Passenger Rail Security: Issues and Legislation in the 110th Congress

^Pr^ep^ar^{ed f}^o^r^M^e^m^b^ers^an^d^Com^mⁱ^t^t^ees^of^C^ong^r^e^ss

Bombings of passenger trains in Europe and Asia in the last few years have demonstrated the
vulnerability of passenger rail systems to terrorist attack. The number of riders and access points
makes it impractical to subject all rail passengers to the type of screening airline passengers
undergo. Nevertheless, steps can be taken to reduce the risks of terrorist attacks.
The 9/11 Commission called for a systematic analysis of transportation assets, the risks to those
assets, and the costs and benefits of different approaches to defending those assets. The
commission also called for homeland security assistance to be distributed based on these
assessments of risks and vulnerabilities, rather than according to population. A comprehensive
assessment of risk across all passenger rail operations has not been submitted to Congress. Most
federal assistance for passenger rail security has been allocated to systems judged by the
Department of Homeland Security (DHS) to be at highest risk.
The Intelligence Reform and Terrorism Prevention Act of 2004 (P.L. 108-458) did not directly
address passenger rail security, but did direct DHS to create a national strategy for transportation
security. This plan would identify national transportation assets, set risk-based priorities for their
protection, assign responsibilities for their protection, and recommend appropriate levels and
sources of funding for these efforts. DHS delivered a classified report on a “National Strategy for
Transportation Security” to Congress in September 2005; this report was updated in April 2006. A
security plan for the surface transportation sector was due to Congress by the end of 2006; DHS
announced the plan’s release in May 2007. The Government Accountability Office has noted that
this plan is only a first step, as it is only required to describe how the most critical transportation
assets will be identified and how their risk will be assessed, but is not required to address how
risks to transportation assets are actually being assessed or how those assets will be protected.
The Implementing Recommendations of the 9/11 Commission Act of 2007 (H.R. 1/P.L. 110-53)
signed into law on August 3, 2007, included comprehensive surface transportation security
legislation. This act authorized a total of $3.5 billion for transit security and $2.0 billion for rail
security, including grant programs for which commuter rail operators, Amtrak, and state and local
governments will be eligible recipients. Some funds are specifically authorized for Amtrak’s
security and tunnel safety projects. The act also authorizes DHS to regulate the employee security
training programs of transit and rail entities. The FY2008 DHS appropriations act (Division E of
the Consolidated Appropriations Act, 2008/P.L. 110-161) provides $47 million for surface
transportation security activities, including $22 million for rail security inspectors and dogs, and
$400 million for public transportation and railroad security assistance grants. This report will be
updated.

The Relative Risks of Passenger Rail Transportation...............................................................1
Passenger Rail Security Since September 11............................................................................2
Additional Security Options......................................................................................................4
Risk Management......................................................................................................................4
Issues ......................................................................................................................................... 5
A Federal Strategy for Passenger Rail Security..................................................................5
Coordination Between Stakeholders...................................................................................6
Funding ........................................................................................................................ ....... 7
Tr ai ning ....................................................................................................................... ........ 8
The Security/Efficiency Trade-Off.....................................................................................9 ^th
Legislation in the 110 Congress..............................................................................................9
Author Contact Information...........................................................................................................11

ongressional concerns over the protection of passenger rail systems are a priority in the ^th
110 Congress. Congress greatly expanded the federal role in passenger rail security in
Title XIV (the National Transit Systems Security Act of 2007) and Title XV (Surface C

Transportation Security) of the Implementing Recommendations of the 9/11 Commission Act of

2007 (H.R. 1/P.L. 110-53). Multiple bombings of passenger trains in India in 2006 and 2007,

preceded by the bombings of London subway trains on July 7, 2005, the alleged attempt to bomb
London subway trains again on July 21, 2005, and the bombing of Spanish commuter trains in
2004, provide a backdrop to Congress’s efforts to reduce the risk of attacks against passenger rail
operations in the United States. The 9/11 Commission characterized the federal emphasis on
aviation security spending as “fight[ing] the last war,” noting that “opportunities to do harm are ¹
as great, or greater, in maritime or surface transportation.” This report summarizes the challenges
of securing passenger rail systems, options for making decisions about security funding, industry
requests for funding, and passenger-rail related legislative action. It does not address the security
of freight rail operations. However, since some passenger rail operations use the same track and
facilities as freight rail, these topics cannot be completely separated.
Passenger rail systems have vulnerabilities that are difficult to mitigate. But the risk to passengers
on these systems from terrorist attack is quite small, relative to the number of trips these systems
provide daily, and travel on passenger rail systems is safer overall than the primary alternative,
the automobile.
Passenger rail service takes four forms: heavy rail (e.g., subway systems like Washington D.C.’s
Metro), commuter rail (e.g., Maryland’s Maryland Rail Commuter, or MARC, and Virginia’s
Virginia Railway Express, or VRE, trains), light rail (e.g., Dallas’s DART), and intercity
passenger rail (Amtrak). The first three are forms of public transit, which, along with Amtrak,
share certain characteristics that make them vulnerable to attack: (1) they make scheduled stops
along fixed routes; (2) their operations depend on people having quick and easy access to stations
and trains; (3) the number of access points, volume of ridership, and pace of operations make it
impractical to subject all rail passengers to the type of screening that airline passengers undergo;
and (4) the number of operators and scale of operations of all forms of passenger rails systems in
the United States make it difficult to provide uniform levels of security to each and every rail
system.
Congress remains concerned about rail security in part because in recent years there have been a
number of attacks on passenger rail systems in other countries. The 9/11 Commission noted in its
final report, “Surface transportation systems such as railroads and mass transit remain hard to ²
protect because they are so accessible and extensive.” With one possible exception, CRS has
been unable to find a case of a terrorist attack on a passenger rail system in the United States in ³
recent history. This does not mean, however, that these systems are not vulnerable to attack.

¹^The⁹^/¹¹^C^o^m^mⁱ^s^sⁱ^oⁿ^Re^por^t:^Fi^nal^Re^por^t^of^the^N^a^tio^nal^C^o^m^mⁱ^s^sⁱ^on^on^Te^r^r^o^rⁱ^s^t^Att^a^c^k^s^U^pon^t^h^e^Uⁿ^ite^d^St^ate^s^,
^N^e^w^Y^o^r^k^{: W}^.^W^.^N^o^r^t^on,²⁰⁰⁴^,^{p. 3}⁹¹^.
²^T^h^{e 9/}¹¹^C^o^mmi^ssi^on^R^e^p^o^r^t^,²⁰^{04, p. 39}^1.
³^In¹⁹^95,^aⁿ^Am^tra^k^traⁱ^{n wa}^{s de}^ra^ile^{d in A}^r^iz^ona^{, re}^su^ltingⁱⁿ^t^h^e^de^a^t^{h of}^oⁿ^e^Am^tra^k^e^m^ploy^e^e^a^{nd in}^jurie^s^t^o⁷⁸
^p^a^ssen^g^ers.^T^hⁱ^s^act^o^f^sab^o^t^{age h}^a^{s so}^metⁱ^m^e^{s b}^een^ch^aract^eri^zed^{as a t}^e^rro^ri^st^at^t^ack,^b^u^t^t^h^{e respon}^si^b^l^e^p^a^rt^y^h^a^s
ⁿ^e^{ver b}^eenⁱ^d^en^tⁱ^fⁱ^ed^,^so^t^h^{e case re}^m^aⁱⁿ^{s u}ⁿ^s^o^l^ved^.

The recent attacks on passenger rail systems in other countries have resulted in hundreds of
deaths. Yet in the context of millions of people riding passenger rail every day, the risk to a rail
passenger of dying in any country as the result of a terrorist attack continues to be extremely
small. Conversely, during the years 2003-2005, more than 80 passengers died in accidents on rail ⁴
systems in the United States. Given that Americans take more than 3.5 billion trips on passenger
rail systems each year, the risk of dying in a rail accident is also extremely small, but it is not
zero.
The goal of a terrorist attack is not simply to kill people, but, as the name implies, to sow terror,
to disrupt the social order by spreading fear and uncertainty about the future. People have died as
a result of accidents on passenger rail systems, which are more common than acts of terror
against such systems, but a terrorist attack would have greater shock value. One possible
consequence of such an attack could be for people to switch from using rail to other modes of
transportation. Switching to one likely alternative, driving, would actually raise the risk of death, ⁵
due to the higher risk of accident and injury faced by drivers compared to rail passengers.
In short, while rail systems and their passengers may be vulnerable to attack, the risk of attack is
smaller than other risks those passengers face, including the relatively remote risk of death by
accident. Perhaps more vulnerable to attack is the nation’s sense of the social order. In the
aftermath of an attack, people experience fear, especially as they consider the possibility of
further attacks. While government can do things to reduce the risk of an attack on passenger rail
systems, such attacks cannot absolutely be prevented. If an attack on a passenger rail system were
to occur, the psychological impact could be reduced by restoring a sense of normalcy as quickly ⁶
as possible. This could be accomplished by, among other things, resuming passenger rail
operations and apprehending the persons responsible for the attack. As Tim O’Toole, Managing
Director of London’s subway system, testified, “we believe our greatest defence comes from our
rapid response and restoration of service, denying terrorists the chaos and fear they are seeking ⁷
and thereby discouraging their return.”
Immediately after the attacks of September 11, 2001, the Federal Transit Administration (FTA) of
the U.S. Department of Transportation (DOT) conducted vulnerability assessments of the 37
largest transit agencies, and the Federal Railroad Administration (FRA) conducted security
inspections of commuter railroads. Subsequently, additional assessments of the same agencies
and others were performed with assistance from the Transportation Security Administration
(TSA) and the Office of Grants and Training of the Department of Homeland Security (DHS).

⁴^Com^m^ute^r^a^{nd inte}^rc^ity^pa^sse^nge^{r ra}^{il: Fe}^de^ra^{l Ra}^ilroa^{d A}^d^mⁱ^nistra^tion,^Rai^l^r^o^a^d^Safe^t^y^Stat^is^tic^s²⁰⁰⁵^Aⁿⁿ^u^a^l
^Re^por^t^{, T}^a^ble^1-^3;^he^a^v^y^a^{nd lig}^h^t^ra^{il: Fe}^de^ra^{l T}^r^aⁿ^{sit A}^d^mⁱ^nistra^tion,^St^ate^S^a^fe^ty^O^v^e^r^sⁱ^ght^Pr^ogr^am^An^nu^{al Re}^por^t
^f^o^{r 20}⁰⁵^{, A}^ppeⁿ^d^ix^A^:^Ra^{il T}^r^aⁿ^s^{it Fa}^ta^litie^s,²⁰^03-²⁰^05.
⁵^On^{e st}^ud^y^estⁱ^mat^e^d^t^h^at^rou^g^h^l^y¹^,⁶⁰^{0 Am}^eri^can^{s d}ⁱ^edⁱⁿ^t^h^{e y}^ear^af^t^e^{r t}^h^{e at}^t^ack^{s o}^f^S^e^p^t^em^b^e^{r 1}¹^,²⁰⁰¹^,^{as a resu}^l^t
^o^f^s^wⁱ^t^c^hⁱⁿ^g^f^r^o^m^ai^{r t}^r^a^v^el^t^o^ro^a^d^t^r^avel^,^co^m^p^ared^t^o^t^h^{e 25}⁶^p^a^ssen^g^ers^w^h^o^dⁱ^edⁱⁿ^t^h^{e f}^o^u^r^p^l^{anes t}^h^at^w^e^re
^hija^c^k^e^d^on^Se^pte^m^be^r^{11. G}^e^r^d^Gⁱ^g^e^r^e^nz^e^r^{, “}^O^{ut of}^the^Fr^yⁱ^ng^P^a^{n in}^{to t}^h^e^Fir^e^:^B^e^ha^vⁱ^or^a^l^R^e^a^c^tions^t^o^T^e^r^r^o^rⁱ^s^t
^A^tta^c^k^s,”^Risk^Analy^s^is^{, v}^o^l.^26,ⁿ^o^{. 2}^,²⁰⁰⁶^,^pp^{. 3}^47-³⁵^1.
⁶^T^{odd L}^itm^aⁿ^{, “}^T^e^r^r^o^rⁱ^sm^{, T}^r^aⁿ^s^{it a}^nd^Pu^blic^Sa^f^e^t^y^{: Ev}^a^l^ua^ting^th^e^Rⁱ^s^k^s^,^”^J^our^nal^{of P}^u^b^lic^Tr^aⁿ^s^por^t^,^v^.^{8, no}^.⁴
⁽²⁰⁰⁵⁾^.
⁷^T^e^s^tⁱ^m^on^y^of^Tⁱ^m^O^’^T^oole^,^Maⁿ^a^gⁱ^ng^Dⁱ^r^e^c^t^or^of^L^ondon^U^nde^r^g^r^o^u^nd,^T^r^aⁿ^s^por^{t f}^o^r^L^oⁿ^d^oⁿ^,^be^f^o^r^e^the^Uⁿ^ite^d
^Sta^t^e^s^Se^na^te^C^o^m^m^itte^e^{on B}^a^nk^ing^,^H^ousⁱⁿ^g^aⁿ^d^U^r^ba^{n A}^f^f^a^ir^s^,^H^e^a^r^ing^{on T}^r^aⁿ^s^{it Se}^c^u^r^ity^{, J}^a^nu^a^r^y^{18, 2}⁰⁰⁷^.

Transit agencies have used these assessments to help identify and prioritize security actions.⁸
William Millar, president of the American Public Transportation Association (APTA), testified in
January 2007 that the transit industry has spent $2.5 billion since September 11, 2001, on security ⁹
and emergency preparedness measures.
In the Intelligence Reform and Terrorism Prevention Act of 2004 (P.L. 108-458), Congress
directed DHS to prepare a national strategy for transportation security and security plans for each
transportation mode. The national strategy was completed in 2005; the mode-specific security
plans were released in May 2007. Congress has provided a total of $1.09 billion for grants to
passenger rail systems since September 11, 2001, mostly through DHS annual appropriations
acts. These funds can be used for security-related planning, acquisition of equipment, training,
exercises, and administrative expenses.
On May 20, 2004, after the bombings of commuter trains in Madrid, TSA issued security ¹⁰
directives for U.S. passenger rail systems. Although these directives were not made public, they ¹¹
reportedly reflected actions already taken by many U.S. rail systems. These included removing
or hardening trash containers on boarding platforms that could be used to hide bombs, increasing
the presence of security officers, using video surveillance in and around stations, conducting
random inspections of passengers and baggage (sometimes with the help of bomb-sniffing dogs), ¹²
and encouraging riders to look for suspicious activity.
The Government Accountability Office (GAO) has noted that “the issuance of these directives ¹³
was an effort to take swift action in response to a current threat.” However, the GAO goes on to
write that because the rail industry and federal stakeholders were afforded only limited input and
review, the directives “may not provide the industry with baseline security standards based on ¹⁴
industry best practices.” Furthermore, GAO “recommended that TSA collaborate with the
Department of Transportation and the passenger rail industry to develop rail security standards ¹⁵
that reflect industry best practices and that can be measured, monitored, and enforced.” The
FRA and the passenger rail industry have raised concerns about some of these directives, ¹⁶
including at least one that seems to conflict with other federal safety regulations. According to

⁸^GA^O,^Pas^s^e^nge^r^{Rail Se}^c^u^r^ity^:^Enh^anc^e^d^Fe^de^r^a^l^Le^ade^r^s^hⁱ^p^N^e^e^d^e^d^to^Prioritⁱ^ze^an^{d Gu}^ide^Se^c^u^rity^Efforts^,^GAO^-
^05-⁸⁵^{1, Se}^p^t^e^m^be^r²⁰⁰⁵^{, p}^p^.^23-^25.
⁹^T^e^sti^m^on^y^of^W^illia^m^W^.^Milla^r,^P^r^e^s^ideⁿ^t,^Am^e^r^ic^aⁿ^Pub^lic^T^r^aⁿ^sporta^ti^{on A}^ssocⁱ^a^tion,^be^f^o^re^the^Se^na^te
^C^o^m^m^itte^e^{on B}^a^nk^ing^,^H^ousⁱⁿ^g^,^a^{nd U}^r^ba^{n A}^f^f^a^ir^s^,^J^a^nua^r^y^{18, 2}⁰⁰⁷^{, p}^.¹^.
¹⁰^Uⁿ^ite^d^Sta^t^e^s^D^e^pa^r^t^m^e^{nt of}^H^o^m^e^la^{nd Se}^c^u^r^ity^P^r^e^s^s^O^f^fⁱ^c^e^,^“^D^e^p^a^r^tm^eⁿ^{t of}^H^o^m^e^la^{nd Se}^c^u^r^ity^A^nnounc^e^s^N^e^w
^M^easu^r^{es t}^o^E^x^p^a^nd^S^ecu^ri^t^y^f^o^{r Rai}^l^P^a^ssen^g^ers,^{” M}^a^y²⁰^,²⁰⁰⁴^.
¹¹^P^e^te^{r W}^horisk^e^y^,^“^U^{.S. Issue}^s^Anti-T^e^{rror Re}^g^u^la^{tions f}^o^{r Ra}^il^Sy^ste^m^s,”^Wa^shⁱⁿ^g^t^on^P^o^st^,^Ma^y^{21, 20}⁰⁴^{, p}^.^B1^.
¹²^S^{ee “T}^ab^l^e¹^:^E^x^a^m^p^l^{es o}^f^M^eas^u^r^{es Req}^uⁱ^{red b}^y^T^S^A^S^ecu^ri^t^y^Di^rectⁱ^v^{es Issu}^ed^t^o^P^a^ssen^g^{er Rai}^l^Op^erat^o^r^{s an}^d
^A^m^tr^a^k^,”^{in G}^o^v^e^rn^m^e^{nt A}^c^c^ounta^b^ility^O^f^fⁱ^ce^,^Pas^s^e^nge^r^Rail^Se^c^u^r^ity^:^Enh^anc^e^d^Fe^de^r^a^l^Le^ade^r^s^{hip N}^e^e^d^e^d^to
^Prioritize^a^{nd G}^u^ide^Se^c^u^rity^Eff^o^rts^,^G^A^O^-^06-¹⁸^1T^,^O^c^tobe^r^20,²⁰⁰^{5, p. 22}^.
¹³^G^o^v^e^rn^m^e^nt^A^c^c^ounta^b^ility^O^f^fⁱ^c^e^,^Home^land^Se^c^u^rity^{: Pr}^ogre^ss^{Has Be}^eⁿ^M^ade^t^o^A^ddre^{ss the}^V^u^lne^r^a^b^ilitie^s
^Ex^pos^e^d^by^9/¹¹^{, b}^u^{t C}^onti^nue^d^Fe^de^r^a^{l Ac}^ti^{on I}^s^N^e^e^d^e^d^to^Fur^t^he^r^M^itigate^Se^c^u^r^ity^Ris^k^s^{, G}^A^O^-^07-³⁷^{5, J}^aⁿ^u^a^r^y
²⁰⁰^{7, pp}^.⁵²^-⁵^3.
¹⁴^I^b^id^{., p. 53.}
¹⁵^Ibid^.
¹⁶^FR^A^s^a^f^e^t^y^r^e^g^u^la^tions⁽⁴^{9 U}^.^S^.^C^.^§¹¹⁴⁽¹⁾⁾^r^e^quir^e^tha^t^eⁿ^gⁱ^ne^e^r^c^o^m^p^a^r^t^m^eⁿ^{t door}^s^be^uⁿ^loc^k^e^d^t^o^aⁱ^{d e}^m^e^r^g^e^ncy
^escap^es,^b^u^t^on^{e o}^f^t^h^{e T}^S^A^secu^rⁱ^t^y^dⁱ^rectⁱ^v^{es r}^e^q^uⁱ^{res t}^h^at^d^o^o^r^{s eq}^uⁱ^p^p^e^{d w}ⁱ^t^h^l^o^ckiⁿ^{g m}^ech^anⁱ^s^{ms b}^e^kep^t^l^o^cked^.
^G^o^v^e^rn^m^e^{nt A}^c^c^ounta^b^ility^O^f^fⁱ^ce^,^Pas^s^e^nge^r^R^a^il^Se^c^u^r^ity^:^Fe^de^r^a^{l S}^t^r^a^te^gy^an^{d E}ⁿ^h^anc^e^d^C^oor^di^nati^oⁿ^N^e^e^d^e^d^t^o
^Prioritize^a^{nd G}^u^ide^Se^c^u^rity^Eff^o^rts^{, G}^A^O^-^07-⁴⁴^2T^{, Fe}^br^ua^r^y^6,²⁰⁰^7,^p.¹⁶^.

GAO, “in January 2007, TSA stated that it recognizes the need to closely partner with the ¹⁷
passenger rail industry to develop security standards and directives.”
Since September 2005, TSA has hired 100 surface transportation inspectors to monitor and
enforce compliance with TSA rail security directives. In September 2006, FRA’s and TSA’s roles
and responsibilities for compliance inspections were outlined in an annex to the existing
memorandum of understanding between DHS and DOT. Additionally, according to TSA, their
“inspectors have developed relationships with security officials in passenger rail and transit
systems, coordinated access to operations centers, participated in emergency exercises, and ¹⁸
provided assistance in enhancing security.”
In studying the security measures taken by U.S. and some foreign transit agencies, GAO found ¹⁹
that the domestic and foreign agencies were doing many of the same things. But GAO identified
three practices used by a limited number of nations that are not currently in general use in the
United States. These are (1) covert testing of employee response to incidents by placing
suspicious items throughout the system or setting off alarms, (2) random screening of passengers
and baggage, and (3) a national government clearinghouse of security technologies and best ²⁰
practices. GAO noted that attempts to implement these three practices in the U.S. could face ²¹
political, legal, fiscal, and cultural challenges. GAO also identified government centralization of
the process for researching and developing passenger rail security technologies as a potentially
useful practice. GAO found that no U.S. federal agency has collected or distributed information
on research and development of passenger rail security technologies, or other best practices for ²²
passenger rail security.
TSA is using a risk-based methodology to guide its security efforts.²³ GAO²⁴ and the 9/11 ²⁵
Commission recommended the use of a risk-based methodology to guide security actions, and

¹⁷^Ibid^.
¹⁸^Ibid^.
¹⁹^GA^O,^Pas^s^e^nge^r^{Rail Se}^c^u^r^ity^:^Enh^anc^e^d^Fe^de^r^a^l^Le^ade^r^s^hⁱ^p^N^e^e^d^e^d^to^Prioritⁱ^ze^an^{d Gu}^ide^Se^c^u^rity^Efforts^,
^GAO-0⁷^-²²⁵^T^,^Jan^u^a^ry¹⁸^,²⁰⁰⁷^,^p^p^.¹⁸^-25^.
²⁰^Only^{2 of}^the¹³^f^o^re^ig^{n sy}^st^e^m^s^{GAO studie}^d^w^e^re^using^c^o^v^e^{rt te}^sting^,^aⁿ^d^oⁿ^ly^{2 of}^the¹³^w^e^re^r^a^ndom^ly
^screenⁱⁿ^{g p}^a^ssen^g^{ers an}^d^th^{eir b}^a^gga^ge,^{at th}^{e tim}^{e o}^f^{GAO’s stu}^d^y^.
²¹^N^e^w^Y^o^r^k^’^s^polic^e^de^pa^r^t^m^e^nt^w^a^s^s^u^e^d^ov^e^r^its^c^o^nd^uc^ting^of^r^aⁿ^dom^v^o^lunta^r^y^s^e^a^r^c^h^e^s^a^t^s^ubw^ay^s^t^a^tion
^eⁿ^tr^aⁿ^c^e^s^{, but}^{it w}^on^the^c^a^s^e^.^A^l^aⁿ^Fe^ue^r^,^“^A^ppe^a^l^s^C^our^t^U^p^hol^d^s^R^a^ndom^Polic^e^Se^a^r^c^h^e^s^of^P^a^s^s^e^ng^e^r^s^’^B^a^gs^on
^Subw^ay^s^,^”^{New Yo}^{rk Times}^{, A}^ugus^{t 1}²^,²⁰^06,^p.^B⁵^.
²²^G^A^O^-^07-^225T^{, p}^.²⁴^.
²³^Kⁱ^{p H}^a^w^l^ey^,^A^s^sⁱ^s^t^aⁿ^{t Se}^c^r^e^t^a^r^y^,^T^r^aⁿ^s^por^ta^tio^{n Se}^c^u^r^ity^A^d^mⁱ^nis^t^r^a^tion,^D^e^pa^r^t^m^e^{nt of}^H^o^m^e^la^{nd Se}^c^u^r^ity^,
^T^e^s^tⁱ^m^on^y^be^f^o^r^e^the^H^ous^e^C^o^m^m^itte^e^{on H}^o^m^e^la^{nd Se}^c^u^r^ity^{, Subc}^om^m^itte^e^{on T}^r^aⁿ^s^por^ta^tio^{n Se}^c^u^r^ity^a^nd
^Iⁿ^f^r^a^s^tr^uc^tur^e^P^r^ote^c^tio^n,^Fe^br^ua^r^y^{6, 200}^7.
²⁴^Tr^ans^por^t^a^tioⁿ^Se^c^u^r^ity^:^Fe^de^r^a^l^Ac^tion^N^e^e^d^e^d^t^o^He^lp^Ad^dre^{ss Se}^c^u^rity^Challeⁿ^g^e^s^{, G}^A^O^-^03-^843,^J^une²⁰^03,^p.
^51.
²⁵^T^h^{e 9/}¹¹^C^o^mmi^ssi^on^R^e^p^o^r^t^,^p^p^.³⁹^1,³⁹^6.

the Homeland Security Act of 2002 (P.L. 107-296) directed that this approach be used for
protecting key resources and critical infrastructure assets.
Threat-based risk management includes three components: vulnerability, threat, and criticality (or ²⁶
consequence). ‘Vulnerability’ encompasses the ways a system may be open to attack; ‘threat’
considers the likelihood of an attack on a system; and ‘criticality’ refers to the potential
consequences of an attack. The assessment of the level of risk results from the interplay of these
components.
One implication of risk analysis is that there is more than one way to manage risk to a passenger
rail system. Specific strategies can be tailored to specific rail systems by combining one or more
of the following approaches. One approach is to make changes in passenger rail systems to lower
their vulnerability to attack (e.g., hiring more police officers, introducing random screening of
passengers and bags, installing security cameras). Another is to reduce the potential consequences
of an attack (e.g., through coordinated emergency response training exercises with local first
responders). Yet another is to make changes elsewhere that reduce the level of threat to those
systems (e.g., putting more money into intelligence and law enforcement to combat terrorism).
In the Intelligence Reform and Terrorism Prevention Act of 2004 (P.L. 108-458), Congress
directed DHS, working jointly with DOT, to prepare a strategy for transportation security, with
plans for each mode of transportation. This strategic plan is to include “risk-based priorities
across all transportation modes” for protecting transportation assets, “the most appropriate,
practical, and cost-effective means of defending those assets,” and “the agreed upon roles and
missions of Federal, state, regional, and local authorities.” Such plans would provide guidance to
federal agencies and other stakeholders as to the goals, objectives, roles and responsibilities for
passenger-rail related security activities.
This national transportation strategic plan, and the security plans for each transportation mode,
were due to Congress by April 1, 2005. Due to the sensitive nature of some of this information,
the act provided that classified information shall be provided to the appropriate congressional
committees separately. DHS sent a classified report to Congress in September 2005 on a ²⁷
“National Strategy for Transportation Security.” The release of the mode-specific security plans

²⁶^For^m^o^r^e^dis^c^us^sⁱ^oⁿ^of^rⁱ^s^k^m^a^nag^e^m^e^{nt, s}^e^e^C^R^S^R^e^por^{t R}^L³²⁵⁶¹^,^Risk^M^a^na^ge^me^{nt a}ⁿ^d^Critic^al^Infrastruc^t^u^re
^Pr^ote^c^tion:^As^s^e^s^sⁱ^{ng, I}ⁿ^te^gr^atin^{g, a}ⁿ^d^M^aⁿ^agi^ng^Thr^e^a^t^s^,^V^u^lne^r^abili^tie^s^a^{nd C}^ons^e^q^ue^nc^e^s^{, by}^J^{ohn D}^.^Mo^te^f^f^{; a}^nd
^{Carl A}^.^Ro^p^e^r,^Ris^k^M^aⁿ^age^m^e^nt^for^Se^c^u^r^ity^Pr^ofe^s^sⁱ^on^als^{, B}^u^tte^r^w^or^th-^H^eⁱ^ne^m^a^{nn, 1}⁹⁹⁹^{. G}^A^O^r^e^por^te^d^tha^t^D^H^S
^use^d^a^v^a^riaⁿ^{t of}^{this a}^ppr^oa^c^h^{, w}^h^e^r^e^“^C^ritic^a^lity^”^re^f^e^rre^d^{to c}^r^iti^c^a^l^a^sse^{ts tha}^t^eⁿ^a^b^le^the^ope^ra^tor^{to a}^c^h^ie^v^e^it
^mⁱ^s^s^ioⁿ^,^and^“Im^p^act”^m^e^a^s^u^r^{es th}^{e co}ⁿ^s^equ^eⁿ^{ce o}^f^an^{attack o}ⁿ^cr^{itical assets.}^GAO,^Pa^ssen^g^e^{r Ra}ⁱ^l^S^ecu^rity:
^Enh^anc^e^d^Fe^de^r^a^{l Le}^ade^r^s^hⁱ^p^N^e^e^d^e^d^to^Prioritⁱ^ze^an^{d Gu}^ide^Se^c^u^rity^Efforts^{, G}^A^O^-^05-⁸⁵¹^{, Se}^p^t^e^m^be^r^2005,^p^p^s^.
^21-^22.
²⁷^De^{tour A}^h^e^ad:^Critic^al^Vulⁿ^e^r^ab^ilitie^{s in}^Ame^r^ic^{a’s Rail}^a^{nd M}^a^ss^Trans^it^Se^c^u^rity^Pr^ogr^ams^,^p^r^ep^a^r^ed^at^t^h^e
^r^e^que^s^t^of^C^ong^r^e^s^s^m^aⁿ^B^e^nnie^G^.^T^h^o^m^ps^{on, r}^a^nk^ing^Me^m^b^e^r^{, by}^the^D^e^m^o^c^r^a^tic^Staf^f^of^the^C^o^m^m^itte^e^on
^Hom^e^la^{nd Se}^c^u^rity^{, Unite}^{d Sta}^t^e^s^House^of^Re^pre^s^eⁿ^ta^tiv^e^s^{, (no}^da^te^{, a}^ppr^ox^im^a^t^e^l^y^June²⁰^06),^p.^{17. T}^h^eⁱⁿ^itia^l
^v^e^{rsion of}^the^Na^tio^na^{l Stra}^te^g^y^{for T}^r^aⁿ^sporta^ti^on^Se^c^u^rity^wa^{s c}^r^itic^iz^e^d^by^the^orig^ina^l^9/1¹^C^o^m^m^is^{sion m}^e^m^b^e^r^s,
^actⁱⁿ^{g as a p}^rⁱ^v^at^{e o}^r^ganⁱ^zatⁱ^oⁿ^cal^l^e^d^t^h^{e “}⁹^/¹¹^P^u^b^lⁱ^c^Di^sco^u^r^se^P^r^o^j^ect^,^”^{as l}^ackiⁿ^{g “t}^h^eⁿ^ecessar^y^d^e^t^aⁱ^l^t^o^m^a^{ke i}^t
^aⁿ^e^f^f^e^c^tⁱ^v^e^m^a^nag^e^m^e^{nt tool.”}⁹^/¹¹^Pu^blic^Dⁱ^s^c^our^s^e^P^r^oje^c^t^,^Fi^na^{l Re}^por^t^oⁿ^9/¹¹^C^o^m^mⁱ^s^sⁱ^oⁿ^Re^c^o^m^m^e^nda^tio^ns^,
⁽^c^onti^nue^d.^..)

was announced by DHS on May 21, 2007, as part of an announcement of the completion of all ²⁸
seventeen sector-specific infrastructure sector plans discussed below. TSA has testified that the
mode-specific plans identify underwater and underground tunnels in as one of the highest security
priorities.
In 2006, DHS also issued a National Infrastructure Protection Plan (NIPP) to serve as a guide to
using risk management principles for prioritizing protection efforts within infrastructure sectors ²⁹
(e.g., transportation) and across sectors. The NIPP required that sector-specific agencies submit
plans to DHS by December 2006 identifying critical assets, evaluating the risk to them, and
developing measures to protect them. The NIPP called for the sector plans to be developed by
councils of federal, state, and regional and local government agencies involved in that sector,
along with sector councils made up of private sector stakeholders. The government council for
the transportation sector was formed in January 2006, but, alone among the seventeen
infrastructure sectors, the transportation sector did not have a private sector council as of March ³⁰

2007, though reportedly each transportation mode has a sector council. DHS indicates that ³¹

“once the modes are organized,” an overall transportation sector council will be formed. DHS
announced that the transportation sector-specific plan (along with the other sector plans) and
transportation mode-specific annexes were completed on May 21, 2007. GAO notes that “these
plans are only a first step...[they] are not required to address how the sector is actually assessing ³²
risk and protecting its most critical assets.”
TSA is the agency primarily responsible for transportation security. It was originally created
within the DOT, but was transferred to DHS when that department was created. DOT agencies
remain responsible for safety within transportation modes, a responsibility that often overlaps
with security. The passenger rail industry has raised concerns about TSA’s degree of
understanding of their industry, and openness, compared with DOT agencies such as the FRA and
FTA, with whom the industry has long-established ties. For example, as noted above, passenger
rail operators have reported that TSA did not adequately consult with the industry in developing
the directives for passenger rail security, and concerns have been raised about some of the
directives conflicting with other passenger rail industry regulations. GAO noted that TSA has
recently said it recognizes the need to work more closely with the passenger rail industry in ³³
developing security standards and directives. To improve coordination between DHS and DOT
in transportation security, they have signed a Memorandum of Understanding defining their

^(...c^on^tin^ue^d)
^De^c^e^m^b^e^r^{5, 20}^05.^A^v^a^ila^ble^a^t^http://w^ww^.9-11p^dp.^org^/^pr^e^ss/20⁰⁵^-1^2-0^5_re^p^ort.^pdf^(v^ie^we^{d Nov}^e^m^b^e^r^{29, 2}⁰⁰⁶^).
²⁸^Un^rest^ri^ct^ed^{access versi}^oⁿ^s^o^f^t^h^{e t}^r^an^spo^r^t^a^tⁱ^oⁿ^sect^o^r^p^l^an^,^an^d^t^h^{e m}^o^d^e^-sp^eci^fⁱ^{c p}^l^an^s,^{are avai}^l^a^b^l^{e at}
^http:^//w^w^w^.dhs^.g^ov^/x^pr^e^v^pr^ot/^p^r^o^g^r^am^s^/^g^c^_11⁷⁹⁸⁶⁶¹⁹⁷⁶⁰^7.s^h^tm^.
²⁹^G^o^v^e^rn^m^e^nt^A^c^c^ounta^b^ility^O^f^fⁱ^c^e^,^Critic^{al Infr}^astruc^ture^Pr^ote^c^tion:^Progre^{ss Co}^ordi^natⁱⁿ^{g Gov}^e^rnme^{nt a}^nd
^Pr^iv^ate^Se^c^t^or^Ef^for^t^s^V^a^rⁱ^e^s^by^S^e^c^t^or^s^’^C^har^ac^te^rⁱ^s^tic^s^{, G}^A^O^-^07-^{39, O}^c^t^obe^r^16,²⁰⁰⁶^,^p.^2-^3.
³⁰^G^o^v^e^rn^m^e^nt^A^c^c^ounta^b^ility^O^f^fⁱ^c^e^,^Critic^{al Infr}^astruc^ture^{: C}^hal^le^nge^s^Re^maiⁿⁱⁿ^Prote^c^tⁱ^{ng Ke}^y^Se^c^t^ors^,^GA^O-0⁷^-
^626T^{, Ma}^r^c^h²⁰^,²⁰^07,^p.^3.
³¹^Ibid^{, p}^.¹¹^.
³²^traⁿ^spor^ta^tio^{n Ib}^id,^p.^5.
³³^G^o^v^e^rn^m^e^nt^A^c^c^ounta^b^ility^O^f^fⁱ^c^e^,^Pas^s^e^nge^r^Ra^{il Se}^c^u^r^ity^:^Fe^de^r^a^{l Str}^a^te^gy^and^En^ha^nc^e^d^C^oor^dⁱ^nati^oⁿ^N^e^e^d^e^d
^{to Pri}^o^ritize^a^{nd G}^u^ide^Se^c^u^rity^Efforts^,^G^A^O^-^07-^583T^,^Ma^r^c^{h 7, 200}^{7, p. 14}^.

responsibilities and procedures for cooperation. TSA has signed annexes—more specific
agreements focusing on individual transportation modes and other matters—with FTA and FRA.
In the absence of plans that would allow Congress to consider the risks to individual passenger
rail systems and across the passenger rail sector, and the costs of addressing those risks; Congress
provided $690 million from FY2003-FY2007 for security grants to all passenger rail (and some
other) transit agencies and Amtrak; for FY2008, Congress increased the amount provided ³⁴
annually for these grants significantly, to $400 million.
The passenger rail and transit communities have made security improvements, but say they are
constrained by the limits of available funding. They assert that their primary security issue is
finding a way to pay for additional security improvements. As noted earlier, William Millar,
president of APTA, has testified that the transit industry (which includes bus-only systems as well
as rail systems, but does not include Amtrak) has spent over $2.5 billion on security activities ³⁵
since 9/11. In a 2004 survey, APTA members (transit-system operators) were asked, “How much
additional funding do you need in the long-term to complete your capital program to maintain, ³⁶
modernize, and expand your security function?” Based on survey responses, APTA estimates
that there are over $6 billion in unmet long-term security needs: $5.2 billion in security-related
capital investment (for protection of infrastructure and vehicles, enhancing evacuation
capabilities, and improving emergency response) and $800 million annually in ongoing operating ³⁷
and maintenance expenditures. APTA has repeatedly requested significant increases in federal
grants to help pay for those security improvements.
Funding security improvements for passenger rail has been primarily a state and local
responsibility. Advocates of greater federal responsibility for security funding argue that, since
the current concern is chiefly about attacks from terrorists, the federal government should bear
more responsibility for providing security funding, reflecting its role of providing for the national
defense.
Advocates for a more limited federal role in funding passenger rail security improvements argue
that the federal government is exercising its national defense responsibility through funding
national defense efforts and that taxpayers all over the country should not be required to pay for
security improvements for a relatively small number of transit agencies located in large
metropolitan areas. They note that comparisons with the level of federal spending for aviation

³⁴^T^h^e^s^e^f^unds^w^e^re^prov^ide^dⁱⁿ^D^H^{S a}ⁿⁿ^u^a^l^a^ppr^opr^ia^tio^ns^a^c^t^s^,^e^x^c^e^p^{t f}^o^{r $1}^{00 m}^illio^{n t}^h^a^t^w^a^s^prov^ide^d^thr^oug^h^the
^U^.^{S. T}^r^oo^{p R}^e^a^d^ine^s^s^,^Ve^te^r^a^ns^’^C^a^r^e^{, K}^a^tr^ina^R^e^c^o^v^e^r^y^{, a}^{nd I}^r^a^q^A^c^c^ounta^b^il^ity^A^ppr^opr^ia^tio^ns^A^c^{t, 20}⁰⁷⁽^P^.L^{. 1}^10-
²⁸⁾^.^Sⁱⁿ^{ce F}^Y²⁰⁰⁵^,^f^r^ei^gh^t^rai^l^com^p^anⁱ^e^{s h}^a^{ve al}^so^b^een^elⁱ^gⁱ^b^l^e^fo^{r t}^h^{ese gran}^t^s^.^Iⁿ^addⁱ^tⁱ^oⁿ^,^Con^g^ress^m^a^d^e^oⁿ^e^-tⁱ^m^e
^a^ppro^p^ria^tio^{ns of}^$¹⁰⁰^m^illion^to^Am^tr^a^k^a^{nd $3}^{9 m}^illion^{to t}^h^e^W^a^shing^t^on^Me^tro^pol^ita^{n A}^r^e^a^T^r^aⁿ^{sit A}^u^thor^ity^f^o^r
^s^e^c^u^r^ity^ex^pe^ns^e^s^{in the}^FY²⁰⁰²^D^e^pa^r^t^m^e^{nt of}^D^e^f^e^ns^e^A^ppr^oprⁱ^a^tions^A^c^{t (}^P^.L^{. 10}^7-¹¹⁷⁾^.
³⁵^G^r^e^g^Hu^l^l^,^Di^rect^o^r^o^f^Op^eratⁱ^o^ns,^S^a^f^e^t^y^an^d^S^ecu^ri^t^y^P^r^o^g^ram^s^,^Ameri^can^P^u^b^lⁱ^c^T^r^an^sp^o^r^t^a^tⁱ^oⁿ^A^s^so^ci^atⁱ^oⁿ^,
^T^e^s^tⁱ^m^on^y^be^f^o^r^e^the^H^ous^e^C^o^m^m^itte^e^{on A}^ppr^opr^ia^ti^ons^S^ubc^om^m^itte^e^{on H}^o^m^e^la^{nd Se}^c^u^r^ity^{, Febr}^ua^r^y^{13, 2}⁰⁰⁷^.
³⁶^Am^e^r^ic^aⁿ^Public^T^r^aⁿ^sp^orta^tioⁿ^A^s^socⁱ^a^tion,^S^u^r^{vey o}^f^Uⁿⁱ^t^e^{d S}^t^at^{es T}^r^aⁿ^sⁱ^t^S^y^st^{em S}^ecu^ri^t^y^Need^s^aⁿ^d^F^u^ndⁱⁿ^g
^Prioritie^{s: S}^u^mmary^of^Fin^dⁱ^ngs^{, A}^p^r^il²⁰⁰^{4, p. 11}^.
³⁷^Ibid^{. T}^h^{is e}^s^tim^a^t^e^is^f^o^{r the}^eⁿ^tir^e^traⁿ^{sit in}^dustry^,^no^{t just}^pa^sse^ng^e^r^ra^{il ope}^ra^tors.^M^o^{st tra}ⁿ^{sit a}^g^eⁿ^cⁱ^e^s^only
^p^r^o^vⁱ^d^e^b^u^s^servi^ce,^b^u^t^t^h^{e l}^a^rgest^t^r^an^si^t^agen^ci^{es al}^so^o^p^e^rat^e^rai^l^sy^st^e^m^s,^an^d^rai^l^sy^st^e^m^{s rep}^r^es^en^t^t^h^e^b^u^l^k^o^f
^traⁿ^{sit inf}^r^a^s^truc^ture^.

security are not necessarily apt, in part because a significant portion of the federal spending for
aviation security is funded through fees assessed on airline passengers.
Many of the security measures that passenger rail organizations may employ have other benefits
to those systems, often in reducing other types of threat to passengers (for example, from ordinary
criminal activity and accidents) that are considered to be chiefly local responsibilities. In addition
to the grants provided specifically for passenger rail security, the federal government has
provided billions of dollars to state and local governments through the broader Urbanized Areas
Security Initiative for security-related activities, funds which the state and local governments
have the discretion to apply to those activities they judge as having the greatest security value to
their communities.
The National Transit Systems Security Act of 2007 (Title XIV of P.L. 110-53), enacted on August
3, 2007, authorized a total of $2.6 billion for grants for security-related capital expenses and $840
million for grants for security-related operating expenses over a four-year period (FY2008-
FY2011). These are authorizations for funding; the actual amounts to be provided are still to be
determined by Congress each year through appropriations for DHS. Given constrained federal
budgets and the many competing demands for funding, the argument over the appropriate size of
the federal role in funding passenger rail and transit security improvements may continue to be
heard during the annual appropriations process.
Training of employees—including training in what to look for and practice drills in how to
respond to an attack—has been identified as the most important component in a passenger rail ³⁸
system’s security plan. Training courses have been developed and provided by the federal
government. Further development of these training courses is ongoing. Representatives of rail
labor have questioned the effectiveness of this training and the extent to which it has been
provided to employees. They have cited FTA testimony in the fall of 2006 to the effect that fewer ³⁹
than a quarter of the nation’s transit employees had received security training. TSA has testified
that the security skills needed by transit employees can be acquired through “extensive training,
rigorous emergency planning, and regular emergency testing and drills,” and has acknowledged ⁴⁰
that they, and the transit industry, need to provide more training for more employees. Such
training can be costly, especially drills, since operators need to keep their systems running while

³⁸^T^e^s^tⁱ^m^on^y^of^Tⁱ^m^O^’^T^oole^,^Maⁿ^a^gⁱ^ng^Dⁱ^re^c^t^{or of}^T^r^aⁿ^s^{port, City}^of^L^ondon^{, Be}^f^o^re^the^Com^m^{ittee on Ba}^nk^ing^,
^Ho^u^sⁱⁿ^g,^and^Ur^b^aⁿ^A^f^f^aⁱ^r^s,^Unⁱ^t^e^d^S^t^at^{es S}^eⁿ^a^t^e^,^Heariⁿ^{g on}^E^x^amⁱⁿⁱⁿ^{g t}^h^{e S}^t^at^{e o}^f^T^r^an^si^t^S^ecu^ri^t^y^,^Jan^u^a^r^y¹⁸^,
²⁰⁰^{7; K}ⁱ^{p H}^a^w^l^ey^{, D}^e^puty^A^d^mⁱ^nis^t^r^a^tor^,^T^r^aⁿ^s^por^ta^tio^{n Se}^c^u^r^ity^A^d^mⁱ^nis^t^r^a^{tion, a}^l^s^o^de^s^c^rⁱ^be^d^tr^aⁱ^ning^of
^em^ploy^ee^s⁽^a^{nd a}^w^a^r^eⁿ^e^s^s^of^pa^ss^eⁿ^g^e^r^s⁾^a^s^T^S^A^’^s^num^be^r^one^prⁱ^o^r^ity^{in r}^e^s^p^oⁿ^s^e^{to a}^que^s^tio^{n f}^r^o^m^R^e^pr^e^s^eⁿ^ta^tiv^e
^D^e^Fa^zⁱ^{o, H}^ous^e^C^o^m^m^itte^e^{on H}^o^m^e^la^{nd Se}^c^u^r^ity^{, Subc}^om^m^itte^e^{on T}^r^aⁿ^s^por^ta^tio^{n Se}^c^u^r^ity^a^{nd I}ⁿ^f^r^a^s^tr^uc^tur^e
^P^r^ote^c^tio^{n, Fe}^br^ua^r^y^{6, 2}⁰⁰⁷^{. I}ⁿ^A^P^TA^’^s²⁰⁰⁴^tr^aⁿ^s^{it s}^e^c^u^r^ity^s^u^r^v^ey^{, tr}^aⁱ^ning^w^a^s^ideⁿ^tif^ie^{d a}^s^the^s^e^c^{ond m}^o^s^t
^im^por^ta^{nt is}^s^u^e^,^be^hin^d^f^uⁿ^d^ing^c^u^r^r^e^{nt tr}^aⁿ^s^{it a}^g^eⁿ^c^y^/loc^a^l^law^eⁿ^f^o^r^c^em^eⁿ^{t s}^e^c^u^r^ity^pe^r^s^onne^{l. A}^P^TA^.^S^u^r^{vey o}^f
^Uⁿ^ite^d^State^s^Tr^ans^it^Sy^s^t^e^m^Se^c^u^r^ity^N^e^e^d^s^a^{nd F}^uⁿ^dⁱ^ng^Pr^ior^iti^e^s^{, pp.}¹²^-¹^3.
³⁹^T^e^sti^m^on^y^of^Wa^rre^{n S. G}^e^org^e^,^Inte^rna^tio^na^l^P^r^e^sⁱ^d^eⁿ^{t, A}^m^a^l^g^a^m^a^te^{d T}^r^aⁿ^{sit Unio}^{n, Be}^f^o^re^the^Uⁿ^ite^d^Sta^t^e^s
^Se^na^te^C^o^m^m^itte^e^{on B}^a^nk^ing^,^H^ous^ing^,^a^{nd U}^r^ba^{n A}^f^f^a^ir^s^,^“^E^xamⁱ^ning^the^Sta^t^e^of^T^r^aⁿ^s^{it Se}^c^u^rⁱ^ty^,”^Ja^nua^r^y^18,
²⁰⁰⁷^,^p^.⁹^-¹⁰^.^F^T^A^h^a^d^t^e^stⁱ^fⁱ^e^dⁱⁿ^t^h^{e f}^a^l^l^o^f²⁰⁰⁶^t^h^at⁸⁰^,⁰⁰⁰^t^r^ansi^t^w^o^{rkers h}^a^d^recei^v^e^d^t^r^aiⁿⁱⁿ^g^;^t^h^{ere are an}
^e^s^ti^m^a^te^{d 400}^,0^{00 tr}^aⁿ^s^{it e}^m^ploy^e^e^s^.
⁴⁰^T^e^s^tⁱ^m^on^y^of^J^ohn^{P. Sa}^m^m^on,^A^s^sⁱ^s^t^aⁿ^{t A}^d^mⁱ^nis^t^r^a^tor^f^o^r^T^r^aⁿ^s^por^ta^ti^on^Se^c^t^or^N^e^tw^or^k^Ma^na^g^e^m^e^nt,
^T^r^aⁿ^sporta^tion^Se^c^u^rity^A^d^mⁱ^nistra^tion,^Unite^d^Sta^t^e^s^De^pa^r^t^m^e^{nt of}^H^o^m^e^la^{nd Se}^c^u^r^ity^{, be}^f^o^r^e^the^Uⁿ^ite^{d S}^t^a^t^e^s
^H^ous^e^of^R^e^pr^e^s^eⁿ^ta^tiv^e^s^C^o^m^mⁱ^tte^e^{on H}^o^m^e^la^{nd Se}^c^u^r^ity^{, Subc}^om^m^itte^e^{on Ec}^on^om^ic^Se^c^u^rⁱ^t^y^{, I}ⁿ^f^r^a^s^tr^uc^tur^e
^P^r^o^t^ectⁱ^oⁿ^,^and^Cy^b^e^rsecu^ri^t^y^,^He^ariⁿ^{g o}ⁿ^T^r^an^si^t^S^ecu^rⁱ^t^y^T^r^aiⁿⁱ^{ng P}^r^o^ced^u^r^es,^S^e^pt^em^b^e^{r 2}⁸^,²⁰⁰⁶^,^p.^2.

their employees receive training or participate in drills. The National Transit Systems Security
Act of 2007 (Title XIV of P.L. 110-53) authorizes funding for grants to transit and rail operators
to provide security training for their employees; the amount of funding to be provided for those
grants will be determined by Congress each year through appropriations to DHS. The act also
authorizes DHS to regulate the security training programs of transit and rail operators.
One key policy issue for passenger rail is the trade-off between security and efficiency. Few
would argue that passenger rail could ever be made invulnerable to attack. Also, there appears to
be general agreement that there are other federal security priorities beyond passenger rail. Some
observers, noting that the number of potential terrorist targets in the United States—such as
passenger trains and stations, buses, schools, shopping malls, sporting events, etc.—is virtually
limitless, question the value of efforts to make each of these targets more secure. They argue that
many such efforts are not cost-effective, given that if one set of targets—for example, trains—is
made more secure, terrorists might simply shift to softer targets such as buses or shopping malls.
Attacks on these targets could plausibly have a similar impact to an attack on a passenger train or
subway. Moreover, these security efforts impose a variety of costs on the public, in money, time,
inconvenience, and limitations on personal freedoms.
Some observers argue that a more effective strategy is to increase efforts to disrupt the terrorist
groups that are the source of these threats (e.g., funding for intelligence and law enforcement ⁴¹
agencies), and efforts to respond to an attack (e.g., funding for first responders). Also, efforts to
prepare transportation systems to resume operations quickly after an incident—referred to as the
resiliency of the system—is also seen by some observers as more valuable than efforts to further
secure inherently vulnerable systems, especially those systems that are not at the greatest risk or ⁴²
those assets that are not the most critical to a system.

Congress passed comprehensive passenger rail security legislation as part of the Implementing
Recommendations of the 9/11 Commission Act of 2007 (H.R. 1), which was signed into law
August 3, 2007 (P.L. 110-53). Titles XIV (the National Transit Systems Security Act of 2007) and
Title XV (Surface Transportation Security) of this legislation expand the federal role in securing
passenger rail, both by authorizing significant increases in federal grants to passenger rail
operators for security improvements and by authorizing federal regulation of certain security-
related activities of transit and rail operators, such as employee training.
Passenger rail security-related provisions in the legislation include authorization for several new
grant programs: a total of $3.4 billion over the period FY2008-FY2011 for grants for public
transportation security, for which commuter rail agencies will be among the eligible recipients (§

⁴¹^J^e^nnif^e^r^B^a^r^r^e^{tt, “}^A^{n Enor}^m^ous^W^a^s^t^e^o^f^Mone^y^:^Iⁿ^te^r^v^iew^w^{ith Se}^c^u^r^ity^Ex^pe^r^t^B^r^uc^e^Sc^hne^ie^r^,^”^Newsweek^We^b
^Ex^c^l^us^iv^e^,^Ma^r^c^{h 17,}²⁰⁰⁴^h^ttp:^/^/^w^w^w^.^m^s^nbc^.m^sⁿ^.c^o^m^/ⁱ^d/⁴⁵⁴⁹⁶⁶^{1/, v}ⁱ^e^w^e^d^J^u^ly^{8, 20}^04.^Kⁱ^{p H}^a^w^l^ey^{, A}^s^sⁱ^s^t^aⁿ^t
^S^ecret^ar^y^o^f^T^S^A^,^recen^t^l^y^t^e^stⁱ^fⁱ^e^d^t^h^at^“t^h^e^b^e^st^d^e^f^eⁿ^s^{e i}^s^oⁿ^e^t^h^at^p^r^even^t^s^t^h^{e t}^e^rro^ri^st^s^f^r^o^m^e^v^e^r^en^t^e^riⁿ^g^t^h^e
^Unⁱ^t^e^d^S^t^at^es.^”^T^e^stⁱ^m^oⁿ^y^b^e^f^o^re^t^h^{e Un}ⁱ^t^e^{d S}^t^at^{es Hou}^s^{e o}^f^Rep^r^esen^t^a^tⁱ^v^{es Co}^mmi^t^t^{ee o}ⁿ^Ho^m^e^l^aⁿ^d^S^ecu^ri^t^y^,
^Heariⁿ^{g o}ⁿ^Rai^l^and^S^u^rf^{ace T}^r^an^sp^o^r^t^a^tⁱ^oⁿ^S^ecu^ri^t^y^,^M^a^rch⁶^,²⁰⁰⁷^,^p.^2.
⁴²^G^o^v^e^rn^m^e^nt^A^c^c^ounta^b^ility^O^f^fⁱ^c^e^,^Critic^{al Infr}^astruc^ture^{: C}^hal^le^nge^s^Re^maiⁿⁱⁿ^Prote^c^tⁱ^{ng Ke}^y^Se^c^t^ors^,^GA^O-0⁷^-
^626T^{, Ma}^r^c^h²⁰^,²⁰^07,^p.¹⁸^-¹^9.

1406); a total of $1.2 billion over the same period for grants for railroad security, for which
eligible recipients include rail carriers, Amtrak, and state and local governments (§ 1513); a total
of $650 million over the same period for grants to Amtrak for systemwide security upgrades (§
1514); and a total of $200 million over the same period for grants to Amtrak for safety
improvements to rail tunnels in New York, Baltimore, and Washington, DC (§ 1515). These
grants are to be administered by DHS, except that the Amtrak systemwide security grants are to
be awarded by DHS but disbursed by DOT, and the Amtrak tunnel safety grants are to be
administered by DOT.
Of the $3.4 billion authorized for the public transportation grant program, $840 million can be
used for security-related operating expenses (e.g., employee training, canine patrols); the
remaining $2.56 billion is for security-related capital projects (e.g., tunnel and perimeter
protection, communications equipment, surveillance equipment). These transit security grants
will go directly to transit agencies, in contrast to the transit security grant program DHS has been
administering, under which the grants go to a state’s security coordinating agency. No local match
will be required for these grants, though the act directs DHS to study the feasibility of
establishing surface (and maritime) transportation-related user fees as a dedicated revenue source
for funding security improvements (§ 1308).
Other provisions of the legislation include an authorization of $100 million for transit security
research and development (§ 1409); an authorization of $132 million for rail security related
research and development (§ 1518); a requirement that public transportation agencies (§ 1405)
and railroads (§ 1512) considered to be high-risk targets by DHS must have security plans that
have been approved by DHS; authorization for funding for TSA to hire up to 100 more surface
transportation security inspectors (currently TSA has 100 such inspectors) (§ 1304); a
requirement that DHS conduct a name-based security background check and an immigration
status check on all public transportation (§ 1411) and railroad (§ 1520) frontline employees; and
authority for DHS to regulate transit (§ 1408) and rail (§ 1517) employee security training
standards.
Legislation dealing with appropriations for the Department of Homeland Security also has
implications for passenger rail security. The FY2008 DHS appropriations act (Division E of the
Consolidated Appropriations Act, 2008/P.L. 110-161) provided $47 million for surface
transportation security activities (up from $37 million in FY2007), including $22 million for rail
security inspectors and canine teams (up from $13 million in FY2007), and $400 million for ⁴³
public transportation and railroad security assistance grants (up from $275 million in FY2007).

⁴³^Cong^re^s^s^prov^ide^d^$¹⁷⁵^m^illion^f^o^{r this}^g^r^aⁿ^{t pr}^og^ra^m^as^pa^{rt of}^D^H^S^’s^a^nnua^{l a}^ppr^opria^ti^onⁱⁿ^th^e^Re^vⁱ^s^e^d
^C^onti^nui^ng^A^ppr^o^p^rⁱ^a^tio^ns^R^e^s^o^l^u^tio^n,²⁰⁰⁷⁽^P^.L^{. 1}^10-⁵⁾^{, s}ⁱ^gⁿ^e^dⁱⁿ^to^la^w^{on Fe}^br^ua^r^y^{15, 2}⁰⁰⁷^{, a}ⁿ^{d a}ⁿ^o^t^he^r^$1⁰⁰
^m^{illion f}^o^{r the}^pr^og^ra^m^throug^{h t}^h^e^U^.^{S. T}^r^o^{op Re}^a^dⁱⁿ^e^s^s^,^V^e^te^raⁿ^s^{’ Ca}^re^{, K}^a^trina^Re^c^o^v^e^r^y^{, a}^{nd Ira}^{q A}^c^c^ounta^b^ility
^A^ppr^opr^ia^ti^ons^A^c^{t, 20}⁰⁷⁽^P^.L^{. 1}^10-²⁸⁾^,^sⁱ^gⁿ^e^dⁱⁿ^to^la^w^{on Ma}^y^{5, 20}^07.

^Davⁱ^d^Raⁿ^d^{all P}^e^ter^m^an
^An^al^y^s^{t i}ⁿ^T^r^an^sp^o^r^tatioⁿ^P^o^lic^y
^dpet^e^rm^aⁿ^@^c^r^s^.l^oc.g^ov^{, 7-}³²⁶⁷