National Academies Press: OpenBook
« Previous: Chapter 2 Literature Review
Page 12
Suggested Citation:"Chapter 3 Agency Practices." National Academies of Sciences, Engineering, and Medicine. 2020. Developing a Physical and Cyber Security Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25869.
×
Page 12
Page 13
Suggested Citation:"Chapter 3 Agency Practices." National Academies of Sciences, Engineering, and Medicine. 2020. Developing a Physical and Cyber Security Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25869.
×
Page 13
Page 14
Suggested Citation:"Chapter 3 Agency Practices." National Academies of Sciences, Engineering, and Medicine. 2020. Developing a Physical and Cyber Security Primer for Transportation Agencies. Washington, DC: The National Academies Press. doi: 10.17226/25869.
×
Page 14

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

11 Chapter 3 Agency Practices Recent guidance at the national level has redirected the focus and long-term direction of the security-related mission within transportation agencies. Since the publication of the Security 101 primer in 2009, four significant national-level directives and executive orders have been issued, each one adding to the nation’s complementary goals pertaining to transportation security, infrastructure protection, system resiliency and emergency management.  PRESIDENTIAL POLICY DIRECTIVE 8: NATIONAL PREPAREDNESS (2011) strengthens security and resilience through five preparedness mission areas - Prevention, Protection, Mitigation, Response, and Recovery.  PRESIDENTIAL POLICY DIRECTIVE-21: CRITICAL INFRASTRUCTURE SECURITY AND RESILIENCE (2013) focuses on the need for secure critical infrastructure that is able to withstand and rapidly recover (resilient) from all hazards.  2013 NATIONAL INFRASTRUCTURE PROTECTION PLAN: PARTNERING FOR CRITICAL INFRASTRUCTURE SECURITY AND RESILIENCE emphasizes the importance of resilience, the need to reduce all-hazards vulnerabilities and mitigate potential consequences of incidents or events that do occur.  EXECUTIVE ORDER 13636: IMPROVING CRITICAL INFRASTRUCTURE CYBERSECURITY (2013) provides a technology-neutral cybersecurity framework and means to promote the adoption of cybersecurity practices. Transportation agencies are in the process of understanding and incorporating the details of these policy directives, and are wrestling with their impacts on ongoing security and emergency management functions. For example, in most states today, responsibility for infrastructure security may reside in emergency management or homeland security organizations. Because of this, the perception within some state departments of transportations (DOTs) may be that security is not a DOT core business function. (Because transit agencies have specific federal security requirements, this is not as great an issue in transit.) However, as NCHRP REPORT 793: INCORPORATING TRANSPORTATION SECURITY AWARENESS INTO ROUTINE STATE DOT OPERATIONS AND TRAINING noted: “Though state DOTs might not be directly responsible for patrolling state-owned infrastructure, DOTs do have the responsibility for controlling access to critical components, establishing coordination with law enforcement to ensure quick response to incidents, conducting infrastructure risk and vulnerability assessments, and taking action to mitigate the effects of those risks and vulnerabilities. As a result state DOTs do play a significant role in infrastructure security.” The goal of Task 3 of this project was to review the current practices of transportation agencies in meeting their security and infrastructure protection responsibilities and describe the range of transportation agency implementation practices through illustrative case studies. The research team recognizes the challenges to state DOTs and other transportation agencies in incorporating revised security approaches and practices that are current, implementable and coordinated with the other local, tribal, state, regional and federal agencies that may be involved. The research effort

12 focused on identifying and synthesizing the changes in policy, process and resources for security, cyber security and infrastructure protection in transportation agencies since the publication of the 2009 Guide. As a part of prior and ongoing research or contractual engagements the research team has had the opportunity to align closely with a significant number surface transportation agencies in the gathering of information and documenting of security-related practices and procedures covering both physical and cyber security. The research team incorporated this material into the agency practices where the information was not agency specific or protected. The team also utilized existing transportation industry relationships to obtain current and updated information about the scope and range of agency security activities and practices. Through targeted outreach, informal survey, and focused interviews the research team sought out relevant data about the plans, actions, and responses of representative small, medium and large sized transportation systems. Appendix B contains a summary of the review of practices in transportation agencies, highlighting any significant changes since the initial guide was published. Key findings are summarized below. Practice Highlights  State DOTs have broadened the use of the term “transportation security” to encompass their capability to prevent, prepare for, respond to and recover from a wide range of natural or human disasters that pose threats to the operation of the nation’s transportation network. Natural and man-made events are becoming more common, with the severity of the events on the rise due to aging infrastructure and changes in climate over time.  There has been, and continues to be, significant deployment of new technologies to support DOT activities. Rapidly developing technologies are providing digitized data acquisition, storage and transmission along with structural diagnostics, (i.e., monitoring of structures by sensors measuring temperature, displacement, acceleration, and other significant performance indicators during regular service). A number of remote, in-situ, or portable monitoring/damage detection techniques have become available such as sensors, sonar, ground-breaking radar, satellite imagery and unmanned aerial vehicles.  States are currently using different methods and models to evaluate risk. In the case of earthquakes, information is relatively well developed in the seismically vulnerable states. The same expertise and capabilities can serve not only in earthquakes but after other extreme events such as storm surge, wave action, and scour. Databases exist for vehicular impact, floods, fires and other hazards.  Some DOTs employ enterprise risk management to “evaluate risk to objectives and prioritize corresponding programmatic and operational responses that protect and enhance the state’s critical transportation assets, public trust and confidence, and ultimately quality of life.” (Source: Minnesota Enterprise Risk Management). For example, in Minnesota every MnDOT employee is responsible for identifying, assessing and controlling risks within the scope of assigned responsibility.  Over time, there has been an evolution in the preferred methods of training delivery for DOT employees. There is a still strong preference for print/electronic materials with significant growth in demand for conferences/peer exchanges and web-based seminars.

13  As part of NCHRP Project 20-59 (43), “Incorporating Transportation Security Awareness into Routine State DOT Operations and Training,” a scanning survey was done to identify existing transportation safety and security training. Survey results were obtained from 31 respondents representing 20 different states. Almost 60% of the survey respondents indicated that their organization required or encouraged training in transportation security. The current transportation security training involved “If You See Something, Say Something” program related security awareness training, NIMS/ICS emergency response training, TIMS training, and HazMat Training, where appropriate.  TCRP REPORT 180: POLICING AND SECURITY PRACTICES FOR SMALL- AND MEDIUM-SIZED PUBLIC TRANSIT SYSTEMS (2015) included a survey of the current state of practice in small- and medium-sized transit systems and identified potential security countermeasures that could be deployed by both of these sizes of transit agencies.  As part of TCRP Project F-21, “Tools and Strategies for Eliminating Assaults Against Transit Operators,” (2017) a scan of the security measures, programs and countermeasures in place at largest transit agencies was conducted along with a review of countermeasures—ranging from policing, personnel, and training to technology, information management, policy, and legislation—effective as a means to prevent, deter, detect, mitigate, respond to or recover from an attempt or actual assault upon a transit operator.  FHWA partnered with state departments of transportation (DOTs) and metropolitan planning Organizations (MPOs) to conduct climate change and extreme weather vulnerability assessments of transportation infrastructure and to analyze options for adapting and improving resiliency. Based on the feedback and lessons learned through the pilots, FHWA revised and expanded the model, and developed the Climate Change & Extreme Weather Vulnerability Assessment Framework (December 2012). In 2013-2105 nineteen pilot teams partnered with FHWA to assess transportation vulnerability and evaluate options for improving resilience using the Climate Change & Extreme Weather Vulnerability Assessment Framework (December 2012) and other resources for their analyses.

Next: Chapter 4 Updated Guide »
Developing a Physical and Cyber Security Primer for Transportation Agencies Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

Small events pose threats of great consequences since the impact of any incident is magnified when a transportation network is operating at or past its capacity—as is the case in portions of many states as travel demand on their transportation networks grows.

The TRB National Cooperative Highway Research Program's NCHRP Web-Only Document 266: Developing a Physical and Cyber Security Primer for Transportation Agencies is a supplemental document to NCHRP Research Report 930: Update of Security 101: A Physical Security and Cybersecurity Primer for Transportation Agencies.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!