MTI Report s-05-02

third National Transportation Security Summit: rail security--a symposium on terrorism and business continuity

 

September 29, 2005

 

ACKNOWLEDGMENTS

The Mineta Transportation Institute thanks the following individuals and organizations for their assistance in planning and presenting the Third National Transportation Security Summit: Rail Security--A Symposium on Terrorism and Business Continuity, which was held on September 29, 2005 in Dallas, Texas, in conjunction with the American Public Transit Association's Annual Meeting and Conference.

We thank each of our presenters and panelists for making the time in their busy schedules and for flying into the face of a hurricane to share their knowledge and expertise: George Chilson, Mortimer Downey, Frances Edwards, John Horsley, Greg Hull, Ron Hynes, Brian Jenkins, Jeanne Lin, and Jo Strang. No less committed and courageous were the many representatives of public and private agencies and transportation systems who also weathered the storm to contribute to this discussion.

We thank our co sponsors: the American Association of Railroads, the American Association of State Highway and Transportation Officials, the American Public Transit Association, the Federal Railroad Administration, the Federal Transit Administration, the National Association for Railroad Passengers, the National Railroad Passenger Corporation (Amtrak), and the Transportation Security Administration of DHS.

Special recognition must be given to the liaisons from each of the sponsor organizations. These dedicated individuals served as expert advisors to help plan the event and set the agenda: Leo Penne, AASHTO; Greg Hull, APTA; Barry Warner, Amtrak; Michael Tabor, FTA; Ross Capon, NARP; Chris McKay and Don Thompson, TSA; all worked diligently with MTI staff, including Executive Director Rod Diridon, Communications Director Leslee Hamilton, and Research Director Trixie Johnson, in the planning of this event.

Successful implementation of this event was accomplished through the leadership and support of William Millar, Executive Director, APTA, and the highly professional team responsible for planning and staging the 2005 APTA Annual Meeting and Conference.

MTI would also like to recognize the following staff members for their contributions to both the program and to this document: Sonya Carter, Publications Assistant; Barney Murray, Web Administrator; Pam Bishop and Shun Nelson, Graphic Designers, with logistics support from Brendan McCarthy, Latora Gardner, Heather Gornitzka and Saldy Suriben. Editing and publication services were provided by Catherine Frazier. We especially thank James Swofford for being the project manager of this symposium and editor of this publication.

Table of Contents

foreword 1

executive summary 3

introduction 5

the changing threat 7

security strategies for mass transit 23

implementing the national incident management system 31 (NIMS)

business continuity management 51

business continuity panel discussion 65

Appendix A: brian michael jenkins presentation files 9 1

Appendix B: Jeanne Lin presentation files 97

appendix c: Dr. Frances Edwards presentation files 101

appendix d: Morton L. Downey presentation files 105

abbreviations and acromyms 109

about MTI and the ntsc 111

Rod Diridon:

The intent of this discussion is for you who are on the firing line to be able to share your thoughts with some of the experts in the field of security and emergency response, especially in regard to business continuity.

We are finding from our research and from comments from those in positions of responsibility who are attending to the natural disasters over the last month that business continuity is much more of a problem than we had expected in the past. We have been distracted by concerns about security, and those are terribly important, but we also have to devote more attention to the process of developing National Incident Management System (NIMS) plans and to exercising those plans in a manner that will allow us to get back to work after a security event or a natural disaster.

We will begin by introducing the chair of the Mineta Transportation Institute's Board of Trustees, and the Executive Director of the American Association of State Highway and Transportation Officials, AASHTO, and that is John Horsley.

John Horsley:

This is the Third National Transportation Security Summit. The second was held just 40 days after September 11, 2001 and was jointly sponsored by the Mineta Transportation Institute, the American Public Transportation Association (APTA), and the American Association of State Highway and Transportation Officials (AASHTO). We thought it was important to bring national experts like Brian Jenkins to the table to talk with transit and highway leaders from all over the country in those first few weeks after 9/11, so we convened that event. The Mineta Institute has continued to increase its expertise beyond that it had achieved leading up to that terrible day in America's history. But think about what has happened since then; the attack in Madrid took place in 2004; the attack on the London subway system has taken place this year (2005). I think the questions on our minds today could be: "Who is next; where is next?"

Also, we may ask: "Have we done enough, since 9/11, to position rail managers, transit managers, and transportation managers to be ready to respond?"

Unfortunately, from the experiences during Hurricanes Katrina and Rita, we do not seem to have learned a great deal. If there is anything that I would point to from the lessons of Hurricane Katrina it is that we are all in it together. When you have police, fire, federal, state, and local officials, one of the things to take away from an event like this is how important it is to network, plan, exercise, prepare, and think more broadly than we do generally.

I represent all 50 state departments of transportation. One of our frustrations since the attack of 9/11 is that the state DOT's have received virtually no capital assistance, no financial assistance whatsoever, from the federal government to help us do a better job as first responders. We had the Secretary of Transportation from Alabama, Mississippi, and Louisiana at the AASHTO annual meeting in Nashville, Tennessee, and one of the featured points of frustration they expressed was the communications breakdown during the hurricanes. When an event of such magnitude happens, communications are fundamental for all levels of government to be able to talk to each other, and certainly we have to address that. But in order to do it, we need our federal partners up and down the line to help us address that in terms of policy and resources.

We have another concern now that the Transportation Security Administration (TSA) and the Federal Emergency Management Administration (FEMA) have been taken away from their previous homes and assigned exclusively to the Department of Homeland Security. We do not have the same integration of decision making and understanding of the role that transportation plays in either anticipating or responding to a terrorist attack or responding to a natural disaster. We have lost the integrated thinking and the assessment and understanding of the dynamics.

If one side of a coin represents the threat from terrorism and the other side represents the threat from a natural disaster, the response that we need to be prepared to deliver in either eventuality is the same. There are some different preventive measures, but the emergency response that we need in place is virtually the same protocol for either case.

Finally, we must remember the broader implications. Osama Bin Laden and his followers had no idea of the ripple effects to the national economy that their attack on the World Trade Center (WTC) would cause, but it was in the billions of dollars because of both the reaction and the overreaction that took place. As a national response protocol, we need to understand that we should not amplify the impacts on our economy and the American people by underplanning, underpreparation, and inappropriate overreaction.

I think that all of those are lessons we have learned in the last four years.

The Changing Threat

John Horsley:

The Mineta Transportation Institute is a superb national resource located at San José State University. One of the featured services provided by the institute is the National Transportation Security Center (NTSC) run by Brian Michael Jenkins, and it is my pleasure at this time to introduce him.

Brian Jenkins is one of the world's leading authorities on terrorism and sophisticated crime. He served with distinction in the U.S. Army as a Captain in the Green Berets, with service in the Dominican Republic and several tours of duty in Vietnam. He received Bachelor of Arts and Master of Arts degrees from the University of California at Los Angeles (UCLA) and was a Fulbright Fellow working with the Organization of American States stationed in Mexico and Guatemala.

In 1996, President Clinton appointed him to serve on the White House Commission on Aviation Safety and Security. For much of his career, he was chairman of the Political Science Department at the Rand Corporation, where he directed their research in political violence.

Brian Michael Jenkins:

Since 9/11, we have seen how terrorists are focusing on public transportation systems in a variety of ways. Even before the events in London--the bombings on July 7, 2005, and the attempted bombings on July 21, 2005--there were revelations of a plot that the police had uncovered to contaminate the Heathrow Express with chemical weapons. There have been a number of terrorist attacks on trains and subways in Russia, and another bomb on a ferry in the Philippines.

Since the beginning of 2004, there have been a number of major attacks that have killed about three hundred persons on trains and subways. As of September 2005, about 142 persons have been killed and more than 3,000 people injured. So we are not talking about something that is theoretical here; we are talking about something that is a continuing demonstration of terrorists' interest in attacking public transportation, surface transportation systems.

Some of the observations that I am offering here are based upon continuing research that the Mineta Transportation Institute has been doing for over ten years now. The bulk of this focuses on specific case studies.

When we first began looking at this, we did not have a rich history of major terrorist attacks on our transportation systems. Other countries, unfortunately for them, did so our efforts were focused on looking at those actual cases of attacks on systems to distill lessons learned and to identify the best practices that we might apply.

There is a philosophical assumption that the kind of security model that we have in place for commercial aviation in the United States is not going to work for public surface transportation. That model is a mandated, highly regulated, rule-based security system that must, given the nature of our aviation system, be uniform across the country. When I was on the White House Commission, I learned that we have 430 commercial airports in this country, with around 700 million aviation passengers boarding each year. We must have a system that provides uniform protection throughout. It makes no difference whether you board an airplane in the District of Columbia or in Duluth, Minnesota, the system has to be the same, and it is rule based.

When we look at our public surface transportation system in this country, it is quite different. It is vast, with 6,000 different systems including everything from huge, urban multimodal systems to small, rural bus systems. The threat varies across the country. Security is provided by proprietary police departments in some cases, by private security in some cases, and by local law enforcement. The idea that we could apply one set of rules to this diverse system simply is not going to work.

Moreover, there is the issue of the delays that would be involved. While it may be acceptable to wait in line for 15 to 20 minutes, in some cases longer, in an airport to board an airplane for a cross-country flight, no one is going to wait in line for half an hour to get on a subway to take a 15-minute ride.

As for manpower requirements, we have about 45,000 people assigned to airport security and passenger screenings to deal with the 700 million boardings. If we look at rail and bus together, there are about 20 billion passenger boardings in this country. We would need hundreds of thousands of screeners. If we add the costs to screen trains and buses, we are going to destroy public surface transportation; it is not going to work.

Instead, we have to use a best practices approach. That is where we distill the lessons learned from actual cases, provide a menu of security practices, and then enable the individual operators to select from that menu to come up with the best combination of security measures that are appropriate to their particular system and circumstances. For the past ten years, MTI has conducted case studies of terrorism against transportation systems and we have some preliminary results from those studies.

Why do terrorists go after surface transportation targets? Because from the terrorists' perspective, they are attractive; they provide easy access. Because they are public transportation, they are designed to provide easy access, and, therefore, they also provide easy escape. These are congregations of strangers, guaranteeing the attackers anonymity. And, of course, all of these attacks cause great alarm and disruption.

It is clear from our chronology of these attacks that terrorists who go after transportation systems often seek slaughter. Two-thirds of these attacks are intended to kill and indeed about 40 percent of them do result in fatalities. This is compared to about 20 to 25 percent of terrorist attacks overall, so they produce almost twice the fatalities. When they go after public transportation, they are not making a symbolic gesture. These are not the equivalent of the terrorist bomb in front of the embassy at midnight. The attacks are intended to kill people; they do succeed, and indeed multiple fatalities are often the consequence. Every attack in the past two years has been intended to kill. This is not symbolic terrorism; this is lethal terrorism.

Terrorists may calculate that for the kind of bomb that they can make and smuggle onto a rail system, their return is going to be about 15 to 20 fatalities per bomb. Attacks are almost equally distributed between bus systems and rail systems.

Bombings are the most common form of attack. The various kinds of bombs that are carried on, thrown at, or set off inside transportation systems amount to about 64 percent of the terrorists' tactics.

When we look at the number of other kinds of attacks that have been tracked over the years, we see that the terrorist threat is focused against people, for the most part, and not against infrastructure. To look at this from the perspective of the terrorists, if you have so many individuals, so much explosive, and so much expertise, are you going to take on a big, tough target like a bridge, or are you going to get a guaranteed return in terms of fatalities by going after people? We know they are fascinated by the idea of big targets, because we look at their plans. We know that they have conducted reconnaissance. They are fascinated with bridges and tunnels. These targets keep recurring in their thinking, but they are not easy targets because they are robust structures. Therefore, the terrorists tend to return to going after people instead of going after the infrastructure of a system.

When we talk about roads, there are different issues. Both public transportation systems or roads and highways become the lifelines for moving people out of harm's way, as well as for getting emergency crews and reinforcements into the right locations. That is a vital role in any large scale evacuation or any major effort in delivering emergency personnel and equipment.

They worked very well on 9/11 in New York. At the moment of impact, when the first plane hit the tower, there were thousands of passengers in Lower Manhattan on trains, in the tunnels, in the stations immediately below the World Trade Center and in the adjacent Battery Park, along with hundreds more Metropolitan Transportation Authority (MTA) employees. Every single passenger and employee was moved out of the way without a single casualty underground; that worked very, very well.

We saw further evidence of good work when mobilizing the bus system. In fact, they used the plan that they had originally crafted to deal with evacuating the city as a consequence of a possible hurricane. They took that plan and made it into a new plan very quickly to get people out of Lower Manhattan. Using what they call a "load and go" protocol, they moved people off the island. As those trains returned, they brought firemen and police from outside the city to ground zero. All of that worked extremely well.

I think that was important for the nation because, had we seen in New York on 9/11 the kind of breakdown that we saw in the wake of Hurricane Katrina, it would have contributed to a sense of national panic. It was not just that it worked well in New York, it is that we all watched it. The fact that it was working well was an important thing in reducing some of the terror that the terrorists hoped to create.

There were some problems in getting people out of Washington, D.C., on 9/11. The federal government closed down and sent everybody home. There were problems coordinating between the District of Columbia and the surrounding states' departments of transportation. Highways were jammed; buses that carried people out of Washington could not get back in. Some of the problems then were the same problems underscored later during the evacuations in the hurricanes.

Now let us turn to some of the lessons that we are learning from particular case studies. These are described in detail in a series of Mineta Transportation Institute publications that have these specific case studies described in detail, with the lessons learned and best practices identified.

The 25-year terrorist campaign against surface transportation in England, by today's standards, was a comparatively innocent campaign. The Irish Republican Army, in pursuit of its political agenda, was certainly willing to kill, but did have certain self-imposed constraints. If things became too bloody, financial contributions and support for the IRA went down in Ireland, the United States, and elsewhere. They had to gauge their determination to use violence against some loss of potential constituents if it became too bloody. So, the IRA campaign was a much more controlled one. In all transportation systems, 17 persons were killed and 200 injured. But it was an intense campaign in the 1990s; at its peak, there were 81 explosive devices on London Transport. On trains in Southern England, over 6,000 bomb threats, and 9,000 suspicious objects were dealt with by police. The number of abandoned parcels investigated was in the many thousands.

The utility of all those incidents, however, is that the volume allowed analysis. It is very hard to do analysis about response and perfecting security measures if you are dealing with statistically rare events. This is a common problem in security. If you are dealing with a problem like shoplifting, you can measure it daily; computers can tell you the inventory shrinkage. You can put into place a new security system, such as cameras or electronic tags, and you can identify the results and calculate them out to the second decimal place. If you are dealing with rare events, it is very difficult to say what is affected and what is working.

Because there has not been another attack on the United States since 9/11, does that mean we are doing exactly the right thing; or does it mean another attack is being planned and we will find out about it some time from now? What conclusions we draw from that are very difficult to discern.

The IRA campaign did allow us to identify the adversary's modus operandi and to gauge the effect of security measures and determine what measures worked. As security was increased in the heart of London, the IRA was pushed back from some of its very high profile targets, like the Victoria Station, to stations in outer London. As the security measures moved out, the IRA was pushed out even further until finally, near the end of the campaign, they were blowing up switchboxes on outskirts.

We also were able to see that the government, by providing information and constant exhortations to the public, did actively engage the public in the security process. In fact, they could depend on being warned within minutes of discovery of a suspicious left object. They had extensive use of closed-circuit television to aid in identifying those incidences and providing quick response. One lesson learned is when we should engage the public. This is a judgment call, for it may alarm people and scare them off the system. On the other hand, engaging the public does provide a lot of potentially useful information. However, simply exhorting people to be alert has no use unless there are readily accessible, well-marked communication systems for individuals to communicate something. Just telling them to be alert does not do it.

Beyond the communications systems, there has to be rapid, visible response. If there is communication from the public and nothing happens, the people stop communicating. For example, I remember being in an airport just after 9/11 and seeing an unattended suitcase that was sitting there for 15 minutes. I finally walked up to the person at the desk and I told them that suitcase has been sitting there for 15 minutes with nobody connected to it. Their response was they were really busy and they did not have time for that. That is not the way you enlist the public into the security effort. There has to be a system, not just an exhortation to be alert.

Now we look at the Tokyo incident where the terrorists used sarin, a nerve gas, during the morning rush hour. The trains were moving along; some people were getting off and getting sick because of the fumes, other people were jamming on, and as the trains go to the next station, more people stagger off, not feeling well from the effects of the gas, as others are pushing their way onto the trains.

Diagnosis was very difficult; the train system operators simply did not know what was going on. They did not have the camera coverage or the information gathering systems to tell them what was happening. As a consequence, one of the contaminated trains went all the way through downtown Tokyo to the end of the line, reversed, and came back through the city again, doing the same thing--spilling out sick passengers, taking on new passengers, going to the end of the line and reversing a second time. It was on its third passage before the train finally was stopped, an hour and 40 minutes later. In addition, some of the station staff picked up the little bags of sarin from the floor and carried them to trashcans. One of those individuals died because of the exposure to sarin. Others would have died except for the slight measure of protection provided by the white gloves that the station people wear in Tokyo.

About 5,500 people were treated at hospitals. They had real symptoms: breathing problems, vomiting, and asthma attacks. Of those people, about 1,200 had actually been exposed to nerve gas. The other people were in distress with symptoms, but their distress was caused by panic, not by the nerve gas. One thing you can depend on in these circumstances is that the number of casualties you will be treating will vastly exceed those who were, in fact, exposed to the chemical or radioactive element used.

As I mentioned in the 9/11 case study, with surface transportation, the lesson learned was that crisis management plans, supported by regular tabletop and field exercises, were critical. All of the things that you expect to happen in a catastrophe did occur in New York. Because of the first World Trade Center bombing in 1993, there was a strong urge to maintain a level of preparedness. Unfortunately, the brand new office for the emergency center that they built was in Building 7 at the World Trade Center, and so that was lost right away. Communications went out--no command center, no communications. How did people respond to this? They responded by doing what they had done in the exercises and modified their plans on the fly. You can depend on communications going out, and you can depend on losing touch with emergency centers, but because this had been practiced, drilled in tabletop exercises, people did what they had done before, and things managed nonetheless to work.

Now, some preliminary lessons learned from Madrid. First of all, why did they do it? Al-Qaeda propaganda about Spain being part of the historic Muslim world certainly signaled an attack. There had been some other attempts by the Euskadi Ta Askatasuna (ETA) Basque separatists to carry out bombings on the rail system. That is a good clue for those involved in rail security. If you have a highly publicized event in some part of the world, whether it succeeds or not, it is the right time to take your security up a notch, because it is going to give other folks ideas. One event sets off thinking about future events.

We are still not certain that they planned to affect the outcome of the elections. That just may have been a collateral benefit that they picked up along the way. We know that the planning for this act began sometime in late 2002 or early 2003. It was a long time in planning, but the specific operation itself was put together in three months in 2004.

They knew the system. They had good information. It was not hard to get; they could just ride the trains. They planned the attack to the minute, but they were foiled a bit by the fact that, uncharacteristically, one of the trains was a couple of minutes late and that prevented another train from pulling into the station. This may have saved a significant number of lives because, if all of the bombs went off in the station itself, the casualties may have been much greater. Clearly, the attacks were intended to kill, because the design of the bombs was meant to rip people apart.

We are not sure if they did trial runs because some of the principal conspirators killed themselves rather than be captured by Spanish police when they were tracked down several days later. However, we do know that they did not travel far with their assembled bombs. The bombs were actually put together and armed at the last minute in a van near where they boarded the trains. This is also characteristic and not surprising. Terrorists do not like to take long rides with bombs ready to go, particularly bombs that are going to be set off by a cell phone call--a wrong number, and they are gone and these guys were not suicidal.

As for warnings, there were no warnings for Madrid; there was no prior chatter indicating something was up. Perhaps the propaganda should have been taken as a warning. The publicity surrounding the thwarted ETA attack should have been taken as a warning. What we are still investigating is that apparently there was a partially assembled bomb found the day before, which may have been an indicator. The issue is, if you have mechanisms in place, you can get the word around very quickly about an assembled bomb and quickly increase security.

Now, here are some preliminary observations from the London attacks. As we get into the London attacks, I want to underscore the word "preliminary" and advise you that this is a work in progress. I do not want it to sound as if we are armchair analysts criticizing the failures of the British system here because this is all still preliminary.

The attacks probably were inspired by Madrid and by having a number of prior plots that the police knew about that had involved public transportation. However, there were no specific indicators of this cell. In fact, three weeks before the July 7 attack, intelligence had reported there was nothing specific on the horizon. It was completely beneath their radar.

We did learn that closed-circuit television is not going to deter suicide attackers. They do not care if they have their picture taken. However, it did provide a tremendous help in permitting the rapid identification of the bombers, which led to confirmation that it was a suicide attack. This was a source of relief because it showed they were not dealing with a situation like Madrid where there were still some terrorists at large. The ones who did this were killed in the process of doing it.

It may have accelerated action by the second cell that carried out the attack on July 21, which was not as bad. Their hasty planning may have resulted in the faulty attack.

The response was excellent; coordination was excellent, again reflecting lots of practice. Random search procedures were accepted by the public. However, the shoot-to-kill policy which was in place for dealing with suicide bombers (which is in place in many locations) certainly became controversial after the death of a young Brazilian.

On the morning of July 7, unconnected with the terrorist attack, there had been a major mechanical failure and another mechanical failure where smoke was coming out of one of the locomotives and it had to be replaced. And in yet another incident, there was a failure with a train's brakes that had resulted in a temporary shutdown. When the first bomb went off, it was read initially as a power surge that had short-circuited the system. There was no direct communications with the trains in the tunnels that there was an explosion. One of the early reports was that a suicide had resulted in a derailment of the train. It was when people came out of the tunnels and the emergency responders saw they were blast casualties that they knew it was not just a derailment. The diagnosis was a problem. I am not saying that had their reaction time been faster, more lives would have been saved. Indeed, if more bombs were already in the system, bringing trains to the station was not necessarily going to change that.

There was almost a total communications failure. The existing police radio sets did not communicate in the deeper tunnels. The police, and a lot of other people, used their own cell phones. But the minute this incident took place, the whole London cell phone system was flooded with millions of calls. The system went down not because of damage; it went down because of volume abuse. The police were handling a huge volume of information. Some of it was simply wrong: a suicide creating derailments; there was an explosion. A lot of it was rumor. As you can imagine, every package that was anywhere was reported. Suddenly, the police were flooded with calls. One of the things that they are thinking about is how they can create an information cell that will handle high volumes of information and sort out what is actually going on. That is a major challenge in these instances. The people in London are pretty good about adjusting to things; they had a lot of experience with the IRA campaign, but the challenge was to get them some kind of information about what was going on, and there were problems in being able to do that.

Getting people home without the public transportation system working was a concern. It was a nice, sunny July day, so a lot of people walked home. Had it been midwinter, that would not have worked. There are real issues with how you move people out of a city when you lose your public transportation system.

There are some questions about how, despite the heightened security, a second cell on July 21, 2005 was still able to penetrate. Interestingly enough, in terms of psychological effects, people responded pretty well to the July 7 bombing. But when the second attempt took place, it rattled the public because it suggested that there is a second, or possibly a third terrorist, cell.

There was a bomb on a bus an hour after the initial attack. The fellow on the bus did not plan for that bomb to go off on the bus. He was supposed to get into a station and onto a train. That was supposed to be a fourth bomb on the train. We do not know all the details yet, but we know that he was not able to get on the train. We know that he made a number of cell phone calls to his mates, trying to call them, but by that time, they were already dead. He then got on that bus. What we do not know is if he decided then that he was going to carry out his bombing on a bus because he could not get into a train station, which had all been sealed. Some eyewitness accounts say that he was fiddling with the device. We do not know if he had second thoughts and was trying to disarm it, but the bomb went off. I like to think that he had second thoughts. But what we know is that he was supposed to be on a train.

What is interesting is that we know now the July 21 bombers were not directly connected with the July 7 bombing. On July 21, they tried to replicate the July 7 attack, including three on the train, and one on the bus, not realizing that the one on the bus was a mistake. That tells us that they were not in touch, but two separate cells.

All of this underscores the fact that the threat is real. We are dealing with people who use very long planning horizons to put their final operation together. We know that they remained determined to carry out the attacks. Our presumption has to be that they are going to continue to try to carry out attacks and certainly surface transportation is in their playbook. We know that attacks on public surface transportation are more likely than attacks on infrastructure. We know that these large scale attacks put major burdens on roads and traffic control systems, especially those that result in transportation system shutdowns. We know they thought about bridges and tunnels in 1993, when they thought about the Brooklyn Bridge. We know that they have attacked in Paris.

There was the 1997 "Flatbush Plot," where in New York self-starting jihadists were going to use suicide vests to carry out bombings on the subway system. One of the conspirators got nervous about it and went to a couple of transit cops. In barely comprehensible English, he actually persuaded them that there was something going on. Instead of dismissing the guy as a nut, they took it seriously and interrupted a serious terrorist plot.

We know from plans that have been discovered, they want to carry out attacks on transportation targets in Singapore, Manila, Milan, and Moscow. We know that they see Madrid as a great success. We know that an attack was planned in New York in 2004 by a couple of locals of Pakistani origin. The plot was not a mature plot and was picked up by police intelligence. Because the Republican National Convention was coming to New York, they could not keep these guys under surveillance and run the risk that they might lose them and, heaven forbid, something would occur. So, they moved in early and picked them up.

We see the threat coming at us from several different directions. We may have locals operating entirely on their own, as was the case in the 1997 and 2004 plots in New York, and clearly the case for the 2005 attacks in London. Or there may be recruits sent in to reconnoiter targets and plan operations as we have seen examples of that with Iyman Faris looking at the Brooklyn Bridge. Also, they might think about attacks assisted from abroad, as was the case in 1993 World Trade Center bombing. Less likely are foreign teams inserted into the country, which was the 9/11 scenario. The operational environment for that is very difficult for them now, so we are seeing more neighborhood al-Qaedas and much more decentralized operations.

Let me quickly touch upon some axioms about security. First, it is very difficult to quantify the terrorist threat and, therefore, determine the right level of security. How much security is enough is a really tough question. cost/benefit analysis does not work well here. What we do know is that security does work and that it does drive people away from their preferred targets. On the other hand, if you are at the federal government level, or thinking about investing in security, you have to look for a net security benefit. One of the problems we have in protecting public places is that there are lots of public places. We can draw a perimeter of security around any public place and we can secure that piece of geography, but it does not stop the terrorist attacks; it simply moves them down the street. We can be selfish about that and say that our responsibilities are for surface transportation--we will deal with this particular problem--but the net security benefit is a consideration.

There are some desirable attributes of surface transportation security. One is the ability to increase and decrease security. Security ought not to be like linoleum. Linoleum is easy to lay but it is impossible to take up. We have to have security measures that allow us to go up and down with threat levels. Otherwise, we are just going to ratchet ourselves up to higher and higher levels of security and eventually shut ourselves down by creating a kind of neomedieval society.

Conclusions? Security measures include not only deterrent and preventative measures, but all efforts to mitigate casualties, damage, and destruction. We know that deterrents and prevention are difficult to achieve and, therefore, a lot of our attention is going to be focused on response. We know that crisis management and planning are absolutely essential. We know that security should be incorporated into the design and construction of our systems. We know that advance planning is essential. We know that communications are absolutely vital, but communications breakdowns are going to be common, so plan for them.

Those are just some of the brief conclusions. Are there any questions?

John Grimes, AMTRAK:

Are foreign terrorists more likely, given our border problems?

Brian Michael Jenkins:

I am not asserting for one moment that we have so increased security in the United States that we have good control of our frontiers or an ability to control all the people coming into this country. Keep in mind, even from those entering legally, the number of people that enter the country or go back and forth across our borders every year is 600 million. That is more than twice the population of the United States that regularly crosses back and forth across our borders with Mexico, with Canada, into our ports, and into our international airports. Are we absolutely certain that among that population of 600 million there are no bad guys? No, we are not.

What we have seen is, as a consequence of increased intelligence efforts worldwide, that the adversary, particularly al-Qaeda and its affiliated groups, has reduced the number of transactions that make them vulnerable to intercept. For example, they have reduced the number of communications that can be intercepted; they have reduced the number of border crossings, and they have reduced the number of international financial transactions because they know we are looking for all of these things, and these transactions have become more dangerous. I am not saying that they cannot occur. I am simply saying that they have adapted operationally to the new environment by going for higher local content with less connectivity with the top. Like corporations, they are doing a lot more outsourcing and temps in that sense. In other words, they are responding to this in an organizationally sensible way for them. But I have no confidence in the borders; no, absolutely not.

Dorothy Dugger, BART:

If I understood you correctly, cost/benefit analysis is not the right analytical tool for the probability of an event, or even a success, but in reality, what we are facing requires prioritization. Are there other metrics in which you have more confidence?

Brian Michael Jenkins:

Metrics are a problem; there is no question about it.

I am not saying that cost/benefit analysis should be ignored. When I was on the White House Commission, I learned a fabulous new word from the lawyers on the commission. One of our recommendations was that cost/benefit analysis should not be "dis-positive," meaning that it ought not to prevent us from doing something sensible. In fact, I got into an argument with a Congressman in testifying about this. He asked why did we not use cost/benefit analysis when looking at aviation. I said if we applied cost/benefit analysis, we would be looking for ways to reduce the number of safety and security measures because, even if you pile a plane into the ground once a week, flying would still a lot safer than driving private automobiles. We kill 40,000 people a year on the highway in automobiles.

So the question, as we get into cost/benefit analysis, is what are we measuring against? How are we doing this? I am not saying that it should not apply, but I am saying it cannot be the sole criterion for measurement.

In terms of probability, I learned years ago the distinction between analysis and prophecy. One cannot make probabilistic statements. We can make statements about comparative likelihood. I can say that right now, in my view, in this country, we are devoting a tremendous amount of effort to some highly unlikely threats, while ignoring the things that are more likely to occur.

I am not saying we should not prepare for some of these far-fetched scenarios that are now accepted because 9/11 redefined plausibility and no scenario can now be dismissed. But I am saying that we have to think about some comparative likelihood.

We cannot attach a probabilistic estimate to any single event. We can say this event is more likely than this other event, and we can, thereby, begin to rank them. We also can estimate the consequences of each event and begin to use that in the analysis, although I do become concerned about vulnerability analysis becoming a substitute for threat analysis.

This is an important issue because we are so uncertain about the threat. Traditional threat analysis is based on enemies' intentions and capabilities. Since we do not have a good feel for that in dealing with terrorism, we reverse it and instead we start at the other end with the vulnerability, postulate a hypothetical terrorist foe, and outline invariably a worst case scenario. "Suppose terrorists were to..." and insert the most diabolical scheme you can imagine.

That kind of approach is perfectly legitimate for assessing consequences and for addressing preparedness. However, it is not a substitute for a threat. Invariably, what we see is that it is used as a surrogate for a threat. Something that is set out at the top of the page as being a hypothetical possibility becomes probability as you read further through the page. Reading toward the bottom of the page, it is inevitable, and by the time you reach the bottom of the page, it is imminent. We have to be very careful about that kind of process.

How do you deal with security in highly uncertain environments? I think you can do some sensible things and look for collateral benefits. For example, when we are talking about security measures in public transportation systems, we can look at the consequences of deploying additional personnel, or closed-circuit television, or whatever measure we are talking about. While we are not quite certain whether we have a terrorist threat, we do know that the measure will contribute to a reduction in crime on the system, and that is positive. In another sense, we can look at preparedness, our ability to respond. We may energize our ability to respond to consequences or concerns about terrorism, but if that makes us more able to effectively respond to avian flu or Hurricane Katrina that is good too--response is response. You are looking for a set of benefits.

The other one I come back with is to look also for net security benefit. If there is no net security benefit, it is hard to justify the expenditure of public funds for things that are not going to contribute in a major way. That may have to fall in the category of risks we will take as a society. I think we are getting more sophisticated about this and there are ways of addressing this. But to go back to a simple, straightforward cost/benefit analysis, we know that does not work.

Fred Goodine, Washington, D.C. Metro:

You talk about cost/benefit analysis and vulnerability assessment and where we should prioritize our funding; then you allude to risk assessment. Can you address criticality assessment? I mean, the vulnerability of a cornfield is that it is highly vulnerable, but how critical is it to our infrastructure?

Brian Michael Jenkins:

I think criticality is the key.

In my own ranking of these things, I see vulnerability a little bit differently than criticality. In my own ranking, the threat of immediate loss of life is the number one concern, followed by long-term health issues, social disruption, and economic dislocation. In other words, I want to protect life immediately, then be concerned about long-term health and the kinds of things that can easily lead to social disorder, in terms of huge attacks--loss of control, panic, and so on. That puts economics in last place, although economics are a serious consideration. When talking about the economic effects of 9/11, actual insured costs are going to run somewhere between 50 and 80 billion dollars--a lot of that is still in litigation. The indirect business-loss costs are high in the hundreds of billions of dollars, probably close to a trillion dollars. That is from an event that cost the terrorists about $400,000 to execute.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

security strategies for mass transit

Rod Diridon:

Our next presenter is Jeanne Lin, Director of the Border and Transportation Security Portfolio, Science and Technology Directorate of the U.S. Department of Homeland Security. Jeanne was very nice to step in for the Secretary of the Department of Homeland Security, who has been a little distracted recently because of the hurricanes.

Jeanne Lin:

Today I will talk about the Department of Homeland Security (DHS) Science and Technology (S&T) organization, and give you an idea what Science and Technology is doing and how we are trying to get technology out into the field. Also, I am looking for your input and opinions on developing technology requirements.

Within Science and Technology, two of our largest constituents are border and transportation security, and also the federal, state, and local emergency services. Transportation security is my area, and Dr. Nancy Suski is the portfolio manager for the federal, state, and local emergency services. My emphasis is customs and border security.

When TSA, the Transportation Security Administration, first started, its emphasis was on aviation security. Then there was a realization that rail and transit systems also are very vulnerable because they are so open and accessible.

One of the things that Science and Technology is looking at is technology in the aviation security environment that we can translate to rail and transit; in some cases that may be possible, but not in others because of the different operational environments. First, rail and transit environments are more open, and the throughput is much higher. It is critical to keep that throughput going. We cannot screen everyone, as some of our modeling has shown us. Some risk management must be going on rather than trying to screen every single person.

The DHS approach is to emphasize partnership. There is a growing realization within Homeland Security that we cannot do it alone, so there is more of a drive towards a public/private partnership.

When I was working in the Department of Defense, we had a huge budget compared to what Homeland Security has, so it was a little easier to go off and do our own thing. Our customer base was soldiers, sailors, and marines.

It is different in Homeland Security. While we have TSA inspectors, Customs and Border Patrol, and other areas, we also serve the public sector and so it is not always clear who is our customer base and how we react to that.

The organization chart (page 97) gives you an idea of what the Science and Technology Directorate looks like. Portfolio managers are either threat-based--so they address either chemical/biological, radiation/nuclear, explosives, or some specific area--or they are mission-support portfolios. You may be familiar with some of the existing programs within the Science and Technology Directorate because they are in your transit system area.

Out of the Chemical Portfolio is the "PROTECT" program that the Science and Technology Directorate implemented. It combines commercial off-the-shelf (COTS) chemical detectors along with PTZ, or pan-tilt-zoom, cameras that are networked for a command center and a local response. The important thing with this COTS equipment--besides the annual maintenance, which appears to very reasonable--is that we are working towards an integrated system, which is very important when looking at overall situational awareness. This program is now with the Office for Domestic Preparedness (ODP), and it is one of the programs that we consider very successful within Science and Technology. We looked at equipment, worked it into an integrated system, and turned it over for transition to users.

We are starting a rail-security pilot for mass transit at the direction of Congress. We are developing a systems architecture in a mass transit environment to figure out how technology can fit in. Do we need to change the process; do we need to work the layout? The threat has been defined as suicide and leave-behind bombers. This is mostly about protecting human life. There is a little about the infrastructure, but more about the number of lives that can be saved and the psychological impact that you are making.

We have done modeling and simulation on Union Station in New York. The New York Metro runs 7 million passengers per weekday. Obviously we have a throughput problem in trying to develop an optimal screening approach. Ideally, you need a system that has low false negatives and low false positives.

As we saw after the London bombings, there are tremendous legal considerations. You cannot do random searches, unlike in an airport environment or in a port of entry where people are coming in and out of the country and it is implied that there will be searches, if necessary. You just cannot do that in a public transportation area. Among the biggest things that we are wrestling with in Homeland Security are the legal considerations.

The rail pilot program is run out of the Explosives Countermeasure Portfolio.

Within our portfolios we lay out short-term and long-term strategies, planning, and how to get things going. We do not have a lot of money, but I have more money than I had in Customs, so I am thrilled with that.

When we conduct studies and analysis, we want to look at things from a systems perspective. When you first start, your instinct is to take a bunch of equipment and throw it out in the field. That may be good for the short term, but, if you are someone wearing a uniform and a belt, there is only so much room around that belt. You are not going to carry things that are not going to support you in some way. If you have a radiation detector that is constantly going off, you are not going to listen to it. You are going to turn it off. If it is heavy, you are not going to wear it. If you have to use something in your hand that weighs 20 pounds, which might be a tremendous stride for someone to develop this technical piece of equipment in the lab, it does not make sense out in the field. So we went from multiple pieces of stand-alone equipment towards integrated systems, looking at situational awareness and a common operating picture.

You want to utilize capabilities where they already exist and insert technology into existing programs. You do not want to create a new one unless you have to, but, if you do, we have that capability. We discovered that we need to work with our customers in a collaborative and cooperative environment and involve everyone. That is one of the reasons why I am here. I am really looking for some input.

One of the things that we have done is to develop a systems model. It reflects not just how technology impacts things but, if there is a policy change or if we modify a process, what is that going to do. In some modeling that we have done for the Border Patrol, we asked if the Border Patrol increases their number of arrests, how is that going to impact jail bed space; how is it going to impact the court system? What are the other implications that you have--both before and after a change--not just on the Border Patrol, or how it impacts Homeland Security, but what about the Department of Justice, and so on?

Our last role is that we want to act as a systems integrator. Within the Science and Technology Directorate portfolio structure, if you have the rad/nuke portfolio that is developing sensors and the explosives portfolio that is also developing sensors, do you want to end up with a system where trucks must drive through six portals trying to get through a port of entry? No, it makes more sense to integrate those and to develop a standardized architecture. Hopefully, it is plug-n-play, with standards that you have to meet in order to put in your sensor.

The approach that we use in developing technology requirements we call a capabilities-based approach. It has bottom-up input from our operators or our users, whom we call "boots on the ground," and it has top-down validation by management. The approach starts with operational workshops to talk about what are the current capabilities and what future capabilities they would like to see. We do a gap analysis. Then we have technology workshops where the technologists get together and discuss what research and development they are doing in this particular area and where the risks are involved. All that information is gathered and we machinate it around and end up with priorities after looking at the gaps and looking at the solutions.

We have done eight operator workshops over the last three years. The first were made up of folks from Border and Transportation Security. We decided that we really had to concentrate on the Transportation Security side. We realized that it is great to have Border and Transportation Security together and we need to think of it as a family, although now we are no longer part of the same directorate. There were specific pinpoint areas that we needed to concentrate on, so we have had specific workshops for federal air marshals and for aviation security.

This is where you come in. I am looking for input when we do rail security and mass transit workshops. Who should we interview to set up the workshop, and who do you think ought to be attending the workshops? That is your homework.

How do we address capability gaps and prioritization? There are a lot of inputs. It is not just user input; it also is not just all of that stuff that your boss told you that you have to do that is very important. There are public laws and policy guidance that are important.

When we do a technology planning process, we use bottom-up input, top-down validation, and we do gaming scenarios. At the aviation security workshop, we did an "Osama for the day" type of scenario. We had federal screening inspectors, federal air marshals, along with some regulators and some other aviation security folks work together in groups. We gave them broad-based scenarios with some rules and we said, "Okay, you are a terrorist and you have to bring your materials in from overseas; you have to use aviation in some way, so tell us what you might do and how you might do it." Since they had insider information, the exercise was more about where they thought the vulnerabilities are within the airport. A lot of them chose the airport as a scenario because they were most familiar with that. That not only let us know about the vulnerabilities, but also about how technology might help, which led into our actual workshop where we talked about capability gaps.

We have gathered customer input and done a lot of collaboration with the federal air marshals, where communications is a huge issue, and that is being worked very closely with the FAA and TSA. We also do a lot of international collaboration, particularly with our Canadian neighbors, as well as with the United Kingdom and Israel.

Once we get our requirements, they are ranked and rated. In the prioritization, we have the users rank them as high, medium, and low. We then take it to headquarters where we brief the results and recommend where our investment goes.

Some of the areas that the various portfolios within Science and Technology are working on are border related. There is a lot of interest in sensor fusion and multimodal access to multiple databases. How often do local folks hear about what is in our database at the national level? It is very hard. We ask for a lot of information to get pushed up to the national level, but at the ground level, the tactical level, do we get the information in a timely manner? Probably not. There is not a lot of coordination going on.

Across multiple portfolios we are looking at personal protective equipment (PPE). Nancy Suski, who runs the Emergency Planning and Response Portfolios, is responsible for looking at all PPE.

One area that we are interested in looking at in the rail area is automated scene understanding that looks for leave-behind packages or a change in the picture. We also are looking at different types of cameras for more effective closed-circuit television (CCTV). If you have been in London, you know that they have a lot of cameras all over the place, so we are working closely with the UK to look at their techniques in CCTV, as well as some of the other types of cameras that might be available in other technologies.

I am going to end it there, but I asked you a couple of questions that I am hoping will generate some discussion in this afternoon's sessions.

Greg Hull, APTA:

One of your slides noted the transit connection to critical infrastructures. The fact of the matter is that transit is regarded by the federal government as one of the nation's critical infrastructures and I just wanted to point that out.

One of the issues that we have had from an industry perspective is what we perceive to be a lack of coordination of technology research and development at the federal level. We see efforts being undertaken in various directorates. Obviously DHS S&T, as we understand it, plays the lead role in all of this. We see activities also within the Transportation Security Administration (TSA). In some of the recent outreach that we have had in these various areas, we have expressed our need to understand the roadmap. Secondly, should we be having a roadmap rather than having a better understood coordinated approach to these issues? So, going back to the question you are asking of us--we are going to be setting up a meeting at our association with representatives of the various areas of DHS and TSA so we can begin to discuss what we perceive to be the needs and issues. We have a concern that we have not been engaged in these discussions. We have seen some technologies coming out that DHS is looking for partners to test, and sometimes we say to ourselves, "Where did that idea come from? It certainly did not come from the industry." So, we are indeed looking for that opportunity and we would welcome it.

Jeanne Lin:

You are absolutely right about the coordination. I think both coordination and strategic road mapping are important, but let us work on the coordination first.

Stephan Parker, TRB:

Earlier in your talk, you mentioned random searches not being allowed. Recently, a legal research study was completed looking at the case for search on public transportation, and there are numerous circumstances under which it is allowable. The Transportation Research Board is publishing that. Also, we have a request for proposals out to look for the practical aspects of passenger security inspections.

Jeanne Lin:

That is great; I hope the ACLU agrees with you.

Rod Diridon, MTI:

One of the things that we are asked is, what technology should a local transit agency embrace in terms of security screening devices? Every backyard inventor has come up with a sniffer, or X-ray machine, or whatever it happens to be, and it is difficult to see whether or not there is a vetting process established within the DHS or TSA, wherever it is supposed to occur. I think the worst thing in the world would be to have one of the local agencies develop their own system, which is incompatible, and then have to have different training, different parts controlled, and all the rest for every transit agency. Are you making progress in that area?

Jeanne Lin:

I can only speak for what is going within Science and Technology. Within the department, we are trying to do some R&D consolidation. In fact, the Transportation Security Lab, the R&D function of TSA, is coming under the umbrella of Science and Technology. Hopefully, more coordination is going on. Remember, DHS is 22 agencies put together with the hope that now we are one big happy family. But that does not always work really well. As you well know, infrastructure is very important and when we got put together, there was no infrastructure; there was no process. We are trying to do our everyday job as well as build an infrastructure and a process. I hope we get to that point. I know that among the results that we want to come out of the rail pilot are equipment lists. I know that TSA works on getting lists of equipment out that fall into approval.

Greg Hull, APTA:

The Office of State and Local Government Coordination and Preparedness actually has a clearinghouse for testing technology, and it is available free of charge. Once again, it is one of those things that we came to learn about not too long ago that we need to understand more about as an industry.

 

 

 

 

 

 

 

 

 

 

 

 

implementing the national incident management system (NIMS)

Rod Diridon:

I am taking the pleasure of introducing Dr. Frances Edwards because she is our hometown product. Dr. Edwards was identified by the Wall Street Journal as the number one emergency response person in the nation, and we are very proud of that. We recently have welcomed her from the City of San José and the region, where she was chair of the regional emergency response committee, into the faculty of San José State University, where she is in the public administration department and in charge of emergency response education with the Master of Science in Transportation Management program for the Mineta Institute.

Dr. Frances Edwards:

Today I will talk about some of the real challenges that are facing us from the point of view of what the law is now requiring of us. I am sure that many of you, like many of us in local government, are astounded by the amount of new regulations that have come forward with little or no funding support. Given that you have all your other work to do, and now there is a whole group of new compliance requirements, we thought that it might be helpful to run through some of those requirements and explain how we might work together in a collaborative way to make it possible for all of us to find ourselves in compliance for our funding.

As a little background, we know that the tragedy of 9/11 greatly impacted transit. Brian Jenkins and I, working for the Mineta Institute, did an evaluation of transit's impact from 9/11. We found that transit was, in fact, a principal victim, including not only the New York City subways, but also the interstate PATH system.

A little known fact is that there were more transit and transportation workers on site at the World Trade Center (WTC) during the recovery process than any other profession. You heard a lot about police and fire, but all those people in the background, operating the heavy equipment, cutting the steel, helping with welding, were all people from the transit and transportation community. They had been pulled off existing construction projects that were going on in New York City and diverted to help with this incredible problem.

One of the things that most people do not realize is that the plaza where you saw the pile of rubble and all those people working is the roof of a whole series of subway lines. The amount of shoring that had to be done underneath to support the weight of all that heavy equipment and the rubble from the buildings that were never intended to be in one big pile was quite an engineering challenge. The New York City transit folks stepped up, took the challenge, and were very successful.

They also had to deal with the river, which is another thing that you do not hear about much unless you read our book. The wall that protects downtown Manhattan from the river was somewhat compromised in the damage at the WTC. Among the things they had to do was sandbag the subterranean areas to make sure that the whole downtown did not flood.

So, I want to emphasize the tremendous importance that transit and transportation has in emergency management and emergency response. It is very important that we look at planning from a perspective that ensures those capabilities are there when you need them.

On 9/11, of course, Secretary Mineta, as the head of our national transportation agency, ordered the planes out of the sky. The belief among our security agencies was that was a significant benefit to us in preventing additional carnage, for it appears there may have been other potential suicide bombers in the air.

Bill Medigovich, who was the emergency response manager for the Department of Transportation, tells how he stood by Secretary Mineta and watched what they call the big board that has little colored blips for every airplane in the sky over the United States and in American airspace. That display is normally flashing colors all day and night. He said it was quite an eerie experience to see it go dark, piece by piece, until the only colors left were the military aircraft.

Again, we recognized that the role of transportation and transit is key for our whole country, the way we move ourselves and our economy.

There were some presidential security declarations issued after 9/11 that are now beginning to come home to roost. The first thing the president did through HSPD-1 was to create the Department of Homeland Security to focus on the prevention of terrorism and a response to terrorism. The biggest of the major entities among the 22 agencies were the Federal Emergency Management Agency (FEMA), the Secret Service, and the Coast Guard. In 2005, Secretary Chertoff announced the creation of a Preparedness Directorate and the introduction of a medical officer and the cyber terrorism branch into this already very complex department.

The presidential directive that we are most concerned about today is HSPD-5, which was issued in 2003. It is called "The Management of Domestic Incidents," and has a variety of elements. The ones that are important for us as we talk today mandate a single comprehensive approach to domestic incident management. That did not exist before HSPD-5 because every state had its own method of managing disaster response and planning. The directive also notes that the "Secretary shall develop a national incidence management system," the infamous NIMS, and it says "the National Response Plan using NIMS is the structure for federal support to local incident managers." I must emphasize this final point that FEMA's role is not as a first responder. The federal government's role is to support local incident managers by coordinating available resources through the emergency support functions. One of those, as you all know, is transportation.

Under HSPD-8, which was issued at the end of 2003, there were some more specific guidelines listed for what was expected of us. The key point here is from the past. If you asked somebody who was a first responder, they would tell you police and fire. If you asked somebody who worked in the field quite a bit, they might have thought of emergency medical services and maybe even transportation in the sense of traffic direction and roads being made available. But under HSPD-8, it is clearly spelled out that the responsibility for protection and preservation of life, property, evidence, and the environment includes public works and other skilled support personnel, such as equipment operators that provide immediate support services during prevention response and recovery operations. Harking back to what I just said about 9/11, you can clearly see that the public works and other skilled support personnel within your agencies--transit and transportation--might be called upon in an emergency.

One more thing, not only looking at 9/11, but also looking at the hurricane events demonstrates clearly that transit and transportation have to be in the forefront of the efforts. Some of the worst problems that developed out of the hurricanes were because of poor coordination within the emergency management structures to ensure that transit and transportation were at the table and able to be effective partners.

Transit systems, as you all know, are victims of many different types of problems--explosive devices and suicide bombers are well-known. We also have always looked to transit equipment as a method for evacuating threatened areas. We have used rail, light rail, buses, and powered transit in many previous events.

We also use buses as temporary shelters extensively in California, and I assume in other parts of the country, because they have the benefit of being able to bring people indoors very quickly; they can either be heated or cooled, depending on the time of year. People have a comfortable seat to sit in if they need to fill out forms, or be given a meal. It is an easy for people to hear what is being announced at the front of the bus, and then they can be given whatever materials they need. We have found in San José that Valley Transit Authority has been a very important partner for us.

Buses have also been used extensively in previous evacuations as transportation for people with disabilities, the elderly, and the poor--people who may not own cars, or be able to operate their own cars, or want to operate their own cars. Buses have also been used as expedient medical transportation for what we call the walking wounded--people with moderate injuries, but nevertheless who need to be taken for medical screening and evaluation and possibly care. By putting two paramedics on a bus, you can provide a very good level of oversight for people already in transit that allows them to be delivered to an emergency room a little distant from the disaster so that your closest emergency room doctor is saved for the ambulance-driven passengers that are triaged at a higher level of need.

Recovery workers are part of the transit world, as we have mentioned--heavy equipment operators, welders, iron workers, engineers, and people to do damage assessment. But one of the points that was terribly lacking in the Katrina response--and I challenge all of us to try to now build into our response--is that we should not take empty vehicles into the disaster. If we are taking a boat to rescue somebody, we should fill it with bottled water and hand the water out to people that are waiting to be rescued on our way in. We should use our transit vehicles to take in needed equipment as we are bringing out people that are in part of the disaster.

But all of these activities that I have listed here have one common denominator that is hardly ever mentioned in plans, and that is the human element. There is no possibility of doing any of these things unless you have your employees trained and prepared to respond as these suggestions outline--to be the bus driver, to be the heavy equipment operator, to be the welder.

In a picture taken from an airplane you can see that all of those little white streaks are buses; buses marooned in New Orleans because there was nobody to drive them. If you look at the number of them in just one picture, you recognize how many hundreds, maybe thousands, of people could have been saved if there had been a driver for each of those buses. These are 40- or 50-seat vehicles where you could have had people stand in the aisles to meet this kind of tremendous need. They could not be moved, so the buses were drowned and yet there were people who desperately needed their help. New Orleans Mayor Nagin was interviewed about two weeks after the tragedy and he said, "We had plenty of equipment, but we had no drivers."

Let us take that as a challenge to not allow our capabilities to be lost because we did not bring our employees into the planning process early on. And when we talk about our employees, we have to remember to bring in our bargaining units from our various unions. Because in many cases, it is quite a legitimate argument to say that this is not our work. A bus driver is not normally trained or expected to operate in a dangerous environment. They are expected to operate on normal city streets with traffic control devices operating and the availability of police personnel to respond to a problem. Instead, we are asking people to go into a more dangerous environment. My experience is that when we talked with our represented employees early on and brought them into the process and asked them to be our partners, that we had very successful planning.

I have to give you one more commercial from my side of the world, which is emergency management. Remember, nobody is going to come to work if they are worried about their own family. The only way that you can be sure that your bus drivers are going to be willing to work with you and fill your needs is that they have confidence that their family at home has a preparedness plan, has the supplies they need, has partnered with another family member or neighbor, in case there is a need for help. Then that family member that is your bus driver or your welder or your transit employee is going to be comfortable and confident to stay at work. If they are not, they will go home. In the New Orleans Police Department, experience clearly demonstrates that even the level of sworn responsibility that comes with a badge did not deter people when they were worried about their own families. That is a reality that we need to plan for ahead of time.

The incidents in Moscow, London, and Madrid all show how vulnerable trains can be. There is the long-term victimization of transit in other parts of the world, yet transit can be a partner in solving some of the problems. The security cameras in the London underground helped to identify the bombers.

In prevention, security personnel can be vigilant. It helps to remove trashcans and to change the types of vending machines that are used to make it more difficult to hide devices.

We also are trying to bring the public in as a partner in surveillance, which is very important. The Amtrak campaign poster says, "See something, say something; unattended bags, suspicious activities, a safety hazard. Report it immediately to train or station personnel, Amtrak police, the 800 number, or call 911."

I do not care how many employees you have; you do not have enough employees to be everywhere on your whole system all the time. But there is a rider most of the day in every part of your transit system. Just as we try to bring our neighbors into neighborhood watch type programs to help us with surveillance, this is a great benefit to all of us in transit and transportation to educate our riders about what to look for, to make them our eyes and ears so that we have an extended capability on all of our systems.

HSPD-8 has some very specific impacts on transit. First, a national preparedness goal has been articulated by the president, and it includes some specific national priorities, which happen to be the driving force behind all of your emergency and homeland security planning from hereon out.

These national priorities start with the implementation of NIMS. But they also include expanded regional collaboration. It is not enough for the city to plan, for example, as the City of San José. We now need to reach out to our entire county, to all of the special districts within our county, and to all of our transit partners, which for us includes VTA, ACE, light rail, Caltrain and Amtrak.

You have a requirement to implement the interim National Infrastructure Protection Plan. I hope that all of you have been working with your local law enforcement agency to do the planning that is necessary for critical infrastructure protection, not just the parts of the rail systems that we see everyday, but also the power source. If your system is electrical, where you get your power is a target. If they blow up a substation, the transit agency is not going to be able to run the equipment that runs on electricity, so resources that we are counting on to help us with evacuation can be taken out if the terrorists targeted them. We need to be sure that those elements are included in this planning, so that in the future we can get federal funding to assist in hardening those targets.

Strengthening our information sharing and collaboration capabilities is a very important part of our entire surveillance effort and it requires good coordination with law enforcement, as does strengthening our interoperable communications capabilities. We are pretty good about police and fire now being able to talk with each other through some mechanism. We have also brought in emergency medical services, because we clearly see them in the field.

But we have to remember that transit and transportation are extremely important parts of our need and ability to communicate. If I have a disaster and I need the buses to come, I need a way to talk to the drivers to warn them about any dangers along the route or to give them information about any concerns for passengers. We need a system to do this, and right now, in most major cities, there is no interconnect between transit communications and the emergency operations center, police, and fire.

I was privileged to go to Rockville, Maryland, and visit their outstanding facility where they have integrated their smart transportation center and their emergency operations center. I saw how important it has been for them, even with day-to-day accidents, to have the capability for police and fire, as they respond to a bus accident on the freeway, to be able to talk to the driver and to have the dispatchers be able to be in communication. The federal government has recognized the importance of that interoperability and has some funding available.

Strengthening chemical/biological and radiation detection response and decontamination capabilities is important. There are great efforts in this with research and development at the federal level.

And finally, strengthen medical, surgical, and mass prophylaxis capabilities. You might say that is a medical issue, but when we think about who is going to get the medical first responders to the place where you want to deliver the prophylaxis, we are going to rely on buses and light rail to help us get our professionals there.

Then, who is going to bring the public? We hope they do not all come in their own car, because there is not enough parking at any of the facilities we want to use. Again, we will be looking at transit and transportation. As your public health department is doing planning for mass medical care, which is clearly in their court, the ability to move around in the community and make mass prophylaxis centers useful and possible really requires a tremendous amount of coordination with transit and transportation.

Another part of the development is something called the National Planning Scenarios. There are fifteen of them. I want to quickly read them to you: improvised nuclear device, aerosol, anthrax, pandemic flu, plague, blister agent, toxic industrial chemical, nerve agent, chlorine tank explosion, major earthquake, major hurricane, radiological dispersal device, improvised explosive device, food contamination, foreign animal disease and cyber.

What's missing?

Flood is the number one disaster in the United States. It is a repetitive disaster that occurs more frequently than any other disaster, and it causes the largest dollar-value losses every year. With Hurricane Katrina, it was orders of magnitude bigger than anything else, and there is no planning scenario on flooding.

My point in bringing that up is that many of the fifteen scenarios they want us to plan for are in the realm of extremely unlikely, such as an improvised nuclear device, or something that is rather difficult for any of us to do much about, like foreign animal disease--that is a Customs issue. Certainly we want to be supporting Customs, but as the City of San José, there is not a thing in the world I can do about foreign animal disease. Yet flooding is a big concern for us.

I think that it is important for us to look at this federal guidance, but customize it to the real world in which we live. When we do our exercises based on the National Planning Scenarios, we need to think of them from an all-hazards perspective. Even if we are focused on a biological event, or a chemical event that is terrorism related, we need to think about how that might support us in other types of events that are more likely.

Finally, the federal government has developed what they consider the 36 target capabilities that are most important. They fall into certain categories. One is called Common Target Capability and that includes interoperability. There are Mission Prevention, Mission Protection, Mission Response, and Mission Recovery.

In Mission Response, I want to point out two things. One is Critical Resource Logistics and Distribution. How is that going to happen?--through the use of transportation assets. The other is a very important piece: Worker Health and Safety.

Drivers not only have to be trained, but if they are going into a dangerous environment, they have to have the appropriate personnel protection equipment, whether it is something as simple as a bulletproof vest or something as complex as a bus that has the right detection equipment. If they must have a HEPA filter or other kind of mask to wear, remember that through OSHA and your state OSHA, every single piece of protective equipment that you give to a person requires training. If you give them a respirator to wear in case they are sent into an area where there is chemical exposure, they have to be trained to use the respirator. They have to have testing to ensure that they are capable of using the respirator and they have to have fit testing for the respirator. Then they have to have training every year. This is not a matter of buying something and sticking it in the bus. This is an ongoing annual cost for training and refresher training.

I think some of these things are lost on some of my Homeland Security colleagues. I go to conferences where they tell me, "Do this." And I ask, "How are we going to pay for that?"

I am sure that your agencies are in the same boat as my city. We do not have enough revenues to just do it. We need to work smarter, because we are already working as hard as we can. We need to try to dovetail activities that we know are important and, as we are doing those, see how we can expand the benefits of those activities into these new worlds that we face.

HSPD-8 says we need to "focus on the capabilities collectively needed to prevent, protect against, respond to, and recover from a terrorist attack or national disaster" and "identify core capabilities" because this is how we "prioritize our federal investments."

Now we come to the heart of the presentation: how you get your money.

Notice that the overarching requirement here is NIMS, the National Incident Management System. Let me read you the quote: "All levels of government across the nation are to have the capability to work effectively and efficiently together using a single comprehensive national approach to domestic incident management."

We can no longer say we do not like incident command systems (ICS) so we are not going to use it. That is the way we now will do business.

NIMS is based on the command and control system called the Incident Command System in the field. This ICS model was created in California in the 1970s. It grew out of the wild-land fires and it is now an internationally accepted method for managing disasters at the field level. In fact, the entire nation of Italy has its entire fire service completely on ICS. Every region has an exact duplication of a cache of equipment so that if they have a big event, they can bring multiple regions together and they all use exactly the same equipment. It is totally interoperable and it is really quite impressive.

There is a NIMS resource management component that includes mutual aid. So, you will need to establish or enhance your mutual aid system.

You need to have emergency operation plans that are constructed along the Incident Command System format, no matter how you had it before, by ESS or your own unique structure. If you want to get federal funding, you are going to have to reformat your plans into the Incident Command System structure.

Jurisdictions receiving federal funds must incorporate NIMS. Beginning on October 1, 2005--this is a federal directive--all recipients of federal preparedness funds must adopt and use NIMS as a condition of receipt of fiscal year 2006 Preparedness Assistance Funding. This does not include just funds from Homeland Security. It includes preparedness funds from all federal departments and agencies. Think about the funding that you receive and the value that it has to you and your agency and recognize that NIMS is now a requirement for you.

On September 8, 2004, the governors received a letter from the president letting them know that NIMS implementation was coming. All of the 2005 federal preparedness assistance programs began addressing NIMS implementation. Transit systems direction for fiscal year 2005--transit system grants are now regional grants--says the following: "Personnel must complete NIMS awareness courses" and "IS-700 is available online."

You must formally adopt NIMS by resolution. It is not enough to just put it in your emergency operation plans that you adopt and run by NIMS and then have your governing board or council adopt the plan. That is not good enough. You need a separate resolution because the federal government wants your governing body to publicly state, "We adopt NIMS and we understand that we have to train on it."

You also have to evaluate your existing compliance, whether you are using ICS now, whether you already have a mutual aid plan and whether it is robust enough. You need to institutionalize both the incident command system and the mutual aid system across your response system.

Fortunately for all of you rail and transit system managers, your city and county partners should already be fairly well along in this process because, like you, their money depends on compliance. But if you work with non public agencies as part of your collaboration, such as utility companies, you need to be sure to bring them to the table so that at least your part of the plan is compliant. You may not be able to get them to comply, but at least the element they work on with you would be compliant.

In order to receive funding in 2006, the 2005 minimal compliance must have been met and applicants are required to certify that they have met those requirements. You cannot just say that you did it. There is actually a certification now that somebody has to sign, which means if you sign it and it is not true, you are in a little trouble with the federal government.

By 2007, complete NIMS compliance is required in order to apply for all grants.

Who needs to take IS-700?

The NIMS Integration Center, which is the national group that is trying to put this information forward, issued a directive in March 2005 that says all personnel with a direct role in preparedness, incident management, or response should take NIMS IS-700 by October 1, 2005, and must have full NIMS compliance within one year from that date.

So who are they? A comprehensive list of people has been spelled out very specifically by the federal government (and listed in my presentation). At the executive level, it is elected officials, anybody that can be charge of anything; it is all of your emergency operations center (EOC) staff; and it is all of your senior emergency managers. At the managerial level, it is agency and organization management between the executive and first line supervisors and all the divisions of your agency that have anything to do with first line response. If you remember ICS, the five boxes are: management, operations, planning intelligence, logistics, and finance. All of those accountants that are responsible for keeping track of how much money you spent on the disaster have to take IS-700; they are part of the ICS structure at the managerial level.

Finally, all of the emergency response providers and disaster workers, from entry level to managerial level, must take it. Each new bus driver that you hire needs to take IS-700 because that person is the one we were talking about who we want to drive the bus to transport the victims, to transport the doctors and nurses to the mass prophylaxis site, and to bring in the critical supplies.

Who will respond to an emergency in your organization? I tried to make a list: drivers, engineers and conductors, maintenance personnel who are going to have to keep those vehicles on the road, janitorial staff to clean the stations and the cars and who would be part of your surveillance, your ticket agents who are part of that vigilance that we need every day, and then I can only ask you the question, "Who else?"

The national preparedness goals require us to be looking at risk-based targets. This harks back to the first part of the presentation where you need to look at what are your risks, and then what are you going to try to prevent or prepare for, respond to, and recover from--floods, hurricanes, earthquakes, epidemics, the 15 scenarios. The targets are going to be based on your 15 planning scenarios, and I would urge you to include flooding as the sixteenth, whether the feds mandate it or not. Then there is the target capabilities list of 36 activities, which include performance metrics, and the universal task list which has 1,600 items currently and is growing. Somebody in your agency is going to have to look at every element of your emergency response and tie that job to some of those 1,600 universal tasks as part of the evaluation process.

This is when I throw up my hands and say, "Who is going to pay for this?"

This is a lot of information that I have thrown at you. When you go back and try to tell your executive management or your governing body what I just told you, they probably are going to say that I am out of touch with reality. So to help you help them get in touch with reality, I refer you to some websites that are listed in the "Resources" part of my presentation.

If you take the IS-700 course online and you pass it, you will receive an e-mail within a relatively short time--24 to 48 hours. I encourage everybody who takes the IS-700 online to keep that e-mail as their certificate until they get a certificate in the U.S. mail. Forward the e-mail certificate to your training coordinator and make that the proof document if you get a visit by the feds.

The elements of our national systems are now requiring planning at the NIMS compliance level, operations changes when we have the color codes, equipping for appropriate prevention protection and interoperability of recovery, training, NIMS Incident Command System 100 and 200, Awareness 160 for all your field level people, integration with law, fire, and EMS in your planning, and local specific concerns to be integrated into your training sessions, such as suicide bombing and improvised explosive devices (IED).

Exercises are required. There is a program called the Homeland Security Exercise Evaluation Program (HSEP) that has four volumes of information providing enormous amounts of detail in the kind of exercises that are required: tabletop, facilitated, and full-scale exercises that bring together your first responders to have them practice.

How can the Mineta Transportation Institute help you?

We are here today not just to scare you but also to give you some encouragement. A tremendous amount of research has been done that is available at http://transweb.sjsu.edu , the MTI website. We also have other materials available that we hope will be helpful. We offer guidance in plan writing if you are concerned whether your plans are ICS compliant. We can help you with planning assistance on how you are going to comply with the national response plan. MTI can provide assistance on the preparation of federally required documents, including answers to your questions about who needs training in what courses.

I want to spend my last few minutes talking about exercises because exercise programs are really the key to preparedness. You can write a great plan, but if nobody knows what is in it and nobody has ever tried to use it, all you have is a really nice doorstop. What you need is a plan that is embedded in people's heads.

The excuse in New Orleans for why they did not do a better job responding was, and this is a quote from Mayor Nagin, "My plan was in the trunk of my car, underwater."

That is not an acceptable excuse. Your plan does need to be in the trunk of your car, arguably, and it also needs to be at home in a safe spot, but most important of all, it needs to be in your head. I am not suggesting that all of you are going to memorize your whole plan because you are not responsible to do every job in your plan. The only way you are going to embed your job in your head is to do it in an exercise environment, not once, but annually or more often if you have the capability.

Exercises are really the key to your preparedness. All the rest is prologue. You can plan. You can write a nice document. You can buy the equipment. You can train your personnel in all of the skill sets. But if you never practice, when the time comes to do it, people are not going to instinctively do what the plan says. They are going to just make it up as they go along, and therein is disaster.

We urge you to look to MTI for any assistance that we can provide. This may be with tabletop exercises for your executive management so that they understand your goals and their roles in a disaster. It may be with drills for your field level personnel to ensure that they have the skills that you want them to include.

I urge you to do an annual drill of family preparedness. It does not cost much money. You can partner with your local city or with your American Red Cross chapter. The Red Cross has wonderful handouts and people that will do one-hour lunchtime brown bag presentations on how be prepared at home. It is an excellent investment, both in your employees and in your organization.

The Mineta Transportation Institute can assist you with a program called Facilitated Exercise for First Responders. The Harvard University Kennedy School of Government has selected this program as a best practice. They have written a case for their executive program on crisis management that was funded by the CDC. We have several partners who have certified or agreed that this is a really good way to do exercises.

Recently, I had the thrill of being part of the first facilitated exercise in my jurisdiction that involved our rail partners. We went to the Union Pacific rail yard, where ACE, Amtrak, and Caltrain brought equipment and let us use it for three consecutive days of classes. We put almost 300 first responders through the facilitated exercise. They learned about improvised explosive devices and where they might be hidden in rail, light rail, and buses.

They were given an introduction to railcars, because most police and firefighters have never been close to a train or ridden a train. In California, trains are not part of the day-to-day life of most people. If they have to respond to your equipment, they need to know what is safe. Where are the high pressure hose lines? Where are the fuels? How do they shut them off safely? Where are the hazardous materials? Where are the human waste containers for the restrooms? They need to know so that when they try to provide assistance they can be safe, and they can make your passengers as safe as possible as they extricate them safely.

One thing they did not know is that railcars today are built with unibody construction. Their first thought was to take the jaws-of-life to it. But what happens is the car crumbles likes a beer can. What they learned was where the decal on the roof is that shows where they can safely cut to get the victims out if the train has derailed on its side. Where are the locations of the switches to open doors? Now they know where they are. We gave them full color handouts to put in every rig, not only for the City of San José and the County of Santa Clara, but for the entire ACE train rail line as well.

How did we do that? We did it with the Homeland Security funding that came to ACE through the Urban Area Security Initiative (UASI). Look to the availability of money that you have now and see how you can make it go farther. ACE paid $96,000 for overtime support and the City of San José Metropolitan Medical Task Force provided the instructors, the handout materials, and the learning opportunities.

This was a tremendous joint venture that we were able to accomplish, and it is something that you can do in your jurisdiction. It does not have to be difficult. It does not have to be expensive and it can be incredibly productive for you and all your partners. Then, when you are ready, you can do a functional exercise in your emergency operation center or a full scale exercise in the field. The facilitated exercise will embed the plan in the minds of the people who come out and learn and do together so that when a real disaster occurs, they are a team, coordinated, working together with our federal partners under NIMS to succeed for the most important reason possible, to save the lives of people in our community.

Rod Diridon:

Dr. Edwards has described the capabilities within The Mineta Transportation Institute. There also are commercial organizations that provide similar kinds of training programs.

If you are not complying with the law, you ought to be, and not only for the sake of protecting your people. If you do not comply with NIMS, there is not just the danger of your constituency being killed or your economy being disabled for an extended period of time, or maybe permanently, but also there is legal liability.

This is the law. In California, it has been the law for a long time with SEMS (the Standardized Emergency Management System). If you have a disaster in your local community, and it is determined that you did not comply with NIMS, those who are hurt by the disaster who might not have been hurt if you had been properly trained, have a legal cause of action certainly against your jurisdictions, but possibly against you as individual managers of those jurisdictions.

Those are the facts of life, yet we are so busy at the local level that most of us do not even know what NIMS is. You are the best of the crop, because you took the time to be here. Your counterparts out in the community, who have just as much concern, should have had the training by now to be completely compliant. We have to take this to heart, not just because it is the right thing to do, not just because to do it saves lives and gets you back into business quickly, but also because of the legal liability.

Do you have any questions?

James Rudy, Orange County Transportation Authority:

We have taken the online course and apparently we have heard from the State of California that they are not going to recognize that, or at least POST (Peace Officers Standards and Training) wants to mandate training for first responders. Have you heard any update on that?

Frances Edwards:

Yes. We have our own overlay in California. POST has a course that is mandated for all sworn law enforcement officers and it has elements of AWR 160 in it, but not NIMS. So you have to do both the NIMS IS-700 training and the POST course. Through the POST course you will get compliance with AWR 160, which is the other course that officers and responders at the field level must have. Suzanne Mencer, who was the head of the Office of Domestic Preparedness in 2003, told us that AWR 160 was a priority, so that is what we have been doing. When that grant came out, most of us put our emphasis on AWR 160, because we were told if you did not have that done by 2004, we would not get any more money. Now NIMS has slipped in as well. Also in California is a course that the fire department has to take which includes part of the AWR 160 requirement. So in addition to NIMS, there is AWR 160 for all of your field-level people.

Katrina Kernodle, Frances Kernodle Associates:

You showed the picture of the "See something. Say something" Amtrak messages incorporating the many riders on the transit system into the security campaign. I also wanted to mention Transit Watch, which is the FTA/TSA initiative that was launched at the APTA meeting in 2003. I know San José was one of the first cities to be a Transit Watch community. We are doing another Transit Watch initiative right now, and if you want some informed answers, you might want to speak with Bridgette Zamperini with TSA. She has a lot of information on Transit Watch.

Frances Edwards:

Since we are in Dallas, I should mention that the local mass transit company her