Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
OPERATIONAL PARAMETERS: THREAT INFORMATION FORUM Rapid and accurate information sharing is a critical operational need for coping with and managing threats against public transportation systems. Public transportation police, security, and operations personnel need to be aware of threats directed against their systems at the earliest opportunity. This information is essential to formulating appropriate operational responses to protect public transportation passengers, employees, vehicles, and facilities. This process is referred to as a Threat Information Forum (TIF). It is important for public transportation threat information to simultaneously move in three directions to ensure complete and effective communication. These are: â top-down, including information provided from national intelligence such as the current Homeland Security Advisory System (HSAS), which rates the status and threat to the national transportation infrastructure; â bottom-up, from public transportation police, security, and operational personnel, regarding actual and suspected local threat incidents that might indicate targeting or an impending attack; and â lateral, shared among adjacent public transportation systems and interrelated infrastructure sectors, representing mutual security concerns and operational issues. In order to facilitate information sharing among all levels, a framework for a TIF, common parameters, and protocols need to be established. TIFs should be organized into three components to collect and disseminate three classes of information. The three component areas are as follows. â Local public transportation threat user groups (TUGs) should be composed of designated persons at specific public transportation systems (e.g., management, operations, security, public transportation police, control center, and other key decision makers). Local TUGs should also include designated local partners such as adjacent or cooperating public transportation systems, local police and emergency management agencies, local InfraGard chapters, and/or local threat assessment and warning entities, such as regional terrorism early warning (TEW) groups and joint terrorism task forces (JTTFs). Individual users and agency representatives should register with their TUG. Each TUG would designate a group manager and threat officer responsible for managing their local user group and disseminating information within the group. Messages could be TUG-specific or disseminated to the national clearinghouse for broader dissemination. Individual TUG users would be designated a level of access to TIF products based upon their need to know. Page 12
â A national public transportation threat clearinghouse should be located within an appropriate federal agency such as the USDOTâs OIS, the Transportation Security Administration (TSA), the National Response Center (NRC) or the proposed Surface Transportation Information Sharing and Analysis Center (ST-ISAC)6. This node would be responsible for collecting, verifying, analyzing, and disseminating TIF products and messages to public transportation systems (which would be organized into TUGs), appropriate federal entities (such as the FBI and intelligence community), and other infrastructure sectors (perhaps the InfraGard program). Individual TUGs (and their designated users) would register with the national clearinghouse. This could facilitate dissemination of critical security messages to the entire forum, select TUGs, or individual users. â Transportation and related infrastructure owners also need to be notified of significant threats. Key representatives of the broader transportation infrastructure and interdependent infrastructures have a need for information regarding specific crosscutting incidents and threats. It is suggested that the existing InfraGard program can be used to disseminate this information. Appropriate public transportation threat information could be disseminated from the national clearinghouse to these sectors through the network of local InfraGard chapters. Whereas a centralized entity is required for analysis and coordination at the national level, the core component of the TIF should be the local public transportation TUGs. Any enabling technology for threat information assessment should ensure that TUGs have the capability to freely share information among themselves via mechanisms such as email, secure Web, and fax. In most cases, the requirement for rapid information sharing will require that information be shared in raw format, without vetting from a centralized analytical cell. Individual users would be recommended and vetted by the local TUG. As an added security measure, each user would be screened through the InfraGard application and background check process, which is managed by the FBI. These measures would help ensure the integrity of the system and enhance operational security. This system should not be used for the dissemination of classified information. The three suggested classes of information to be disseminated are advisories, alerts, and warnings. Each of these is described below. â Advisories or incident reports should include changes in HSAS threat status, notification of incidents (including breaking news regarding specific public transportation attacks), information on public transportation system status (restricted service, suspended service, etc.), and information regarding observed terrorist tactics, techniques, and procedures (TTPs). Advisories would be 6 On May 2, 2002, U.S. Secretary of Transportation, Norman Y. Mineta, announced creation of the Surface Transportation Information Sharing and Analysis Center (ST-ISAC) that is designed to promote security in the transportation sector. Page 13
