Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.
77 A P P E N D I X A Access Control Maintaining secure access to physical and cyber assets and associated facilities, limiting it to authorized users, processes, or devices, and to authorized activities and transactions. Active Shooter An individual actively engaged in killing or attempting to kill people in a confined and populated area, typically through the use of firearms. Analytical Risk Methodology (ARM) The ARM methodology is a systematic approach to risk management that consists of the col- lection and evaluation of accurate and detailed information regarding the nature and value of the assets, the degree of a specific type of threat and the extent of the related vulnerabilities, identification and evaluation of risks and costâa benefit analysis of countermeasures to mitigate specific, selected risks. Assault (1) An unlawful attack by one person on another. Assault (2) Overt physical and verbal acts of aggression by a passenger that interfere with the mission of a transit operatorâto complete his or her scheduled run safelyâand that adversely affect the safety of the operator and customers. (Nakanishi and Fleming 2011) Baseline Assessment for Security Enhancement (BASE) TSA BASE program was developed to increase domain awareness, enhance prevention and protection capabilities and further response preparedness of transit systems nationwide. A voluntary BASE review of a transit system evaluates 17 categories of security and emergency preparedness action items that were identified as fundamentals for a sound transit security pro- gram. The review includes topics such as an agencyâs security plan, security training, drills/ exercise programs, public outreach efforts and background check programs. BASE assessments are performed by the Transportation Security InspectorsâSurface Division of the TSA. Body Camera or Body-Worn Camera Small video camerasâtypically attached to an officerâs clothing, helmet, or sunglassesâthat can capture, from an officerâs point of view, video and audio recordings of activities and critical incidents such as officer-involved shootings. CARVER (Criticality, Accessibility, Recuperability, Vulnerability, Effect and Recognizability) CARVER is a system to identify and rank specific targets in risk/vulnerability assessments by calculating the value of a given potential target and the ease with which such a target could be neutralized. A CARVER matrix can indicate âhigh-riskâ targets that require additional security assets allotted to them. Glossary
78 Transit Security Preparedness CCTV (Closed-Circuit Television) A TV system in which signals are not publicly distributed but are monitored, primarily for surveil- lance and security purposes. Consequence Analysis The estimation of the effect of potential hazardous events. (Blanchard 2008) Consequence Assessment An analysis of the immediate, short-, and long-term effects an event or event combination has on an asset. Consequence Management Measures to alleviate the damage, loss, hardship or suffering caused by emergencies. These include measures to restore essential government services, protect public health and safety, and provide emergency relief to afflicted entities. (Frazier et al. 2009) Crime Prevention through Environmental Design (CPTED) A crime prevention philosophy based on the theory that proper design and effective use of the built environment can lead to a reduction in the fear and incidence of crime, as well as an improvement in the quality of life. CPTED strategies include enhancing visibility and sight lines by the use of lighting and landscaping, access control and defining clear boundaries; eliminating hiding places such as dark corners; and strategically designing gathering areas to support positive activity and natural surveillance. Cybersecurity The activity or process, ability or capability, or state whereby information and communications systems and the information contained therein are protected from and/or defended against damage, unauthorized use or modification, or exploitation. Strategy, policy, and standards regard- ing the security of and operations in cyberspace, and encompass[ing] the full range of threat reduc- tion, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assur- ance, law enforcement, diplomacy, military, and intelligence missions as they relate to the secu- rity and stability of the global information and communications infrastructure. (Countermeasures Assessment and Security Experts, LLC, and Western Management and Consulting LLC 2016) Disruption To delay, divert, intercept, halt, apprehend, or secure threats or hazards. Emergency Management The broad class of agencies or people involved in the practice of managing emergencies and other incidents of all kinds. Exercises An activity requiring the performance, integration, and coordination of response activities by several individuals and teams. Exercises (except for tabletop exercises) normally involve mobi- lization of personnel and resources. As noted in HSEEP Volume I, an exercise is carried out to train for, assess, practice, and improve performance. It can also be used to test and validate policies, plans, procedures, training, equipment, and interagency agreements; clarify and train personnel in roles and responsibilities; improve interagency coordination and communica- tions; identify gaps in resources; improve individual performance; and identify opportunities for improvement. (Nakanishi and Auza 2015) Facial Recognition A biometric software application capable of uniquely identifying or verifying a person by com- paring and analyzing patterns based on the personâs facial contours.
Glossary 79 Fare Evasion The unlawful use of transit facilities by riding without paying the applicable fare. (National Transit Database) First Responder Refers to those individuals who, in the early stages of an incident, are responsible for protecting and preserving life, property, evidence, and the environment, including emergency response providers as defined in Section 2 of the Homeland Security Act of 2002 (6 U.S.C. 101), as well as emergency management, public health, clinical care, public works, and other skilled support personnel (such as equipment operators) who provide immediate support services during pre- vention, response, and recovery operations. Fusion Center Centers that integrate various streams of information and intelligence, including that flow- ing from the federal government; state/territorial, tribal, and local governments; and the private sector, providing a more accurate picture of risks to people, economic infrastructure, and communities that can be developed and translated into protective (e.g., preventative or responsive) actions. The ultimate goal of fusion is to prevent man-made (terrorist) attacks and to respond to natural disasters and man-made threats quickly and efficiently should they occur. Hazard Identification The identification of a hazard of concern during a risk assessment. Part of the first of four steps of THIRA (Threat and Hazard Identification and Risk Assessment). (FEMA 2018a) Homeland Security Information Network (HSIN) The Homeland Security Information Network (HSIN) is a user-driven, web-based, information- sharing platform for sensitive but unclassified information. Federal, state, local, territorial, tribal, international, and private sector homeland security partners use HSIN to manage operations, events, exercises, natural disasters, and incidents. HSIN provides secure dissemination and sharing capabilities for homeland security alerts, reports, and products. Incident An occurrence or event, natural or man-made, that requires a response to protect life or property. Incidents, for example, can include major disasters, emergencies, terrorist attacks, terrorist threats, civil unrest, wildland and urban fires, floods, hazardous materials spills, nuclear acci- dents, aircraft accidents, earthquakes, hurricanes, tornadoes, tropical storms, tsunamis, war- related disasters, public health and medical emergencies, and other occurrences requiring an emergency response. Incident Command System (ICS) A standardized on-scene emergency management construct specifically designed to provide for the adoption of an integrated organizational structure that reflects the complexity and demands of single or multiple incidents, without being hindered by jurisdictional boundaries. ICS is the combination of facilities, equipment, personnel, procedures, and communications operating within a common organizational structure, designed to aid in the management of resources during incidents. It is used for all kinds of emergencies and is applicable to small as well as large and complex incidents. ICS is used by various jurisdictions and functional agencies, both public and private, to organize field-level incident management operations. Infrastructure Protection Securing critical infrastructure from all hazards by managing risk and enhancing resilience through collaboration with the critical infrastructure community. [Modified from the Mission of the DHS Office of Infrastructure Protection]
80 Transit Security Preparedness Interdiction Interdiction is the action of prohibiting and the action of intercepting and preventing. Joint Terrorism Task Force (JTTF) Joint Terrorism Task Force (JTTF) is a partnership between various federal, state, and local law enforcement agencies. There are 175 JTTFs in cities around the country. JTTFs collect and share information, investigate terrorism, provide security for special events, conduct training, and respond to threats and incidents. Manspreading Manspreading is the practice whereby a man, especially one traveling on public transportation, adopts a sitting position with his legs wide apart, in such a way as to encroach on an adjacent seat or seats. Maritime Security Risk Analysis Model (MSRAM) A computer-assisted tool to analyze risks, primarily in the maritime sector. Mission Area (National Preparedness Goal) The National Preparedness Goal identified five mission areas in which it groups the 32 core capabilities (the distinct critical elements needed to achieve the goal): Prevention, Protection, Mitigation, Response, and Recovery. Mitigation (National Preparedness Goal) The Mitigation mission area comprises the capabilities necessary to reduce the loss of life and property by lessening the impact of disasters. Mobile Applications (Apps) A mobile app or mobile application is a computer program or software application designed to run on a mobile device such as a phone, tablet or watch. National Incident Management System (NIMS) National standard system for federal, state, tribal, and local governments to work together to prepare for, and respond to, incidents affecting lives and property. NIMS presents and integrates accepted practices proven effective over the years into a comprehensive framework for use by incident management organizations in an all-hazards context. National Preparedness System The National Preparedness System outlines an organized process for everyone in the whole community to move forward with their preparedness activities and achieve the National Pre- paredness Goal. The National Preparedness System has six parts: Identifying and Assessing Risk, Estimating Capability Requirements, Building and Sustaining Capabilities, Planning to Deliver Capabilities, Validating Capabilities, and Review and Updating. Physical Security The part of security concerned with measures/concepts designed to safeguard personnel; to pre- vent unauthorized access to equipment, installations, materiel, and documents; and to safeguard them against espionage, sabotage, damage, and theft. (Frazier et al. 2009) Prepared Subjected to a special process or treatment. Preparedness The quality or state of being prepared. Prevention (National Preparedness Goal) The Prevention mission area comprises the capabilities necessary to avoid, prevent or stop a threatened or actual act of terrorism. It is focused on ensuring we are optimally prepared to prevent an imminent terrorist attack within the United States.
Glossary 81 Protection (National Preparedness Goal) The Protection mission area houses the capabilities necessary to secure the homeland against acts of terrorism and man-made or natural disasters. Protective Security Advisors (PSAs) TSA program that provides security consultations to owners and operators of critical infrastruc- ture elements. Public Awareness Campaign A comprehensive communications and educational effort that includes multiple components (messaging, outreach, media relations, community relations, budget, etc.) to help reach a specific goal. Public Transit Homeland Security Information Network (PT-HSIN) Public transit sub-portal on DHSâs Homeland Security Information Network that was estab- lished as a primary mechanism for sharing security-related information with public transit agencies. Quality of Life Issues Behaviors or actions that disturb or disrupt riders and the public and increase their sense of discomfort and fear even though they may not be physically threatened. Quality of life issues include regulating food, drink, language, clothing, and animals; behavior such as panhandling, loitering, disorderly conduct, and manspreading; and loud music or noise. Resilience The ability to prepare and plan for, absorb, recover from and more successfully adapt to adverse events. Response (National Preparedness Goal) The Response mission area comprises the capabilities necessary to save lives, protect property and the environment, and meet basic human needs after an incident has occurred. Recovery (National Preparedness Goal) The Recovery mission area comprises the core capabilities necessary to assist communities affected by an incident to recover effectively. Risk Potential for an unwanted outcome resulting from an incident, event, or occurrence, as determined by its likelihood and the associated consequences. (U.S. Department of Home- land Security Risk Steering Committee 2010) Risk Assessment (1) A systematic process whereby assets are identified and valuated, credible threats to those assets are enumerated, applicable vulnerabilities are documented, potential impacts or consequences of a loss event are described, and a qualitative or quantitative analysis of resulting risks is pro- duced. Risks are generally reported in order of priority or severity and attached to some descrip- tion of a level of risk. (Frazier et al. 2009) Risk Assessment (2) A comprehensive study of a transit agency to identify components most vulnerable to criminal activity, including acts of terrorism and quasi-terrorism, and to assess the impact of such activity on passengers, employees, and the agency. (Frazier et al. 2009) Risk Management (1) The process of selecting and implementing security countermeasures to achieve an acceptable level of risk. (Frazier et al. 2009)
82 Transit Security Preparedness Risk Management (2) The process of measuring or assessing risk and then developing strategies to manage the risk. Involves a prioritization process through which risks with the greatest adverse consequences and greatest probability of occurring are handled first, and risks with lower probability of occur- rence and lower loss are handled later if at all. Requires balancing risks with a high probability of occurrence but lower loss against risks with high loss but lower probability. (Frazier et al. 2009) Security Awareness The capability of identifying, reporting, and reacting to suspicious activity and security incidents (Frazier et al. 2009). Establishing a security mindset of awareness in all employees can increase an agencyâs security effectiveness. Security awareness is the cornerstone of a security culture. In a security culture, security is an integral part of the daily routine. The importance of security to daily work is understood by all employees, and each one takes responsibility to know the secu- rity risks that exist and the corresponding, appropriate measures to address potential and actual security issues. (Frazier et al. 2014) Security Countermeasures Actions that can be taken to avoid or mitigate security threats, the cornerstones of which are detect, deter, deny, and defend. Security Plan A security plan is a written document that contains information about an organizationâs security policies, procedures and countermeasures. Terrorism Risk Assessment and Management (TRAM) The Terrorism Risk Assessment and Management toolkit is a software-based method for per- forming terrorism-related relative risk analysis primarily in the transportation sector. It helps owner-operators and other SMEs identify their most critical assets, the threats and likelihood of certain classes of attacks against those assets, the vulnerability of those assets to attack, the likelihood that a given attack scenario would succeed, and the ultimate impacts of the total loss of the assets on the agencyâs mission. TRAM also helps to identify options for risk management and assists with cost-benefit analyses. Training Training is the delivery of new information. There are many training delivery methods: field crew meetings, just-in-time training (JITT), interjurisdictional and interagency training and exercises, joint training, asynchronous training, train-the-trainer, planned events and incidents, discussion-based and operations-based exercises, classroom training, online training with live instructors, and computer simulations. (Nakanishi and Auza 2015) Threat Assessment A systematic effort to identify and evaluate existing or potential terrorist threats to a jurisdiction and its target assets. Transit Advisory Committee for Safety (TRACS) The FTA Transit Advisory Committee for Safety (TRACS) provides information, advice, and recommendations on transit safety and other issues as determined by the Secretary of Transpor- tation and the FTA Administrator. TRACS consists of 15 voting members for a 2-year term. The full committee meets at least twice a year. TVC Analysis Assessment of threats, vulnerabilities and consequences for purposes of risk reduction. Unified Command (UC) An application of ICS used when there is more than one agency with incident jurisdiction or when incidents cross political jurisdictions. Agencies work together through the designated members
Glossary 83 of the UC, often the senior person from agencies and/or disciplines participating in the UC, to establish a common set of objectives and strategies and a single Incident Action Plan (IAP). Vehicle Ramming A form of attack in which a perpetrator deliberately rams a vehicle into a building, a crowd of people, or another vehicle. Vulnerability Assessment (1) The identification of weaknesses in physical structures, personnel protection systems, processes, or other areas that may be exploited by terrorists. (DHS) Vulnerability Assessment (2) Systematic examination of a critical infrastructure, the interconnected systems on which it relies, its information, or product to determine the adequacy of security measures, identify security deficiencies, evaluate security alternatives, and verify the adequacy of such measures after imple- mentation. A systematic evaluation process in which qualitative and/or quantitative techniques are applied to arrive at an effectiveness level for a safeguards and security system to protect specific targets from specific adversaries and their acts. In general, determining the vulnerability of a critical asset is the least difficult area of risk assessment. Both quantifiable and qualitative analysis can be performed to measure the current vulnerability status of the asset, as well as the effect of ongoing risk management improvements. Similarly, the return on investment of future actions can be forecast with some level of certainty. Vulnerability assessment considers the likeliness of a given scenario occurring by chance or intention. [Vulnerability assessment] also postulates susceptibility and resultant damage. (Frazier et al. 2009)
