed on to patrons and taxpayers through higher fares and higher taxes, reductions in the frequency and quality of service, and higher government subsidies, can be divided into two categories: the increased financial burden of operating the system and the reduction of revenues collected. The social costs are borne by both patrons who suffer from reduced security in the system and nonpatrons who contend with congestion outside the system as potential passengers concerned about a lack of security turn to other forms of transportation.See Mauri, Cooney, and Prowe 1983. There is no such economic measurement for the threat of rail transit terrorism. However, establishing such measurements will be a key task for the security and transit communities.

There is now a need to address the threat more critically and comprehensively so that transit security strategies themselves do not, in the long term, cripple transit agencies' ability to fulfill their critical role of providing mobility in urban centers. This alarm has been raised in terms of the mismatch between the level of preparedness that the Department of Homeland Security calls for and the funding available to local governments and transit agencies to meet these calls.See United States General Accounting Office 2002 (b). Peter Guerrero, director of physical infrastructure issues at the Government Accountability Office, notes, "Every time the administration raises the security threat level, the private sector and local governments are forced to divert resources from such things as maintenance and safety."See Weinstock 2003.

The diversion of funds from maintenance and safety is not the only concern transit agencies have in balancing the need for antiterrorism security with other transit goals. As transit security becomes more comprehensive and layered, there arises the potential that these security strategies conflict with agencies' primary purpose: to provide accessible, convenient, and affordable transportation for daily users.See Gaier 2004; United States General Accounting Office 1988. For example, one countermeasure for arson is the removal of shelters and benches.See Boyd, Maier, and Kenney 1996. Indeed, many transit operators have done just that. However, there is no analysis of the cost of such measures to riders and system ridership.

The effect of these dangers in approaching security extends beyond the transit system to our environment and the functioning of our economy. Transit agencies struggle to compete with the private automobile to alleviate the consequences of worsening congestion and air pollution. To meet these demands, they must provide convenience, attractiveness, and affordability above and beyond what is offered by private transport. If security measures add too much delay or cost, or make the trip unpleasant, the cost is borne by the transit operator, the economy, and the environment in the form of increased dependence on private vehicles. FEMA's recent guidance on mitigating manmade disasters provides this cautionary note:

While many benefits can be achieved through implementing mitigation actions, planners should be sensitive to potential negative impacts as well. For example, altering traffic patterns may increase commute times and distances, and reducing on-street parking may impact retail activity. Such considerations can be pivotal in determining the feasibility, viability, and potential for success of mitigation planning initiatives.See Federal Emergency Management Agency 2003 (c), 3-6.

In the past, transit agencies have addressed this challenge implicitly by showing a preference for dealing with transit terror in ways that do not affect operations, such as response planning and policing. However, in the post-9/11 era, the need to assure the public that more is being done has generated calls for a comprehensive approach, which ensures security but also preserves transit's goals for ridership.

The goals of safety, security, and efficiency in transit operation are not fully compatible. Two documents discuss the impact of security measures on the functioning of transit. The first is transit specific, but does not consider terrorism, while the second deals with antiterror measures on urban design. In "Target Hardening at a New York City Subway Station: Decreased Fare Evasion--At What Price?" Weidner questions New York City Transit's (NYCTA) efforts to thwart fare evaders with high wheel turnstiles. He raises the issue of whether the benefits of reduced fare evasion outweighed the creation of a "prison-like" environment.See Weidner 1996. The NYCTA has since installed these turnstiles in hundreds of stations, with no negative effect on ridership or change in the rate of crime.See Ridership actually boomed in the late 1990s as a result of the city's growing economy and the introduction of automated reduced farecards. However, Weidner raises an important question about the nature of the costs security can impose on transit systems.

Similarly, the National Capital Planning Commission's (NCPC) 2001 publication, Designing for Security in the Nation's Capital , considers the effects of public security measures on the urban design goals of Washington's Monumental Core. "Even before the 1995 bombing in Oklahoma City, Washington's streets and public spaces had become an unsightly jumble of fences and barriers... The National Capital reflects the spirit of America, but today in Washington we look like a nation in fear."See National Capital Planning Commission 2001, i.

While urban design in this case has a much different function than the more workaday goal of transit to move people to their destinations, the NCPC report, like the Weidner article, can help practitioners frame some of the nonquantitative concerns and costs and compromises that arise when planning for security. The General Services Administration's symposium on security and the design of public buildings, "Balancing Security and Openness," carries these questions further by examining the effects of designing for security on the character of America's public buildings. The report provides insight into the tensions between the need of U.S. federal buildings for security and the need of the public for openness in government.See United States General Services Administration 1999. "Balancing Security and Openness" might as well be the title of a transit security symposium. However, in the case of transit, openness is a fixed condition of the system and not subject to questions of balance.

Evaluating Effectiveness

The available frameworks help systems assess their relative risk and vulnerability to terrorism in an effort to ensure that their security efforts match their financial and institutional capabilities. However, there has been no formal evaluation of the effectiveness or cost of individual security strategies in the transit environment. Much of what has been presented in the guidelines is extrapolated from best practices for dealing with nonterrorist threats. In part, this is due to the fact that concrete measures of effectiveness against incidents as rare as terrorist attacks are elusive, if not impossible. Jenkins notes:

Because terrorist threats are not easily quantifiable, it is difficult to determine the "right" level of security. Using cost-benefit analysis as the sole criterion to determine the level of security is not very helpful. The risk of death to any individual citizen from terrorism is minuscule, making it difficult to argue for any security measure on the grounds that it will save lives. Since the threat of terrorism is murky and security measures are costly, it is hard to justify the expenditures before an attack.See Jenkins 1997, 2.

The fields of building science and disaster response have extensive experience in quantifying the physical effects of individual natural and manmade hazards on buildings, and designing to prevent catastrophic failure. In the case of natural hazards, researchers can draw on extensive historical data to quantify the economic risk and mitigate accordingly.See Federal Emergency Management Agency 2003 (b), 2003 (c). Likewise, crime prevention efforts have begun to rely extensively on historical data to target resources efficiently and analyze the effectiveness of their efforts. Thankfully, attacks on U.S. urban rail systems are rare enough that no equivalent databases are available for such analysis. Evaluation of the effectiveness of specific security measures in deterring terrorists must be more qualitative and theoretical.

At least one researcher has taken the time to ask the question, "Is there a difference between designing for crime and designing for terrorism?" Atlas contends that "attack from criminal behavior or attack from terrorist activity only reflect a change in the level and types of threats. The process and challenges are the same."See Randall Atlas, "Is There a Difference in Designing for Crime or Terrorism?" CPTED Training Convention, 1999. He provides a very thorough and informative list of established CPTED strategies that may address terrorist threats. A comparison of the current practices against crime with those of London's successful antiterror security strategies should give some confidence to security managers of the applicability of current crime control measures to the emerging terror threat. The integrated approach of London's antiterror strategy, "Control of Public Space," is very similar to the "systems approach" to traditional transit crime advocated by the FTA. Boyd, Maier, and Kenny present crime data and security practices of nine transit agencies around the country. They find that most agencies employ a combination of personnel deployment, system design and technology, data collection, and training, operating, and management practices. The study lists security measures used by these agencies in addressing twenty-eight different types of crime, including terrorism. However, it was beyond the scope of the study to provide fine-grained analysis of the cost, consequences, and efficacy of the individual measures.

While a level of compatibility between strategies against crime and terrorism may exist, CPTED relies heavily on a thorough understanding of criminal motivation and behavior. Therefore, a change in the level and type of threat is a very significant alteration of practice for which some established CPTED strategies may not be entirely suited. Balog warns, "Solution for a particular crime in a particular situation, will not necessarily work for all types of crime."See Balog, Boyd, and Caton 2003, 112. It certainly seems logical that many design strategies that reduce the opportunity for crime may also reduce the opportunity for terrorist activities. Still, the application of such strategies to terrorism in the transit environment deserves more critical analysis of the mode, motivation, and effect of terrorist actions against transit. It would be especially useful to think through the differences in motivation, evaluation of risk, and tactics between "ordinary" criminals who are out for their personal gain and terrorists whose goals are political.

Despite the lack of definitive evaluative research, an outline of best practices has emerged from the collective recent experience of rail transit terrorism, which suggests that coordination and response planning, assisted by technologies such as CCTV, are the best tools transit agencies have. Training police, transit employees, contractors, and the public to watch for suspicious activity supports a thorough response capability. Environmental design ensures that policing resources are used efficiently by making surveillance easier and reducing opportunities for terrorism (for example, eliminating places where bombs can be hidden, or erecting antiram bollards). Engineering blast resistance into existing transit facilities may be too costly for the level of threat faced by even the most vulnerable transit systems, but more modest structural improvements to glazing or light fixtures could be part of a system's strategy. The threat of terrorism is no longer a political anomaly, but one of the challenges facing urban rail transit systems and public infrastructure as a whole. It is too grave a threat to pass up the possible protection that these strategies afford urban rail transit.

Securing Transit Systems in the Post-9/11 Era: A Survey of U.S. Transit Operators

Overview

When the September 11, 2001, attacks destroyed parts of the New York City transit system and the March 11, 2004, commuter rail bombings did the same in Madrid, Spain, the vulnerability of open, accessible public transit systems and their passengers to terrorist acts was cast in sharp relief. Well prior to these attacks, research on terrorism and public transit had shown public transit systems worldwide to be a principal venue for terrorist acts.

Most previous research on transit terrorism has consisted of single or groups of case studies of major terrorist acts and responses to them by police and transit managers. Case studies are especially useful when "how" or "why" questions are being posed, when the investigator has little control over events, and when the focus is on a contemporary phenomenon within some real-life context.See Yin 2003. Despite these advantages, case studies are limited, in that they are not necessarily representative and thus may not reflect the conditions or trends facing the transit industry more broadly. Thus, one cannot generalize from the findings of case studies (though in practice, researchers often do). This is an especially relevant issue in the study of U.S. transit systems, because they vary so dramatically in size--from thousands of vehicles and millions of daily passengers, to just a handful of vehicles carrying dozens of daily passengers. As potential targets of terrorist acts, these systems, and their stations and vehicles, are likewise dissimilar.

In contrast to case studies, aggregated analyses of data drawn from a representative sample of the population (in this case, larger U.S. transit operators) are generalizable and allow researchers to draw conclusions about the population under study.See Singleton et al., 1988. However, more generalized, aggregated studies of the security experiences and practices of transit systems have been much less common. In the United States, just two such aggregate studies of transit system security have been published in recent years.

In a 1997 Transit Cooperative Research Program report, Boyd and Sullivan reported on a survey of forty-two transit managers regarding experiences with terrorist acts, perceptions of risks, and interagency coordination in planning for transit security. They found that terrorist acts against transit systems were on the rise in the United States and worldwide, that transit agencies--particularly those operating rail service--were perceived by respondents to be at great risk for attack, and that coordinated efforts to both deter and respond to terrorist acts were on the rise but not yet commonplace.

Following the September 11, 2001, attacks, Congress asked the Government Accountability Office (GAO) to consider what role the federal government should play in helping public transit operators reduce both the likelihood and impacts of terrorist attacks on transit systems in the United States.See United States General Accounting Office 2002 (b). Part of this research included a mid-2002 survey of officials at 155 transit systems in the United States. The survey focused on security planning and preparation efforts, interagency and intergovernmental transit security coordination efforts, and perceptions of obstacles to more effective security planning. Perhaps not surprisingly, a principal finding of the 2002 GAO report was that transit system managers surveyed cited increased funding as the most important role the federal government could play in assisting transit systems with security planning.

The findings of these two surveys, which are discussed in more detail in the pages that follow, contributed significantly to our understanding of the experiences with, perceptions about, and preparation for terrorist threats to U.S. transit systems. While the 1997 Boyd and Sullivan survey was of a relatively small sample of transit systems (60 systems surveyed, 42 responded), it provides a snapshot of transit systems when concerns over terrorist threats were just beginning to wax for many transit managers. The 2002 GAO report surveyed many more transit systems (200 surveyed, 155 responded) about six months after the September 11, 2001, attacks, a time when transit managers (and, of course, their passengers) had a heightened awareness of terrorist threats, but before many new plans, programs, and procedures could be put into place. While both surveys devote considerable attention to bureaucratic, policing, and emergency response issues, they largely ignore the role of system design for transit security.

The survey reported on here complements and extends the findings of these two surveys in several ways. First, by surveying transit managers in the late spring and early summer of 2004, the survey findings provide a profile of experiences, perceptions, and actions nearly three years after the September 11, 2001, attacks that made security a top priority among U.S. transit operators, and just after the largest single terrorist attack directed toward transit (in Madrid, Spain), which further heightened concerns over transit security. This allows us to examine the degree to which post-9/11 attention, initiatives, and mandates have been integrated into transit planning practice.

Second, this research expands on these earlier studies by surveying respondents' attitudes toward, and efforts in, four distinct areas of transit security planning: (1) policing, (2) security hardware/technology, (3) public education/user outreach, and (4) environmental design strategies. The latter two of these approaches have received considerable attention in research on personal and property crime on transit systems, but far less in transit security research.

Finally, while previous research on transit system vulnerability has focused on transit systems operating one or more rail modes, less attention has been paid to systems that use or manage indoor bus and ferry terminals. Like rail transit stations, terminals--such as the Port Authority Bus Terminal in Manhattan, or the TransBay Bus Terminal in downtown San Francisco--host tens of thousands of weekday passengers in enclosed spaces vulnerable to terrorist attacks. While we separately evaluate rail and nonrail transit systems, we include data on the experiences and perceptions of transit system managers responsible for enclosed bus and ferry terminals as well.

Description of Survey

During the spring of 2004, hard copy and electronic letters describing our research and soliciting participation in a survey were sent to the general managers of all 259 U.S. transit agencies that, according to the National Transit Database maintained by the Federal Transit Administration, operate at least 50 vehicles in peak period service. This ranged from a high of 9,136 vehicles at MTA-New York City Transit, to a low of 50 vehicles at South Bend Public Transportation Corporation in South Bend, Indiana; Bay Metropolitan Transportation Authority in Bay City, Michigan; and Escambia County Area Transit in Pensacola, Florida. The letter asked each general manager to designate the appropriate person or persons to complete an on-line survey. In the case of smaller systems, this was often the general manager himself or herself, and in larger systems this was most often (but not always) the director of policing or security. We assume in this analysis that the general manager was in the best position to determine who should complete the survey, so we do not parse our analysis to analyze responses by different types of respondents. The survey instrument was designed to allow respondents the flexibility to complete the survey over the course of several interactive sessions before submitting a completed survey. Respondents from 113 transit agencies completed some or all of the survey questions (44 percent of the 259 agencies contacted).See While there were 119 individual responses to the survey, six agencies had multiple respondents. Since the agency was considered our unit of analysis for this study, only one completed response per agency was included, for a total sample size of 113. See System Size Comparison compares the resulting sample to the population with respect to the number of vehicles operated during peak period service. The sample is somewhat underrepresented with respect to smaller systems.

System Size Comparison

Transportation systems from 108 cities in 40 different states are represented in the sample. California has the highest number of responses with 22, followed by Florida (8), and Washington (7). Almost half (45 percent) of the respondents identified their title as something associated with security; 28 percent had titles associated with management; 13 percent were associated with operations or maintenance; and 14 percent reported various other titles (a complete categorization of titles is presented in Appendix B).

Most (80 percent) of the systems analyzed here operate more than one transit mode. Fifty-nine systems (or about half--52 percent--of the entire sample) operate bus and paratransit only. One-fourth (twenty-eight) of the systems operate rail service;See This includes the Minneapolis Metro Transit system, which opened its first light rail line in July 2004. twenty-three of these systems are multimodal operations, while five systems operate rail service only. Fifty-two of the fifty-nine nonrail systems (which were drawn from the largest such systems in the country) report that they operate service out of at least one enclosed bus terminal or multimodal transfer facility; these fifty-two systems represent 46 percent of all respondents. Systems operating rail service or that operate out of an enclosed bus terminal or multimodal facility (n = 80) responded to a more extensive set of questions than did the nonrail, nonenclosed terminal systems. Table 1 shows the percent of systems analyzed operating each of the specified transit modes.

System Travel Modes
Mode	# of Systems	% of Systems
Commuter Rail	9	8%
Heavy Rail	7	6%
Light Rail	18	16%
Bus	104	92%
Ferry	10	9%
Paratransit	91	80%
Other 8	13	11%

The range of responding agencies' services is broad. For example, the Massachusetts Bay Transportation Authority reported operating all modes of transit listed in See System Travel Modes, while the Dallas Area Rapid Transit, New Jersey Transit, and the Southeastern Pennsylvania Transportation Authority operate commuter and light rail as well as bus and paratransit service. The Greater Cleveland Regional Transit Authority (GCRTA) system in Cleveland operates heavy and light rail plus bus and paratransit, while the King County Metro Transit system offers light rail, bus, ferry, and paratransit.

Three-fourths of the twenty-eight systems with rail service modes operate out of multiple types of stations. All but two systems have some or all at-grade stations, and about 60 percent have elevated and/or below-ground/subway type stations (see See Rail Station Types). Respondents were asked to identify the busiest station in the system and the year it was built. The oldest station in the sample is South Station Rapid in Boston, which was built in 1899. Most of the stations for which year-of-construction data were provided were built since 1970. See Busiest U.S. Rail Systems lists the twenty rail transit systems that provided information on the age of their busiest station.

Rail Station Types
Type	# of Systems	% of Systems
Elevated	16	57%
Below-ground/subway	16	57%
At grade	26	93%
Don't know	1	4%
More than one type	21	75%

Busiest U.S. Rail Systems
Agency	Headquarters	Station	Year Built
Massachusetts Bay Transportation Authority	Boston	South Station Rapid	1899
Southeastern Pennsylvania Transportation Authority	Philadelphia	Suburban Station	1920
Metrolink	Los Angeles	Union Station	1939
New Jersey Transit	Newark	Penn Station, New York	1965
San Francisco Bay Area Rapid Transit District	Oakland	Embarcadero	1971
Washington Metropolitan Area Transit Authority	Washington, D.C.	Metro Center	1976
San Diego Trolley Inc.	San Diego	San Ysidro	1980
Metro. Atlanta Rapid Transit Authority	Atlanta	Five Points	1980
Niagara Frontier Transportation Authority	Buffalo	University Station	1984
Tri-County Metropolitan Transit District	Portland	Rose Quarter	1985
Sacramento Regional Transit	Sacramento	St. Rose of Lima Station	1987
Santa Clara Valley Transportation Authority	San Jose	Tamien	1987
GCRTA	Cleveland	Tower City	1987
Virginia Railway Express	Alexandria	L'Enfant	1991
Regional Transportation District	Denver	I-25/Broadway	1994
Dallas Area Rapid Transit	Dallas	West End	1996
Montebello Bus Lines	Montebello, CA	Montebello/Commerce	1998
Memphis Area Transit Authority	Memphis	North End Terminal	1998
Utah Transit Authority	Salt Lake	Sandy Civic	1999
Port Authority Trans-Hudson	Jersey City	World Trade Center Station	Reopened 2003

Incidents and Perceived Threats

Substantive security incidents on United States transit systems are rare, but not unprecedented. Respondents were asked about the occurrence of various types of security incidents and the frequency of such incidents over the past decade. The results of this query track very closely with those reported in 2002 by the United States Government Accountability Office (2002), suggesting some reliability in the results. Agencies with rail systems (n = 28, or 25 percent of respondents) or that operate out of an enclosed bus terminal or multimodal transfer station (n = 52, or 46 percent of respondents) were asked about possible terrorist incidents experienced on their systems. Of these eighty systems queried, there were sixty-eight valid responses. A total of twenty-eight agencies reported experiencing some sort of incident; twelve of these were rail transit systems, and sixteen were nonrail operators. Counts of different types of incidents experienced are shown in See Incidents Experienced by Systems. Use of arson/incendiary devices on a system was the most common type of incident recorded. The "Other" category included reports by two systems of suspicious packages that were identified but turned out to be false alarms, a bomb threat, two knife attacks, a shooting with no victims, theft of a radio system, hazardous materials contamination on a bus, and a case of rail-track tampering. Details on these incidents are summarized in See Description of Security Incidents and See Description of Other Security Incidents.

Incidents Experienced by Systems

Description of Security Incidents
Type of Incident	System Has Rail	No. of Incidents in Last Decade	Year of Most Recent Incident	Location of Incident	Description of Incident
Identification of explosive device on system	No	1	2002	Bus Stop	Pipe bomb placed in trash can was located and destroyed.
	Yes	1	2002	Vehicle	Suspicious package on bus removed from vehicle.
	Yes	< 12		Station	Pipe bomb found on rail transit platform.
Detonation of explosive device on system	No	1	2003	Vehicle	Explosive device detonated by juveniles on a bus.
Detonation of explosive device on system	No	1	2004	Station	Soda bottle bomb was detonated on a bus at main transfer point injuring one passenger.
Use of arson/incendiary devices on system	No	3-4	2003	Vehicle	Juveniles playing with matches ignited various things.
	No	Several	Yearly	Vehicle/Bus Stop	Arson vandalism by juveniles.
	No		2003	Bus Stop Shelter	Juvenile lit a bus stop shelter on fire.
	No	1-2		Station	Fire started in restroom trash container.
	Yes	120	2004	Station/Vehicle	Intentional lighting of newspapers to make a fire.
	Yes	3	2002	Bus/Train	Five buses destroyed by fire and three more damaged.
					Rail car seat set on fire.
	Yes	1	2002	Vehicle	Fire intentionally started on floor of vehicle.
Chemical or biological contaminant	No	1	2003	Vehicle	Suspect sprayed pepper or mace on board.
Chemical or biological contaminant	Yes	20	2002-03	Vehicle	White powder anthrax scare.
Vehicle hijacking	No		2002	Vehicle	Intoxicated male assaulted driver and attempted to leave using vehicle.
	No	1	1988	Vehicle	Passenger wanted to go to a city where the bus did not go. No other passengers were on board.
	No	1	1994	Vehicle	Passenger who said he had a gun demanded to be taken to the airport. He was arrested there.
	Yes	1	2004	Vehicle	Passenger took control of bus when it started back to the location where he boarded.
Hostage/barricade situation	No	1	2003	Vehicle	Armed suspect boarded a bus. Shots were exchanged with no injuries and suspect captured.
	No	1-2	2004	Vehicle	Passenger told driver he had a bomb strapped to his chest. Police were notified by silent alarm. There was no bomb.
	Yes			Station	Incident at rail station handled by local law enforcement.
	Yes	2	1999	Vehicle	Mentally disturbed persons threatening to harm others.
	Yes	1		Bus Terminal	Man barricaded in coffee shop threatening to kill himself. Surrendered after negotiations with police.
Employee Sabotage	No	several	2004	Vehicle/Bus Garage	Miscellaneous instances.
	No		2003	Maintenance Facility	Sabotaged oil on several revenue and support vehicles.
	No		2003	Vehicle/Bus Garage	Removal of microphones; damage to cameras.
	No			Station	Disabled buses.
	Yes	1	1985	Building	Employee drove stolen vehicle into administration building.
Breach of computer/software systems	No	several dozen	2004	Vehicle	Sabotaging digital cameras and/or audio devices.
	No		2004	Other	Systems infected with computer viruses.
	Yes	1	2003	Computer	Accidental hacking caused brief shutdown of operations.
Shooting incident with multiple victims	No	1	2002	Vehicle	Male passenger boarded bus with shotgun and shot another passenger and himself.
	No	1		Other	North Hollywood shoot out.
	Yes	1	1996	Station	Gang members shot other gang members in stairwell at entrance to the station.
	Yes	1	1994	Station	Subject shot two or three passengers at station.
	Yes			Maintenance Facility	Disgruntled employee went to work and started shooting.

Description of Other Security Incidents
Type of Incident	System Has Rail	No. of Incidents in Last Decade	Year of Most Recent Incident	Location of Incident	Description of Incident
Other	No	2-3	2002	Vehicle	Passenger told bus driver he had left a bomb on rear seat and ran away.
	No	2	2004	Outside Vehicle	Vehicle windows shot out while traveling on road.
	No	3	2004	Multi-Modal Transfer Center	Suspicious bag left on bench. Terminal evacuated until bomb squad determined it was not a bomb.
	No	2	2000	Vehicle	Chemicals for methamphetamine production released accidentally.
	No	1	2004	Vehicle	Radio stolen from service vehicle and vehicle set on fire.
	No	1	2004	Vehicle	One passenger stabbed another after verbal altercation.
	Yes	1	2003	Tracks	Track jacked up and boulder placed under track.
	Yes		2004	Vehicle	Operator shot by estranged husband.
	Yes	2	2001	Station	Two planes hit the WTC Towers causing a collapse onto station.
	Yes	< 10	2004	Vehicle	Male climbed through bus window and robbed driver.

Sixteen agencies indicated that they had received one or more of what respondents believed to be credible threats (for example, bomb, chemical, biological, fire attacks) in the last year. Most of these (fourteen of the sixteen) had received from one to four threats. Two other very large rail operators reported large numbers of threats; one cited thirty-one credible threats in the past year, and the other twelve.

In addition to providing information on actual threats and attacks, respondents were also asked about their perceptions of vulnerabilities. While one could argue that these survey respondents (who were designated by each system's general manager as the person at that agency who is most knowledgeable about transit security issues) are in perhaps the best position of anyone to offer vulnerability assessments, such perceptions should probably be treated more as informed speculation than concrete assessments of vulnerability. What is most clear from responses to these questions, however, is that transit systems are, by their very nature, perceived by system managers as very vulnerable to terrorist attacks. Of respondents who expressed opinions on vulnerability, only in the case of paratransit did fewer than 60 percent of the respondents rank a transit mode or system component as somewhat or very vulnerable. Overall, rail modes were perceived by respondents to be the most vulnerable (see See Vulnerability of System Modes to Attack), though these findings are based on relatively few responses.See Only respondents from systems with a rail mode were asked to rate its vulnerability, giving sample sizes of n = 5, 8, and 15 respectively for the three modes. Finally, respondents collectively did not assign much difference in vulnerability ratings of various system components (See Vulnerability of System Components).

Vulnerability of System Modes to Attack
Mode	Don't Know	Not Vulnerable	Somewhat Vulnerable	Very Vulnerable	n
Heavy rail	-	-	20%	80%	5
Commuter rail	12%	-	25%	63%	8
Light rail	13%	-	27%	60%	15
Bus	6%	19%	29%	45%	97
Other	18%	18%	27%	36%	11
Paratransit	7%	41%	27%	26%	83
Ferry	22%	19%	44%	22%	9

Vulnerability of Sy stem Components
Component	Don't Know	Not Vulnerable	Somewhat Vulnerable	Very Vulnerable	n
Tracks and rail lines	8%	15%	11%	66%	26
Rail stations	12%	14%	11%	63%	27
Bridges/tunnels	4%	8%	26%	62%	38
Multimodal terminals (bus and rail)	11%	10%	23%	56%	50
Vehicles	6%	10%	32%	52%	67

Given this overview of actual and perceived security threats on our sample of U.S. transit systems, our analysis now looks at the security planning efforts of these same systems.

Threat and Vulnerability Assessments

Of the 113 agencies represented in the sample, 85 percent indicated that they have conducted some level of threat and vulnerability assessment of key system infrastructure. Agencies with rail were much more likely to conduct a comprehensive assessment than other agencies. This is a significant increase over the 54 percent reported by respondents to the 2002 GAO survey. Almost half (46 percent) of the agencies with rail have conducted a comprehensive security assessment, compared to only about 13 percent of agencies without rail (see See Conducted Threat and Vulnerability Assessments).See Difference is significant at the 0.0005 level. Most transit agencies without rail have conducted security assessments, but they are more likely to be described by respondents as moderate or partial assessments, rather than comprehensive. Considering only transportation systems without rail, we find little difference with respect to assessment practices between those with a multimodal transfer or enclosed bus terminal and those without.

Conducted Threat and Vulnerability Assessments
Level of Assessment	# of Systems	% of Systems	Cumulative%
ALL Systems
YES, Comprehensive	24	21%	21%
YES, Moderate	38	34%	55%
YES, Partial	34	30%	85%
NO	11	10%	95%
Don't Know	6	5%	100%
TOTAL	113	100%
Systems with Rail
YES, Comprehensive	13	46%	46%
YES, Moderate	11	39%	86%
YES, Partial	1	4%	89%
NO	2	7%	96%
Don't Know	1	4%	100%
TOTAL	28	100%
Systems without Rail
Systems with Multimodal Transfer or Enclosed Bus Terminal
YES, Comprehensive	7	13%	13%
YES, Moderate	15	29%	42%
YES, Partial	19	37%	79%
NO	7	13%	92%
Don't Know	4	8%	100%
TOTAL	52	100%
Other Systems
YES, Comprehensive	4	12%	12%
YES, Moderate	12	36%	48%
YES, Partial	14	42%	91%
NO	2	6%	97%
Don't Know	1	3%	100%
TOTAL	33	100%

Among those systems that have not conducted security assessments, the primary reasons given for not doing so were lack of resources (n = 5) or the fact that services were contracted to an outside agency ( n = 3). Four agencies indicated that they were in the process of planning an assessment at the time of the survey, while one respondent stated simply that his/her agency was not a "high-value target."

Thirty-five agencies report conducting assessments at least once a year, while twenty-eight agencies report conducting assessments every two or three years (see See Frequency of Assessment). The remaining agencies report no regular policy regarding frequency, but rather conduct assessments as deemed necessary. Seventy percent of agencies conducting assessments had done so in the last two years (see See Year of Most Recent Assessment). In general, the reported frequency of such assessments is substantially higher than was reported in the GAO survey just two years earlier. There was not a significant difference in the timing of assessments between agencies that operate rail and those that do not.

Frequency of Assessment
Frequency	# of Systems	% of Systems	Cumulative%
More than once a year	8	8%	8%
Once a year	27	28%	36%
Once every 2 years	19	20%	56%
Once every 3 years	9	9%	66%
Other	23	24%	90%
Don't Know	10	10%	100%
TOTAL	96	100%

Year of Most Recent Assessment
Year	# of Systems	% of Systems	Cumulative%
1999	2	2%	2%
2001	7	7%	9%
2002	16	17%	26%
2003	36	38%	64%
2004	32	33%	97%
Don't Know	3	3%	100%
TOTAL	96	100%

The most common purposes reported for the most recent threat and vulnerability assessment conducted were to assess terrorism-related vulnerabilities (80 percent of systems) and crime-related vulnerabilities (70 percent of systems). Only 38 percent of the systems used the process to assess natural disaster-related vulnerabilities (see See Purpose of Assessment), which contrasts significantly from the 85 percent reported in the 2002 GAO survey. Other purposes mentioned were to assist in developing a security plan and to help prioritize security enhancements for implementation. All but one of the systems with rail (96 percent) mentioned terrorism as a purpose of the assessment as compared to three-fourths of systems without rail.See Difference is significant at the 0.05 level Systems without rail were somewhat more likely to have conducted a crime or natural disaster assessment than systems with rail (though the observed differences were not statistically significant). Further, among systems without rail there were essentially no differences in the stated purposes of the assessments between systems that operated a multimodal transfer or enclosed bus terminal and those that did not.

Purpose of Assessment
Purpose	All Systems		Systems with Rail		Systems without Rail
	# of Systems	% of Systems	# of Systems	% of Systems	# of Systems	% of Systems
Assess terrorism-related vulnerabilities	78	80%	24	92%	54	76%
Assess crime-related vulnerabilities	68	70%	16	62%	52	73%
Assess natural disaster-related vulnerabilities	37	38%	8	31%	29	41%
Other	4	4%	1	4%	3	4%
Don't Know	2	2%	0	0%	2	3%
More than one purpose	67	69%	17	65%	50	70%
Total systems conducting assessment	96		25		71

Identifying effective security and technology procedures and supporting decision making at the executive level were the most prevalent uses of the threat and vulnerability assessment results reported (see See Use of Assessment). Almost all systems with rail have multiple uses for the assessment results, and are much more likely to use the assessment for the specific uses listed in the survey than are systems without rail. For example, 58 percent of systems with rail use the assessment results to apply for Urban Area Security Initiative grants as compared to only 6 percent of systems without rail. In See Use of Assessment, we do see that there are some differences in use of assessment between systems operating an enclosed bus terminal/multimodal transfer and those without.

Use of Asse ssment
Use of Results	All Systems		Systems with Rail		Systems without Rail
	# of Systems	% of Systems	# of Systems	% of Systems	# of Systems	% of Systems
Identify effective security technology & procedures	79	81%	23	88%	56	79%
Support decision making at the executive level	67	69%	22	85%	45	63%
Support preparation of budgets	56	58%	17	65%	39	55%
Fulfill requirements of System Security Program Plan and/or State Safety Oversight Program	55	57%	18	69%	37	52%
Support FTA's security outreach & technical assistance program	37	38%	18	69%	19	27%
Apply for Urban Area Security Initiative grants	19	20%	15	58%	4	6%
Other	3	3%	2	8%	1	1%
Have not used results yet	4	4%	0	0%	4	6%
Don't know	1	1%	0	0%	1	1%
More than one use	82	85%	24	92%	58	82%
Total systems conducting assessment	96		25		71

Use of Assessment

About one-third of the agencies without rail reported using an in-house team to conduct their threat and vulnerability assessments, while only 12 percent of systems with rail conducted such assessments in-house. Systems with rail were more likely to use a combination of groups to conduct the assessment, primarily made up of an in-house team along with contracted security consultants (see See Who Conducted Assessment?). Systems without rail were twice as likely to use the sheriff's or police department (about one-third) than systems with rail (16 percent). The most common "other" group mentioned was assistance from the FTA (listed by nine agencies).

Who Conducted Assessment?
Who Conducted Assessment?	All Systems		Systems with Rail		Systems with Multimodal Transfer or Enclosed Station		Systems with Neither
	# of Systems	% of Systems	# of Systems	% of Systems	# of Systems	% of Systems	# of Systems	% of Systems
In-house team	64	67%	15	60%	29	71%	20	67%
Contracted security consultants	28	29%	14	56%	7	17%	7	23%
Sheriff's or police department	26	27%	4	16%	13	32%	9	30%
Other	26	27%	8	32%	10	24%	8	27%
Contracted other consultants	5	5%	2	8%	2	5%	1	3%
Don't know
More than one group	41	43%	13	52%	18	44%	10	33%
Total systems conducting assessment	96		25		41		30

Security Strategies

Respondents were asked about their views on the importance of each of four distinct security strategies, and whether these views had changed since September 11, 2001. The four strategies are:

policing.

security hardware/technology.

public education/user outreach.

environmental design strategies.

The percentage of respondents who believe that all four of these strategies are central to security planning more than doubled after 9/11 (see See Importance of Strategies in Security Planning: Policing through See Importance of Strategies in Security Planning: Environmental Design). Both before and after 9/11, however, policing was considered the most central strategy, followed by security hardware and technology. Neither public education and user outreach, nor environmental design strategies, were given much importance by respondents before 9/11. Following 9/11, however, respondents from over half of the agencies said that these factors had become significant and even central parts of security planning. While attention to security increased for all types of transit agencies following 9/11, all four of the strategies analyzed here (policing, technology, outreach, and design) were considered more significant or central to security planning for agencies with rail than for agencies without.

Importance of Strategies in Security Planning: Policing

Importance of Strategies in Security Planning: Education & User Outreach

Importance of Strategies in Security Planning: Security Hardware/Technology

Importance of Strategies in Security Planning: Environmental Design

Before 9/11, respondents from agencies with rail were much more likely to have considered policing significant or central to security planning than were those from agencies without rail (see See Strategies Considered Central or Significant in Security Planning). Following 9/11, however, respondents from all types of agencies thought policing to be a significant or central strategy. Environmental design strategies were also considered by respondents from agencies with rail to be a more significant part of security planning, both before and after 9/11. Given that operators of rail systems are likely to be responsible for securing many rail stations and miles of rail rights-of-way, this result is not surprising. By contrast, nonrail operators of enclosed stations or terminals typically operate just one or few such stations and are not responsible for securing the streets and sea lanes on which their vehicles operate.

Strategies Considered Central or Significant in Security Planning

When asked about specific changes in security strategies after 9/11, many respondents reported that increased resources (for example, funding) were now devoted to policing strategies. For some agencies this entailed the development of a new in-house police or security force; in other cases, where police forces were already in place, the number of police or security officers increased. Specifically, many respondents reported having a greater public police presence with greater attention paid to increased public visibility of police officers and security guards. In addition, many respondents reported increased coordination with local law enforcement, as well as increased employee awareness training regarding the vulnerabilities of systems to terrorism.

Following 9/11, agencies have tended to look for new ways to engage passengers on security issues. A number of agencies have implemented a Transit Watch program, which engages the public as additional security "eyes" and "ears." Others have sought to increase public awareness of security issues through posters, pamphlets, Web pages, and regular newsletters.

The most common change in security hardware/technology strategies reported after 9/11 is the increased use of surveillance cameras both on vehicles and at stations. Also, more electronically controlled access points have been implemented.

Finally, respondents reported greater awareness of, and attention to, crime prevention through environmental design (CPTED) strategies after 9/11. While awareness of CPTED strategies was high, fewer agencies reported actually implementing CPTED strategies after 9/11. Such a result is not surprising, however, because while strategies like policing and public outreach are operational and amenable to short-term adjustments, changes in the design or rehabilitation of capital facilities to reflect security concerns is a longer-term and more incremental enterprise. Accordingly, most respondents report that their agencies intend to incorporate CPTED strategies into future facility designs.

Prior to 9/11, transit system security planning focused far more on personal and property crime than on acts of terrorism. While efforts to address crime and terrorism are frequently complementary, they are not always one and the same. When asked how they tend to consider antiterrorism and anticrime strategies, most respondents reported viewing the strategies as either hand in hand (46 percent) or partly overlapping (41 percent). Across all agency types, only a few respondents, however, reported that anticrime and antiterrorism strategies were largely separate from one another (see See Antiterrorism Versus Anticrime Strategies).

Antiterrorism Versus Anticrime Strategies
Agency Opinion	All Systems		Systems with Rail		Systems with Multimodal Transfer or Enclosed Station		Systems with Neither
	# of Systems	% of Systems	# of Systems	% of Systems	# of Systems	% of Systems	# of Systems	% of Systems
Completely separate from one another	8	7%	1	4%	6	12%	1	3%
Partly overlap one another	44	41%	13	46%	20	41%	11	35%
Considered hand in hand	50	46%	13	46%	19	39%	18	58%
Don't know	6	6%	1	4%	4	8%	1	3%
Total systems	108	100%	28	100%	49	100%	31	100%

Policing Strategies

Respondents were asked how policing is provided at their transit system. The survey instrument offered five possibilities, plus an "other" category:

sworn transit law enforcement.

nonsworn transit police (private security).

contracted local police.

dedicated bureau of local law enforcement.

no formal security; rely exclusively on local law enforcement.

About half (47 percent) of the agencies use just one policing strategy; this total includes 19 percent that have no formal security and rely exclusively on local law enforcement (see See Agencies' Reliance on Policing Strategies). The remaining agencies use a combination of policing options, with nonsworn transit police the most common. Over half of the agencies use nonsworn police for all (10 percent) or part (43 percent) of their policing activities. The least-used policing option is a dedicated bureau of local law enforcement--only 7 percent of agencies rely completely or partially on this strategy.

Agencies' Reliance on Policing Strategies
Policing Strategy	% of Agencies
	Use Exclusively	Use as Part of Overall Strategy	Total
Sworn transit law enforcement	10%	19%	29%
Nonsworn transit police	10%	43%	53%
Contracted local police	4%	24%	28%
Dedicated bureau of local law enforcement	4%	3%	7%
Rely exclusively on local law enforcement	19%	14%	33%
Other strategy	0%	19%	19%
Total	47%

When comparing 2002 GAO survey results to our 2004 survey, we find the percentage of systems relying on regular local law enforcement (33 percent in 2002 and 33 percent in 2004) or with a contract or dedicated arrangement with local law enforcement (34 percent in 2002 and 35 percent in 2004) was essentially the same. However, our 2004 survey found significantly higher shares of transit operators with an in-house transit police department of sworn officers (8 percent in the 2002 GAO survey and 29 percent in our 2004 survey) and using contracted nonsworn transit security (35 percent in 2002 and 53 percent in 2004). While these differences might reflect random variation or bias in one or both of the two samples, the questions posed in these two surveys were similar enough to suggest that, in the three years since 9/11, the proportion of transit agencies with in-house police/security services has increased significantly.See The 2002 GAO survey asked, "Who provides security for your transit property? (Check all that apply)," while our survey asked respondents to differentiate exclusive reliance on a strategy from the use of multiple strategies.

Systems with rail were more likely to rely on sworn transit police than systems without; 64 percent of agencies with rail used sworn transit police for at least half of policing, compared to only 10 percent of agencies without rail. In contrast, systems without rail service were twice as likely to rely heavily on nonsworn police than systems with rail; 37 percent of systems without rail use nonsworn police for over half of their policing, compared to 18 percent of systems with rail. These differences are statistically significant at the 0.05 level.

Eighty-one percent of the respondents provided us with information on the number of full-time equivalent security/police personnel contracted for or employed by the agency. The numbers ranged from zero to 1,500 (at the Port Authority Trans-Hudson headquartered in Jersey City, and with responsibilities for three airports and the New York seaports in addition to the PATH trains and stations). Just over one-fourth (27 percent) of the respondents were from agencies with no in-house or contract security personnel. Sixteen agencies--all of which have rail--employ or contract for over fifty security personnel, and seven of these agencies have over one hundred. Thirty-four percent of the agencies have between one and ten security personnel and 20 percent between ten and fifty (see Figure 9).

Full-Time Equivalent Security/Police Personnel

Regarding perceptions of effectiveness in addressing terrorist threats, policing strategies were ranked high by respondents. Policing was ranked by 84 percent of respondents as "very" or "somewhat" effective in preparing for terrorist attacks. This percentage is even higher (93 percent) for agencies with rail; 39 percent of respondents from agencies with rail consider policing strategies to be very effective, while 54 percent consider them to be somewhat effective. By comparison, only 24 percent of agencies without rail find policing strategies very effective and 57 percent find them somewhat effective--a total of 81 percent.

Security and Hardware Technology Strategies

In this era of rapidly evolving and extensively deploying information and communication technologies both inside and outside of the transit industry, it should come as no surprise that transit agencies are turning to technology to support increased security efforts. The most extensively used security hardware technologies in our sample were personnel radio communications systems, used extensively by over 90 percent of all agencies--both with rail and without. The only other technology hardware used extensively by over half the agencies is emergency alert/notification systems on transit vehicles, which are used extensively by almost 70 percent of agencies. Public address systems and closed-circuit cameras are used to some degree by most agencies (see Figure 10), while electronic access control, emergency telephones, and GPS locators are used to some degree by about half the agencies. There was little use of the other security-related hardware and technologies asked about in our survey, such as tunnel intruder detection systems, explosives detection equipment, and chemical/biological sensors.

Security Hardware Technologies/Strategies Employed by Agencies

Systems with rail are more than twice as likely to make extensive use of electronic access control and emergency telephones than systems without rail, and are somewhat more likely to make extensive use of public address systems, closed-circuit cameras, and GPS locators than systems without rail (see Figure 11).

Extensive Use of Security Hardware and Technology Strategies

Just over one-fourth of the respondents consider security hardware strategies very effective in preparing for terrorist attacks and an additional 55 percent think these strategies are somewhat effective, for a total of 81 percent. There is little difference of opinion on this type of strategy between respondents from systems with rail and those without rail.

Information and Outreach Strategies

A stream of crime and public safety literature has for years suggested that public awareness of and involvement in crime reporting and prevention can greatly increase the watchful "eyes on the street" and help to reduce the acceptability of both petty and felonious criminal behavior.See Jacobs 1961; Newman 1972. Many transit systems abroad--such as the London Underground--have actively sought to enlist the help of patrons in watching for and reporting suspicious activity. When asked about information and outreach strategies to educate transit riders about general emergency and safety issues, three-quarters of those from rail systems report having such programs in place, and 86 percent of these include specific strategies to educate transit riders about dealing with terrorist attacks (see Table 16).

Information and Outreach Strategies
Agency Has Transit-Rider Education Strategies	All Systems		Systems with Rail		Systems without Rail
Agency Has Transit-Rider Education Strategies	# of Systems	% of Systems	# of Systems	% of Systems	# of Systems	% of Systems
General Emergency and Safety Issues
Yes, Extensive	16	15%	11	41%	5	6%
Yes, Modest	47	44%	10	37%	37	46%
No	36	34%	6	22%	30	38%
Don't Know	8	7%	0	0%	8	10%
TOTAL	107	100%	27	100%	80	100%
Dealing with Terrorist Attacks
Yes, Extensive	8	7%	8	30%	0	0%
Yes, Modest	26	24%	10	37%	16	20%
No	64	60%	8	30%	56	70%
Don't Know	9	8%	1	4%	8	10%
TOTAL	107	100%	27	100%	80	100%

Efforts by transit agencies to educate passengers on safety and security issues appear to have increased dramatically since 9/11. In its 2002 survey, the GAO report found that just 18 percent of agencies surveyed had conducted transit safety/security campaigns prior to 9/11, while 23 percent had done so in the six months after 9/11. Two years later, our survey found a very different picture: 59 percent of agencies reported having a general safety/security public education program in place, and 32 percent reported having programs specifically devoted to educating passengers about terrorism.

The proportion of surveyed agencies without rail that have information and outreach strategies is (statistically at the 0.005 level) significantly lower than those with rail. Only 6 percent of the surveyed agencies without rail have "extensive" strategies in place to educate passengers on general emergency and safety issues, compared to 41 percent of agencies with rail. While nearly a third of respondents (30 percent) from agencies with rail report having extensive programs in place to educate passengers on what to do in case of a terrorist attack, none of the respondents from nonrail systems reported having an extensive education program in place.

We found no differences between rail and nonrail agencies in the specific information and outreach strategies employed to educate transit riders about general emergency and safety issues and strategies to educate riders about dealing with terrorist attacks. Transit Watch programs are popular, as well as posters and pamphlets that emphasize the message that security is everyone's responsibility. Respondents also report using passenger newsletters, Web pages, public forums on transportation issues, and neighborhood outreach to keep riders informed.

Information and outreach strategies are considered by over half the respondents to be very effective or effective in preparing for terrorist attacks. This percentage is even higher for agencies with rail. Twenty-one percent of respondents from agencies with rail consider information and outreach strategies to be very effective and 50 percent believe that they are somewhat effective--a total of 71 percent. In comparison, only 11 percent of respondents from agencies without rail find public education and outreach strategies to be very effective and 43 percent find them somewhat effective--a total of 54 percent.

Environmental Design Strategies

While system design for transit security received little attention in the two previous security surveys of U.S. transit systems,See United States General Accounting Office 2002 (b). this strategy was familiar to most respondents in our survey. More than two-thirds (69 percent) of the respondents in our survey reported that they were familiar with crime prevention through environmental design (CPTED) and could define the concept. Well over half (58 percent) of the respondents said that their systems employ CPTED strategies.

Given that rail transit systems tend to have many enclosed stations and miles of exclusive rights-of-way, it is not surprising that familiarity with, and employment of, CPTED strategies is higher at agencies operating rail transit service (see See Use of CPTED Strategies). Almost all the respondents from agencies with rail (twenty-two out of twenty-five, or 88 percent) indicated that they are familiar with CPTED and could define the concept. Seven of these twenty-two respondents from rail systems are associated with agencies that make extensive use of CPTED strategies, and another fifteen agencies report having a moderate CPTED strategy program, for a total of 88 percent of rail transit agencies reporting use of CPTED. By contrast, about half (49 percent) of agencies without rail report making use of CPTED strategies, and about two-thirds (63 percent) of respondents from these agencies could define the term.

Use of CPTED Strategies
CPTED Crime Prevention through Environmental Design	All Systems		Systems with Rail		Systems without Rail
	# of Systems	% of Systems	# of Systems	% of Systems	# of Systems	% of Systems
Can you define CPTED?
Yes, familiar with term	72	69%	22	88%	50	63%
Uncertain about meaning	18	17%	2	8%	16	20%
Don't Know/Not Sure	15	14%	1	4%	14	18%
TOTAL	105	100%	25	100%	80	100%
Agency makes use of CPTED?
Yes, extensive use	14	13%	7	28%	7	9%
Yes, moderate use	47	45%	15	60%	32	40%
No	32	30%	2	8%	30	38%
Don't Know/Not Sure	12	11%	1	4%	11	14%
TOTAL	105	100%	25	100%	80	100%

Definitions of CPTED were reasonably consistent across respondents. Some of the definitions were rather broad, such as:

"The proper design and effective use of the built environment that leads to a reduction in the fear and incidence of crime, and an improvement in a community's quality of life" (Manager, Special Projects, system with bus and paratransit only).

"Design that eliminates or reduces criminal behavior and at the same time encourages people to be aware of each other and their environment" (Manager, Protective Services, system with bus only).

"CPTED is a proactive strategy that builds security into the design with a focus on prevention through solid security design, e.g., adequate lighting, ease of patrol, perimeter protection and access control, minimizing landscaping and hiding places, etc." (Manager, Public Safety, regional system with light rail and bus).

Other definitions were quite specific, and often included specific design ideas:

"Designing system and facilities with the intention of reducing potential criminal breaches, e.g.: lighting, open architecture limiting and/or eliminating alleyways and blind spots, reducing and/or eliminating use of or access to equipment and containers (such as enclosed trash cans) where IEDs (improvised explosive devices) or other potentially hazardous items can be left, etc." (Safety, Training Coordinator, system with bus only).

"CPTED refers to the incorporation of anticrime design initiatives directly into the planning and construction of facilities and structures. This includes, but is not limited to, the reduction or elimination of `blind' areas from the `blueprint' phase through to aesthetic considerations (for example, landscaping, lighting). Both visual and psychological impacts are considered." (Government Relations Officer for Homeland Security, metropolitan transit authority with commuter, heavy, and light rail).

Two-thirds of the respondents from the sixty-one agencies that make use of CPTED strategies think that these strategies are very important in overall security planning, while the remaining third consider CPTED strategies to be somewhat important to transit security efforts. No respondents considered the strategies to be unimportant. These perceptions were similar among systems with and without rail.

See Components with CPTED Strategies shows that agencies that use CPTED strategies are most likely to apply them to entrances and exits (82 percent), parking lots (75 percent), or gates (61 percent). By contrast, CPTED strategies are least likely to be applied to elevators, escalators, and vending machines. Comments listed under the "Other" category included landscaping and physical barriers around facilities. CPTED strategies employed for each component mentioned are summarized in See CPTED Strategies for System Components. When asked to rank CPTED strategies for cost-effectiveness (most "bang for the buck"), improved lighting and the addition of security cameras and/or closed circuit TV were the most commonly mentioned. Other strategies mentioned by multiple respondents were access control, open facility design with clear lines of sight, and landscaping.

Components with CPTED Strategies

When asked specifically about application of CPTED concepts to rail systems, about half the agencies with rail use CPTED in the design of maintenance facilities and station tunnels (see See Rail System Components with CPTED Strategies). The other components listed--control centers, traction power stations and distribution, and tracks--were mentioned by between 20 percent and 40 percent of rail agency respondents.

CPTED Strategies for System Components

Rail System Components with CPTED Strategies

Respondents from just twenty-three agencies (22 percent) reported having CPTED guidelines in place (ten with rail and thirteen without).See This represents 20 percent of the 113 agency respondents who completed the survey; however, only a total of 52 answered this question. Most (61 percent) of these guidelines were developed by an in-house team (fourteen of the twenty-three agencies with guidelines). Five contracted with consultants to prepare their CPTED guidelines, two used the sheriff's or police department, one adopted FTA guidelines, and one developed guidelines through CPTED training at a local technical college. The lead department for developing guidelines was most often associated with safety and security or operations. One respondent specified the district architect and another, capital development.

Conclusion

The findings of this survey in many ways reflect the asymmetry inherent in public transit in the United States. While hundreds of transit systems operate in dozens of cities, most of the stations, vehicles, and passengers are concentrated on a few, very large, high-profile systems--systems that are the mostly likely targets for terrorist attacks. The ten largest U.S. transit systems (operating in nine metropolitan areas) carried 65 percent of all transit trips reported to the Federal Transit Administration for 2002, while the remaining transit systems carry the remaining 35 percent. Thirty-nine percent of all 2002 transit trips in the United States occurred in one metropolitan area, New York, and 31 percent of all United States transit trips were carried by just one system, the New York MTA.See "Transit Agency Data," APTA 2004, available http://www.apta.com/research/stats.

While significant attacks against U.S. transit systems remain rare, they are likewise asymmetric. Just sixteen of the eighty systems with rail service and/or enclosed bus/ferry terminals queried for this research reported receiving a credible threat (for example, bomb, chemical, biological, fire attacks) in the past year. While fourteen of these sixteen systems had received fewer than five threats, one agency reported receiving twelve credible threats, and another reported receiving thirty-one. These threats and incidents, combined with the tragic events of 9/11 and the recent, deadly transit attacks in London, have pushed security to the forefront of transit policy debates.

This survey of 113 U.S. transit systems finds that attention to transit system security increased significantly after 9/11, and this attention has been translated in the three years since into increased policing, use of security technologies, public information and outreach, and CPTED strategies. In its 2002 survey of U.S. transit systems, the GAO found that just over half (54 percent) of transit systems had conducted security threat assessments. Just two years later, we found in this survey that the proportion of large U.S. transit agencies that had conducted such assessments had increased to 85 percent.

Our survey asked in detail about four types of security strategies--policing, technology, education and outreach, and crime prevention through environmental design (CPTED). We found that attention to all these strategies has increased since 9/11, and over half the respondents now view all four strategies as central or significant parts of security planning efforts. Prior to 9/11, CPTED and, especially, information and outreach, were given much less weight in security planning by the respondents to our survey. Because they manage and operate large numbers of stations and rail rights-of-way, respondents from rail transit systems tended to exhibit higher levels of concern over, and attention to, security issues than did respondents from systems with no rail service.

With respect to system design, over 80 percent of the respondents to this portion of our survey now believe that CPTED is a somewhat or very effective strategy in preventing terrorist attacks (see Table 19). This ranking of effectiveness is similar to policing and security hardware and technology strategies (though we should note that half again as many respondents answered questions about policing and technology as those who answered questions about CPTED strategies). Among the four types of security strategies analyzed here, public education/user outreach strategies were generally viewed as less effective than the other three types of strategies; nonetheless, 58 percent of respondents rated these strategies as somewhat or very effective. In general, systems with rail were more likely to view most strategies as very effective compared to systems without rail.

Perceived Effectiveness of Security Planning Strategies

Strategy

Agency Type

Very Effective

Somewhat Effective

Not Effective

Don't Know

Policing

Rail

40%

53%

MTI Report 04-05

Table of Contents

List of Figures

List of Tables

Dual-Use

Evaluating Costs

Evaluating Effectiveness

System Size Comparison

Incidents Experienced by Systems

YES, Comprehensive

YES, Moderate

YES, Partial

NO

Don't Know

TOTAL

YES, Comprehensive

YES, Moderate

YES, Partial

NO

Don't Know

TOTAL

YES, Comprehensive

YES, Moderate

YES, Partial

NO

Don't Know

TOTAL

YES, Comprehensive

YES, Moderate

YES, Partial

NO

Don't Know

TOTAL

Use of Assessment

Importance of Strategies in Security Planning: Policing

Importance of Strategies in Security Planning: Education & User Outreach

Importance of Strategies in Security Planning: Security Hardware/Technology

Importance of Strategies in Security Planning: Environmental Design

Strategies Considered Central or Significant in Security Planning

Full-Time Equivalent Security/Police Personnel

Security Hardware Technologies/Strategies Employed by Agencies

Extensive Use of Security Hardware and Technology Strategies

Yes, Extensive

Yes, Modest

No

Don't Know

TOTAL

Yes, Extensive

Yes, Modest

No

Don't Know

TOTAL

Yes, familiar with term

Uncertain about meaning

Don't Know/Not Sure

TOTAL

Yes, extensive use

Yes, moderate use

No

Don't Know/Not Sure

TOTAL

Components with CPTED Strategies

Rail System Components with CPTED Strategies