Jersey City, New Jersey
Good morning, Chairman Donovan, Ranking Member Payne, and distinguished Members of the Subcommittee. I appreciate the opportunity to appear before you today to discuss the Transportation Security Administration’s (TSA) role in surface transportation security.
The surface transportation network is immense, consisting of mass transit systems, passenger and freight railroads, highways, motor carrier operators, pipelines, and maritime facilities. The New York Metropolitan Transportation Authority (NY MTA) alone transports over 11 million passengers daily—and represents just one of the more than 6,800 U.S. public transit agencies for which TSA has oversight, ranging from very small bus-only systems in rural areas to very large multi-modal systems like the NY MTA in urban areas. More than 500 individual freight railroads operate on nearly 140,000 miles of track carrying essential goods. Eight million large capacity commercial trucks and almost 4,000 commercial bus companies travel on the four million miles of roadway in the United States and on more than 600,000 highway bridges over 20 feet in length and through 350 tunnels greater than 300 feet in length. Surface transportation operators carry approximately 750 million intercity bus passengers and provide 10 billion passenger trips on mass transit each year. The pipeline industry consists of approximately 3,000 private companies, which own and operate more than 2.5 million miles of pipelines transporting natural gas, refined petroleum products, and other commercial products that are critical to the economy and the security of the United States. Securing such large surface transportation systems in a society that depends upon the free movement of people and commerce is a complex undertaking that requires extensive collaboration with surface transportation operators.
Recent terror attacks on mass transit and passenger rail carriers in France and Belgium remind us of the need to remain vigilant. While there is no known specific, credible terrorist threat to the U.S. passenger rail system at this time, the August 2015 incident in Paris and the March 2016 attacks in Brussels underscore the need to continue to build upon our surface transportation successes through stakeholder communication, coordination, and collaboration. Surface transportation passenger systems are, by nature, open systems. In the face of a decentralized, diffuse, complex, and evolving terrorist threat, TSA responds by employing cooperative and collaborative relationships with key stakeholders to develop best practices, share information, and execute security measures to strengthen and enhance the security of surface transportation networks.
Unlike the aviation mode of transportation, direct responsibility to secure surface transportation systems falls primarily on the system owners and operators. TSA’s role in surface transportation security is focused on security program oversight, system assessments, voluntary operator compliance with industry standards, collaborative law enforcement and security operations, and regulations. Security and emergency response planning is not new to our surface stakeholders; they have been working under Department of Transportation (DOT) and U.S. Coast Guard (USCG) programs and regulations for many years. Although DOT’s regulations relate primarily to safety, many safety activities and programs also benefit security and help to reduce risk. In the surface environment, TSA has built upon these standards to improve security programs with minimal regulations.
TSA’s spending on surface transportation realizes a massive return on its budgetary investment. TSA’s resources and personnel directly support ongoing security programs by committed security partners who, in turn, spend millions of their own funds to secure critical infrastructure, provide uniformed law enforcement and specialty security teams, and conduct operational activities and deterrence efforts. We have invested our resources to help security partners identify vulnerabilities and risk in their agencies. Surface transportation entities know their facilities and their operational challenges, and with their knowledge and our assistance, they are able to direct accurately their own resources in addition to the hundreds of millions of dollars in Federal security grant funding to reduce the risk of a terrorist attack.
Federal, State, Local, and Private Coordination
Securing the vast surface transportation network requires a group effort. TSA oversees the development and implementation of risk-based security initiatives for surface transportation in coordination with our security partners.
TSA, on behalf of the Department of Homeland Security (DHS), is a co-Sector Specific Agency alongside DOT and USCG for the transportation sector. DOT and TSA work together to integrate safety and security priorities. As part of the DHS-led Critical Infrastructure Partnership Advisory Council (CIPAC) framework, TSA, DOT and the USCG co-chair Government Coordinating Councils to facilitate information sharing and coordinate on activities including security assessments, training and exercises. Additionally, TSA leverages its core competencies in credentialing, explosives detection, and intermodal security to support the USCG as lead agency for maritime security.
TSA works with state, local, and industry partners to assess risk, reduce vulnerabilities, and improve security through collaborative efforts. Collaboration between TSA and industry occurs through daily interaction and engagement, as well as through formal structures including the DHS-led CIPAC framework, Sector Coordinating Councils, and other industry-centric organizations such as the Mass Transit Policing and Security Peer Advisory Group. TSA, security agencies, and the corporate leadership of industry and municipal operator stakeholders jointly pursue policies to secure surface systems, including implementation of exercises and training, physical and cyber hardening measures, and operational deterrence activities.
Regional Alliance Including Local, State, and Federal Efforts (RAILSAFE)
TSA coordinates with Amtrak and NY MTA to support RAILSAFE operations, in which Amtrak police and law enforcement officers from Federal, state, local, rail, and transit agencies deploy at passenger rail and transit stations and along the railroad rights-of-way to exercise counterterrorism and incident-response capabilities. This coordinated effort involves activities such as heightened station and right-of-way patrols, increased security presence onboard trains, explosives detection canine sweeps, random passenger bag inspections, and counter-surveillance. RAILSAFE operations are conducted several times a year to deter terrorist activity through unpredictable security activities. On average, more than 40 states and Canada, and over 200 agencies participate in RAILSAFE operations. The most recent RAILSAFE operation was conducted on May 26, 2016, with more than 1,400 officers across 205 agencies representing 42 states and Canada participating.
Exercises and Training
TSA has developed multiple training and exercise programs to assist industry operators in directing their resources and efforts towards effectively reducing risk. With the support of Congress, TSA developed the Intermodal Security Training and Exercise Program (I-STEP). TSA facilitates I-STEP exercises across all surface modes to help transportation entities test and evaluate their security plans, including prevention and preparedness capabilities, ability to respond to threats, and cooperation with first responders from other entities. TSA uses a risk-informed process to select the entities that receive I-STEP exercises and updates I-STEP scenarios as new threats emerge to ensure industry partners are prepared to exercise the most appropriate countermeasures. Since FY 2008, TSA has conducted over 105 I-STEP exercises throughout 40 High Threat Urban Areas (HTUAs), including eight conducted so far this fiscal year, such as motorcoach exercises in Los Angeles, CA and Myrtle Beach, SC; mass transit exercises in Houston and San Antonio, TX; and maritime exercises in New York City and Washington, DC. Additionally, TSA conducted an I-STEP exercise in Philadelphia in August 2015 to help that region prepare for the Papal visit.
In FY 2015, TSA developed and began utilizing the Exercise Information System (EXIS) tool, which examines a surface transportation operator’s implementation of security measures in the areas of prevention, protection, mitigation, response, and recovery. EXIS helps transportation operators identify areas of strength in an operator’s security program, as well as those areas that need attention where they can then focus or redirect resources, such as security grant funding. TSA also is able to provide operators with several resources that can improve capability in areas such as training, public awareness campaigns, and best practices that other systems have implemented to address security concerns. Since program inception, TSA has facilitated 16 EXIS exercises with stakeholders in HTUAs.
TSA disseminates training materials and information to stakeholders through several avenues. Through the Security Measures And Resources Toolbox (SMARToolbox) and other security and public awareness training materials, TSA provides surface transportation professionals relevant insights into security practices used by peers throughout the industry and mode-specific recommendations for enhancing an entity’s security posture. TSA developed the Surface Compliance Analysis Network (SCAN) to analyze daily incidents reported to the Transportation Security Operations Center to identify security-related trends or patterns. TSA disseminates SCAN trend reports to affected entities, as well as to the broader industry for situational awareness. SCAN reports have been able to identify incidents that when taken individually may not seem to be an issue or threat, but when compiled over time and analyzed locally, regionally, and nationally, present activities that may be pre-operational activity aimed at detecting the response methods and/or capabilities of surface transportation systems. The number of similar incidents reported in relatively short periods of time may indicate the intent of a perpetrator to disrupt operations and potentially cause damage and injuries. These SCAN trend reports provide insight into those potential threats and operations.
TSA’s First Oberserver™ security domain awareness program delivers web-based training to surface transportation professionals, encouraging frontline workers to “Observe, Assess and Report” suspicious activities. Approximately 100,000 individuals have been trained on the First Oberserver™ Program. Operators have credited First Oberserver™ Program training in their ability to disrupt a potential Greyhound bus hijacking situation in February 2011. Also in February 2011, a concerned Con-way employee followed principles he received from the Program’s training to alert authorities about inconsistencies regarding chemicals shipped and their intended use, which led to the arrest of an individual who was then charged with attempting to bomb nuclear power plants and dams along the West Coast., The investigation also revealed that the subject was planning to target the home of former President George W. Bush as well.
TSA strongly encourages the use of the If You See Something, Say Something™ public awareness campaign—which the NY MTA created using DHS security grant funding—to make the traveling public the “eyes and ears” of the transportation systems. Similarly, TSA’s Not On My Watch program is directed at the surface transportation community and designed to make employees of surface transportation systems part of awareness programs intended to safeguard national transportation systems against terrorism and other threats. TSA also works with industry to identify emerging security training needs, develop new training modules, and refresh existing training.
In September 2014, TSA began a program to provide senior-level industry transportation security officials with a detailed exposure to TSA’s surface security programs and policies. Once a quarter, a senior executive from a surface transportation operator or entity is invited to spend four to six weeks at TSA to gain firsthand experience in TSA’s counterterrorism and risk reduction efforts and foster beneficial relationships among TSA and industry stakeholders. Participants in the program have included Amtrak, the Washington Metropolitan Area Transit Authority, NY MTA, and the Bay Area Rapid Transit District. Executives from these agencies were given a broad exposure to TSA operations in the surface and aviation modes, and left with a better appreciation for the scope and breadth of the services TSA provides for all modes of transportation. The program also allows TSA to use the senior executives as sounding boards for potential security programs and policies, to ensure that our initiatives not only address their greatest security concerns, but are feasible from an operational perspective at the local levels of transportation.
Sector-Specific Programs, Assessments, and Inspections
TSA performs regulatory inspections on railroad operations, and voluntary assessments of systems and operations within all of the surface transportation modes to ensure operator compliance with security regulations and adoption of voluntary security practices. TSA deploys 260 Transportation Security Inspectors for Surface (TSI-S) to assess and inspect the security posture of surface transportation entities.
TSA and its partners in the freight rail industry have significantly reduced the vulnerability of rail security-sensitive materials, including Toxic Inhalation Hazard (TIH) materials, transported through populous areas by reducing urban dwell time. The national rate of regulatory compliance rate is above 99%.
In 2006, TSA established the Baseline Assessment for Security Enhancement (BASE) program, through which TSA Inspectors conduct a thorough security program assessment of mass transit and passenger rail agencies as well as over-the-road bus operators. These inspectors help local transit systems develop a “path forward” to remediate vulnerabilities identified in the vulnerability assessments, and identify resources that TSA or other areas of the Federal government can provide to help transit systems raise their security baseline. The results of these assessments are analyzed to influence TSA policy and development of voluntary guidelines to ensure that our voluntary policies and programs are addressing the most critical vulnerabilities from a security perspective. TSA performs these voluntary BASE assessments with emphasis on the 100 largest mass transit and passenger railroad systems measured by passenger volume, which account for over 95 percent of all users of public transportation. TSA has conducted over 430 assessments on mass transit and passenger rail systems since 2006. In FY 2015, TSA Inspectors completed 117 BASE assessments on mass transit and passenger rail agencies, of which 13 resulted in Gold Standard Awards for those entities achieving overall security program management excellence. In 2012, TSA expanded the BASE program to the highway and motor carrier mode and has since conducted over 400 reviews of highway and motor carrier operators, with 98 reviews conducted in FY 2015. On average, approximately 150 reviews are conducted on mass transit and highway and motor carrier operators each year, with numerous reviews in various stages of completion for FY 2016.
TSA also regularly engages transit and passenger rail partners through the Transit Policing and Security Peer Advisory Group (PAG), which represents 26 of the largest public transportation systems in the United States, Canada, and the United Kingdom, and through regular monthly and as-needed industry-wide information sharing calls, such as calls conducted after the attacks in Paris and Brussels. Our participation in forums such as the annual Mass Transit and Passenger Rail Security and Emergency Management Roundtable, and our continuing work with the PAG enable us to understand the security needs of our domestic and international security partners to collaboratively develop programs and resources to meet critical needs. Through the PAG and the Roundtables, we have restructured how security grant funds are awarded to high-risk transportation entities, ensuring that the funding priorities address the current threat and risks that our surface transportation operators face. We also developed a list of nationally critical infrastructure assets in order to better direct Federal and local resources to implement security measures to protect those assets. Since FY 2006, over $565 million in Transit Security Grant Program funding has been awarded for security projects specifically to harden these critical assets. We have also been able to enhance and refine the ways and timeframes in which we share threat and intelligence information, through mechanisms such as Security Awareness Messages, and regular and as-needed industry information sharing and intelligence conference calls. TSA also hosts classified briefings for cleared industry stakeholders when warranted.
TSA has established a productive public-private partnership with the pipeline industry to secure the transport of natural gas, petroleum, and other products. TSA conducts both physical and corporate security reviews (CSR) within the pipeline sector, with over 400 physical security reviews of critical facilities of the highest risk pipeline systems completed since 2008 and over 140 corporate security reviews of high-risk systems since 2002. TSA completed six CSRs in FY 2015; four have been completed in FY 2016 with an additional four scheduled for completion by the end of the fiscal year. The Implementing Recommendations of the 9/11 Commission Act of 2007 (Public Law 110-53) required TSA to develop and implement a plan for inspecting the critical facilities of the top 100 pipeline systems in the nation. TSA conducted these required inspections between 2008 and 2011 through the Critical Facility Inspection program and is now focused on regular recurring reviews through TSA’s Critical Facility Security Review (CFSR) program. TSA completed 46 CFSRs in FY 2015; 21 have been completed in FY 2016 with 16 more expected to be completed by the end of the fiscal year.
TSA has developed pipeline security guidance with the assistance of pipeline system owners and operators, pipeline industry trade association representatives, and government partners. Wide-spread implementation of this guidance by the pipeline industry has enhanced critical infrastructure security throughout the country. TSA is currently working with stakeholders to update these guidelines. There has been an increase in the quality of the company corporate security programs reviewed during CSRs, as the guidance has served as a template for establishing a corporate security program including a Corporate Security Plan. For pipeline critical facilities reviewed during CFSRs, there has been an increase in the number of facilities conducting security drills and exercises, an increase in coordination with local law enforcement agencies, and an increase in the number of facilities conducting security vulnerability assessments, all of which are recommended practices in the Guidelines.
Securing Surface through Grants
TSA provides the Federal Emergency Management Agency (FEMA) with subject matter expertise to assist in the development of the Notice of Funding Opportunities for the Transit Security Grant Program. These FEMA grants support surface transportation risk mitigation by applying Federal funding to critical security projects with the greatest security effects. Between FYs 2006 and 2015, over $2.3 billion in Transit Security Grant funding was awarded to freight railroad carriers and operators, over-the-road bus operators, the trucking community, and public mass transit owners and operators, including Amtrak, and their dedicated law enforcement providers. One-hundred million dollars was appropriated in FY 2016 for mass transit, passenger rail, and motor coach security grants, which are currently in the application process. Applications were due April 25, 2016, and DHS expects to announce final award allocations on June 29, 2016.
TSA reviews the grant program framework and makes recommendations to FEMA, ensuring funding priorities are based on identified or potential threats and vulnerabilities identified through TSA assessment programs such as the BASE program, together with consideration of potential consequences. For instance, in 2007, TSA’s review of the industry scores in the training category of the BASE assessments indicated a potential vulnerability, and TSA addressed the vulnerability by modifying the Transit Security Grant Program (TSGP) to prioritize frontline employee training. In FY 2011, TSA’s review of BASE scores and discussions with industry revealed that vulnerabilities at nationally critical infrastructure assets were not being addressed as quickly as they could be. TSA worked with FEMA to overhaul the TSGP framework to prioritize these assets (“Top Transit Asset List”) for funding through a wholly competitive process. As a result over $565 million has been awarded to protect these assets, resulting in over 80% of them being considered secure from a preventative standpoint.
As a result of information gained from TSA activities, DHS is able to direct grant funds to activities that have the highest efficacy in reducing the greatest risk, such as critical infrastructure vulnerability remediation, equipment purchases, anti-terrorism teams, mobile screening teams, explosives detection canine teams, training, drills and exercises, and public awareness campaigns. For example, the NY MTA has received $17 million in public awareness funding that helped create the If You See Something, Say Something™ campaign, which was credited with preventing a potential terrorist event in Times Square in New York City. Over $276 million in grant funds have been used to hire over 520 specialty transit law enforcement officers in the forms of K-9 teams, mobile explosives detection screening teams, and Anti-Terrorism Teams. Transit systems in major cities including New York City, Washington, DC, Chicago, and Los Angeles use these grant-funded teams and patrols not only to conduct regular operations, but also to provide extra local security and deterrence in response to attacks across the world, including the recent attack in Brussels.
Cybersecurity
TSA supports DHS cybersecurity efforts based on the National Institute of Standards and Technology cybersecurity framework, including within surface modes. The cybersecurity framework is designed to provide a foundation industry can implement to sustain robust cybersecurity programs, and TSA shares information and resources with industry to support adoption of the framework. TSA also provides a cybersecurity toolkit designed to offer the surface transportation industry an array of available no cost resources, recommendations, and practices. Additionally, within the pipeline sector, TSA is coordinating a voluntary cyber-assessment program with the Federal Energy Regulatory Commission to conduct cybersecurity assessments of pipeline entities. TSA works closely with the pipeline industry to identify and reduce cybersecurity vulnerabilities, including through classified briefings to increase awareness of the threat. TSA’s efforts in cybersecurity are critical to securing surface transportation modes from cyber intrusions.
Implementing Recommendations of the 9/11 Commission Act of 2007
TSA has worked diligently to implement the requirements of the Implementing Recommendations of the 9/11 Commission Act of 2007 (Public Law 110-53). Under Administrator Neffenger’s leadership, TSA has prioritized the few remaining outstanding requirements of the Act. These mandates include the issuance of regulations relating to security training (Sections 1408, 1517, and 1534) and security planning and vulnerability assessments (Sections 1405, 1512, 1531), as well as establishment of a program to complete name-based background and immigration checks for public transportation and railroad employees (Sections 1411 and 1520). TSA is making significant progress on all of these rulemakings, among others, and continues to dedicate substantial time and resources towards this effort. TSA will continue its prioritization of these rules notwithstanding the complexity and time consuming nature of the rulemaking process.
Conclusion
TSA is dedicated to securing the Nation’s transportation systems from terrorist activities and attacks. Through its voluntary programs and minimal regulations, TSA mitigates security challenges faced by an open-by-nature surface transportation system in collaboration with our industry and government partners. We are focused on improving surface transportation security through the development and implementation of intelligence-driven, risk-based policies and plans, and we appreciate the Committee’s support of TSA’s goals. Thank you for the opportunity to discuss these important issues.