[Senate Hearing 111-961]
[From the U.S. Government Publishing Office]



                                                        S. Hrg. 111-961
 
  SECURING THE NATION'S RAIL AND OTHER SURFACE TRANSPORTATION NETWORKS

=======================================================================

                                HEARING

                               before the

                         COMMITTEE ON COMMERCE,
                      SCIENCE, AND TRANSPORTATION
                          UNITED STATES SENATE

                     ONE HUNDRED ELEVENTH CONGRESS

                             SECOND SESSION

                               __________

                             APRIL 21, 2010

                               __________

    Printed for the use of the Committee on Commerce, Science, and 
                             Transportation




                  U.S. GOVERNMENT PRINTING OFFICE
66-169                    WASHINGTON : 2011
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, U.S. Government Printing Office. Phone 202ï¿½09512ï¿½091800, or 866ï¿½09512ï¿½091800 (toll-free). E-mail, [email protected].  

       SENATE COMMITTEE ON COMMERCE, SCIENCE, AND TRANSPORTATION

                     ONE HUNDRED ELEVENTH CONGRESS

                             SECOND SESSION

            JOHN D. ROCKEFELLER IV, West Virginia, Chairman
DANIEL K. INOUYE, Hawaii             KAY BAILEY HUTCHISON, Texas, 
JOHN F. KERRY, Massachusetts             Ranking
BYRON L. DORGAN, North Dakota        OLYMPIA J. SNOWE, Maine
BARBARA BOXER, California            JOHN ENSIGN, Nevada
BILL NELSON, Florida                 JIM DeMINT, South Carolina
MARIA CANTWELL, Washington           JOHN THUNE, South Dakota
FRANK R. LAUTENBERG, New Jersey      ROGER F. WICKER, Mississippi
MARK PRYOR, Arkansas                 GEORGE S. LeMIEUX, Florida
CLAIRE McCASKILL, Missouri           JOHNNY ISAKSON, Georgia
AMY KLOBUCHAR, Minnesota             DAVID VITTER, Louisiana
TOM UDALL, New Mexico                SAM BROWNBACK, Kansas
MARK WARNER, Virginia                MIKE JOHANNS, Nebraska
MARK BEGICH, Alaska
                    Ellen L. Doneski, Staff Director
                   James Reid, Deputy Staff Director
                   Bruce H. Andrews, General Counsel
                 Ann Begeman, Republican Staff Director
             Brian M. Hendricks, Republican General Counsel
                  Nick Rossi, Republican Chief Counsel


                            C O N T E N T S

                              ----------                              
                                                                   Page
Hearing held on April 21, 2010...................................     1
Statement of Senator Lautenberg..................................     1
Statement of Senator Hutchison...................................     2
    Prepared statement...........................................     3
Statement of Senator Thune.......................................    29
    Prepared statement...........................................    30
Statement of Senator Warner......................................    30
Statement of Senator Udall.......................................    33

                               Witnesses

Hon. David Heyman, Assistant Secretary for Policy, U.S. 
  Department of Homeland Security................................     5
    Prepared statement...........................................     6
Stephen M. Lord, Director, Homeland Security and Justice Issues, 
  U.S. Government Accountability Office..........................    10
    Prepared statement...........................................    11
Carlton I. Mann, Assistant Inspector General, U.S. Department of 
  Homeland Security..............................................    20
    Prepared statement...........................................    22
John O'Connor, Vice President and Chief of Police, Amtrak Police 
  Department, National Railroad Passenger Corporation............    36
    Prepared statement...........................................    38
Howard R. ``Skip'' Elliott, Vice President--Public Safety and 
  Environment, CSX Transportation, Inc...........................    44
    Prepared statement...........................................    47
Joseph Kelly, Acting Chief of Police, NJ TRANSIT.................    53
    Prepared statement...........................................    54

                                Appendix

Response to written questions submitted to Hon. David Heyman by:
    Hon. John D. Rockefeller IV..................................    61
    Hon. Frank R. Lautenberg.....................................    63
    Hon. Maria Cantwell..........................................    64
    Hon. Amy Klobuchar...........................................    66
Letter, dated June 3, 2010 to Hon. John D. Rockefeller IV and 
  Hon. Frank R. Lautenberg from Stephen M. Lord, Director, 
  Homeland Security and Justice Issues, U.S. Government 
  Accountability Office..........................................    67
Response to written questions submitted to Carlton I. Mann by:
    Hon. John D. Rockefeller IV..................................    70
    Hon. Frank R. Lautenberg.....................................    71
    Hon. Amy Klobuchar...........................................    71
Howard R. ``Skip'' Elliott, Vice President--Public Safety and 
  Environment, CSX Transportation, Inc., supplemental prepared 
  statement......................................................    71


  SECURING THE NATION'S RAIL AND OTHER SURFACE TRANSPORTATION NETWORKS

                              ----------                              


                       WEDNESDAY, APRIL 21, 2010

                                       U.S. Senate,
        Committee on Commerce, Science, and Transportation,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 2:34 p.m. in room 
SR-253, Russell Senate Office Building, Hon. Frank R. 
Lautenberg, presiding.

        OPENING STATEMENT OF HON. FRANK R. LAUTENBERG, 
                  U.S. SENATOR FROM NEW JERSEY

    Senator Lautenberg. We'll call the meeting to order, now 
that I've broken the equipment, here.
    I want to thank each of you, all of you, for being here 
today and showing your interest in transportation security.
    Last month, during the morning rush hour, two huge 
explosions erupted in Moscow's subway system, killing 40 
people. They were killed on platforms, onboard trains. In 
recent years, we've seen similar bombing attacks in other train 
systems, including incidents in London, Madrid, Mumbai. We show 
here, on a chart, what has happened with terror attacks on mass 
transit and passenger rail service. Going back to 2004, in 
Spain, 191 people killed; in London, 2005, 52 people killed; 
Mumbai, 2006, 209 people killed; and the last one, in Moscow, 
in November of 2009, 27 people were killed then; and again a 
repeated attack in Moscow last month.
    And make no mistake, although these attacks were far from 
our shores, our rail systems here are also targets. In 
February, an al Qaeda operative pled guilty to planning a 
stunning terrorist attack in which bombs would be strapped to 
suicide bombers and detonated in New York City's subway system. 
Attorney General, Eric Holder, called this plot one of the most 
serious threats to the United States since 9/11.
    The evidence is clear, we've got to do everything possible 
to keep our Nation's transportation system safe; and, 
unfortunately, it's not clear that we're meeting the obligation 
to keep our passenger rail system, our freight networks, and 
other surface transportation networks protected. And that's why 
we're here today.
    For years, I've been sounding the alarm that our attention 
has been too one-sided, that we can't focus on aviation 
security alone, that we need also to concentrate on 
safeguarding our surface transportation network. The 9/11 
Commission echoed this concern when it characterized the 
Federal emphasis on aviation security, and here I quote, ``as 
fighting the last war,'' and noted that, ``opportunities to do 
harm are as great or greater in maritime and in surface 
transportation.'' That's why we've worked so diligently to 
provide the Department of Homeland Security and TSA what they 
needed to secure our Nation against attacks and fulfill their 
responsibilities under the 9/11 Commission Act.
    Still, DHS and the TSA have been far too slow to meet these 
responsibilities, especially when it comes to addressing rail 
security. In fact, the 9/11 Act required TSA to complete, by 
2008, a comprehensive risk assessment and a national security 
strategy for the rail sector. They still have not completed 
either one of these. It's no wonder, then, that the White House 
released a report earlier this month in which the National 
Security Council called TSA to task for its failure to lead in 
protecting our surface transportation systems.
    Imagine what it might mean if a terrorist managed to carry 
out an attack on any one of these systems. We've got 140,000 
miles of freight rail track, ushering coal, chemicals, and 
other materials. Liquid and national gas that fuel our Nation 
flow through more than one-and-a-half million miles of 
pipeline. More than 70,000 people board Amtrak trains every 
day. And 35 million Americans rely on public transportation 
every day. The bottom line is that we cannot afford to be 
anything less than vigilant, and that's why we're going to keep 
working to do what it takes to make sure our families, the 
traveling public, and all Americans are safe.
    I look forward to hearing from today's witnesses about what 
we need to do to ensure we deter any potential terrorist 
attack.
    I'm pleased to have Senator Hutchison here with me today, 
and would ask her now if she would like to make her opening 
statement.

            STATEMENT OF HON. KAY BAILEY HUTCHISON, 
                    U.S. SENATOR FROM TEXAS

    Senator Hutchison. Well, I want to thank you, Senator 
Lautenberg, for chairing today's hearing.
    And thank all of you for being here.
    I will not be able to stay for the whole hearing, but I 
certainly will look at the information produced here. And, 
Senator Lautenberg, you have been an ongoing and committed 
champion of surface transportation, and certainly that includes 
security, so I think this is a timely hearing.
    It has been 8 and a half years since 9/11, and since that 
time there have been over 700 attacks on rail and bus systems 
around the world, killing more than 2500 and injuring 10,000. 
Fortunately, there have not been any successful attacks in 
America, but, as the Chairman mentioned, there was a plot that 
was overturned that would have done terrible damage to the New 
York subway system.
    I think that it is time for an open and frank discussion 
about how we can all take action to close the gaps in 
addressing surface transportation security. I do believe our 
transit, rail, and pipeline systems are safer today, due to the 
actions of TSA, DOT's modal agencies, Amtrak, the commuter 
authorities, and private-sector rail, truck, bus, and pipeline 
companies.
    But, despite that fact, the Act, which created TSA, states 
unequivocally that TSA shall be responsible for security in all 
modes of transportation. All indications are that TSA really 
has more of a supporting role with respect to transit and 
passenger rail security. TSA mostly encourages security 
improvements by the freight, rail, motor, and bus carrier, and 
pipeline sectors, since they are owned and operated in the 
private sector.
    Recent reports by the GAO are cause for concern. GAO has 
concluded that TSA has still not completed an overall risk 
assessment of mass transit, the passenger rail system, or the 
commercial vehicle sector. Its preliminary conclusions, in an 
ongoing assessment of pipeline security, suggest that TSA is 
not following up with pipeline operators to make sure that they 
are making the security improvements included in their security 
plans.
    I'm especially troubled that TSA has so strongly resisted 
the recommendation of the DHS IG to have TSA inspectors focused 
on surface transportation security report to an official with 
surface responsibilities, rather than to supervisors in the 
aviation arena. I'm concerned that over two-thirds of the 
recently hired surface transportation inspectors had no surface 
transportation experience.
    The White House apparently is not satisfied either in this 
area, since it conducted its own independent assessment of 
surface transportation security. And that was released on April 
2, conducted by reaching out to government and private-sector 
stakeholders, and found that there is a significant overlap in 
Federal programs and agencies, and a need for more coordination 
between government agencies with the private sector.
    It is critical that TSA, the expert agency on security, 
step up to the plate and exercise more leadership, while 
continuing to operate in a collaborative way with surface 
transportation interests. The first step is the appointment of 
a TSA administrator, a position that has been vacant for more 
than a year. I hope the Administration will be sending up a 
nominee soon who can be confirmed.
    The Committee intends to mark up legislation to reauthorize 
TSA later this year, and we need TSA's recommendations. We want 
to make informed decisions about transportation security, with 
input from all the stakeholders.
    Now, we know this is a huge area. And we know that there 
are budget constraints on something that is so vast, but we've 
got to use our resources wisely, and I think there is evidence 
that we are not doing as well as we could, even with the 
resources that we have.
    So, Mr. Chairman, thank you for having this hearing, and I 
will stay as long as I can, and then I know Senator Thune is on 
his way.
    [The prepared statement of Senator Hutchison follows:]

  Prepared Statement of Hon. Kay Bailey Hutchison, U.S. Senator from 
                                 Texas

    Thank you for chairing today's hearing, Senator Lautenberg, and 
thank you to all of the witnesses for being here today. I think this 
hearing is so important. The security of the Nation's surface 
transportation systems, although long overshadowed by aviation 
security, is one of the Transportation Security Administration (TSA)'s 
central missions and must be one of this committee's highest 
priorities.
    It has been eight and one-half years since the terrorist attacks of 
September 11 and, during that time, there have been over 700 attacks on 
rail and bus systems around the world, killing more than 2,500 and 
injuring 10,000. Fortunately, there has not been a successful attack in 
the United States. But the recent ``Zazi'' plot to detonate explosives 
on the New York City subway system demonstrates the seriousness of the 
threats to our surface transportation systems.
    I have long expressed concern that enough effort and resources are 
not being committed to secure our transit, passenger and freight rail, 
highway, motorcoach, and pipeline networks. Currently, the budget for 
surface transportation security is just $110 million, a little over 2 
percent of TSA's total budget, a level of funding far from commensurate 
with the level of risk. And while another $360 million has been 
appropriated to the Federal Emergency Management Agency (FEMA) for 
security grants, we clearly are not doing enough in this area. I hope 
today we can have a frank discussion about what has, and has not, been 
accomplished since 9-11, and how this committee, together with the 
Administration, can take action to close gaps in addressing and funding 
surface transportation security.
    I do believe our transit, rail, and pipeline systems are safer 
today due to the actions of TSA, DOT's modal agencies, Amtrak, the 
commuter authorities, and private sector rail, truck, bus, and pipeline 
companies. But despite the fact that the Aviation and Transportation 
Security Act, which created TSA, states unequivocally that TSA ``shall 
be responsible for security in all modes of transportation,'' all 
indications are that TSA sees itself as only having a supporting role 
with respect to transit and passenger rail security. TSA also seems 
reluctant, except at the specific direction of Congress, to do more 
than simply encourage security improvements by the freight rail, motor 
and bus carrier, and pipeline sectors, since they are owned and 
operated by the private sector.
    Recent reports by the U.S. Government Accountability Office (GAO), 
and the DHS Inspector General are cause for concern. GAO has concluded 
that TSA has still not completed an overall risk assessment of mass 
transit, the passenger rail system, or the commercial vehicle sector. 
Its preliminary conclusions in an ongoing assessment of pipeline 
security suggest that TSA is not following up with pipeline operators 
to make sure they are making the security improvements included in 
their security plans.
    I am especially troubled that TSA has so strongly resisted the 
recommendation of the DHS IG to have TSA inspectors focused on surface 
transportation security report to an official with surface 
responsibilities, rather than to supervisors in the aviation arena. And 
I am concerned that over two-thirds of the recently hired surface 
transportation inspectors had no surface transportation experience.
    The White House apparently is not satisfied with TSA's performance 
either, since it conducted its own independent assessment of surface 
transportation security. That assessment was conducted by reaching out 
to government and private sector stakeholders, and it found that there 
is significant overlap in Federal programs and agencies. Clearly, there 
is a strong need for more coordination between government agencies and 
with the private sector.
    It is critical that TSA, as the expert agency on all security 
matters, step up to the plate and exercise more leadership, while 
continuing to operate in a collaborative way with surface 
transportation interests. The first step, as we all realize, is the 
appointment of a TSA Administrator, a position that has been vacant for 
more than a year. I think I speak for the entire Committee when I say 
that I hope the Administration will be sending up a new nominee--and 
one who we can confirm--as soon as possible.
    The Committee intends to mark up legislation to reauthorize TSA 
later this year, and we need TSA to come forward with its 
recommendations. We want to make informed decisions about surface 
transportation security, with input from all of the stakeholders, and a 
good understanding of the resources needed to address the risks 
terrorism poses to our surface transportation network.
    Thank you, Mr. Chairman. I look forward to the testimony of our 
witnesses, and discussing these important issues with them.

    Senator Lautenberg. Thank you for being with us, Senator 
Hutchison. Everybody's got lots of things to do. And----
    Senator Hutchison. Yes.
    Senator Lautenberg. But, you show your respect for the 
importance of this hearing and the job that we have to do here, 
so thank you.
    I want to welcome our first panel of witnesses: Mr. David 
Heyman, the Assistant Secretary for Policy at the Department of 
Homeland Security; Mr. Stephen Lord, Director of Homeland 
Security and Justice Issues at the U.S. Government 
Accountability Office; and Mr. Carlton Mann, Assistant 
Inspector General for Inspections at the Department of Homeland 
Security Office of the Inspector General.
    Thank you all for being here.
    Mr. Heyman, if you would, you have 5 minutes to give your 
statement. And if you need more time, I would ask that you 
submit your full statement for the record, but meanwhile--
please.

STATEMENT OF HON. DAVID HEYMAN, ASSISTANT SECRETARY FOR POLICY, 
              U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Heyman. Thank you. Thank you, Senator Lautenberg, 
Senator Hutchison.
    I'm pleased to appear before you today to discuss 
safeguarding our Nation's surface transportation systems and 
the Department of Homeland Security's collective efforts with 
Federal, state, and local partners to improve the security of 
these systems.
    Safeguarding our Nation's mass transit and passenger rail 
networks is of critical importance. The Nation's surface 
transportation infrastructure is a vast, open system of 
interconnected networks of commuter rail trains, subways, and 
buses that move millions of our citizens every day, and are 
vital to our economy and our way of life.
    The scope of these networks is impressive. Consider, for 
example, the New York City subway network has 468 stations, 
with over 31,000 turnstiles allowing direct access to the 
subway, and average weekday ridership of over 5 million 
passengers. Similarly, Amtrak's operations are nationwide, with 
stations in close proximity to, or collocated with, mass 
transit stations. The huge benefits of these networks to our 
Nation include the inherent vastness and openness of the 
systems, but that, unfortunately, makes them targets for 
terrorists. As we have sadly learned from attacks in London, 
Mumbai, Madrid, and Moscow, as well as the New York City subway 
plot, mentioned by you, Senator Lautenberg.
    For the past decade, the Nation's transportation network 
has been at an elevated risk of attack. The failed and foiled 
terrorist plots in the past year against mass transit and 
aviation are powerful reminders that terrorists will go to 
great lengths to defeat the security measures that have been 
put in place since September 11.
    The Administration is determined to thwart terrorist plots 
and disrupt, dismantle, and defeat terrorist networks by 
employing and enhancing the multiple layers of defense that 
work in concert with one another to secure our country.
    A significant way that DHS contributes to enhanced security 
on all modes of surface transportation is through the award of 
grants. In Fiscal Year 2009, the Department directed more than 
$500 million to mass transit passenger rail agencies through 
its Transit Security Grant Program; $78 million in American 
Recovery and Reinvestment Act funding went to approximately 240 
new law enforcement officers at 15 transit systems across the 
country; and $72 million in Recovery funds went to capital 
projects, such as improvements to high density tunnels, 
stations, and bridges.
    The Department has three principal tools in which we 
address surface security: intelligence, operational deterrence, 
and infrastructure protection. Through each of these, and 
through our grant program, our efforts are to secure the 
Nation's surface transportation system. But, we do this through 
what--through the notion of a homeland security enterprise, a 
collective effort of shared responsibilities of Federal, state, 
local, tribal, territorial, nongovernmental, and private-sector 
partners.
    This enterprise connotes a broad base of community of 
common interest in safety and security. It is a partnership. 
Indeed, strong working partnerships with state and local 
government, law enforcement, and emergency response officials, 
and hundreds of transit system operators, private sector and 
individuals, are critical to the success of surface 
transportation security programs. The Federal Government has a 
role to play, and it is also in great partnership with all of 
these participants.
    While there has been significant progress over the last 
several years in improving surface transportation security, 
there is still much work to be done. Our mission remains clear: 
providing the traveling public with confidence that these vital 
arteries that support our daily lives are secure.
    I look forward to working with you and this committee to 
achieve this goal. I would like to submit my full statement for 
the record. And I look forward to your questions.
    [The prepared statement of Mr. Heyman follows:]

   Prepared Statement of Hon. David Heyman, Assistant Secretary for 
              Policy, U.S. Department of Homeland Security

    Good afternoon, Chairman Rockefeller, Ranking Member Hutchison, and 
distinguished members of the Committee. I am pleased to appear today to 
discuss safeguarding our Nation's open surface transportation systems 
and the Department of Homeland Security's (DHS) collective efforts with 
Federal, state and local partners to improve the security of these 
systems. I appreciate the Committee's efforts in support of this vital 
mission.
    The Nation's surface transportation infrastructure is a vast, open 
system of interdependent networks that continually moves millions of 
passengers and millions of tons of commodities. The network and its 
four subsectors--Mass Transit, Highways, Freight Rail, and Pipelines--
are critical to our economic well-being and our way of life. The 
security of this system is a shared responsibility among many 
governmental and private sector entities, including DHS.
    For the past decade, the Nation's transportation network has been 
at an elevated risk of attack. The failed and foiled terrorist plots in 
the past year against mass transit and aviation are powerful reminders 
that terrorists will go to great lengths to defeat the security 
measures that have been put in place since September 11, 2001. This 
Administration is determined to thwart terrorist plots and disrupt, 
dismantle, and defeat terrorist networks by employing and enhancing the 
multiple layers of defense that work in concert with one another to 
secure our country.
    President Obama has articulated the need to do more to safeguard 
surface transportation by building on existing security efforts. The 
President's guiding principles for homeland security, including working 
with key stakeholders, investing in the most pressing short- and long-
term infrastructure needs, and safeguarding the transportation systems 
that Americans use every day, will lead to a more resilient surface 
transportation system that improves public safety and enables efficient 
commerce.
The Surface Transportation Security Priority Assessment
    This Administration recognized that the Nation's surface 
transportation system is an open and sprawling network and therefore we 
must look to the capabilities of Federal, state, local and private 
sector entities to secure the system and address threats through 
intelligence and the application of a risk-based approach. To this end, 
the White House led an interagency effort under the aegis of the 
National Security Staff to assess the security of the surface 
transportation system and determine what additional measures and 
initiatives could be undertaken to improve the security of the system.
    The result of this effort is the Surface Transportation Security 
Priority Assessment, released April 2, which represents an important 
step toward further protecting the traveling public from acts of 
terrorism. The Assessment presents a thorough review of security 
efforts in all modes of surface transportation by the Obama 
Administration during its first year, including mass transit, commuter 
and long-distance passenger rail, freight rail, commercial vehicles and 
pipelines. It examines existing surface transportation security 
priorities, identifies interagency priorities for the next 4 years, 
provides recommendations on how to address existing policy gaps in 
surface transportation security efforts, and directs designated 
agencies to develop implementation plans to accomplish the report's 
recommendations.
    The Administration engaged stakeholders from Federal, state, local 
and tribal government and the private sector using DHS' National 
Infrastructure Protection Plan (NIPP) partnership model to furnish 
input into the comprehensive framework of recommendations set forth in 
the Assessment. In conducting the Assessment, common themes and 
recommendations included the need to enhance security through increased 
intelligence sharing, vetting, security planning, training, and 
exercises, improve efficiency and effectiveness, strengthen stakeholder 
partnerships, and employ a systems management approach to assessing 
risk. DHS served an active role in the Assessment supporting 
interagency efforts by assigning staff to support and coordinate the 
drafting of the assessment as well as preparation of the final report.
    The Assessment's 20 recommendations are the building blocks for 
advancing our Nation's surface transportation security initiatives. 
These recommendations are consistent with recommendations received from 
the DHS Office of Inspector General and the Government Accountability 
Office (GAO) on how best to provide security in all modes of 
transportation. Among other things, the recommendations include the 
following:

   Implement an integrated Federal approach that consolidates 
        capabilities in a unified effort for security assessments, 
        audits and inspections to produce more thorough evaluations and 
        effective follow-up actions to reduce risk, enhance security, 
        and reduce burdens on assessed surface transportation entities.

   Implement a multi-year, multi-phase grants program based on 
        a long-term strategy for surface transportation security.

   Establish an interagency process to inventory education and 
        training (E&T) requirements and programs, identify gaps and 
        redundancies in surface transportation owner/operator E&T, and 
        ensure that Federal training requirements support 
        counterterrorism and infrastructure protection.

    These and other recommendations in the Assessment reflect the 
Administration's commitment to goals that are critical to surface 
transportation security, such as teaming with all government partners 
and the private sector to identify and reduce risk; improving the 
efficiency and effectiveness of Federal missions, organizations and 
programs; strengthening interactive stakeholder partnerships; and 
application of a systems management approach to surface transportation 
security.
    The Administration remains committed to implementing the 
recommendations contained in the Assessment. Assistant to the President 
and Deputy National Security Adviser for Homeland Security and 
Counterterrorism, John Brennan released a memo to Departments and 
Agencies on April 14, 2010 directing the development of implementation 
plans for the 20 recommendations contained in the assessment. The 
implementation plans will:

        1. Define actionable and measurable next steps;

        2. Identify implementation metrics;

        3. Determine a timeline for completion; and

        4. Identify stakeholders for engagement in the development of 
        the implementation plans.

    DHS was designated in the Assessment as the lead Department for 
implementing 19 of the 20 recommendations. The Department looks forward 
to continued engagement with Congress on implementation of actions.
Security in All Modes of Surface Transportation
    DHS plays a key role in the Administration's efforts to ensure the 
security of our Nation's surface transportation system. Employing an 
intelligence-driven and risk-based approach to assessing threats to the 
system, DHS and its partners have made substantial progress in the past 
few years in improving surface transportation security in this country. 
Our efforts to secure the Nation's surface transportation system are a 
clear illustration of the concept of the homeland security enterprise 
established by the Quadrennial Homeland Security Review. This concept 
refers to the collective efforts and shared responsibilities of 
Federal, state, local, tribal, territorial, and private-sector 
partners--as well as individuals, families, and communities--to 
maintain critical homeland security capabilities. It connotes a broad-
based community with a common interest in the safety and well being of 
America and American society.
    Indeed, strong working partnerships with state and local 
government, law enforcement, emergency response officials, hundreds of 
transit system operators, private sector groups, and individual 
citizens around the country are critical to the success of surface 
transportation security programs. By communicating with one another, 
sharing intelligence, and planning collaboratively, these stakeholders 
have created a foundation for both building surface transportation 
security initiatives and reducing risk. Through national standards, 
sharing best practices, guidance and regulation, they are putting those 
initiatives into operation. And by conducting assessments and using 
metrics to measure our progress, DHS constantly is examining ways to 
improve security and reduce risk throughout the surface transportation 
system.
    As a result of our risk-based and intelligence-driven approach, DHS 
has made real progress; some tangible accomplishments include the 
following:

   DHS' Transportation Security Administration (TSA) has 
        assessed the top 100 U.S. pipeline systems--which transport 84 
        percent of the energy products in the U.S., such as oil and 
        natural gas--to ensure security standards are being met. Over 
        the past 18 months, TSA has inspected 200 critical facilities 
        related to those pipeline systems, including pumping stations, 
        bridge spans, and control centers.

   With respect to highway security, DHS' U.S. Customs and 
        Border Protection (CBP) secures our northern and southern 
        borders against dangerous passengers and cargo. For traffic 
        within our borders, TSA has issued security guidelines for high 
        hazard material transporters, provided security training for 
        intercity bus and school bus operators, and is assessing key 
        infrastructure vulnerabilities. Through TSA's Hazardous 
        Materials Endorsement (HME) vetting program, all individuals 
        who seek a hazardous materials endorsement to their state-
        issued commercial driver's license must go through a rigorous 
        vetting program. This program covers approximately three 
        million drivers authorized to transport hazardous materials. 
        Additionally, as this committee is very much aware, TSA has 
        conducted a full security threat assessment of, and issued a 
        Transportation Worker Identification Credential (TWIC) to, 1.6 
        million workers requiring unescorted access to secure areas of 
        port facilities.

   In freight rail, CBP secures our borders via inbound and 
        outbound inspections, while TSA has reduced the toxic 
        inhalation chemical risk in high threat urban areas by 80 
        percent since 2006, assessed security at 30 of the 50 key 
        bridges throughout the nation, and issued a rail security rule 
        on toxic inhalants to require a secure chain of custody from 
        shippers to receivers. These impressive risk reduction results 
        are a product of regulatory and voluntary efforts with the rail 
        industry that are a model for the benefits of collaborative, 
        data driven risk reduction.

    A significant way that DHS contributes to the enhanced security of 
all modes of surface transportation is through the award of grants. In 
FY 2009, DHS directed more than $500 million to mass transit and 
passenger rail agencies through the Transit Security Grant Program 
(TSGP), which focuses specifically on surface transportation; $78 
million in American Recovery and Reinvestment Act (ARRA) funding for 
approximately 240 new law enforcement officers at 15 transit systems 
across the country--including approximately $36 million for 128 new 
officers at the New York Police Department--to enhance the Nation's 
ability to guard against acts of terrorism; $72 million in ARRA funding 
for capital projects, such as improvements to high-density tunnels, 
stations and bridges; and $388 million in Transit Security Grant 
Program and Freight Rail Security Grant Program funding for projects 
such as training, operational deterrence, hardening of tunnels, high-
density stations and bridges. This funding also enhanced security 
efforts for Amtrak, which received almost $100 million through the 
Transit Security Grant Program for operational deterrence, 
infrastructure hardening, training and other initiatives.
    Additionally, TSA's Mass Transit Security Training Program targets 
grant funds for recurring training of law enforcement officers and 
frontline employees in core areas of security awareness, behavior 
recognition, and immediate response to a threat or incident. DHS also 
conducts training, workshops, table top exercises, and ``lessons 
learned'' sessions that integrate mass transit and passenger rail 
agencies with regional law enforcement and emergency response partners 
to expand and enhance coordinated deterrent, threat and incident 
management capabilities. Particular emphasis is placed on prevention, 
specifically broadening capabilities for collaborative activities for 
deterrence.
    In the area of freight rail, TSA earlier this month provided the 
full Committee, and others in Congress, its study on the feasibility 
and appropriateness of requiring a non-Federal match for grants awarded 
to freight railroad carriers--the study was mandated by the 
Implementing Recommendations of the 9/11 Commission Act of 2007. The 
particular grants being examined are funded through the DHS Freight 
Rail Security Grant Program (FRSGP), managed jointly by TSA and the 
Federal Emergency Management Agency (FEMA). The purpose of FRSGP is to 
raise the security baseline in freight rail by funding vulnerability 
assessments and security plans, providing security training to 
frontline personnel, and installing Global Positioning System (GPS) 
tracking on railroad cars within the freight rail industry. Of note, 
the study recommended that a non-Federal match under FRSGP should not 
be required for certain high-priority projects, such as developing 
vulnerability assessments and security plans, and providing security 
training for frontline employees.
    The Obama Administration recognizes the critical importance of 
safeguarding our Nation's mass transit and passenger rail networks. 
These open access, interconnected networks of commuter rail trains, 
subways, and buses move millions of our citizens every day and are 
vital to our economy and our way of life. The scope of these networks 
is impressive. Consider, for example, that the New York City subway 
network has 468 stations with over 31,000 turnstiles allowing direct 
access to the subway, and an average weekday ridership of over 5 
million passengers. Amtrak's operations are nationwide, and many Amtrak 
stations are in close proximity to, or co-located with, mass transit 
stations.
    The huge benefits of these networks to our nation, including the 
inherent vastness and openness of the systems, unfortunately, makes 
them prime targets for terrorists, as we have sadly learned from 
attacks in London, Mumbai, Madrid and Moscow, as well as the New York 
City subway plot uncovered last year. As an example of the Obama 
Administration's efforts to meet this threat, in October 2009, Amtrak 
and TSA partnered to conduct random passenger and baggage screening at 
multiple locations across the Northeast Corridor. This effort is 
ongoing and is expected to expand nationwide. Such random screening 
teams are among DHS' most effective deterrence and detection tools for 
countering terrorist threats.
Tools for Protecting Surface Transportation
    As I have testified in the past, securing our modes of travel is 
one of the most powerful weapons we have to counter the ability of 
terrorists to attack us. The tools at our disposal fall into three 
primary categories:

   Intelligence drives our efforts and helps prioritize how we 
        allocate our resources. Our Federal Joint Terrorism Task Forces 
        (JTTFs), composed of DHS and other Federal and state personnel 
        operating under FBI leadership, coordinate Federal and local 
        investigations and information gathering operations and share 
        that information among law enforcement and security partners, 
        both public and private.

   Operational deterrence focuses on using Federal, state, and 
        local government personnel and resources in collaboration with 
        private sector partners to prevent, deter, and detect threats 
        from terrorists and criminal organizations. Activities 
        currently employed for this purpose, including explosive 
        detection canine teams and random, unpredictable transportation 
        passenger screening by Visible Intermodal Prevention and 
        Response (VIPR) teams, are highly effective operational tools 
        for deterring and detecting terrorist threats. The funding in 
        the FY 2010 DHS appropriation to expand the number of dedicated 
        VIPR teams from 10 to 25 has been welcome news for TSA and 
        surface transit alike. Congress overwhelmingly approved this 
        funding increase, and we are grateful for your support.

   Infrastructure protection initiatives, such as the effective 
        administration of Federal grants for physical security 
        improvements and training, focus on hardening the Nation's 
        critical transportation infrastructures, including underwater 
        tunnels, subway stations, and bridges, as well as educating our 
        fellow citizens to become partners in security. TSA's 
        Transportation Security Inspectors work with state and local 
        officials to assess security vulnerabilities and recommend how 
        to use limited resources to get the most security bang for the 
        buck.

Conclusion
    The Obama Administration is dedicated to ensuring the security of 
our Nation's surface transportation system. As evidenced by the 
creative and collaborative effort of the Surface Transportation 
Security Priority Assessment, security for our Nation's surface 
transportation system is a responsibility shared among key Federal, 
state, local and private sector partners. DHS, the Department of 
Transportation, the Department of Energy, and others are working 
collaboratively with our state and local partners and the private 
sector, and are making significant strides in improving security.
    While the Administration and DHS have made significant progress 
over the last several years in improving surface transportation 
security, much work remains to be done. With the additional resources 
from Congress, expanding collaboration with surface transportation 
partners and local law enforcement and emergency response officials, 
and a focus on uncovering and addressing deficiencies in a cost-
effective manner, there is a strong foundation and clear path toward 
meeting our security goals for the Nation's surface transportation 
systems. Our mission remains clear: providing the traveling public with 
confidence that these vital economic arteries are secure.
    Thank you again for the opportunity to address surface 
transportation security. I will be happy to answer any questions you 
may have.

    Senator Lautenberg. Appreciate that.
    Mr. Lord, please.

            STATEMENT OF STEPHEN M. LORD, DIRECTOR,

             HOMELAND SECURITY AND JUSTICE ISSUES,

             U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Lord. Thank you, Mr. Chairman and Senator Hutchison, 
for inviting me to testify at today's hearing.
    As you noted in your opening remarks, the recent terrorist 
attacks in Moscow, London, and Madrid highlight the 
vulnerability of these systems to terrorist attacks.
    Before I begin, it's, first, worth noting that about 2 
percent of TSA's 2011 budget request is designated for surface 
transportation issues, while 80 percent of the budget is 
designated for aviation security, including the Federal Air 
Marshal Service.
    Today, I would like to discuss the three key issues: first, 
TSA's use of risk management principles to identify security 
priorities; second, TSA's efforts to coordinate with other 
industry stakeholders; third, TSA's efforts to measure the 
impact of its security improvement initiatives.
    Regarding risk management the large body of work we 
completed in this area has shown that TSA has taken some 
actions to better manage these risks, but still needs to 
improve its overall risk assessment process. This will help 
them identify security gaps and inform the allocation of 
resources across all transportation modes. For example, our 
2009 Risk Management Report found that TSA had not conducted 
comprehensive risk assessments across the major modes of 
transportation that would help them identify priorities and 
judge whether the current levels of investment are appropriate.
    In addition, we reported that TSA needs to improve their 
risk management efforts within each particular mode to help 
focus their efforts and identify potential security gaps. For 
example, our April 2009 Freight Rail Report found that TSA's 
security strategy had focused almost exclusively on rail 
shipments of toxic inhalation hazards, such as chlorine, which 
can be fatal if inhaled. And while reported--while we reported 
that TSA's initial focus was a good first step, we recommended 
that TSA consider other threats, such as sabotage to bridges 
and tunnels. The good news is, TSA agreed with our 
recommendation and developed a risk tool to help identify 
vulnerabilities to bridges and tunnels.
    We also assessed TSA's risk management efforts in our 
ongoing review of pipeline security. And although the findings 
are preliminary, we found a weak statistical correlation 
between a pipeline system risk rating and the time taken to 
schedule the very important corporate security reviews of a 
facility's security plans. Specifically, among the 15 highest 
risk-rated pipeline systems, the time between a first and 
second review ranged from 1 to 6 years. And two of these high-
risk systems had not had a second review in more than 6 years, 
even though they were deemed high risk. TSA officials agreed 
with our observations, but noted that other factors, such as 
geographical proximity and other related inspection activities, 
influenced the timing of such reviews.
    In terms of coordination, TSA has developed several 
initiatives to improve coordination with Federal, state, and 
private-sector partners. However, our recent reports found that 
these coordination efforts could be improved in many areas. For 
example, our Freight Rail Report found that TSA was not 
requesting data on deficiencies and security plans and 
training, even though the FRA was collecting this information 
during their inspection process. We believe this information 
could be useful to TSA. And I'm encouraged that the 
Administration's Interagency Policy Committee Report on Surface 
Transportation, that you mentioned in your opening remarks, 
also highlights the needs for Federal entities to better 
coordinate their various activities.
    Finally, I would like to briefly discuss how TSA measures 
its progress in improving security. As you may know, TSA has 
developed national strategies, called ``modal annexes,'' for 
each surface transportation mode. However, our body of work, 
collectively, shows that TSA needs to strengthen its efforts to 
measure whether the goals listed in each of these modal annexes 
are being achieved.
    For example, in June 2009, we reported that TSA's modal 
annex for mass transit and passenger rail lacked outcome-
oriented measures and targets to help assess progress over 
time. The good news is that TSA agreed with our recommendation 
to improve the measures, and now more accurately reports 
results.
    In sum, our collective body of work has identified several 
important steps that TSA could take to improve risk management, 
coordination with other entities, and the way it measures what 
all these activities result in, at the end of the day.
    Thank you, Mr. Chairman. I look forward to any questions 
you may have.
    [The prepared statement of Mr. Lord follows:]

Prepared Statement of Stephen M. Lord, Director, Homeland Security and 
         Justice Issues, U.S. Government Accountability Office

    Mr. Chairman and members of the Committee:
    I appreciate the opportunity to participate in today's hearing to 
discuss key surface transportation security issues. Surface 
transportation modes include mass transit, freight rail, pipeline, and 
highway systems.\1\ Terrorist attacks on surface transportation systems 
in Moscow, Mumbai, London, and Madrid that caused significant loss of 
life and disruption have highlighted the vulnerability of 
transportation facilities to terrorist attacks worldwide.\2\ While 
there have been no successful terrorist attacks against U.S. surface 
transportation systems to date, securing these systems is a significant 
undertaking. In the United States, the surface transportation system 
includes more than 100,000 miles of rail, 600,000 bridges, more than 
300 tunnels, and 2 million miles of pipeline. Securing these systems is 
further complicated by the number of private and public stakeholders 
involved in operating and protecting the system and the need to balance 
security with the expeditious flow of people and goods. Further, 
surface transportation systems generally rely on an open architecture 
that is difficult to monitor and secure due to its multiple access 
points, hubs serving multiple carriers, and, in some cases, lack of 
access barriers. An attack on these systems could potentially lead to 
significant casualties due to, for example, the high number of daily 
passengers, especially during peak commuting hours. In the 2011 budget 
request for the Department of Homeland Security's (DHS) Transportation 
Security Administration (TSA), $137.6 million of the $8.2 billion total 
request is for surface transportation security, while $6.5 billion is 
requested for aviation security, including the Federal Air Marshal 
Service.\3\
---------------------------------------------------------------------------
    \1\ The six major transportation modes defined in the 
Transportation Security Administration's (TSA) Transportation Security 
Sector Specific Plan (TS-SSP) are: aviation; maritime; mass transit 
(including transit buses, subway and light rail, and passenger rail--
both commuter rail and long-distance); highway; freight rail; and 
pipeline.
    \2\ Subway attacks occurred in Moscow March 29, 2010, in Mumbai on 
July 11, 2006, in London on July 7, 2005, and in Madrid on March 11, 
2004. Each attack caused dozens of deaths and injuries.
    \3\ Additional funding is requested for accounts such as 
transportation security support, which supports both aviation and 
surface transportation security programs. Some of the Federal Air 
Marshal Service funding support nonaviation activities.
---------------------------------------------------------------------------
    My testimony today focuses on the extent to which: (1) DHS has used 
a risk management framework to guide efforts to strengthen the security 
of the surface transportation sector, (2) TSA has coordinated its 
strategy and efforts for securing the surface transportation sector 
with other Federal entities, states, and private-sector stakeholders, 
(3) TSA has measured the effectiveness of its surface transportation 
security-improvement actions, and (4) TSA has made progress in 
deploying surface transportation security inspectors, and what 
challenges, if any, it faces in these efforts.
    This statement is based on related public GAO reports issued from 
January 2009 through June 2009.\4\ All of this work was conducted in 
accordance with generally accepted government auditing standards, and 
our previously published products contain additional details on the 
scope and methodology for those reviews. In addition, this statement 
includes preliminary observations based on ongoing work assessing the 
security of the Nation's pipeline systems for this committee. This 
ongoing work, which will be completed later this year, is assessing, 
among other things, TSA's risk assessment efforts and performance 
measures for this area of surface transportation. For our ongoing 
review of pipeline security, we reviewed relevant laws and program 
management and planning documents, including pipeline performance 
measures, and interviewed TSA Pipeline Security Division officials to 
discuss, among other things, their identification of the most critical 
pipeline systems and their development and use of the pipeline risk 
assessment model and performance measures. We also analyzed TSA's 
pipeline risk assessment model by measuring the strength of the 
relationship between the frequency of Corporate Security Reviews for 
each pipeline system and that system's ranking based on risk.\5\ We 
determined that the data we analyzed were sufficiently reliable for the 
purposes of this statement. Specifically, we reviewed related 
documentation, interviewed knowledgeable agency officials, and tested 
those data to identify missing information or outliers. Our ongoing 
work related to pipeline security is being conducted in accordance with 
generally accepted government auditing standards. In addition, this 
statement contains selected updates conducted from September 2009 
through April 2010 on TSA's efforts to implement our previous 
recommendations regarding surface transportation security. In 
conducting these updates, we obtained new information from TSA 
regarding the agency's efforts to enhance its surface transportation 
inspections and meet legislative requirements, among other things. We 
conducted these updates in accordance with generally accepted 
government auditing standards. Those standards require that we plan and 
perform the audit to obtain sufficient, appropriate evidence to provide 
a reasonable basis for our findings and conclusions based on our audit 
objectives. We believe that the evidence obtained provides a reasonable 
basis for our findings based on our audit objectives.
---------------------------------------------------------------------------
    \4\ GAO, Transportation Security: Key Actions Have Been Taken to 
Enhance Mass Transit and Passenger Rail Security, but Opportunities 
Exist to Strengthen Federal Strategy and Programs, GAO 09 678 
(Washington, D.C.: June 2009); Transit Security Grant Program: DHS 
Allocates Grants Based on Risk, but Its Risk Methodology, Management 
Controls and Grant Oversight Can Be Strengthened, GAO 09 491 
(Washington, D.C.: June 2009); Freight Rail Security: Actions Have Been 
Taken to Enhance Security, but the Federal Strategy Can Be Strengthened 
and Security Efforts Better Monitored, GAO 09 243 (Washington, D.C.: 
Apr. 2009); Transportation Security: Comprehensive Risk Assessments and 
Stronger Internal Controls Needed to Help Inform TSA Resource 
Allocation, GAO 09 492 (Washington, D.C.: Mar. 2009); Commercial 
Vehicle Security: Risk-Based Approach Needed to Secure the Commercial 
Vehicle Sector, GAO 09 85 (Washington, D.C.: Feb. 2009); Highway 
Infrastructure: Federal Efforts to Strengthen Security Should Be Better 
Coordinated and Targeted on the Nation's Most Critical Highway 
Infrastructure, GAO 09 57 (Washington, D.C.: Jan. 2009).
    \5\ Corporate Security Reviews are on-site security reviews that 
TSA's Pipeline Security Division conducts with pipeline operators to 
develop a firsthand knowledge of operators' security plans and 
implementation, establish working relationships with key pipeline 
security personnel, and identify and share good security practices.
---------------------------------------------------------------------------
Background
    TSA is the primary Federal agency responsible for overseeing the 
security of surface transportation systems, including developing a 
national strategy and implementing security programs. However, several 
other agencies, including DHS's Federal Emergency Management Agency 
(FEMA) and the Department of Transportation's (DOT) Federal Transit 
Administration (FTA) and Federal Railroad Administration (FRA), also 
play a role in helping to fund and secure these systems. Since it is 
not practical or feasible to protect all assets and systems against 
every possible terrorist threat, DHS has called for using risk-informed 
approaches to prioritize its security-related investments and for 
developing plans and allocating resources in a way that balances 
security and commerce.\6\
---------------------------------------------------------------------------
    \6\ A risk management approach entails a continuous process of 
managing risk through a series of actions, including setting strategic 
goals and objectives, assessing risk, evaluating alternatives, 
selecting initiatives to undertake, and implementing and monitoring 
those initiatives.
---------------------------------------------------------------------------
    In June 2006, DHS issued the National Infrastructure Protection 
Plan (NIPP), which established a six-step risk management framework to 
establish national priorities, goals, and requirements for Critical 
Infrastructure and Key Resources protection so that Federal funding and 
resources are applied in the most effective manner to deter threats, 
reduce vulnerabilities, and minimize the consequences of attacks and 
other incidents. The NIPP, updated in 2009, defines risk as a function 
of three elements: threat, vulnerability, and consequence. Threat is an 
indication of the likelihood that a specific type of attack will be 
initiated against a specific target or class of targets. Vulnerability 
is the probability that a particular attempted attack will succeed 
against a particular target or class of targets. Consequence is the 
effect of a successful attack. In May 2007, TSA issued the 
Transportation Systems Sector-Specific Plan (TS-SSP), which documents 
the risk management process to be used in carrying out the strategic 
priorities outlined in the NIPP. As required by Executive Order 13416, 
the TS-SSP also includes modal implementation plans or modal annexes 
that detail how TSA intends to achieve the sector's goals and 
objectives for each of the six transportation modes using the systems-
based risk management approach.\7\
---------------------------------------------------------------------------
    \7\ The TS-SSP includes modal annexes for Aviation, Maritime, Mass 
Transit, Highway Infrastructure and Motor Carrier, Freight Rail, and 
Pipeline.
---------------------------------------------------------------------------
    To address the objectives and goals laid out in the TS-SSP, TSA 
uses various programs to secure transportation systems throughout the 
country, including Visible Intermodal Prevention and Response (VIPR) 
teams and Surface Transportation Security Inspectors (STSI). VIPR teams 
employ a variety of tactics to deter terrorism, including random high-
visibility patrols at mass transit and passenger rail stations using, 
among other things, behavior-detection officers, canine detection 
teams, and explosive-detection technologies.\8\ STSIs, among other 
things, conduct on-site inspections of U.S. rail systems--including 
mass transit, passenger rail, and freight rail systems--to identify 
best security practices, evaluate security system performance, and 
discover and correct deficiencies and vulnerabilities in the rail 
industry's security systems.\9\
---------------------------------------------------------------------------
    \8\ TSA VIPR teams, which TSA has reported using since late 2005, 
work with local security and law enforcement officials to secure any 
mode of transportation.
    \9\ STSIs conduct their work by building collaborative working 
relationships with freight rail carriers, the mass transit and 
passenger rail industry, and applicable local, state, and Federal 
authorities.
---------------------------------------------------------------------------
    In August 2007, the Implementing Recommendations of the 9/11 
Commission Act (9/11 Commission Act) was signed into law, which 
included provisions that task DHS and other public and private 
stakeholders with security actions related to surface transportation 
security.\10\ Among other things, these provisions include mandates for 
developing and issuing reports on TSA's strategy for securing public 
transportation, conducting and updating comprehensive security 
assessments for public transportation agencies, and ensuring that 
transportation modal security plans include threats, vulnerabilities, 
and consequences for transportation infrastructure assets including 
mass transit, railroads, highways, and pipelines.
---------------------------------------------------------------------------
    \10\ Pub. L. No. 110-53, 121 Stat. 266 (2007).
---------------------------------------------------------------------------
TSA Has Taken Some Actions to Implement a Risk Management Approach but 
        Could Do More to Inform the Allocation of Resources across the 
        Surface Transportation Sector
    In March 2009, we reported that TSA has taken some actions called 
for by the NIPP's risk management process, but has not conducted 
comprehensive risk assessments across aviation and four major surface 
transportation modes.\11\ In 2007, TSA initiated but later discontinued 
an effort to conduct a comprehensive risk assessment for the entire 
transportation sector, known as the National Transportation Sector Risk 
Analysis.\12\ Consequently, we recommended that TSA conduct 
comprehensive risk assessments for the transportation sector to produce 
a comparative analysis of risk across the entire transportation sector, 
which the agency could use to guide current and future investment 
decisions. DHS and TSA concurred with our recommendation, and in April 
2010 TSA identified planned actions, including integrating the results 
of risk assessments into a comparative risk analysis across the 
transportation sector. TSA officials stated in April 2010 that the 
agency has revised its risk management framework, TS-SSP, and modal 
annexes. They added that these documents are undergoing final agency 
review.
---------------------------------------------------------------------------
    \11\ GAO-09-492. The four major surface transportation modes are 
mass transit and passenger rail, freight rail, highway, and pipeline. A 
comprehensive risk assessment approach would assess threat, 
vulnerability, and consequence to inform the allocation of resources, 
as called for by the NIPP and the TS-SSP.
    \12\ Through this effort, TSA intended to estimate the threat, 
vulnerability, and consequence of a range of hypothetical attack 
scenarios and integrate these estimates to produce risk scores for each 
scenario that could be compared among each of the modes of 
transportation. However, officials stated that TSA discontinued this 
work due to difficulties in estimating the likelihood of terrorist 
threats.
---------------------------------------------------------------------------
    In addition, we have previously reported that while TSA has 
collected information related to threat, vulnerability, and consequence 
within the surface transportation modes, it has not conducted risk 
assessments that integrate these three components for individual modes. 
For example, we reported in June 2009 that TSA had not conducted its 
own risk assessment of mass transit and passenger rail systems that 
combined all three risk elements, as called for by the NIPP.\13\ Thus, 
we recommended that TSA conduct a comprehensive risk assessment that 
combines threat, vulnerability, and consequence. DHS concurred with 
this recommendation, and in February 2010, DHS officials said that TSA 
had undertaken a Transportation Systems Sector Risk Assessment that 
would incorporate all three elements of risk. In April 2010, TSA stated 
that this risk assessment is under review. Similarly, the 
Administration's Transborder Security Interagency Policy Committee 
(IPC) Surface Transportation Subcommittee's recently issued Surface 
Transportation Security Priority Assessment recognized that assessing 
transportation assets and infrastructure and ranking their criticality 
would help target the use of limited resources.\14\ Consequently, this 
subcommittee recommended that TSA identify appropriate methodologies to 
evaluate and rank surface transportation systems and critical 
infrastructure.
---------------------------------------------------------------------------
    \13\ GAO-09-678. Although all levels of government are involved in 
mass transit and passenger rail security, the primary responsibility 
for securing the systems rests with the mass transit and passenger rail 
operators. We have reported that most mass transit and passenger rail 
systems have made operational enhancements to their security programs, 
such as adding security personnel or transit police. Some of the 
largest systems have also implemented varying types of random passenger 
or baggage inspection screening programs. Additionally, mass transit 
agencies have invested in capital improvements, including upgrading 
closed-circuit television systems and installing explosives-detection 
equipment and silent alarms.
    \14\ The White House Transborder Security Interagency Policy 
Committee Surface Transportation Subcommittee, Surface Transportation 
Security Priority Assessment (March 2010). In making its 
recommendations, the subcommittee gathered input from surface-
transportation owners and operators, DHS and DOT, as well as state and 
local government representatives.
---------------------------------------------------------------------------
    We have also identified other opportunities to improve TSA's risk 
management efforts for surface transportation. For example, in April 
2009, we reported that TSA's efforts to assess security threats to 
freight rail could be strengthened.\15\ Specifically, we noted that 
while TSA had developed a freight rail security strategy, the agency 
had focused almost exclusively on rail shipments of toxic inhalation 
hazards (TIH), such as chlorine and anhydrous ammonia, which can be 
fatal if inhaled, despite other Federal and industry assessments having 
identified additional potential security threats, such as risks to 
bridges, tunnels, and control centers.\16\ We reported that although 
TSA's focus on TIH has been a reasonable initial approach given the 
serious public harm these materials potentially pose to the public, 
there are other security threats for TSA to consider and evaluate as 
its freight rail strategy matures, including potential sabotage to 
critical infrastructure. We recommended that TSA expand its efforts to 
include all security threats in its freight rail security strategy. DHS 
concurred with this recommendation and has since reported that TSA has 
developed a Critical Infrastructure Risk Tool to measure the 
criticality and vulnerability of freight railroad bridges. As of April 
2010, the agency has used this tool to assess 39 bridges, some of which 
transverse either the Mississippi or Missouri Rivers, and intends to 
assess 22 additional bridges by the end of Fiscal Year 2010.\17\
---------------------------------------------------------------------------
    \15\ GAO-09-243.
    \16\ Shipments of TIH, especially chlorine, frequently move through 
densely populated areas to reach, for example, water treatment 
facilities that use these products. We reported that TSA focused on 
securing TIH materials for several reasons, including limited resources 
and a decision in 2004 to prioritize TIH as a key risk requiring 
Federal attention. Other Federal and industry freight rail stakeholders 
agreed that focusing on TIH was a sound initial strategy because it is 
a key potential rail security threat and an overall transportation 
safety concern.
    \17\ We have previously reported that certain bridges, such as 
those over large rivers, play a key role in the national railroad 
system because capacity constraints limit options to reroute trains. As 
a result, incidents limiting or preventing their use could negatively 
affect the economy by severely delaying rail traffic for significant 
periods of time and causing transportation system delays and 
disruption.
---------------------------------------------------------------------------
    Further, we reported in June 2009 that the Transit Security Grant 
Program (TSGP) risk model includes all three elements of risk, but can 
be strengthened by measuring variations in vulnerability.\18\ DHS has 
held vulnerability constant, which limits the model's overall ability 
to assess risk and more precisely allocate funds to transit agencies. 
We also found that although TSA allocated about 90 percent of funding 
to the highest-risk agencies, lower-risk agency awards were based on 
other factors in addition to risk, such as project quality. For 
example, a lower-risk agency with a high-quality project was more 
likely to receive funding than a higher-risk agency with a low-quality 
project. We recommended that DHS strengthen its methodology for 
determining risk by developing a cost-effective method for 
incorporating vulnerability information in its TSGP risk model. DHS 
concurred with the recommendation, and in April 2010 the agency stated 
that it is reevaluating the risk model for the Fiscal Year 2011 grant 
cycle. Further, TSA is evaluating the feasibility of incorporating an 
analysis of the current state of an asset, including its vulnerability, 
in determining Fiscal Year 2011 grant funding.\19\
---------------------------------------------------------------------------
    \18\ See GAO-09-491. DHS awards TSGP grant funding to owners and 
operators of mass transit and passenger rail systems that have used 
these funds for a variety of security purposes, including developing 
security plans, purchasing or upgrading security equipment, and 
providing security training to transit employees.
    \19\ Industry entities have also reported undertaking independent 
efforts to assess security risks to their systems and operations. These 
effects include: (1) a 2008 rail industry security assessment conducted 
by the American Association of Railroads, which resulted in the 
identification and prioritization of over 1,000 rail assets, including 
bridges, tunnels, and control centers; and (2) comprehensive risk 
assessments that incorporate and combine all three risk elements, which 
have been conducted by the National Railroad Passenger Corporation 
(Amtrak) and some individual transit systems.
---------------------------------------------------------------------------
    Additionally, we are currently conducting an assessment of TSA's 
efforts to help ensure pipeline security; the resulting report will 
include an evaluation of the extent to which TSA uses a risk management 
approach to help strengthen pipeline security. Our preliminary 
observations found that TSA has identified the 100 most-critical 
pipeline systems in the United States and produced a pipeline risk 
assessment model, consistent with the NIPP. Furthermore, the 9/11 
Commission Act requires that risk assessment methodologies be used to 
prioritize actions to the highest-risk pipeline assets, and we found 
that TSA's stated policy is to consider risk when scheduling Corporate 
Security Reviews--assessments of pipeline operators' security plans. 
However, we found a weak statistical correlation between a pipeline 
system's risk rank and the time elapsed between a first and subsequent 
review.\20\ In addition, we found that among the 15 highest risk-ranked 
pipeline systems, the time between a first and second Corporate 
Security Review ranged from 1 to 6 years for those systems that had 
undergone a second review. Further, as of April 2010, 2 systems among 
the top 15 had not undergone a second review despite more than 6 years 
passing since their first review. TSA officials told us that although a 
pipeline system's relative risk ranking is the primary factor driving 
the agency's decision of when to schedule a subsequent Corporate 
Security Review, it is not the only factor influencing this decision. 
They explained they also consider the geographical proximity of 
Corporate Security Review locations to each other in order to reduce 
travel time and costs, as well as the extent to which they have worked 
with pipeline operators through other efforts, such as their Critical 
Facility Inspection Program.\21\ Better prioritizing its reviews based 
on risk could help TSA ensure its resources are more efficiently 
allocated toward the highest-risk pipeline systems. We expect to issue 
this report by the end of this year.
---------------------------------------------------------------------------
    \20\ We calculated a simple correlation coefficient to measure the 
strength and direction of the linear relationship between systems' risk 
rankings and the time elapsed between TSA's first and subsequent 
Corporate Security Reviews for pipeline systems. The magnitude of the 
correlation coefficient determines the strength of the correlation. Our 
preliminary analysis resulted in a weak correlation coefficient score.
    \21\ The Pipeline Security Division began inspections under the 
Critical Facility Inspection Program in November 2008. The program 
involves on-site physical security inspections of each critical 
facility of the 100 most-critical pipeline systems.
---------------------------------------------------------------------------
TSA Has Generally Improved Coordination with Key Stakeholders but 
        Additional Actions Could Enhance Current Efforts to Improve 
        Surface Transportation Security
    TSA has developed several initiatives to improve coordination with 
its Federal, state, and private sector stakeholders. However, we have 
previously reported that TSA's coordination efforts could be improved. 
For example, we reported in April 2009 that Federal and industry 
stakeholders have taken a number of steps to coordinate their freight 
rail security efforts, such as implementing agreements to clarify roles 
and responsibilities and participating in various information-sharing 
mechanisms.\22\ However, Federal coordination could be enhanced by more 
fully leveraging the resources of all relevant Federal agencies, such 
as TSA and FRA.\23\ For example, we reported that TSA was not 
requesting data on deficiencies in security plans and training 
activities collected by FRA, which could be useful to TSA in developing 
regulations requiring high-risk rail carriers to develop and implement 
security plans. To improve coordination, we recommended that DHS work 
with Federal partners such as FRA to ensure that all relevant 
information, including threat assessments, is shared. DHS concurred 
with this recommendation and stated that it planned to better define 
stakeholder roles and responsibilities to facilitate information 
sharing. Since we issued our report, DHS reported that TSA continues to 
share information with security partners, including meeting with FRA 
and the DHS Office of Infrastructure Protection to discuss coordination 
and develop strategies for sharing relevant assessment information and 
avoiding duplication.\24\
---------------------------------------------------------------------------
    \22\ Some rail industry stakeholders have independently implemented 
other types of operational and procedural changes to secure their 
hazardous rail shipments, such as making modifications to procedures 
for how rail companies manage and schedule trains and railcars. Rail 
industry organizations also play a role in disseminating pertinent 
information, such as threat communications from DHS and DOT, to their 
members.
    \23\ See GAO-09-243.
    \24\ DHS's Office of Infrastructure Protection is an organizational 
entity within the National Protection and Programs Directorate, whose 
mission includes leading the coordinated national effort to reduce the 
risk to critical infrastructure and key resources posed by acts of 
terrorism.
---------------------------------------------------------------------------
    In addition, we reported in January 2009 that although several 
Federal entities, including TSA and the U.S. Coast Guard, have efforts 
underway to assess the risk to highway infrastructure, these 
assessments have not been systematically coordinated among key Federal 
partners.\25\ We further reported that enhanced coordination with 
Federal partners could better enable TSA to determine the extent to 
which specific critical assets had been assessed and whether potential 
adjustments in its methodology were necessary to target remaining 
critical infrastructure assets. We recommended that to enhance 
collaboration among entities involved in securing highway 
infrastructure and to better leverage Federal resources, DHS establish 
a mechanism to systematically coordinate risk assessment activities and 
share the results of these activities among the Federal partners. DHS 
concurred with the recommendation. In February 2010, TSA officials 
indicated that the agency had met with other Federal agencies that 
conduct security reviews of highway structures to identify existing 
data resources, establish a data-sharing system among key agencies, and 
discuss standards for future assessments.\26\ The Administration's 
Surface Transportation Security Priority Assessment also highlighted 
the need for Federal entities to coordinate their assessment efforts. 
That report included a recommendation to establish an integrated 
Federal approach that consolidates capabilities in a unified effort for 
security assessments, audits, and inspections to produce more thorough 
evaluations and effective follow-up actions for reducing risk, 
enhancing security, and minimizing burdens on assessed surface 
transportation entities.
---------------------------------------------------------------------------
    \25\ GAO-09-57. The U.S. Coast Guard is the lead Federal agency 
responsible for the security of the Nation's ports and waterways, which 
may include highway assets that have a maritime nexus, such as bridges.
    \26\ In addition to Federal efforts, highway-sector stakeholders 
have taken a variety of voluntary actions intended to enhance the 
security of highway infrastructure. Key efforts include developing 
security publications, sponsoring infrastructure security workshops, 
conducting research and development activities, and implementing 
specific protective measures intended to deter an attack or reduce 
potential consequences, such as security patrols, electronic detection 
systems, and physical barriers.
---------------------------------------------------------------------------
    We also reported in February 2009 that TSA, which has the primary 
Federal responsibility for ensuring the security of the commercial 
vehicle sector, had taken actions to improve coordination with Federal, 
state, and industry stakeholders with respect to commercial vehicle 
security.\27\ These actions included signing joint agreements with DOT 
and supporting the establishment of intergovernmental and industry 
councils. However, we also reported that additional opportunities exist 
to enhance security by more clearly defining stakeholder roles and 
responsibilities. For example, some state transportation officials 
stated that DHS and TSA had not clarified states' roles and 
responsibilities in securing the transportation sector or communicated 
to them TSA's strategy to secure commercial vehicles, which in some 
cases has caused delays in implementing state transportation security 
initiatives. Industry stakeholders also expressed concerns with respect 
to TSA communicating its strategy, roles, and responsibilities; 
leveraging industry expertise; and collaborating with industry 
representatives.\28\ As a result, we recommended that TSA establish a 
process to strengthen coordination with the commercial vehicle 
industry, including ensuring that the roles and responsibilities of 
industry and government are fully defined and clearly communicated, and 
assess its coordination efforts. DHS concurred with this recommendation 
and in April 2010 reported that its TS-SSP Highway Modal Annex is under 
review and is expected to delineate methods to enhance communications 
and coordination with stakeholders.
---------------------------------------------------------------------------
    \27\ GAO-09-85. The term ``commercial vehicles'' refers to vehicles 
used in the commercial trucking industry (e.g., for-hire and private 
trucks moving freight, rental trucks, and trucks carrying hazardous 
materials) and the commercial motor coach industry (i.e., intercity, 
tour, and charter buses). For the purposes of this statement, we are 
including them in the highway infrastructure mode.
    \28\ Although all levels of government are involved in the security 
of commercial vehicles, primary responsibility for securing these 
vehicles rests with the individual commercial vehicle companies 
themselves. Truck and bus companies have responsibility for the 
security of day-to-day operations. As part of these operations, they 
ensure that company personnel, vehicles, and terminals--as well as all 
of the material and passengers they transport---are secured.
---------------------------------------------------------------------------
Using Targeted, Outcome-Oriented Performance Measures Could Help TSA 
        Better Monitor Strategy and Program Effectiveness
    In accordance with Executive Order 13416 and requirements of the 9/
11 Commission Act, DHS, through TSA, has developed national strategies 
for each surface transportation mode.\29\ However, we have previously 
reported the need for TSA to strengthen its evaluation of the results 
of its efforts through the use of targeted, measurable, and outcome-
based performance measures. Our prior work has shown that long-term, 
action-oriented goals and a timeline with milestones can help track an 
organization's progress toward its goals. The NIPP also provides that 
DHS should work with its security partners, including other Federal 
agencies, state and local government representatives, and the private 
sector, to develop sector-specific metrics.
---------------------------------------------------------------------------
    \29\ Strengthening Surface Transportation Security, Exec. Order No. 
13416, 71 Fed. Reg. 71033 (Dec. 5, 2006). The primary purpose of 
Executive Order 13416 is to strengthen the security of surface 
transportation. The executive order requires DHS to assess the security 
of each surface transportation mode, and evaluate the effectiveness and 
efficiency of current transportation security initiatives, among other 
things.
---------------------------------------------------------------------------
    Using performance measures and an evaluation of the effectiveness 
of surface transportation security initiatives can help provide TSA 
with more meaningful information from which to determine whether its 
strategies are achieving their intended results, and to target any 
needed improvements. For example, in January 2009, we reported that 
TSA's completion of a Highway Security Modal Annex was an important 
first step in guiding national efforts to protect highway 
infrastructure, but it did not include performance goals and measures 
with which to assess the program's overall progress toward securing 
highway infrastructure.\30\ As a result, we recommended that TSA 
establish a time-frame for developing performance goals and measures 
for monitoring the implementation of the annex's goals, objectives, and 
activities. Similarly, in June 2009, we reported that TSA's Mass 
Transit Modal Annex identified sectorwide goals that apply to all modes 
of transportation as well as subordinate objectives specific to mass 
transit and passenger rail systems, but did not contain measures or 
targets on the effectiveness of operations of the security programs 
identified in the annex.\31\ As a result, we recommended that TSA 
should, to the extent feasible, incorporate performance measures in 
future annex updates. DHS concurred with both of these recommendations. 
In February 2010, TSA indicated that the updated annex would 
incorporate performance measures among other characteristics we 
recommended, and as of April 2010, the annex is under review. We will 
continue to monitor TSA's progress in addressing these recommendations.
---------------------------------------------------------------------------
    \30\ GAO-09-57.
    \31\ GAO-09-678.
---------------------------------------------------------------------------
    We also reported in April 2009 that three of the four performance 
measures in TSA's Freight Rail Modal Annex to the TS-SSP did not 
identify specific targets to gauge the effectiveness of Federal and 
industry programs in achieving the measures or the transportation-
sector security goals outlined in the annex.\32\ We also reported that 
TSA was limited in its ability to measure the effect of Federal and 
industry efforts on achieving the agency's key performance measure for 
the freight rail program, which is to reduce the risk associated with 
the transportation of TIH in major cities identified as high-threat 
urban areas. This was because the agency was unable to obtain critical 
data necessary to consistently measure results. We reported that TSA 
was unable to obtain critical data necessary to consistently calculate 
cumulative results for this measure over the time period for which it 
calculated them--from 2005 to 2008. In particular, some baseline data 
needed to cumulatively calculate results for this measure were 
historical and could not be collected. As a result, the agency used a 
method for estimating risk for its baseline year that was different 
than what it used for calculating results for subsequent years.
---------------------------------------------------------------------------
    \32\ GAO-09-243. The transportation-sector goals identified in the 
Freight Rail Model Annex include: (1) prevent and deter acts of 
terrorism against the transportation system, (2) enhance resiliency of 
the U.S. transportation system, and (3) improve the cost-effective use 
of resources for transportation security.
---------------------------------------------------------------------------
    Consequently, to help ensure the strategic goals of the modal annex 
are met and that TSA is consistently and accurately measuring agency 
and industry performance in reducing the risk associated with TIH rail 
shipments in major cities, we recommended that TSA ensure that future 
updates: (1) contain performance measures with defined targets that are 
linked to fulfilling goals and objectives; and (2) more systematically 
address specific milestones for completing activities and measuring 
progress toward meeting identified goals. We further recommended that 
TSA take steps to revise the baseline year associated with its TIH risk 
reduction performance measure to enable the agency to more accurately 
report results for this measure. DHS concurred with these 
recommendations and has indicated that it will incorporate them into 
future updates of its Freight Rail Modal Annex, which will be designed 
to more specifically address goal-oriented milestones and performance 
measures. In April 2010, TSA stated that the agency has revised its 
risk management framework, TS-SSP, and modal annexes and that these 
documents are undergoing final agency review.
    In addition to developing performance measures to assess the 
success of its security strategies, we have also identified the need 
for TSA to develop or enhance its performance measures for specific 
programs such as the TSGP, VIPR Program, and pipeline security 
programs. Specifically, in June 2009, we reported that the TSGP lacked 
a plan and milestones for developing measures to track progress of 
achieving program goals.\33\ While FEMA--which administers the grants--
reported that it was beginning to develop measures to better manage its 
portfolio of grants, TSA and FEMA had not collaborated to produce 
performance measures for assessing the effectiveness of TSGP-funded 
projects, such as how funding is used to help protect critical 
infrastructure and the traveling public from possible acts of 
terrorism.\34\ We recommended that TSA and FEMA collaborate in 
developing a plan and milestones for measuring the effectiveness of the 
TSGP and its administration. DHS concurred with our recommendation, and 
in November 2009, FEMA stated that it will take steps to develop a plan 
with milestones in coordination with TSA. Likewise, the 
administration's Surface Transportation Security Priority Assessment 
discussed the importance of establishing a measurable evaluation system 
to determine the effectiveness of surface transportation security 
grants and recommended that TSA coordinate with other Federal agencies, 
including FEMA, to do so.
---------------------------------------------------------------------------
    \33\ GAO-09-491. The purpose of the TSGP is to provide funds to 
protect critical surface transportation infrastructure and the 
traveling public.
    \34\ In Fiscal Year 2008, FEMA's Grant Programs Directorate became 
responsible for administering TSGP grants.
---------------------------------------------------------------------------
    In June 2009, we reported that TSA had measured the progress of its 
VIPR program in terms of the number of VIPR operations conducted, but 
had not yet developed measures or targets to report on the 
effectiveness of the operations themselves.\35\ TSA program officials 
reported, however, that they were planning to introduce additional 
performance measures no later than the first quarter of Fiscal Year 
2010. They added that these measures would gather information on, among 
other things, (1) interagency collaboration by collecting performance 
feedback from Federal, state, and local security, law enforcement, and 
transportation officials prior to and during VIPR deployments; and (2) 
stakeholder views on the effectiveness and value of VIPR deployment. In 
April 2010, TSA reported that the VIPR program introduced four 
performance measures for Fiscal Year 2010; these measures will be 
reported quarterly.\36\ TSA has also stated that it has identified 
performance targets for these measures, which it will revisit when 
baseline program data is available.
---------------------------------------------------------------------------
    \35\ GAO-09-678.
    \36\ According to TSA, the four measures introduced in Fiscal Year 
2010 for the VIPR program include: (1) total VIPR asset deployments; 
(2) completion percentage at high risk locations; (3) percentage of 
national special security event; and (4) percentage of primary 
stakeholders with repeat deployments.
---------------------------------------------------------------------------
    As part of our ongoing review of TSA's efforts to help ensure 
pipeline security, we are assessing the extent to which TSA has 
measured efforts to strengthen pipeline security.\37\ While our work 
has not been completed, our preliminary observations have identified 
that TSA has taken actions to measure progress as called for by the 
NIPP, but could better measure pipeline security improvements. More 
specifically, our preliminary observations have identified that 
effective performance measurement data could better inform 
decisionmakers of the extent to which pipeline security programs and 
activities have been able to reduce risk and better enable them to 
determine funding priorities within and across agencies. Also, 
developing additional performance measures--particularly outcome-based 
measures--that assess the effects of TSA's efforts in strengthening 
pipeline security and are aligned with transportation-sector goals and 
pipeline security objectives could better enable TSA to evaluate 
security improvements in the pipeline industry. Our upcoming report 
that will be issued later this year will provide additional details.
---------------------------------------------------------------------------
    \37\ TSA has not issued pipeline security regulations, but works 
with the pipeline industry to implement suggested security measures to 
make pipeline systems more secure. Private companies who own and 
operate pipeline systems are responsible for assessing their own 
specific security needs and incur the costs associated with 
implementing security measures.
---------------------------------------------------------------------------
TSA Has More Than Doubled Its Surface Transportation Inspector 
        Workforce but Faces Challenges in Balancing Priorities and 
        Directing Current and Future Workforce Needs
    Over the past 2 years, TSA has reported having more than doubled 
the size of its Surface Transportation Security Inspection Program, 
expanding the program from 93 inspectors in June 2008 to 201 inspectors 
in April 2010.\38\ Inspectors have conducted baseline security reviews 
that assess, among other things, the overall security posture of mass 
transit and passenger rail agencies and the implementation of security 
plans, programs, and measures, and best practices. However, TSA had not 
completed a workforce plan to direct current and future inspection 
program needs as the program assumes new responsibilities associated 
with the implementation of certain provisions of the 9/11 Commission 
Act by passenger and freight rail systems.\39\
---------------------------------------------------------------------------
    \38\ TSA intends to hire an additional 179 surface inspectors in 
Fiscal Year 2010. According to TSA, the April 2010 data includes 
headquarters staff.
    \39\ See, for example, Pub. L. No. 110-53,  1512, 1517, 121 Stat. 
266, 429-33, 439-41 (2007).
---------------------------------------------------------------------------
    Since establishing the inspection program in 2005 to identify and 
reduce vulnerabilities to passenger rail and ensure compliance with 
passenger rail security directives, TSA has expanded the roles and 
responsibilities of surface inspectors to include additional surface 
transportation modes--including mass transit bus and freight rail--and 
participation in VIPR operations. For example, as of April 2010, TSA's 
surface inspectors had, among other things, conducted security 
assessments of 142 mass transit and passenger rail agencies, including 
Amtrak, and over 1,350 site visits to mass transit and passenger rail 
stations to complete station profiles, which gather detailed 
information on a station's physical security elements, geography, and 
emergency points of contact. However, we also reported that TSA faced 
challenges in the following areas: \40\
---------------------------------------------------------------------------
    \40\ GAO-09-678.

   Balancing aviation and surface transportation priorities: We 
        reported in June 2009 that TSA has reorganized its field unit 
        and reporting structure since establishing the inspection 
        program, and surface inspectors raised concerns about its 
        effect. These reorganizations placed TSA's surface inspectors 
        under the command of Federal Security Directors and Assistant 
        Federal Security Directors for Inspections--aviation-focused 
        positions that historically have not had an active role in 
        conducting surface transportation inspection duties.\41\ 
        According to TSA, these changes were designed to support its 
        pursuit of a multimodal workforce and ensure a more cohesive 
        and streamlined approach to inspections. However, we noted that 
        surface inspectors raised concerns that these changes had 
        resulted in the surface transportation mission being diluted by 
        TSA's aviation mission. Among these concerns is that the 
        surface inspectors were being assigned airport-related duties, 
        while aviation inspectors had been assigned surface 
        responsibilities that had affected performance in conducting 
        follow-up inspections to determine progress mass transit and 
        passenger rail systems had made in addressing previously-
        identified weaknesses. TSA officials reported that they had 
        selected their current command structure because Federal 
        Security Directors were best equipped to make full use of the 
        security network in their geographical location because they 
        frequently interacted with state and local law enforcement and 
        mass transit operators, and were aware of vulnerabilities in 
        these systems.
---------------------------------------------------------------------------
    \41\ Federal Security Directors are the highest-level TSA officials 
at an airport and provide operational leadership for transportation 
security responsibilities within an airport.

   Workforce Planning: At the time of our June 2009 report, TSA 
        did not have a human capital or other workforce plan for its 
        Surface Transportation Security Inspection Program, but the 
        agency had plans to conduct a staffing study to identify the 
        optimal workforce size to address its current and future 
        program needs. TSA reported that it had initiated a study in 
        January 2009, which, if completed, could provide TSA with a 
        more reasonable basis for determining the surface inspector 
        workforce needed to achieve its current and future workload 
        needs. However, in March 2010, TSA officials told us that while 
        they were continuing to work on the staffing study, TSA did not 
        have a firm date for completion.
    Mr. Chairman this concludes my statement. I look forward to 
answering any questions that you or other members of the Committee may 
have at this time.

    Senator Lautenberg. Thank you very much, Mr. Lord.
    And now, Mr. Carlton Mann, Assistant Inspector General for 
Inspections at the U.S. Department of Homeland Security Office 
of the Inspector General.
    Mr. Mann, please.

STATEMENT OF CARLTON I. MANN, ASSISTANT INSPECTOR GENERAL, U.S. 
                DEPARTMENT OF HOMELAND SECURITY

    Mr. Mann. Good afternoon, Chairman Lautenberg and Ranking 
Member Hutchison. Thank you for the opportunity to testify on 
the challenges within the surface transportation mode 
confronting Transportation Security Administration.
    Mr. Chairman, as you noted in your remarks, the terrorist 
incidents abroad have underscored the need to focus more on 
mass transit, highways, pipelines, and freight rail. Within the 
last 2 years, we've issued several reports related to surface 
transportation issues, including the Surface Transportation 
Security Inspector Program. In total, we made 14 
recommendations to TSA to promote more efficient, effective, 
and economical operations. I'd like to highlight, briefly, the 
results of those reviews.
    In June 2008, we issued an inspection report, TSA's 
Administration and Coordination of Mass Transit Security 
Programs. This report addressed the strengths and weaknesses of 
TSA's oversight and assistance programs for mass transit rail. 
Our goal was to evaluate how well TSA managed these programs 
and how well the programs met the security needs of the major 
mass transit rail systems.
    We identified important challenges to improve transit rail 
security. For example, we observed unclear chains of command, 
insufficient guidance, inadequate communication, and TSA's need 
to be more consistent in its interaction with its mass transit 
rail stakeholders. In that report, we recommended that TSA 
place surface inspectors under the direct authority of a TSA 
headquarters official responsible for surface transportation.
    And, Ranking Member, as you noted, TSA did not concur with 
that recommendation.
    As mandated in the 2011 Commission Act, we conducted a 
follow-up review of surface inspection--of the Surface 
Inspection Program. In February 2009, we issued a report: The 
Effectiveness of TSA's Surface Transportation Security 
Inspectors. We determined that TSA needed to look critically at 
how it is deploying resources and assess how planned exercises 
could use inspectors better. The program appeared to be 
understaffed for the long term, and aviation-focused command 
structure had reduced the quality and morale of the workforce. 
TSA concurred with our recommendation to examine how many 
inspectors it needed to perform necessary functions by 
assessing current and anticipated duties.
    We also recommended, again, that TSA place the surface 
inspectors under the direct authority of a TSA headquarters 
official. And once again, TSA did not concur. TSA stated its 
belief that the current surface command structure did not 
inhibit its inspectors' effectiveness.
    In August 2009, TSA informed us that it was conducting a 
staffing study of its entire inspection work force. In 
September 2009, we learned that TSA began to implement a multi-
phased restructuring of its surface resources. The 
restructuring plan appeared to affect numerous senior staff 
within the surface inspector program. TSA has not formally 
communicated how the reorganization will strengthen the surface 
inspection program, or whether the plan will enable surface 
inspectors to operate adequately and independently of TSA's 
aviation security mission.
    In March 2010, we issued a report: TSA's Preparedness for 
Mass Transit and Passenger Rail Emergencies. In that report, we 
evaluated TSA's effectiveness in assisting passenger rail and 
mass transit stakeholders with preparing for and responding to 
emergencies. We noted that TSA could support passenger rail 
agencies better by improving its assessments of emergency 
preparedness and response capabilities. TSA can also ensure 
that drills and exercises are more realistic. We believe that 
will help strengthen response capabilities.
    TSA has focused primarily on security and terrorism 
prevention efforts, while providing limited staff and resources 
to emergency preparedness and response. As a result, passenger 
rail agencies and the first responders they rely upon, may not 
be prepared to handle all emergencies. TSA concurred with that 
report's four recommendations.
    While most of my statement summarizes weaknesses in TSA's 
Surface Transportation Security Programs, it is important to 
point out that we generally found that TSA's surface inspector 
assessments and domain initiatives are helpful and have been 
effective.
    We certainly look forward to working with the Department to 
identify ways to strengthen its surface transportation 
security.
    Sir, that concludes my statement. I'd be glad to answer any 
questions that you may have.
    [The prepared statement of Mr. Mann follows:]

  Prepared Statement of Carlton I. Mann, Assistant Inspector General, 
                  U.S. Department of Homeland Security

    Good afternoon Chairman Rockefeller, Ranking Member Hutchison, and 
distinguished members of the Committee. Thank you for the opportunity 
to testify on challenges within the surface transportation mode 
confronting the Transportation Security Administration. When discussing 
transportation security, people usually think of aviation security 
first. However, terrorist incidents abroad have underscored the need to 
focus more on surface transportation modes--mass transit, highway, 
maritime, pipelines, and freight rail.
    The Aviation and Transportation Security Act of 2001 gave the 
Transportation Security Administration authority and responsibility for 
securing all modes of transportation. Congress further clarified TSA's 
oversight role with the 9/11 Commission Act. Beginning in 2004, TSA 
increased its efforts to mitigate the vulnerability of mass transit 
rail systems across the United States. This was accomplished by 
introducing mass transit stakeholder security forums; developing 
guidance, memorandums and directives; using its Surface Transportation 
Security Inspection Program (STSI) to provide voluntary vulnerability 
assessments; and providing support through grants and direct 
operational assistance.
    Within the last 2 years, we have issued several reports related to 
surface transportation issues, including the STSI Program. I would like 
to highlight the results of those reviews. Most of my statement focuses 
on our findings and recommendations. However, it is important to point 
out that we also reported that TSA's surface inspector assessment and 
domain initiatives have been effective, and have helped the program 
achieve many of its goals.
    In June 2008, we issued an inspection report, TSA's Administration 
and Coordination of Mass Transit Security Programs. This report 
addressed the strengths and weaknesses of TSA's oversight and 
assistance programs for mass transit rail, including the Surface 
Transportation Security Inspection Program, the Transit Security Grant 
Program, the Visible Intermodal Prevention and Response (VIPR) Program, 
and the National Explosives Detection Canine Team Program. Later that 
year, we conducted a follow-up inspection and in February 2009 issued 
another report, Effectiveness of TSA's Surface Transportation Security 
Inspectors. This report addressed the strengths and weaknesses of TSA's 
Surface Transportation Security Inspectors. Most recently, in March 
2010, the OIG issued a report, TSA's Preparedness for Mass Transit and 
Passenger Rail Emergencies. It addressed TSA's effectiveness in 
supporting mass transit and passenger rail stakeholders with preparing 
for and responding to emergencies. In total, we made 14 recommendations 
to TSA to promote more efficient, effective, and economical operations.
    In our mass transit report, we identified important challenges to 
improve transit rail security, meet the needs of mass transit 
authorities, and comply with legislation, which expanded TSA's 
statutory authority and responsibility. In our review of the Surface 
Transportation Security Inspector program, we concluded that TSA needed 
to look critically at how it is deploying resources. The central issue 
in both reports was the mission, organization, and command structure of 
its surface inspectors. In particular, its command structure appeared 
to be aviation-focused.
    This year, we evaluated TSA's effectiveness in supporting mass 
transit and passenger rail agencies in preparing for and responding to 
emergency incidents. That evaluation overlapped our previous reports in 
one respect. In our earlier reports, we discussed TSA's use of the 
Baseline Assessment for Security Enhancement Program and pointed out 
that they have led to security improvements in the mass transit systems 
reviewed, but did not analyze the BASE program or processes. In our 
most recent report, we identified weaknesses in the BASE program's 
ability to assess passenger rail stakeholders' emergency preparedness 
and response capabilities.
    Following is a more detailed summary of each report.
TSA's Administration and Coordination of Mass Transit Security Programs 

        (OIG-08-66)
    The purpose of our review was to evaluate TSA's four largest 
oversight and assistance programs for mass transit rail: the Surface 
Transportation Security Inspection Program, the Transit Security Grant 
Program, the Visible Intermodal Prevention and Response program, and 
the National Explosives Detection Canine Team Program. Our goal was to 
evaluate how well TSA managed these programs and how well the programs 
met the security needs of the major mass transit rail systems.
    The 9/11 Commission Act, which was enacted shortly after we began 
this review, introduced new mass transit rail standards and 
responsibilities for TSA. Where we obtained information on the status 
of TSA compliance with standards introduced by the 9/11 Commission Act, 
we included it in our report. The review did not encompass TSA's 
responsibilities for freight rail and for intercity passenger rail, or 
for other forms of mass transit, such as buses. We conducted our 
fieldwork from June 2007 to October 2007.
    We reported that TSA could improve certain aspects of each of these 
mass transit security programs. We observed unclear or unduly complex 
chains of command; an unclear mission, insufficient guidance; and 
insufficient communication. TSA needed more consistency in its 
interactions with mass transit rail stakeholders--who were at odds over 
the best approach for allocating funds and prioritizing projects for 
the Transit Security Grant Program--although it acknowledged and 
attempted to address some early missteps that strained stakeholder 
relationships. Nonetheless, we noted TSA should further integrate 
stakeholder expertise to implement more effectively its oversight and 
assistance programs and fulfill its responsibility for mass transit 
security. We reported considerable satisfaction among mass transit 
agencies using the National Explosives Detection Canine Team Program.
    The report contained seven recommendations aimed at improving the 
TSA's oversight and assistance programs for mass transit rail. TSA 
concurred, or concurred in part, with recommendations to direct its 
Transportation Security Network Management office to provide 
Transportation Security Inspectors information and updates on the rail-
related programs. TSA also agreed to develop procedures for 
incorporating asset-specific risk and vulnerability assessments, 
including information provided by Transportation Security Inspectors, 
into the grant decision-making process and grant guidance; include in 
its annual report to Congress how it used grants to implement its 
transportation security goals; and each grant recipient's assessment of 
the grant application and award process. In addition, TSA acknowledged 
the need to seek Memorandums of Agreement with all relevant transit 
authorities regarding VIPR deployments; and revise grant program 
eligibility criteria to allow start-up funds for mass transit systems 
that do not already have a canine explosive detection unit.
    TSA did not concur with our recommendations to place the 
Transportation Security Inspectors--Surface under the direct authority 
of a TSA headquarters official responsible for surface transportation, 
and to develop specific, feasible security standards for mass transit 
systems.
    A few of the report's recommendations are not yet resolved, pending 
additional information from TSA and the resolution of recommendations 
in the follow up STSI report.
Effectiveness of TSA's Surface Transportation Security Inspectors (OIG-
        09-24)
    The 9/11 Commission Act directed that we evaluate the performance 
and effectiveness of TSA's Transportation Security Inspectors-Surface 
and whether there is a need for additional inspectors. The act stated, 
``Not later than September 30, 2008, the Department of Homeland 
Security Inspector General shall transmit a report to the appropriate 
congressional committees on the performance and effectiveness of 
surface transportation security inspectors, whether there is a need for 
additional inspectors, and other recommendations.'' We conducted our 
fieldwork from February to July 2008.
    We determined that TSA needed to look critically at how it is 
deploying resources, and assess how planned exercises could better use 
the inspectors and their activities. The program appeared understaffed 
for the long term and an aviation-focused command structure had reduced 
the quality and morale of the workforce.
    TSA agreed that Transportation Security Inspectors and their unique 
expertise in mass transit and rail should be integrated into VIPR 
planning and deployment. TSA stated that it has addressed the potential 
role of Transportation Security Inspectors in its VIPR Team 
Capabilities and Operational Deployment guide. TSA did not agree that 
Transportation Security Inspectors' comprehensive inspection 
activities, such as BASE and Security Action Item reviews, should be 
integrated into VIPR operations.
    TSA concurred with our recommendation to examine how many 
inspectors it needed to perform necessary functions by assessing 
current and anticipated future duties, and then expand the 
Transportation Security Inspector workforce to ensure that each field 
office has sufficient staffing. However, at the time of our report we 
did not agree with the approach TSA proposed to carry out this 
recommendation.
    TSA did not concur with our earlier recommendation, which we 
repeated in this report, to place the Transportation Security 
Inspectors-Surface under the direct authority of a TSA headquarters 
official who is responsible for surface transportation. TSA did not 
agree that the Transportation Security Inspector command structure 
inhibited the inspectors' effectiveness and we were unsuccessful in 
persuading TSA to implement this recommendation. Ultimately, in the 
absence of a commitment from TSA management to modify its command 
structure, we retracted our original recommendation and instead 
recommended that TSA eliminate practices that undermined efforts to 
establish a more transparent chain of command. In its last update, TSA 
indicated that it was taking steps to strengthen communication between 
the STSI program and Federal Security Directors and their staffs in the 
field.
TSA's Preparedness for Mass Transit and Passenger Rail Emergencies 
        (OIG-10-68)
    The purpose of this audit was to evaluate TSA's effectiveness in 
assisting passenger rail and mass transit stakeholders with preparing 
for and responding to emergencies. We conducted this performance audit 
between April and August 2009, and the OIG issued its final report in 
March 2010.
    We determined that TSA could better support passenger rail agencies 
by improving its assessments of emergency preparedness and response 
capabilities. TSA can also improve its efforts to train passenger rail 
agencies and first responders, and ensure that drills and exercises are 
live and more realistic to help strengthen response capabilities. TSA 
has focused primarily on security and terrorism prevention efforts, 
while providing limited staff and resources to emergency preparedness 
and response. As a result, passenger rail agencies and the first 
responders that rely upon may not be adequately prepared to handle all 
emergencies or mitigate their consequences.
    The report made four recommendations. TSA concurred with, and took 
corrective actions for, all four recommendations.
Evolution of the Surface Transportation Security Inspector Program
    The STSI program's organization and chain of command continues to 
evolve, but in a manner which is not consistent with our 
recommendations. As discussed above, we reported our concerns twice 
about the organization and authority for the program and in both 
reports recommended that TSA place the responsibility for the STSI 
program with an official at TSA headquarters. After considering TSA's 
comments on the STSI report, we revised our recommendation to TSA to 
eliminate practices that undermined efforts to establish a more 
transparent chain of command.
    In December 2006, TSA shifted from a system where Transportation 
Security Inspectors reported to surface-focused supervisors to a system 
where they reported to aviation-focused supervisors. TSA reorganized 
the program to match the field command model for aviation and cargo 
inspectors. Supervisory Transportation Security Inspectors became 
Assistant Federal Security Directors-Surface (AFSDs-Surface) who 
reported to the local FSD. The FSD was the administrative manager, but 
the STSIP headquarters office still set the priorities and provided the 
budget resources for the inspectors in the field. AFSDs-Surface, 
therefore, effectively had two chains of command.
    In May 2008, TSA made further changes. In primary field offices 
that have an AFSD-Surface, Transportation Security Inspectors were 
reporting to that individual. In satellite field offices without an 
AFSD-Surface, inspectors were reporting to the local Assistant Federal 
Security Director--Inspections (AFSD-Inspections). However, the AFSD-
Surface at the nearby primary field office still mentored and advised 
all surface inspectors within that area, even when they were not under 
his or her direct command. Under this structure (at the time of our 
report), 55 (37 percent) of Transportation Security Inspectors were 
reporting to an AFSD-Surface, and the remaining 95 (63 percent) were 
reporting to an aviation focused AFSD-Inspections.
    At the time, we also observed several problems regarding FSDs' 
involvement with the STSIP that were leading to tension and confusion 
over the program's chain of command. In response to our STSI report, 
TSA stated that it chose this command structure because FSDs are better 
able to use the security network in the area. TSA noted that FSDs 
frequently interact with state and local law enforcement and mass 
transit operators. TSA believes that FSDs understand the 
vulnerabilities and challenges of the mass transit modes ``in their 
backyard.'' In our final report, we maintained that the program 
continued to operate differently than that outlined in a management 
directive that TSA cited.
    In August 2009, TSA informed us that it was in the process of 
conducting a formal independent comprehensive staffing study of the 
entire inspection workforce, to include surface, with the results due 
in the fourth quarter of Fiscal Year 2009. TSA has not communicated the 
results of its study.
    In September 2009, we learned that TSA began to implement a multi-
phased restructuring of its Office of Security Operations, Office of 
Compliance, Surface Inspection and Oversight to meet mission demands 
and to utilize resources better. TSA planned to abolish positions, 
establish new positions, realign some functions among positions, and 
reallocate resources among field offices throughout the country. The 
restructuring plan appeared to affect numerous senior staff within the 
surface inspector program. To our knowledge, TSA has not formally 
communicated how the reorganization will strengthen the STSI program 
and resolve the primary issue raised in our reports. On a broader 
level, we remain concerned whether this plan will better enable surface 
resources to operate adequately and independently of TSA's aviation 
security mission.
    Thank you for the opportunity to discuss these matters. We look 
forward to continuing our work with the department to identify ways to 
strengthen surface transportation security. I would be pleased to 
answer any questions you might have.

    Senator Lautenberg. Thank you all very much for your 
testimony.
    Mr. Heyman, the 9/11 Act set a number of deadlines for 
securing our surface transportation system, but TSA has missed 
many of these deadlines. One of the deadlines was a 
comprehensive risk assessment and national security strategy 
for our Nation's rail system. This was due last year, and I'm 
asking you, I hope for the last time, when the Department will 
complete this long overdue risk assessment. What do you say to 
that?
    Mr. Heyman. Senator, the risk assessment is in interagency 
review right now. It should be coming to Congress after that 
review is complete.
    Senator Lautenberg. After what?
    Mr. Heyman. After that review is complete.
    Senator Lautenberg. When will that be?
    Mr. Heyman. These--the interagency review process is one 
which you have comments from agencies, and it goes through the 
OMB process, and they have to be adjudicated by TSA. So, 
depending upon the comments that are--get back--matters of 
weeks, probably.
    Senator Lautenberg. Mr. Heyman, that doesn't sound very 
good. I reminded you, in my question, that the report was due 
last year. And to be told now that, ``Well, they'll get it done 
when the comment period is over,'' that is outrageous.
    I used to run a corporation, I can tell you that we 
wouldn't have permitted that kind of thing to take place. And I 
don't understand the delay, with the risk that we've got, just 
in New Jersey, 150,000 people ride the train every day. The 
area that I live in abuts the area that is declared by the FBI 
to be the most appealing target for a terrorist attack in the 
country. The two-mile stretch between Newark Airport and the 
Harbor is filled with chemical companies and all kinds of 
threats to human safety. We're walking around, with a 
bureaucratic delay. It's not fair to the people who we serve, 
you and I and Senator Hutchison and all of us, to say, ``Well, 
it's work in process.'' I hope that something better can come 
out of this.
    The National Security Council recently released a report, 
finding that TSA has failed to take the lead on coordinating 
surface transportation security efforts. What specific actions 
does TSA plan to take in order to address the NSC's 
recommendation? How long is that going to take?
    Mr. Heyman. First, Senator, I share your concern about the 
delays on the risk assessment. As somebody who was sworn in 
last summer and have taken a look at some of the 
recommendations that have yet to be implemented, let me assure 
you that it is a priority to move quickly as we can through 
these types of recommendations that have not been completed. 
The--if there is a silver lining on this, about 90 percent of 
the 9/11 recommendations have already been put in place. But, 
the risk assessment needs to be completed, and I share that 
with you.
    Even so, during the grant processes, which is one of the 
most effective tools that we have for putting in place security 
at these places, the--they are--the investments are based on 
risk. They are done, looking at threat, looking at 
vulnerability. Those risk assessments have been completed, and, 
as you say, rightly, New York is not only--and the New Jersey 
corridor--not only of greatest risk, but has also received 
perhaps the greatest amount of funds, as a result of that. And 
that's a reflection of the risk assessments that have been done 
to promote the grant programs.
    As it pertains to the White House Report, the TSA played a 
leadership role in supporting that effort. It was an 
interagency report that was completed with the contributions of 
the Department of Transportation and the Department of Energy 
and the Department of Homeland Security. And a--I met, 
yesterday, with the President's advisor at Homeland Security. 
He is very much interested in putting forward an implementation 
plan which will be delivered to the White House at the end of 
next month.
    Senator Lautenberg. I'm told that 36 of 77 recommendations 
for surface security have not yet been completed. I can tell 
you, Mr. Heyman--nothing personal here, but I'm not comforted 
by the response that you gave. The fact that you're a 
relatively recent arrival, you're called in as the next 
management group, and it's not very heartwarming to hear the 
fact that we're going to still be delayed on one part of this, 
and--we're talking about something that was begun a long time 
ago.
    So, I would say to you, take the message back to the 
Secretary of DHS that we're going to look further into this. I 
am absolutely dissatisfied with the response given.
    Excuse me, Senator Hutchison, for running it a little 
longer, I want to hear from you, please.
    Senator Hutchison. No, I appreciate your line of 
questioning.
    Let me talk about the area of the inspectors. In the 
February 2009 report to Congress on the effectiveness of TSA's 
surface transportation inspectors, the DHS inspector general 
noted that TSA has its surface-focused inspectors report to 
aviation-focused supervisors, rather than surface-focused 
supervisors. Two-thirds of the inspectors hired after the 
reorganization had no rail or mass transit experience.
    The IG concluded that, the current TSI command structure 
inhibits TSI effectiveness, and recommended, three times, that 
TSA place surface inspectors under the authority of a TSA 
official that is surface-transportation-oriented. TSA rejected 
the recommendation each time, and the IG's office ultimately 
backed off the proposal.
    Mr. Heyman, your policy of having surface-focused 
inspectors report to aviation-focused supervisors, and the 
hiring of surface inspectors with no surface experience, 
doesn't seem like a good way for TSA to address the issues that 
we are concerned about, the security issues in surface 
transportation. Could you explain how you are trying to achieve 
this with this kind of IG report?
    Mr. Heyman. Senator, thank you. I have looked at that IG 
report, and I know those at TSA who I've spoken with have 
looked at it. And I believe that there is an interest--an 
additional recommendation in the report about the command-and-
control structures, in terms of how those inspectors are 
implemented and deployed into the field. I know that TSA has 
said that there is a broader interest in reorganizing that to 
more effectively deploy inspectors. And I believe that they 
will be doing so. I suppose that part of the challenge, of 
course, is that, even though there has been a change in 
administration, there has not, at this point, been a TSA 
Administrator. And, of course, those kinds of reorganizations 
or changes are usually left for the incoming team. But, I think 
the--that the report was, as you said, well received by TSA. 
And I think they are looking to implement that with new 
leadership on board.
    Senator Hutchison. OK. So, you are saying, today, that you 
think the inspectors hired will, going forward, have surface 
experience, and also that there would be a surface person as 
the supervisor?
    Mr. Heyman. I'm not quite sure how the--how it will be 
organized, but I know that they will look into that. And I'm 
happy to give you additional information after the hearing.
    Senator Hutchison. I would--well, I'd like to have the 
information when there is a policy that is set, if it, in fact, 
is going to change, because I certainly would have questions, 
going forward, and probably of the nominee for TSA----
    Mr. Heyman. Sure.
    Senator Hutchison.--when that appointment is made.
    TSA's current policy only requires the surface 
transportation inspectors for the top 50 transit systems to 
visit the property once every 3 years. Does that seem like 
enough supervision if the transit agencies know that, once an 
inspection is done, that they won't be inspected for 3 years? 
And is that still the policy?
    Mr. Heyman. That is the policy, as far as I know. The 
inspections are in sync with the granting cycle, and so, it is 
meant to synchronize funding and assessments. There are about 
5,000 transit sites across the country, and with--given the 
limited inspectors, that's the tempo of operations, I think, 
that can be sustained at this point.
    Senator Hutchison. I'd like to ask Mr. Lord and Mr. Mann, 
number one, Do you think that it is a good policy to indicate 
to an agency that they will have an inspection once every 3 
years? Number two, Do you think surface inspectors should still 
report to aviation supervisors?
    Mr. Mann, you have recommended that the surface-focused 
inspectors report to surface transportation people.
    And, Mr. Lord, you have indicated, in your reports, that 
they should have surface transportation experience.
    So, would you speak to this and let's see if----
    Mr. Lord. Sure. I'd be glad to.
    Senator Hutchison.--we can generate some----
    Mr. Lord. The--in regard to your first question, I'm a 
little concerned about locking the inspectors into a rigid 
schedule, primarily because if you fully embrace a risk-based 
approach, I would argue, you should focus your management time 
and resources on the highest-risk facilities. So, they may want 
to revisit that policy. You can't--it's not one-size-fits-all, 
obviously. If you have higher-risk facilities and you are--and 
you haven't embraced risk management principles, I would argue 
you should focus where the risks are greatest first, then use 
scarce resources to look elsewhere.
    In terms of this issue of reporting to the aviation-side of 
the house, obviously those are where the biggest programs are. 
That's the most visible component, in some respects, of the 
agency's operations. This has been a longstanding problem. I 
don't think there is a simple solution. I know we have met with 
the inspectors. They believe the function needs to be elevated, 
organizationally.
    And I was encouraged by the fact that H.R. 2200, the TSA 
Reauthorization Act, which passed the House last year, it would 
elevate the surface inspector function within the agency. And 
perhaps that's one mechanism you could use to, you know, ensure 
more attention is focused on it, if you have higher-level 
officials leading the effort within the agency.
    Senator Hutchison. Mr. Mann?
    Mr. Mann. Infrequent inspections does pose some risk. But, 
I also agree with my colleague, Mr. Lord, that where the risk 
seems to be greatest is perhaps where we should not be locked 
into a rigid schedule of every 3 years and perhaps do something 
more frequently or more unannounced.
    Regarding the--we've made it clear that we've recommended 
that TSA should have its surface transportation inspectors 
report directly to a person in TSA, for a variety of reasons. 
First of all, the Federal security directors are aviation-
focused, and generally do not have the surface transportation 
expertise. The chain of command is somewhat convoluted, simply 
because direction comes from headquarters, it comes from the 
Federal security directors. And we've got those inspectors, who 
are out on the ground, getting conflicting--sometimes 
conflicting messages, and certainly getting messages from 
several different sources. And we stand by our recommendation 
that TSA should have a central person at TSA headquarters in 
charge of the surface transportation program.
    Senator Hutchison. Well, thank you.
    My time is up. And we now have other Senators to ask 
questions. I would just say that I hope that you, Mr. Lord and 
Mr. Mann, both of you, will continue to make these 
recommendations. There's no reason to back down. I know that 
this is a big area, and I know that there's no TSA 
Administrator. Those are certainly legitimate concerns. But, I 
think we do need to have much better use of our taxpayer 
dollars. And I think we can do better. And I hope that the next 
leader that is appointed for this agency is of the same mind 
and will take some of the advice from the GAO and the IG.
    Thank you very much.
    Senator Lautenberg. Thank you, Senator Hutchison.
    Senator Thune, the Ranking Member of the Subcommittee, we 
are pleased to have you with us.
    Senator Lautenberg. Please.

                 STATEMENT OF HON. JOHN THUNE, 
                 U.S. SENATOR FROM SOUTH DAKOTA

    Senator Thune. Thank you, Mr. Chairman. Thank you for 
holding this hearing.
    I want to thank our panelists today for being here and 
sharing their perspectives on an issue that's very important to 
this country and to our economy. Transportation infrastructure 
is critical, and all of the different modes are, at some point 
or another, vulnerable or susceptible to attacks. We want to 
make sure that we are taking all the steps that are necessary 
to protect that infrastructure.
    Let me ask a question, if I might, Mr. Heyman. What do you 
see as the biggest threat to surface transportation security? 
And which surface modes, if you can discuss this in an open 
session, are most vulnerable to a terrorist attack? And how 
prepared are we to prevent that sort of an attack?
    Mr. Heyman. Thank you, Senator. Welcome.
    Let me just say, generally speaking, we are still concerned 
about aviation threats and surface threats, as it pertains to 
mass transit. The discussion that we've had here, the recent 
events that we've seen over the last year, and the recognition 
of this being a largely open networks of--network of networks 
creates great challenges and, obviously, opportunities for 
those who seek to do harm. We are, as noted, trying to take a 
risk-based approach to buy down the risk at the highest value 
and highest concerns. We do that across all modes of 
transportation. This past year, we are completing our 
multimodal risk assessment, for the purposes of assessing where 
the next investments go. But, this is an area that we do need 
to be concerned about. And I can give you more details in a 
classified briefing.
    Senator Thune. OK, thanks.
    And I would, I guess, direct this to Mr. Lord. We've got 2 
million miles of pipeline across this country, including over 
6,000 miles in my home State of South Dakota pipelines that 
carry oil, natural gas, and other products. Given that a threat 
to our Nation's pipelines could have some grave economic 
consequences, how should TSA use risk management to calibrate 
its attention to critical threats to the Nation's pipeline and, 
consequently, our energy supply?
    Mr. Lord. Well, they've taken the first step. They've 
ranked--they developed a list of the 100 critical pipeline 
facilities, based on risk. And even though our observations are 
preliminary, our upcoming report is going to suggest, and use 
that risk information as part of your inspection process. Use 
it to help guide you on where the--you conduct your corporate 
security reviews, how frequently you get out there to make 
inspections. And also, once you do identify a problem, we think 
it's very important to have a follow up mechanism to ensure any 
deficiency and planning you identify is implemented.
    So, it's--they're at the first step, and our report's going 
to highlight the need to carry forward what they're doing. You 
know, have a more frequent inspection process at the higher 
risk facilities. And third, follow up on any deficiency, to 
close the loop, so to speak.
    Senator Thune. Mr. Mann, there is a DHS IG report on the 
effectiveness of TSA's surface transportation security 
inspectors, and in that report, TSA rejected the IG's 
recommendation to have surface inspectors report to fellow 
surface transportation experts; instead, they are reporting to 
TSA airport personnel. My question is, Are TSA's surface 
inspectors expected to be multipurpose field inspectors, jacks-
of-all-trade instead of masters of a particular field?
    Mr. Mann. It is our understanding that they are not. In 
fact, one of the assistant Federal security directors, in fact, 
told us that these inspectors, who are aviation- oriented, are 
incapable of doing most of the duties that the surface 
inspectors are required to do.
    Senator Thune. The FRA has about 400 safety inspectors 
across the country. Is it possible for those inspectors to be 
trained to handle security responsibilities to improve 
efficiency and lower the cost of inspections to the taxpayers?
    Mr. Mann. I think it is possible.
    Senator Thune. Thank you.
    Thank you, Mr. Chairman.
    [The prepared statement of Senator Thune follows:]

 Prepared Statement of Hon. John Thune, U.S. Senator from South Dakota

    Thank you, Mr. Chairman, and thank you for holding this important 
hearing. I also want to thank all of our witnesses for being here 
today.
    While aviation security gets most of the public's attention, the 
security of our Nation's surface transportation system--our railroads, 
highways, and pipelines--must also be a national priority and a 
priority for this committee. The past few years have seen attacks on 
rail transit systems in major cities throughout the world including 
London, Madrid, and Moscow, as well as an unsuccessful plot to detonate 
explosives on the New York City subway system.
    In addition to keeping passengers secure, we must also work to keep 
our Nation's freight network secure. Many rural states, including my 
state of South Dakota, depend on surface transportation to ship their 
products within the United States, and around the world. An attack on 
our Nation's surface transportation system could disrupt the timely 
delivery of goods and significantly weaken our Nation's economy.
    The private sector, and the railroads in particular, should be 
commended for their leadership following the 9/11 terrorist attacks in 
putting in place their own security plans, and installing cameras, 
fencing and other security equipment to ``harden'' facilities. The 
Transportation Security Administration (ISA) seems to have taken a 
collaborative approach in working with the private sector 
transportation companies, a good approach I believe, because 
initiatives to guard against terrorism must be balanced with the need 
to not place undue burdens on commerce.
    I do find the conclusions of the recently released White House 
assessment on surface transportation security rather troublesome. At a 
time of record Federal deficits, the last thing we need are duplicative 
security programs and overlapping responsibilities among Federal 
agencies. I hope our witnesses will have recommendations for how DHS, 
and if necessary, Congress, can more clearly delineate roles and 
responsibilities for surface transportation security.
    Thank you again, Mr. Chairman, and I look forward to hearing from 
our witnesses.

    Senator Lautenberg. Thank you, Senator Thune.
    Senator Warner?

                STATEMENT OF HON. MARK WARNER, 
                   U.S. SENATOR FROM VIRGINIA

    Senator Warner. Thank you, Mr. Chairman.
    Thank you, gentlemen. I've just got couple of quick 
questions. One is--and obviously recognizing that some of this 
could fall in the classified area--as a Senator from the 
Commonwealth, I am very concerned about the safety of Metro. 
Recognizing some incidents in both Moscow in Madrid over the 
last year and a half, I'd love for you to tell us about what we 
should do more here in the Nation's capital, in terms of safety 
and security around Metro. And whether this area poses any 
unique challenges. When you think about how Metro intersects 
with the challenges of three different jurisdictions--you've 
got a Metro system, you've got a VRE system, you've got a 
separate Maryland rail system, you've got CSX, you've got this 
configuration of all these different systems coming together 
within the national capital area to move people around. And I 
would love to hear--again, respecting the confidentiality of 
some of these aspects, any comments you might have, 
particularly Secretary Heyman and Mr. Mann or Mr. Lord. Any one 
of you.
    Mr. Lord. I'll go first. I don't mind. The--without 
divulging anything classified--and I'll defer to Mr. Heyman on 
the threat information--I think, obviously, the arrest of Mr. 
Zazi, up in New York, shows terrorists are determined to attack 
our systems. And as the DHS IG recently pointed out, we perhaps 
need to spend more time dealing with the emergency response. 
You know, what happen--what do we do if something happens, and 
how to actual--respond to an actual emergency, give more 
training to front-line staff, have more joint exercises with 
all the emergency responders. I thought the IG did a nice job 
of laying that out in their March 2010 report. So, obviously 
you have to be concerned about threats, but you also have to 
focus on, ``Well, what do we do if something happens?'' And 
this is all public-level information.
    Mr. Mann. Sure. I think--I thank goodness our intelligence 
enterprise is what it is, first of all. To have perhaps 
shortcut any planned attacks against our systems, as well as 
the total Federal response, with regard to security, as well as 
heightened awareness, even regular citizens. I mean, we're 
all--all of us who ride the Metro are certainly more aware of 
items being left unattended. I mean--so, overall, the 
heightened awareness, I think, is a very good thing.
    But, I think four things really come to mind, with regard 
to what do we really need to do--or what does TSA need to do: 
more people, more resources, more training, better systems.
    Senator Warner. Well, let me follow up that. It's 
recognizing that so much--and particularly of our surface 
transportation system--is in private hands. Beyond simply more 
personnel, are there efficient but lower-cost ways to partner 
more with our private-sector partners in the surface 
transportation----
    Mr. Mann. I think they are. One of the things that we 
have--we commented on in our reports is that TSA needs to do a 
better job of interacting with our transit stakeholders. 
There's a lot of expertise there that we're not certain that 
TSA has actually taken advantage of. So, we'd like to see a 
closer collaboration, take advantage of that knowledge that the 
individuals on the ground who are doing this all day, every 
day, bring to the table, to be able to provide us with a more 
efficient, and just a better--a safer environment for our 
public travelers.
    Senator Warner. Let me move to one other subject matter. I 
recognize that I'm joined by Senator Udall, and he'll want to 
ask some questions, as well. This is an area of concern beyond 
just the TSA realm, which is how we do a better job of 
measurements and metrics in all of our government performance. 
I noticed that one of the TSA's deficiencies in GAO's risk 
management was that TSA had not developed performance measures 
for all surface activities. I think this is a challenge, not 
just for surface, but clearly across the whole way.
    How do we get milestones and metrics that we can use to 
measure your performance, other than the avoidance of a 
catastrophic event? From an oversight standpoint, what should 
the public expect, in terms of truly measurable milestones that 
we should look to, to measure the performance, staying focused 
on the surface transportation area? Recognizing if you don't 
have that whole, ``Here are the 47 points we ought to be 
looking at as our checklist,'' how do we get to that checklist 
so that we can do our job and work with you in evaluating your 
performance?
    Mr. Heyman. So, on the--let me just say that the approach 
to performance metrics is a challenge across most areas, as you 
said. And in surface transportation, or transportation, broadly 
speaking, what we have started to do and to look at is the 
first level of analysis, which is, Have they done the training 
program that you required of them? Have they taken the 
preparedness steps that they should, whether it's emergency 
response, whether it's on law enforcement, behavioral-detection 
training? Have they put in place the capital investments for 
infrastructure hardening? Those steps are measurable. And while 
not on the level of--you suggest risk avoidance, so to speak, 
you can start measuring the buydown of risk. And we are 
starting to look at it that way.
    Let me just also add, on your previous question--in fact, 
the Washington metropolitan area has in some sense an 
advantage, the challenges that other private-sector entities 
face or--in terms of receiving funding, because it's a regional 
entity, it can apply for grants, based--it has some benefit for 
applying for grants on a regional basis, in terms of either 
UASI grants, in addition to the normal transit grants, and that 
can be applied to Metro, if so needed.
    And I would also add that one of the challenges we face--
and this was actually in the White House report, but also the 
Department has made this recommendation, as well--and that's 
the multiyear capital investments. And what we want to be able 
to do is to say, over a period of time, ``These are the capital 
investments we're going to do.'' We need to be able to design 
it and build it, and that takes time. And so, we need to put 
our grant programs in that order, as well, and have the funding 
linked to that. So, those are both an opportunity and a 
challenge.
    Senator Warner. As somebody who's grappled with these 
regional issues as Governor and now Senator, to actually see 
there's an advantage of this three-part jurisdiction sometimes 
is harder to see. I would love to come back and revisit with 
you, at some point, how we work through this, and recognizing 
it's an enormous challenge, other metrics we can measure, in 
terms of performance. Because, again, your challenge is--your 
success will be--the less we know about what you're doing is 
perhaps the best evidence of success, but we've got to also 
have some other milestones. And I do think your training is a 
good example. And, kind of, putting some procedures in place, 
but there probably needs to be additional----
    Mr. Heyman. Yes, we're happy to do that.
    Senator Warner. Thank you.
    Thank you, Mr. Chairman.
    Senator Lautenberg. Thank you very much.
    Senator Udall.

                 STATEMENT OF HON. TOM UDALL, 
                  U.S. SENATOR FROM NEW MEXICO

    Senator Udall. Thank you very much, Chairman Lautenberg.
    The area I wanted to focus on, but I also wanted to follow 
up on what Senator Warner was asking about--the first area is, 
these other countries where they've had attacks, you know the 
Moscow subway, what went on in Madrid and London--are those 
countries using the approach that we have? Or are they applying 
the model that we have with TSA with government people? What 
approach are they taking? And is there anything to learn from 
that?
    Mr. Heyman. We work closely, have a good relationship with 
our British colleagues, and have learned from them, and also 
shared best practices, looking at ways of detecting or 
disrupting plots in advance, as well as engaging in what we 
call ``operational deterrence.''
    The three pillars to the--to our approach to transit 
security: intelligence, operational deterrence, and 
infrastructure protection. The centerpiece there on operational 
deterrence has to do with, ``How do you prevent something from 
happening to--before it does?'' That involves gaining the 
support and the involvement of the public, bringing your 
private-sector partners into having a greater understanding of 
the threat, and putting in place teams, like we've just started 
today, our VIPR teams in New York, for supporting local law 
enforcement in detection of explosives, and surge capacity, in 
terms of presence, when you have intelligence to address.
    Senator Udall. In the British example, are they 
partnering--or do they actually have TSA-type people onsite 
doing security with the rails? How is the British model 
specifically done?
    Mr. Heyman. So--transport--the Ministry of Transport 
oversees the rail and transit security. And they work both with 
local law enforcement, as well as their own officers. And I'm 
happy to give you more details----
    Senator Udall. OK.
    Mr. Heyman. All right.
    Senator Udall. OK. Tell me how the passenger rail and bus 
companies and others in the United States--how they're doing on 
Senator Warner's metrics and milestones? When you talk about 
training programs, about putting in place the capital 
investments, things like that. Where are they? And how far do 
they have to go?
    Mr. Heyman. So, on training, the--there's a challenge of 
getting the information, to know where they--where we are. 
We've done some surveys to assess the level of training. I 
think where we--what we've determined is, about two-thirds of 
the folks in the agencies have received training. And each 
year, we try to do more.
    One of the things that we've done in the last year or so, 
for grants, is to add funding for--first of all, to prioritize 
rail, above all else, because of congressional interest, and, 
as well, it's a national interest, but--the Congress has made 
that clear, as well--but also to provide funding for backfill. 
So, for--in order for somebody to get training, they have to 
take time off of their job, and you have to backfill that 
individual. And the challenge that we saw, over a number of 
years, was that people would not be able to go take training, 
because we--there was no funding for the time-and-a-half 
overtime for the backfill. So, there's now funding available 
for that, to help improve that. We'll get beyond the 63 percent 
or so.
    Senator Udall. Great. Thank you very much.
    And, Senator Lautenberg, I would thank you for holding this 
hearing and having such an interest in this and showing your 
leadership. Thank you.
    Senator Lautenberg. Thank you very much, Senator Udall.
    One of the things that I think is quite apparent here is 
that we're late on lots of things. Almost, I'm going to say, 
delinquent. When we think about the fact that 2 million people 
each day get in an airplane, on average, and 35 million get 
into transit--2 million, aviation; 35 million daily, in 
transit. And there are so many susceptibilities out there.
    And I would say this--and I'm directing this aside to Mr. 
Heyman and the Department--and that is, ``Get on the stick, 
here. Get going.'' This is an outrage, that it has taken so 
long. This is like the traffic cop, standing on the sidewalk 
and watching the traffic go by, and think about when he ought 
to interrupt the flow to keep the cars from crashing into one 
another. It's not acceptable, Mr. Heyman.
    After the Moscow subway attack that killed 40 people, 
injured dozens more, a number of transit agencies across our 
country visibly increased their security presence. But, we've 
heard very little from TSA. When, heaven forbid, there's 
something to be aware of in aviation, we hear about it. But, 
after a major terrorist attack on a mass transit agency, though 
off our shores, shouldn't the agency responsible for our 
Nation's transportation system take a lead in communicating 
with the public, letting people know whether or not they're at 
unusual risk?
    I remember the days of the color classification of threat. 
And I thought it was one of the worst things that I'd ever 
seen, because they would say ``purple'' and not tell you what 
to do. It didn't say stay away from the bridges, so all it did 
is make everybody nervous, but not more protected.
    So, don't you think that TSA ought to be out there, talking 
to the people across the country, and giving them some 
assurances, some advice?
    There's so much conversation about it, we have nice 
officers here from Amtrak, senior officers here. And I use 
Amtrak a lot, and I see them, and there is a presence. I think, 
in many of the large systems, that the presence is largely that 
of the local agency that runs security, and it's disheartening.
    I want to ask either Mr. Lord or Mr. Mann, are DHS and TSA 
prepared to respond, if necessary, to an attack like the ones 
that occurred in Moscow or other passenger rail and mass 
transit systems throughout the world? What do you think?
    Mr. Mann. Sure. In our March report, we questioned that 
very premise. The TSA's focus is terrorism and prevention. 
We're not so certain that it is as capable to respond and 
mitigate.
    Senator Lautenberg. Any comments, Mr. Lord?
    Mr. Lord. The--I think one activity they have ramped up in 
response to the recent attacks are the so-called VIPR 
deployments. These are visible intermodal protection and 
response teams. They're--they--they're aimed at deterring 
possible attacks on passenger rail and mass transit. But, these 
are more episodic, they--they're short-term. Over the longer 
term, I think it's important to reach out to the transit 
agencies and passenger rail companies themselves, because, as 
Senator Hutchison noted in her opening remarks, TSA's role is 
more supportive and indirect. It's different--fundamentally 
different from the aviation sector, where they Federalized that 
function. They control your access to the airport. So, they 
have to work hand in hand with other agencies and providers to 
provide that. So, they have a less visible role, based on how 
it's currently organized.
    Senator Lautenberg. Therefore, in order to best protect our 
people who travel in transit, shouldn't they be more clear in 
their communications about what needs to be done, and, do the 
risk assessment plan, and at least give guidelines out there? 
The surface transportation lays down conditions that have to be 
met in order for communities to get grants. But, I don't know 
that TSA has provided any direction at all. And its, as I said, 
disheartening.
    So, Mr. Heyman, you've heard from people today, and 
listened to your colleagues at the table. And I would hope that 
it's understood, at TSA. We heard talk about VIPR recently. 
Does TSA do anything to evaluate, for instance, the performance 
of these VIPR teams? And if GAO suggested some weaknesses, or 
at least asked for measures to determine the effectiveness of 
VIPR--where is TSA on these things?
    Mr. Heyman. On the VIPR teams--first, I want to thank you 
and Congress for supporting additional funding for expanding of 
the VIPR teams. We have done red-teaming to address the 
effectiveness, and we've compared VIPR teams as a deterrent to 
action, versus other type of surge, such as additional local 
transit officers on the beat. And it has--is--it has 
consistently shown to be more effective as a deterrent for 
adversaries than other means. And so, we are red-teaming it. We 
are looking at continuing to perfect the deployment of the VIPR 
teams. And, as I think I noted, we have, just following up on 
the Moscow concern, deployed, for the first time, in New York 
City, today, VIPR teams in support of law enforcement for 
explosive detection. And we will continue to look at doing 
that. We've been doing that for the last year on the Northeast 
Corridor on Amtrak. And we'll continue to expand that program.
    Senator Lautenberg. We'll keep the record open. Thank you.
    Do you have something you wanted to add, Mr. Lord?
    Mr. Lord. Yes, sir, Mr. Chairman. I--in my prior response, 
I would like to add, on a very important point, we're currently 
evaluating TSA's efforts to disseminate information----
    Senator Lautenberg. Thank you.
    Mr. Lord.--down to the local level. And we'll be formally 
reporting on that toward the end of the year. We're looking at 
the various mechanisms they have to help push information out 
to the transit agencies and passenger rail.
    Senator Lautenberg. We'd like to hear from you as quickly 
as it can be developed.
    Mr. Lord. Sure. Thank you.
    Senator Lautenberg. Mr. Mann, did you----
    Mr. Mann. Yes, sir. I'd just like to follow up what Mr. 
Lord said. This is not necessarily a TSA initiative, but the 
Department of Homeland Security is ramping up its Fusion Center 
concept, where intelligence on emerging threats, if it happens 
to be against a transit system, can, in fact, be pushed down to 
the effective system. And that's a very robust endeavor. It's 
improving. And we expect to have a national Fusion Center 
concept, where information can be shared online--when I'm 
saying ``we,'' the Department--soon.
    Senator Lautenberg. We await with interest.
    Thank you, each. And we'll keep the record open for a while 
and ask you to respond to any inquiries sent to you promptly, 
please. Thank you very much.
    And I would call the second panel to the table: Mr. John 
O'Connor, Chief of Police, Acting Vice President of the Office 
of Security and Special Operations at Amtrak; Joseph Kelly, who 
is the Acting Chief of Police of New Jersey Transit; and Mr. 
Skip Elliot, the Vice President for Public Safety and the 
Environment for CSX.
    [Pause.]
    Senator Lautenberg. Thank you, all.
    And I would now ask Mr. O'Connor to give us your testimony. 
Try to keep it to 5 minutes. We won't be too tough on the 
clock, but we do have to move along.
    So, sir, welcome. Please, let's hear from you.

         STATEMENT OF JOHN O'CONNOR, VICE PRESIDENT AND

           CHIEF OF POLICE, AMTRAK POLICE DEPARTMENT,

            NATIONAL RAILROAD PASSENGER CORPORATION

    Mr. O'Connor. I'll do my best, Senator.
    Good afternoon, Mr. Chairman, and thanks very much for the 
opportunity to testify.
    My name is John O'Connor. I am currently the Chief of 
Police of the Amtrak Police Department. I have over 37 years' 
experience as a sworn police officer in the rail and mass 
transit environment, as both the Chief of Police for Amtrak, as 
well as for Long Island Railroad in my first career.
    I'm here today to discuss policing on surface 
transportation systems and the critical task we are facing in 
combating terrorism. The Administration has been studying this 
matter and has just released its Surface Transportation 
Priority Assessment Report. We are in broad agreement with many 
of the recommendations it contains, such as the allocation of 
resources to address likely threats, information sharing, and 
the need to fund a multiyear security grant programs.
    The need for focus, though, is critical, because, while 
terrorists can employ many tactics, attacks on surface 
transportation usually take three forms: the use of an 
improvised explosive device, or IED, on a train; the use of an 
IED in a station; or the new emerging threat of an active 
shooter scenario. Those are the three threats that I think we 
need to focus on in surface transportation.
    The pattern is unmistakable. IEDs were used to attack 
trains in Madrid in 2004; London, 2005; Mumbai, 2006; Moscow on 
several occasions, including last month, to name a few. Active 
shooters also attacked a station in Mumbai in 2008. And 
according to the Mineta Transportation Institute, since January 
of 2007, there have been 284 attacks against surface 
transportation; of those, 130 were against rail.
    There's obviously a range of threats, and our approach to 
them can range from ``do nothing and hope for the best'' to 
``spread your resources and attempt to respond to every 
possible threat, at the risk of underpreparing for the most 
probable threats.''
    We must identify the most likely threats, assess the 
likelihood and consequences, and focus our efforts on defending 
against those identified threats. We are working closely with 
countries around the world to share information and experience.
    I recently traveled to Mumbai as part of a State Department 
initiative to exchange information and collaborate on strategy 
with Indian rail officials. Amtrak has become the first 
American rail police department to become an associate member 
of RAILPOL, a European organization of rail and transit police 
agencies cooperating to share intelligence, coordinate 
activities, and improve counterterror capabilities. These 
experiences have helped us understand the need for closer 
collaboration on all levels of government and among surface 
transportation agencies.
    Today, the Amtrak Police Department is reorganizing to 
address these concerns. We have undertaken a number of 
initiatives to address these likely attacks. First and foremost 
is the expansion of our canine program. We have a poster here 
that depicts that. We have expanded our program from 20 canines 
to more than 45 teams, 10 of which have the capability of 
detecting suicide bombers. We've instituted random baggage 
screening, started in 2008, fashioned after the program started 
by the New York Police Department. We've had great 
collaboration with the TSA, including the deployment of VIPRs 
since the year 2007. And this year, as mentioned by a previous 
panel, we began joint screenings with TSA agents on Amtrak.
    We are also heavily involved in DHS and ARRA grants, in our 
corporate security division, protecting our infrastructure. One 
of our biggest efforts is to form law enforcement partners. And 
the poster, there, depicts one of our operation alerts, where 
we have organized more than 150 police agencies, between 
Virginia and Maine, to deploy on a single day.
    Earlier there was a question, ``Can we respond in the event 
of an attack?'' These types of exercises allow us to very 
quickly deploy not only our assets, but assets up and down a 
major area of the country.
    Two more items are employee training and public outreach--
we've invested heavily in that; and intelligence coordination. 
We have several members assigned to Joint Terrorism Task Forces 
around the country.
    I'll be happy to elaborate on these initiatives during the 
question-and-answer period.
    As Amtrak has more than 500 stations in 46 States, we face 
great challenges, with limited resources. Consequently, we are 
enthusiastic about programs that help us to bring more people, 
technology, and animals to bear on the task of keeping our 
systems secure. We are also working to improve cooperation with 
transit and commuter agencies, many of which share our 
facilities, to close the gaps that we see in coverage where 
systems meet. While we are definitely concerned about the whole 
spectrum of threats, we will continue to devote the bulk of our 
efforts to defending against the most likely and dangerous 
forms of attack. In future budgets, we will submit funding 
requests that will detail our needs, in that regard.
    The security of our system is our top priority, and Amtrak 
looks forward to working with the Committee in the coming 
months to make sure that we have the resources, the people, and 
the intelligence to keep our system safe and secure.
    Thank you once again for the opportunity to be here today, 
and I will be glad to answer any questions the Committee may 
have.
    [The prepared statement of Mr. O'Connor follows:]

   Prepared Statement of John O'Connor, Vice President and Chief of 
     Police, Amtrak Police Department, National Railroad Passenger 
                              Corporation

    Good morning, Mr. Chairman, and thanks very much for the 
opportunity to testify. My name is John O'Connor, and I am currently 
Vice President and Chief of the Amtrak Police Department; we have a 
total of 416 sworn officers. I have over thirty-seven years experience 
as a sworn police officer in the rail and mass transit environment. I 
joined Amtrak in 1998 after 25 years with the Long Island Rail Road, 
where I rose from Patrolman to Chief of Police.
    I'm here today to discuss policing and security on surface 
transportation systems and the critical task we are facing in combating 
terrorism. The Administration has been studying this matter and has 
just released its ``Surface Transportation Priority Assessment 
Report.'' We at Amtrak are in broad agreement with many of the 
overarching recommendations it contains, particularly those that deal 
with the allocation of resources to address likely threats, information 
sharing, and the need to fund a multi-year, multi-phase transportation 
security grant program. These are some of the major issues we have been 
dealing with as we work to identify likely threats and direct resources 
to meet them. While terrorists can employ many tactics, overwhelming 
historical evidence indicates that terrorist attacks on surface 
transportation will likely occur in three (3) forms:

   Use of an Improvised Explosive Device (IED) on a train

   Use of an IED in a station

   Emerging threat of an active shooter

    The reasons are simple and clear. Surface transportation systems 
are open and densely packed with people. These systems are a big part 
of people's daily routine. The whole point of terror is shock, and 
nothing produces shock like unexpected and horrifying attacks. The 
pattern is unmistakable. IEDs were used to attack trains in Madrid in 
2004, London in 2005, Mumbai in 2006, and Moscow on several occasions, 
including last month, to name a few. Active shooters attacked a station 
in Mumbai in 2008, in each case with tremendous loss of life. And these 
are just the attacks that made the front page--there are an astonishing 
number of attacks on rail transit systems going on around the world. 
The Mineta Transportation Institute, which tracks attacks on public 
transportation worldwide, states it added 88 attacks per month to its 
database between November 2009 and February 2010. Obviously, some 
attacks are failures, such as the fizzled July 21, 2005 bombing attempt 
on the London Underground, and the numbers may also be slightly 
inflated by delays in reporting. But they are nevertheless an 
illustration of how attractive a target public transportation has 
become. Explosives are clearly the preferred tactic. Of the total 
attacks on public surface transport, 74 percent were either explosive 
or incendiary in nature; when passenger rail was the target, the number 
jumps to 83 percent.
    There's a wide range of possible threats, obviously, ranging from 
cyber attacks up to the ultimate and scarcely imaginable possibility of 
nuclear terrorism. Our approach to these can range from ``do nothing 
and hope for the best'' to ``spread your resources in an attempt to 
respond to every possible threat, at the risk of underpreparing for the 
most probable threats.'' Amtrak's position is that we must identify the 
most likely threats, assess the likelihood and possible consequences of 
an attack, and focus our efforts on defeating or deterring the most 
dangerous and likely terror tactics. We are working closely with 
countries around the world in the hopes that we can share information 
and learn from their experiences. I recently traveled to Mumbai as part 
of a State Department initiative to exchange information with Indian 
Rail Officials and to collaborate on mutually beneficial counter-terror 
strategies and efforts. Amtrak has become the first American rail 
police department to become an associate member of RAILPOL, a European 
organization of rail and transit security agencies cooperating to share 
intelligence, coordinate activities and improve counter-terror 
capabilities. Structured like INTERPOL, this group embodies the type of 
multi-national surface transportation efforts needed to address the 
terrorist threat globally. These experiences have helped us to better 
understand the role and needs of surface transportation police and 
security and the need for more collaboration at all levels of 
government.
    Today, the Amtrak Police Department is reorganizing to address 
these concerns. We have undertaken a number of measures designed to 
eliminate redundancy within the police and security functions and 
ensure our security needs are well represented at the top level of 
Amtrak. We have merged the two groups that were formerly responsible 
for security to eliminate some duplication of functions and allow 
better use of manpower and assets. Those two groups were OSSSO and APD, 
now simply APD. The Department has shifted its primary mission of 
customer-oriented policing to a blend of customer-oriented policing and 
robust counter-terrorism efforts. We have taken several steps to align 
our force to our new strategy, keeping in mind that we are operating in 
46 states on a system that is very open. These steps fall into four 
specific categories of effort that we are now undertaking.

1. Growth of the Explosive Canine Detection Program
    I am proud to say that Amtrak has more than doubled the size of 
bomb-detecting canine teams in the last few years. Canine assets are 
still one of the most accurate and useful tools for detecting and 
deterring explosive devices before they can be introduced on surface 
transportation systems. In 2005, the Department had about 20 canine 
teams, many of which were not trained to detect explosives. Today, 
there are 45 canine teams that are single-purpose dogs whose mission is 
bomb detection. Several of these teams are also ``vapor wake'' trained 
and can actually detect the presence of fumes left after someone passes 
through with an explosive device. Amtrak has moved to the forefront of 
the field with use of this canine application and continues to work to 
build this counter-terror capability.

2. Security Inspection Program
    In 2008, Amtrak began a random baggage screening program similar to 
one pioneered by the NYPD. Using technology, screening teams deploy in 
an unpredictable fashion designed to make it harder for a terrorist to 
predict the level of security. To date, Amtrak has conducted hundreds 
of passenger screening operations during which thousand of trains were 
screened, resulting in tens of thousands of passengers being randomly 
selected for screening. Though an American Recovery and Reinvestment 
Act/Transportation Security Grant program (ARRA/TSGP) grant, Amtrak is 
expanding this screening program by adding three additional screening 
teams in the NEC and Intercity areas.

3. Collaboration with TSA
    To address the chief terrorist threats, Amtrak has improved its 
working relationship with the Transportation Security Administration 
(TSA). Beginning in December, 2007, Amtrak and TSA started joint 
deployments with TSA's ``Visible Intermodal Protection and Response'' 
(VIPR) team program, which was developed to augment the integral 
security operations of various transportation modes, such as the Amtrak 
Police or transit security. These provide a visible uniformed presence 
and can help dedicated law enforcement to deter or detect suspicious 
activity, and they provide the traveling public with a reassuring 
police presence. VIPR teams can include various useful capabilities, 
including air marshals, officers specially trained in behavior 
detection, and explosive detection. Included in the latter category are 
bomb-sniffing dogs, which are an important component of the overall 
security effort.
    Our first VIPR exercise was held with the TSA at the Amtrak station 
in El Paso, Texas. These operations have basically involved the 
unannounced ``surge'' of TSA personnel onto Amtrak trains and stations 
at various points, and are designed to test the ability of TSA to flex 
support to surface transportation. A total of 328 VIPR operations have 
been held at various locations on the 21,100 mile Amtrak system, 
approximately 42 percent of them at stations off the Northeast 
Corridor.
    In October, 2009, Amtrak requested that TSA expand the VIPR program 
to include a joint screening program with TSA, using additional TSA 
assets, including Bomb Appraisal Officers, Behavior Screening Officers 
and Surface Transportation Security Inspectors to augment our screening 
forces. We are very interested in expanding our partnerships and joint 
activities with other transit and Federal law enforcement agencies, and 
we are hopeful that we will be able to obtain the resources we need to 
build the effective partnerships we will need to reduce gaps in our 
security coverage.

4. Corporate Security
    Amtrak has leveraged the Transit Security Grant and American 
Recovery and Reinvestment Act (ARRA) grant programs to improve 
protection for passengers, employees, and critical infrastructure. We 
will never stop assessing Amtrak's vulnerabilities. These build upon an 
earlier risk assessment performed for Amtrak and will be closely 
focused on addressing these individual vulnerabilities. Use of ARRA 
funds to install fences, close circuit TV and other security 
improvements is directly tied to Amtrak's commitment to let our risk 
assessments drive security investment. The majority of our ARRA funding 
efforts are being used to protect infrastructure we have identified as 
critical through vulnerability assessments designed to identify and 
implement risk reduction strategies. The security program is managed in 
part by Station Action Team personnel. They work closely with the 
Operations Department to ensure Amtrak security and emergency response 
policies are followed and coordinated as part of a larger risk 
reduction strategy that incorporates recovery and continuity of 
operations processes.
    Amtrak employees and passengers will continue to be a key piece of 
our security strategy. They are very valuable sources of information 
that can ``cue'' the law enforcement system. Amtrak also benefits from 
the services and operational knowledge of upwards of 19,000 people who 
work on the railroad, and the hundreds of millions of passengers who 
pass through our stations and over our tracks are also capable of 
noticing when something's not right, and reporting it to us so we can 
investigate it. We have seen plenty of examples where the vigilance and 
courage of citizens have helped prevent or thwart an incident in recent 
years, and we are doing everything we can to make sure they know who to 
contact if they see something suspicious--and that those employees know 
what to do once the matter has been brought to their attention. Over 
the past few years, the Station Action Teams and Regional Security 
Coordinating Committees have involved our station staffs in the 
security planning process. This integration has improved coordination 
and raised employee awareness of potential security threats. We have 
trained and continue to train our police officers in Behavior 
Assessment Security Screening (BASS) to teach them to recognize the 
behaviors that might signal an imminent attack, and front-line 
employees have been provided with a non-law enforcement version, to 
improve their awareness and maximize their value as intelligence 
resources.
    As Amtrak has more than 500 stations, we are always resource-
constrained. Consequently, we are enthusiastic about programs that help 
us to bring more people, technology, and animals to bear on the task of 
keeping our stations and trains secure. We are also working to extend 
and improve our cooperation with transit and commuter agencies, many of 
which share our facilities, to get rid of the gaps in coverage where 
systems meet. This is another crucial area because intermodal systems 
can create gaps for potential points of entry--and once you're on a 
rail or transit system, it tends by its very nature to carry an 
attacker to a point where people are most concentrated and 
vulnerability is at its highest. TSA is aware of the need for 
cooperation and coordination among all rail and transit stakeholders 
but this is an area where continued improvement is the paramount need, 
because our opponents know how to exploit gaps--and they only need to 
get lucky once.
    We are devoting our efforts to making it harder and harder for 
terrorists to use their preferred strategies to attack our stations, 
trains, and passengers. We will continue to devote the bulk of our 
efforts to defending against and deterring the most likely and 
dangerous forms of attack, which will continue to be IEDs and active 
shooters. We are, however, definitely concerned about the whole 
spectrum of cyber, chemical, biological and radiological threats, and 
we will continue to work with the Federal Government to defend against 
them. We hope to obtain additional funding to expand aggressively our 
efforts to defend our system against the most probable and devastating 
methods of attack, and we will work with DHS, TSA and the Committee to 
identify other potential funding sources. In future budgets, we will 
submit funding requests that will detail our needs; we expect to fund 
the necessary programs out of our FY 2011 budget. The security of our 
system is our top priority, and I look forward to working with the 
Committee in the coming months to make sure that we have the resources, 
the people, and the intelligence we need to keep our system safe and 
secure.












    Senator Lautenberg. Thank you very much.
    And Mr. Elliott?

            STATEMENT OF HOWARD R. ``SKIP'' ELLIOTT,

         VICE PRESIDENT--PUBLIC SAFETY AND ENVIRONMENT,

                    CSX TRANSPORTATION, INC.

    Mr. Elliott. Good afternoon, Senator Lautenberg.
    My name is Skip Elliott. I have been a railroader for 33 
years, and currently I serve as Vice President of Public Safety 
and Environment for CSX Transportation.
    In my role at CSX, I am responsible for the environment, 
hazard material transportation safety, our railroad police, 
homeland security, and industrial hygiene programs. I am 
pleased to be here before the Committee today, testifying on 
behalf of CSX and the Association of American Railroads, on the 
freight rail industry's effort to enhance rail security.
    I have submitted my full statement to the Committee, and I 
would like to make a few brief comments.
    CSX and the rail industry remain deeply committed to rail 
security. We recognize that the security environment in this 
country has changed dramatically in recent years. There are new 
threats that demand new ways of thinking about our freight and 
passenger rail security and safety.
    Immediately after September 11, 2001, and well before the 
focus on rail security by TSA, our industry moved rapidly to 
address the new threat environment. The significant and 
proactive measures CSX and the industry undertook immediately 
after 9/11, is well-documented and we have responded to the new 
security paradigm in a post-9/11 world.
    CSX recognizes the role of TSA and the actions the Federal 
Government has taken to enhance freight rail security. Within 
the Federal Government, DHS and DOT share responsibility for 
securing the freight rail system. With great thanks to this 
committee's leadership, the Federal Government has enacted 
comprehensive legislation and extensive formal regulations 
aimed at strengthening freight rail security. CSX fully 
supports the goals of these regulations and is committed to 
full compliance.
    In the last 7 years, there have been no less than nine sets 
of regulations and guidelines that the freight railroads have 
been required to implement to enhance security. Beginning in 
2003, DOT issued regulations requiring employee training and 
security plans.
    This was followed soon after by standards issued by U.S. 
Customs and Border Patrol to enhance security at railroad 
international border crossings and a U.S. Coast Guard security 
regulation at locations where we have port operations. Not long 
after, two sets of security action items for railroads were 
issued by TSA, as were additional U.S. Coast Guard rules 
requiring transportation worker identification credentials for 
those railroad employees who work in regulated maritime 
facilities.
    This was followed next by TSA regulations requiring robust 
chain-of-custody measures for toxic inhalation hazards and a 
separate DOT rulemaking requiring that railroads conduct a 
comprehensive route analysis for toxic inhalation hazards, 
using 27 safety and security factors.
    Finally, DOT introduced a regulation last year providing 
standards for tank cars used to transport toxic inhalation 
hazards, to help improve their survivability due to an 
accidental or nonaccidental event. We also anticipate receiving 
several new regulations currently being written by TSA and DOT, 
such as one that will provide further guidance for employee 
security training.
    It is important to underscore the significance of these 
regulations and that the freight rail industry is fully 
complying with them. However, what we are most proud of is that 
they were built on a foundation of the immediate, 
comprehensive, proactive, and voluntary security measures taken 
by the railroads after the attacks of September 11.
    But, we don't believe what we did proactively after 
September 11, or that complying with current and future 
regulations, is necessarily enough.
    At CSX, we maintain a steadfast commitment to the safety 
and security of our operations and the communities in which we 
operate. CSX's security challenge extends to 21,000 miles of 
track in 23 states and the District of Columbia. The network 
crosses 700 counties and 13,000 local jurisdictions. CSX 
believes that partnerships and close coordination of security 
concerns is essential to enhancing public safety and benefits 
the communities we serve, our employees, and our operations.
    The cornerstone of CSX's public/private partnership is our 
highly specialized, secure network operation workstation, 
called SecureNOW, which we share with Federal and state 
homeland security officials. Developed by CSX, the SecureNOW 
system allows security officials to promptly identify the 
location and status of CSX trains and railcars on our 23-state 
network. SecureNOW's--allow public agency officials to 
independently track the location of CSX trains, and to identify 
the contents of railcars in those trains, in a nearly real-time 
environment. Both the USDOT Crisis Management Center, located 
just a short distance from here, and the TSA Freedom Center 
have and are using this CSX-provided technology. We have 
similar partnerships at a number of State Homeland Security 
Fusion Centers. One in particular, in your state, New Jersey, 
has proven to be a very good example of what a long-term 
productive public/private partnership should be.
    In conclusion, CSX and the freight rail industry recognize 
the complexity of challenges faced by both the government and 
American business in ensuring the safe and secure movement of 
people and products in a post-9/11 world. We also recognize 
that government responsibility, first and foremost, is to 
protect the public. Yet it is also important that DHS react to 
the new security environment with sound regulatory policies 
that do not impede the free flow of commerce.
    To help achieve that outcome, we recommend meaningful 
coordination among regulators; improved communications between 
railroads and regulators, especially in areas such as 
intelligence sharing; and stronger collaboration, maximizing 
government use of railroad expertise. These are consistent with 
the 20 recommendations made recently by the Administration in 
its surface transportation security priority assessment.
    CSX recognizes that the freight rail and national security 
environment in which it operates is continually changing. As 
such, safety and security are, and will remain, our top 
priority. CSX and the industry look forward to working with DHS 
to develop sound security policy and practices that are 
coordinated, flexible, and that ensure the continued efficient 
and effective flow of goods. We appreciate the opportunity to 
provide comments on this important topic. We also greatly 
appreciate the good work and guidance of this committee, and 
your role in improving freight rail security.
    Thank you, Senator.
    [The prepared statement of Mr. Elliott follows:]

   Prepared Statement of Howard R. ``Skip'' Elliott, Vice President--
        Public Safety and Environment, CSX Transportation, Inc.

Introduction
    On behalf of CSX Transportation, Inc. (``CSXT'') and the 
Association of American Railroads (``AAR''), thank you for the 
opportunity to discuss the Freight Rail Industry's (the ``Industry'') 
efforts to enhance rail security.
    CSXT and the Industry are deeply committed to rail security. We 
recognize that the security environment in this country has changed 
dramatically in recent years--there are new threats that demand new 
security considerations, and a new way of thinking about freight rail 
safety and security. Immediately after September 11, 2001, and well 
before the creation of TSA, the Industry moved rapidly to address the 
new threat environment. It is well documented what actions CSXT and the 
Industry have voluntarily taken and how we have taken the initiative to 
respond to the new security paradigm in a post-9/11 world. And much has 
been done since the initial rail efforts after September 11 in 2001. 
Industry security plans, a Surface Transportation Information Sharing 
and Analysis Center, an AAR Operations Center feeding information to an 
industry Rail Alert Network, annual desktop exercises, and the E-Rail 
Safe contractor credentialing program--all are voluntary industry 
initiatives that have enhanced the security of the Nation's rail 
network.

Compliance with Government Regulations and Action Items
    CSXT recognizes the Transportation Security Administration's 
(``TSA'') role and the actions the Federal Government has taken to 
enhance freight rail security since 2001. Within the Federal 
Government, DHS and DOT share responsibility for securing the freight 
rail system. Prior to September 11, 2001, the Department of 
Transportation (``DOT'') was the primary Federal agency responsible for 
regulating freight rail transportation. With the creation of TSA in 
November 2001 and TSA's Freight Rail Security Program in 2003, the DOT, 
Department of Homeland Security (``DHS''), and TSA have worked 
diligently to identify freight rail security needs and coordinate 
various efforts to enhance freight rail security. Specifically, DOT, 
DHS, and TSA have enacted extensive formal regulations aimed at 
strengthening freight rail security. CSXT fully supports the goals of 
these regulations and is committed to full compliance.
    Formal Federal agency reaction to freight rail security risks 
inherent in the post-9/11 world began as a cooperative and 
collaborative effort between the government and the Industry. 
Immediately after September 11, 2001, and before the creation of TSA, 
the Industry, in consultation with security experts and Federal 
agencies, implemented a rail security plan which included network-wide 
risk assessments and asset specific countermeasures, with each railroad 
implementing over 50 countermeasures, based on people, process, and 
technology. This concept of escalating alert levels, borrowed from U.S. 
Military Defense Condition (DefCon) protocols, is also used by TSA 
today.
    Experience with the voluntary plans of the largest railroads led to 
adoption of formal requirements for all railroads. In September 2003, 
the U.S. Department of Transportation, Pipeline and Hazardous Materials 
Safety Administration (``PHMSA'') issued rules requiring any railroad 
that handles hazardous materials to adopt a security plan and engage in 
training of its hazardous material employees. PHMSA's security planning 
rules require railroads to develop and implement security plans that 
address security risks and vulnerabilities related to the 
transportation of hazardous materials.
    PHMSA's security planning rules require railroads to develop and 
implement a security plan based on an assessment of possible 
transportation security risks. The plan must address personnel 
security, unauthorized access, and en route security. The security plan 
must be based on an assessment of possible transportation security 
risks and must include at a minimum, an assessment of possible 
transportation security risks and appropriate measures identified by 
risk assessments. All security plans are required to be in writing, 
updated as necessary to reflect changing circumstances and must be 
retained for as long as the plan remains in effect.
    PHMSA also issued rules that require security awareness training 
for hazardous materials employees. Railroads must provide ``in-depth'' 
security training and ``security awareness'' training to employees. In-
depth security training must include security objectives, specific 
security procedures, employee responsibilities, actions to take in the 
event of a security breach, and the organizational security structure. 
Security awareness training requires that each employee receive 
training that provides an awareness of security risks associated with 
the transportation of hazardous materials and methods designed to 
enhance transportation security, including how to recognize and respond 
to possible security threats.
    For CSXT, compliance with these rules was relatively 
straightforward. With a comprehensive security plan that had been in 
place for several years, we reviewed our existing plan in light of the 
regulations and made some modifications as needed to ensure that it met 
the new regulatory requirements.
    Also in 2003, CSXT began participating in the U.S. Customs and 
Border Protection's voluntary C-TPAT (Customs-Trade Partnership Against 
Terrorism) program. C-TPAT is a voluntary government-private sector 
partnership to strengthen and improve U.S. border security and the 
security of the international supply chain. C-TPAT increases security 
measures, practices and procedures throughout all sectors of the 
international supply chain.
    As a participating member of C-TPAT, this supply chain security 
program for international cargo is in place at CSXT's U.S.-Canadian 
border crossing points. It requires adherence to a variety of security-
related performance measures in order to achieve certification in the 
program.
    In 2003, CSXT also began working on compliance with United States 
Coast Guard's regulations under the Maritime Security Act of 2002. 
These extensive rules require comprehensive port threat and 
vulnerability assessments, security plans and security measures. CSXT 
has facilities in Maryland, Ohio, and Florida that fall under these 
regulations, and that undergo regular inspection and evaluation by the 
U.S. Coast Guard to ensure compliance.
    In 2006, TSA and DOT began to give heightened attention to the 
transportation of certain ultra-hazardous commodities such as toxic 
inhalation hazard (``TIH'') materials. They began by developing twenty-
four voluntary security action items in a series of consultative 
meetings between the rail industry, TSA and other interested Federal 
agencies. These voluntary security action items, adopted in June 2006, 
were to be followed as recommended best practices of rail carriers 
handling these particularly sensitive products.
    CSXT was a strong proponent of the cooperative process that led to 
the original set of guidelines, and continues to support voluntary 
cooperation. This original set of voluntary action items generally 
focused on three main areas: (i) system security, (ii) access control, 
and (iii) en-route security.
    On November 21, 2006, TSA issued further voluntary ``action items'' 
for the handling of TIH. TSA Supplemental Security Action Item Number 1 
concerns the transportation of TIH and generally focuses on: (i) 
enhancing access control and security awareness for rail facilities in 
federally designated High-Threat Urban Areas (``HTUAs''), (ii) 
monitoring the movement of TIH cars in HTUAs to substantially reduce 
dwell and transit time, and (iii) eliminating unattended TIH cars in 
HTUAs. Unlike the first set of action items, these were adopted by TSA 
unilaterally and without further dialogue with the rail Industry.
    In January 2007, the USCG and TSA issued new regulations requiring 
that workers who enter regulated maritime facilities must obtain a 
Transportation Worker Identification Credential (``TWIC''). The TWIC 
requirement applies to railroad employees who enter and work for CSXT 
at any regulated maritime facility in the United States. Train and 
Engine crews, Mechanical and Maintenance of Way personnel, Railroad 
managers, Special Agents and any other railroad employee entering these 
covered maritime facilities must have a TWIC.
    On February 12, 2007, TSA again unilaterally issued further 
voluntary ``action items'' for the handling of TIH. TSA Supplemental 
Security Action Item Number 2 provides further guidance on the 
recommended scope and procedures for voluntarily conducted background 
checks.
    Over time, TSA saw a need to move to a more formal interaction with 
the Industry over the transportation of certain ultra hazardous 
commodities such as TIH materials. These voluntary guidelines were 
gradually supplanted by progressively more active formal regulations.
    In November 2008, the TSA issued final regulations imposing new 
``chain of custody'' obligations regarding the handling of TIH cars in 
interchanges, i.e., where one railroad transfers a TIH car to another 
railroad. The regulation required railroads to modify their routing 
operations to ensure that only attended interchanges are used for 
transporting TIH. This regulation also imposed similar requirements for 
the transfer of custody from shipper to railroad and from railroad to 
certain receivers at destination.
    When TSA issued its final Chain of Custody rules in November 2008, 
it initially gave the rail industry just 30 days to implement new 
interchange practices and to train tens of thousands of employees on 
the new requirements. CSXT as well as the Industry persuaded TSA to 
extend the compliance date to April 1, 2009, thus enabling the Industry 
to adapt its operations without conflict with the new regulations. CSXT 
and the Industry greatly appreciate TSA's willingness to meet with us, 
discuss the practical implementation challenges we faced, and to give 
the Industry time it needed to do the job properly.
    Additionally, TSA's final rule required railroads to designate a 
rail security coordinator (``RSC'') and at least one alternate RSC to 
be available on a 24-hour, 7 days per week basis to serve as the 
primary contact for receipt of intelligence information and other 
security-related activities from TSA. The final rule also required 
Class I railroads to provide location and shipping information to TSA 
within 5 minutes of an inquiry if the request concerns only one car and 
within thirty minutes if the request concerns two or more rail cars.
    Also in November 2008, the DOT issued final rules requiring 
railroads to perform a safety and security risk analysis for routes 
used to transport certain hazardous materials and to select the safest 
and most secure routes, using a provided list of 27 risk factors. 
Congress, through the good work and guidance of this committee, 
mandated this approach in 2007 in the Implementing Recommendations of 
the 9/11 Commission Act.
    The DOT routing regulation (adopted by PHMSA and enforced by FRA) 
represents a commendable effort to address the public's routing 
concerns regarding the transportation of certain highly hazardous 
materials. DOT's routing rule requires railroads to compile annual data 
on certain shipments of explosive, TIH, and radioactive materials for 
use in making routing decisions. Railroads must use this data to 
analyze safety and security risks along routes used to transport these 
materials, assess alternative routing options, and make routing 
decisions based upon those assessments.
    For the initial analysis, the government gave railroads the option 
of completing the initial route analysis by September 1, 2009, based on 
6 months of data (from July to December 2008), or March 31, 2020, based 
on 12 months of data (full year 2008). CSXT was one of the first 
railroads to complete the initial route analysis, on September 1, 2009, 
using the Rail Corridor Risk Management (``RCRMS'') tool, a Government-
funded routing model. RCRMS is a statistical routing model that 
railroads may use to assist with compliance with the rule. The RCRMS 
model was developed by expert consultants with periodic reviews by a 
government executive oversight panel--officials from TSA, DOT, FRA, and 
PHMSA. Railroads are not required to use RCRMS and may choose other 
routing models for use in preparing their risk analyses.
    We recognize the importance of this regulation, but nonetheless, 
the route analysis requirement was a complicated and burdensome 
process. It imposed significant demands on CSXT management time and 
resources. While this is important and necessary work, we must keep in 
mind at all times that the traffic subject to the routing rule 
represents about one-half of one percent of CSXT's total traffic base, 
and that these efforts are consuming--and will continue to consume--a 
disproportionate share of management resources.
    In January 2009, the DOT issued interim tank car standards that 
mandate commodity-specific improvements in the safety features and 
design standards for tank cars transporting TIH materials. These 
interim standards were adopted to improve the accident survivability of 
TIH tank cars. At the same time, the DOT imposed speed restrictions on 
trains carrying even a single carload of TIH materials.

Voluntary Actions
    CSXT appreciates the freight rail security guidance in the form of 
regulations from DHS, but we are still an Industry (and a railroad) 
that does act proactively and voluntarily to improve the safety and 
security of the rail network.
    At CSXT, ``Safety is a Way of Life'' and we maintain a steadfast 
commitment to the safety and security of our operations and the 
communities in which we operate. CSXT's security challenge extends to 
21,000 miles of track in 23 states and the District of Columbia. This 
network crosses 700 counties and 13,000 local jurisdictions.
    CSXT believes that partnerships and close coordination of security 
concerns is essential to enhancing public safety and benefits the 
communities we serve, our employees, and our operations. We work 
closely with the Industry and with Federal, state and local officials, 
on improving the safety and security of rail transportation to help 
keep our employees, our communities, and our customers' employees safe. 
As part of this effort, CSXT has established public-private 
partnerships to provide Federal and state homeland security officials 
valuable, current information they can use to protect the communities 
they serve. Formalized partnerships allow CSXT, state officials and 
first responders to effectively and seamlessly share information and 
work side-by-side protecting the communities we serve and our 
employees.
    At CSXT, we believe that public-private partnerships offer the best 
route to improving not only freight rail security but also national 
security. The cornerstone of CSXT's public-private partnerships is 
sharing our highly-specialized secure Network Operations Workstation 
(``SecureNOW'') with Federal and state homeland security officials. The 
SecureNOW system is a proprietary, secure online computer tool used to 
monitor, identify and respond to rail-security and emergency issues 
throughout the CSXT network. This system, developed by CSXT, provides 
CSXT employees and trained state homeland security and public agency 
officials with a tool to promptly identify the location and status of 
CSXT trains and rail cars on our network. SecureNOW allows trained 
security and public agency officials in several states to independently 
track the location of CSXT trains and the contents of the rail cars in 
those trains in a nearly real-time environment. Before, officials 
needed to telephone CSXT to access this information.
    CSXT's SecureNOW system and our approach to information sharing 
helps homeland security officials prepare for and--if needed--respond 
to emergency situations. Access to SecureNOW also provides state and 
Federal officials with additional information about what is carried on 
our rails, and state officials can more efficiently allocate law 
enforcement resources, coordinate with CSXT security officials, and 
integrate rail security into on-going law enforcement operations.
    In fact, CSXT has entered into partnerships with two Federal 
entities--the TSA Freedom Center (TSOC) and the DOT Crisis Management 
Center. This allows trained Federal homeland security officials to have 
nearly real time information regarding the location of CSXT trains and 
the contents of the rail cars transported on our lines. In addition to 
these Federal partnerships, CSXT also has partnerships for access to 
SecureNOW with New York, New Jersey, Kentucky, Maryland, Indiana, Ohio, 
Georgia, and Florida. These partnerships formalize and enhance CSXT's 
ongoing commitment to these states and Federal agencies to share 
information, resources and strategies in order to better protect the 
communities in which CSXT operates.
    As part of CSXT's ongoing commitment to enhancing rail security, 
CSXT is collaborating with the National Alliance for Public Safety GIS, 
in the development of a GIS tool for sharing data to enhance decision 
support for the prevention, mitigation, and response to emergencies. 
The GIS tool includes CSXT's comprehensive rail yard emergency response 
schematics, and detailed mapping of the rail lines connecting our 
yards. This project, when completed, will be directly accessible by 
emergency responders and will provide the location of known hazards in 
CSXT rail yards as well as identify access points onto CSXT property.
    Additionally, CSXT is dedicated to educating communities and first 
responders about rail emergency response programs. We provide 
communities and emergency responders with the information and training 
necessary to address a rail-related emergency. Each year we conduct a 
tremendous amount of training and coordination with local first 
responders and security officials. We regularly provide first 
responders hazardous material incident-response training by our 
hazardous materials team. The training consists of classroom training, 
table top exercises, and hands-on training using the CSXT safety train. 
These training sessions familiarize first responders with the 
commodities moved by rail, the containers used, how to locate contact 
information and carry out appropriate response procedures. This 
training has been very well received by first responder agencies and we 
continue to build on this collaborative effort.
    One outstanding example of the Industry's effort to enhance 
training for emergency responders is witnessed by the AAR's 
Transportation Technology Center located in Pueblo, Colorado, receiving 
Congressional authorization to become a member of The National Domestic 
Preparedness Consortium (``NDCP''). The NDCP includes eight other 
nationally recognized organizations that address the counter-terrorism 
preparedness and training needs of our Nation's emergency responders. 
At TTCI, emergency first responders receive comprehensive and realistic 
training on surface transportation security and emergency response.
    CSXT, like all the Class I railroads, regularly provides first 
response agencies in every jurisdiction where we operate with a 
Community Awareness Emergency Planning Guide, which, for training and 
planning purposes, provides a list of the top 25 hazardous commodities 
shipped by rail in North America as well as a list of the top 25 
shipped by CSXT. Upon request, we provide local first responders with a 
density study that details the top hazardous commodities for a specific 
community, and provides responders with the necessary information to 
plan for a commodity-specific and community-specific response.
    CSXT also works cooperatively with local first responders to 
familiarize them with CSXT facilities and our operations. CSXT has a 
long standing practice of inviting local responders into rail yards and 
facilities so they may become familiar with on-site safety 
considerations. The benefit of this open door policy is two fold. 
First, responders are better equipped to safely and effectively aid 
CSXT in the event of a rail-related incident or other emergency on rail 
property. Second, this practice allows local law enforcement officers 
to become familiar with rail property so that CSXT's police force and 
local law enforcement officials can coordinate on issues like rail 
crime, sabotage, and trespasser mitigation efforts.
    CSXT is proud to offer industry-leading training programs to local 
first responders and emergency personnel in the communities we serve. 
But CSXT's training efforts do not stop here. CSXT also provides rail 
safety training to Short Lines. Our goal is to expand the 
sophistication of Short Line managers on important rail transportation 
safety issues. CSXT's safety training includes environmental 
regulations and compliance, waste management, hazmat awareness and 
response, security planning and train accident prevention. CSXT 
provides annual updates and makes CSXT project managers and the CSXT 
Public Safety Coordination Center hotline (1-800-232-0144) available to 
Short Lines to help them with issues on an ongoing basis.
    Employee communication is central to CSXT's philosophy. We continue 
to have dialogue with labor union representatives on security training 
and employee perspectives on rail security issues. CSXT and the 
Industry are taking the initiative to engage labor on several different 
fronts. As recently as last week, CSXT and other Industry 
representatives met with the Teamsters Rail Conference on overall 
railroad security.
    However, our actions cannot be solely focused on freight rail 
security. Given the information we have received from Federal 
intelligence sources, we believe that the greatest terrorist threat to 
CSXT comes from the approximately 8 million passenger and commuter 
train miles each year that operate on CSXT-owned rail lines. To that 
end, we work closely with the agencies entrusted to carry passengers on 
our lines to protect the 19 million riders on those trains. In 2007, 
CSXT developed a series of 149 safe havens for Amtrak trains operating 
on CSXT-owned rail lines. These safe havens allow for pre-identified 
and coordinated locations, approximately 25 to 30 miles apart, where 
during a time of increased terrorist concern or an actual attack, we 
can safely bring Amtrak trains to a stop in order to evacuate or tend 
to passengers needs. In 2009, we added safe havens for our commuter 
partners--VRE, MARC, Tri Rail, and MBTA. Emergency responders at all 
safe haven location received information and training to assist in 
their important role should we have to activate our safe haven plan.
    CSXT also recognizes the vital role that freight railroad police 
play in enhancing freight rail and national security. CSXT, like all 
Class I railroads, has its own police force with commissioned railroad 
police officers to maintain the safety and security of the public and 
the freight entrusted to the railroad. However, the CSXT police 
department is the only U.S. based freight railroad police department to 
be nationally accredited by the Commission on Accreditation for Law 
Enforcement Agencies (``CALEA''). CSXT is proud of this accomplishment, 
as only approximately 10 percent of the police departments in the 
country have met the more than 450 required best practice standards to 
be awarded CALEA accreditation.
    Additionally, in 2004, CSXT's police department developed and 
implemented a Rapid Response Team (``RRT'') that consists of a group of 
highly-skilled CSXT Police special agents specifically trained to 
respond to security incidents. The RRT is an interdisciplinary team 
that is composed of CSXT Police special agents. Among them are 
explosive-detection K-9 teams, counter-surveillance specialists, and 
tactical response specialists, Hazmat managers with paramedic and 
engineer qualifications, and a medical support element.
    The CSXT RRT is responsible for rail counter-terrorism to ensure 
that rail infrastructure does not become a target of domestic or 
foreign terrorists. RRT team members are positioned and equipped for a 
rapid response anywhere on the CSXT system. They are highly trained 
according to national and international guidelines, which makes the 
team the premier rail counter-terrorist experts in the industry. In 
fact, the RRT provides rail-specific anti-terrorism training to public 
agencies to support their mission and aid in response to railroad 
incidents and/or threats.
    In fact, since its inception in 2004, our CSX RRT has trained over 
90 local, county, state, Federal and military law enforcement agencies 
and nearly 900 tactical police officers on how to respond to a 
terrorist attack to a railroad--both passenger and freight using a one-
of-a-kind tactical training train (T3) that allows for realistic force-
on-force training.

Recommendations: Coordination, Collaboration, and Communication
    1. Coordination among regulators
    2. Communication between railroads and regulators (i.e., 
intelligence sharing)
    3. Collaboration (maximizing government use of railroad expertise)
    CSXT and the Industry recognize the complexity of challenges faced 
by both the government and American business in ensuring the safe and 
secure movement of people and products in a post-9/11 World. We also 
recognize that government responsibility, first and foremost, is to 
protect the public. Yet, it is also important that DHS react to the new 
security environment with sound regulatory policies that do not impede 
the free flow of commerce. Open dialogue and collaboration with 
Industry stakeholders, including extensive and constructive discussions 
at the earliest stages, will ensure positive results with minimal 
impacts on our industrial economy.
    Grant programs are an important component of government-industry 
collaboration. Federal money to support private security efforts is an 
effective means by which government can leverage resources. In this 
regard, it is important to remember that the rail security grant 
program, as originally conceived, was intended to enhance freight rail 
security. As implemented, however, most of the available funding has 
gone to projects other than freight security infrastructure. The Class 
I railroads would urge the Committee to direct future grant programs 
precisely to freight rail infrastructure security projects.
    CSXT does not disagree with the importance of mandatory security 
regulations, but regulatory controls should be adopted only after 
meaningful coordination and collaboration. Most industries are more 
complicated than first meets the eye, and the rail industry is 
particularly so. By working with the Industry and fully understanding 
the implications of possible approaches to Federal policy, DHS would 
best be able to ensure that it minimizes the unintended consequences of 
new regulations and policies. Genuine, open communication between 
stakeholders and the government can not only lead to practical 
solutions; it can open the door to solutions that might not otherwise 
have been apparent.
    We urge DHS to make early, frequent consultation with all affected 
industries a hallmark of its security policymaking. Establishing a 
formal collaborative rulemaking process will give stakeholders the 
opportunity to be directly involved in improving rail transportation 
security and to develop mutually satisfactory rail security regulations 
and practices. It will ensure that final rules are well-conceived, 
consistent, and effective for Industry. This kind of coordination and 
consultation before decisions have been finalized, before agency 
direction has been determined, and before a notice of proposed 
rulemaking is published, can only improve the final product. True 
collaboration will ensure that we are taking maximum advantage of the 
best thinking in government and industry.
    Specifically, CSXT recommends that DHS adopt a process that gives 
all stakeholders the opportunity to have an open dialogue with TSA on 
rail security issues similar to the FRA's Rail Safety Advisory 
Committees (``RSAC''). As the Committee may know, the RSAC is a formal 
advisory committee that provides advice and recommendations to the FRA 
on development of new safety regulations, revision of existing 
regulations, and non-regulatory options for improving railroad safety. 
The RSAC members consist of railroads, labor organizations, state 
associations, government agencies, and other key rail safety 
stakeholders. The RSAC gives stakeholders an opportunity to have an 
open dialogue on rail safety best practices, a forum to advise FRA on 
rail safety issues, and a process to identify reasonable solutions and 
regulatory options for enhancing rail safety. This process has proven 
effective in reaching consensus and limiting areas of disagreement. 
Importantly, the agency retains full responsibility and authority over 
the actual final rule adopted. The stakeholders contribute; the agency 
decides.
    Establishing an RSAC-like process would not impede DHS from issuing 
proposed rulemakings in a timely manner. Rather, CSXT believes that a 
formal process like this would: (1) expedite adoption of future final 
rules, (2) facilitate more effective compliance, and (3) provide 
Industry stakeholders with a better understanding of the agency's 
expectations and its views on the scope of new rules.

Conclusion
    CSXT recognizes that the freight rail and national security 
environment in which it operates is continually changing. As such, 
safety and security are, and will remain, our top priority. CSXT and 
the Industry look forward to working with DHS to develop sound security 
policy and practices that are coordinated, flexible, and that ensure 
the continued efficient and effective flow of goods. CSXT appreciates 
the opportunity to provide comments on this important topic.

    Senator Lautenberg. Thank you very much.
    And now like to hear from Joseph Kelly, who's the Acting 
Chief of New Jersey Transit Police.
    Mr. Kelly, welcome.

        STATEMENT JOSEPH KELLY, ACTING CHIEF OF POLICE, 
                           NJ TRANSIT

    Mr. Kelly. Thank you, and good afternoon, Senator 
Lautenberg.
    My name is Joseph Kelly, and I am the Acting Chief of 
Police for New Jersey Transit.
    New Jersey Transit is the Nation's largest statewide public 
transportation system, operating in 3 states and providing 
nearly 900,000 weekday trips on buses, light rail, and commuter 
rail. My police department is authorized for 244 officers, 
including 39 positions full-time to counter terrorism.
    Mr. Chairman, I want to thank you and the other 
distinguished members of this committee for providing me the 
opportunity to testify today on the criticality of protecting 
our Nation's passenger rail system.
    Let me first describe some of the counterterrorism 
strategies we have put in place since September 11, 2001. And 
then I will outline some of the challenges we face at New 
Jersey Transit, going forward.
    We acknowledge we cannot place a police officer on every 
corner. However, force multiplication is desperately needed to 
protect our passengers. To that end, we have focused our 
efforts on technology advancements, coordination, force 
augmentation, and education.
    New Jersey Transit has been active in installing 
surveillance cameras and deploying radiological and explosive 
detection systems. We've also added a variety of other 
equipment aimed at prevention, detection, and recovery of all 
hazards. Thanks to grant funding from the Transit Security 
Grant Program, the Urban Area Security Initiative, and State 
Homeland Security Grants, we have recently been able to add a 
continuity-of-operations vehicle capable of emergency response 
and sustained redundancy, satellite communications, 
interoperable communications, a variety of hazardous material 
response equipment, rescue and extrication equipment, 
radiological pagers and isotope identifiers, explosives trace 
detection machines.
    With respect to coordination, New Jersey Transit has 
created a crime analysis and intelligence unit. Our officers 
are assigned to the FBI's Joint Terrorism Task Force and the 
New Jersey State Police Fusion Center. Additionally, the 
department exchanges information with the Regional Transit 
Security Working Group and the Northeast Corridor Coalition.
    Our department also relies heavily on force augmentation. 
We are assisted with patrols of our stations and facilities by 
local law enforcement agencies. In addition, we run regular 
counterterror exercises with the New Jersey State Police, the 
New Jersey Office of Homeland Security and Preparedness, and 
our regional transportation partners, including the NYPD, as 
well as some of New Jersey's rapid deployment teams.
    In terms of education, our transit employees have been 
trained in terrorism awareness, dating back to 2002. Our front-
line employees have also received related courses and are 
targeted to receive behavioral assessment training through a 
Regional Transit Security Grant. Some employees are also 
receiving advanced training through our Citizens Police 
Academy. Our police officers receive counterterrorism training 
now as part of their basic police officer training, and have 
also been trained in behavioral assessment. Police officers 
assigned to the counterterrorism function have also attended a 
variety of specialized courses, such as federally funded 
courses including the incident response to terrorist bombing 
and the strategic counterterrorism training for transit 
managers.
    We train our commuters through some nonconventional means, 
using uniformed police officers. Commuters and citizens alike 
are given information contain TIPS phone number, the type of 
information to report, and awareness of precursor terrorist 
activity. This information is distributed on counterterror 
deployments, such as our community outreach details.
    New Jersey Transit is in constant communication with our 
Federal partners. The two principal Federal repositories for 
counterterrorism-related information are the FBI, JTTF, and the 
Transit Security Operations Center, known as TSOC, operated by 
the TSA. The required reporting of both these entities 
sometimes can be problematic and duplicative. A preferable 
approach may be to rely on the Joint Terrorism Task Force to 
communicate with the TSOC after the JTTF makes a determination 
as how it wants to proceed on any given piece of information.
    Let me briefly touch on our budgetary challenges. As you 
know, the national economic downturn has had a dramatic effect 
on state and local revenue. A survey recently completed by the 
American Public Transportation Association found that 60 
percent of APTA systems have already cut service or raised 
fares, and that 84 percent of public transportation systems 
will do so by the end of the year.
    New Jersey Transit recently approved a 22-percent increase 
to close a projected $300-million Fiscal Year 11 budget gap. In 
addition, we instituted a hiring freeze and are eliminating 
more than 200 positions. With these local funding challenges, 
Federal operating support for security efforts has become even 
more critical.
    Since Fiscal Year 2007, New Jersey Transit has received 
much needed operating support for security efforts. The 
officers funded by these grants will be completely dedicated to 
counterterror, and will be a critical component to our 
prevention efforts. I urge the Committee to continue this 
support.
    Thank you again for the opportunity to testify. And I look 
forward to answering any questions you may have.
    [The prepared statement of Mr. Kelly follows:]

 Prepared Statement of Joseph Kelly, Acting Chief of Police, NJ TRANSIT

    Chairman Lautenberg, Ranking Member Hutchinson and distinguished 
members of the Committee--my name is Joseph Kelly and I am the Acting 
Chief of Police of NJ TRANSIT. NJ TRANSIT is the Nation's largest 
statewide public transportation system, operating in three states 
providing nearly 900,000 weekday trips on 2000 buses, three light rail 
lines and 12 commuter rail lines. My department is authorized for 244 
police officers, including 39 police positions full-time to counter-
terrorism.
    Mr. Chairman, I want to thank you and the other distinguished 
members of this committee for providing me the opportunity to testify 
today on the criticality of protecting our Nation's passenger rail 
system.
    Let me first describe some of the counter-terrorism strategies we 
have put in place since September 11, including our close partnerships 
with Federal authorities. I will then outline some of the challenges we 
face at NJ TRANSIT going forward.
    We know that we cannot place a police officer on every corner of 
our system. However, force multipliers are desperately needed to 
protect our passengers. To that end, we have focused our efforts on 
technology advancement, coordination, force augmentation and education.
    NJ TRANSIT has been very active installing security surveillance 
cameras and deploying radiological and explosives detection and 
protection systems. We have also added a variety of other equipment 
aimed at prevention, detection and recovery of all hazards. Thanks to 
grant funding from the Transit Security Grant Program, Urban Area 
Security Initiative Grants funding and State Homeland Security Grants, 
we have recently added:

   A Continuity of Operation Vehicles capable of emergency 
        response and sustained operational redundancy.

   Satellite Communications (fixed and mobile).

   Interoperable communications equipment including ICRI and 
        MACOM gateway switch. The ``ICRI'' is a small, portable 
        ``switch'' used to interconnect municipal public safety radios, 
        state and Federal radios and telephone.

   A variety of Hazardous Material response and investigative 
        equipment.

   Rescue and extrication equipment.

   Radiological pagers and handheld isotope identifiers.

   Explosive Trace Detection Machines capable of detecting both 
        nitrate and peroxide based explosives.

    With respect to coordination, NJ TRANSIT has created a crime 
analysis and intelligence unit and we have implemented COMPSTAT aimed 
at information sharing and thorough investigation. NJ Transit Police 
officers are assigned to the FBI Joint Terrorism Task Force (JTTF) and 
the NJ State Police Regional Operations Intelligence Center. 
Additionally the department exchanges information with the Regional 
Transit Security Working Group and the Northeast Corridor Coalition. 
Through these partnerships, the NJ TRANSIT Police Department exchanges 
real time intelligence across the region and the Nation in a timely and 
efficient manner.
    Our Department also relies heavy on force augmentation. We are 
assisted with park, walk and talk patrols of our stations and 
facilities by municipal, county and state law enforcement agencies. In 
addition, we run regular counter terror exercises with the New Jersey 
State Police, the New Jersey Office of Homeland Security and 
Preparedness and our regional transportation partners (including the 
NYPD) and some of New Jersey's county rapid deployment teams.
    In terms of education, we have offered counter-terrorism related 
training in three groups; transit employees, police officers, and the 
commuters and public.
    Our transit employees have been trained in terrorism awareness 
dating back to 2002. Our front line employees have also received 
related courses and are all targeted to receive behavioral assessment 
training through a 2008 Regional Transit Security grant. Some employees 
also receive advanced training through our citizens police academy 
program.
    Our police officers receive counter-terror training now as part of 
their basic police training and have also been trained in behavioral 
assessment. Police officers assigned to counter-terror full time also 
attend a variety of specialized courses such as the federally funded 
Incident response to a terrorist bombing and the strategic 
counterterrorism training program for transit managers.
    We train our commuters through some non-conventional means using 
uniformed police officers in the field. Commuters and citizens alike 
are given information containing our TIPS telephone number, the type of 
information to report and the pre-cursors of terror related activity. 
This information is distributed on counter-terror deployments such as 
community outreach details.
    As I mentioned earlier in my testimony, NJ TRANSIT is in constant 
communication with our Federal partners. The two principal Federal 
repositories for counter-terrorism related information are the FBI's 
Joint Terrorism Task Force (JTTF) and the Transit Security Operations 
Center, known as TSOC, operated by the TSA. The required reporting to 
both of these entities can be problematic and duplicative at times. For 
instance, a lead provided to the JTTF by NJ TRANSIT has the potential 
to be compromised by virtue of the reporting process of the Transit 
Security Operations Center, which shares this information via e-mail 
when suspicious activity is reported. A preferable approach may be to 
rely on the Joint Terrorism Task Force to communicate with the Transit 
Security Operations Center after the JTTF makes a determination as to 
how it wants to proceed on a given piece of information.
    Let me briefly touch on NJ TRANSIT's budgetary challenges. As you 
know, the national economic downturn has had a dramatic effect on State 
and local revenue. A survey recently completed by the American Public 
Transportation Association (APTA) found that 60 percent of APTA systems 
have already cut service or raised fares and that 84 percent of public 
transportation systems will do so by the end of the year.
    NJ TRANSIT recently approved a 22 percent fare increase to close a 
projected $300 million FY11 budget gap. In addition, we have instituted 
a hiring freeze and are eliminating more than 200 positions. With these 
local funding challenges, Federal operating support for security 
efforts has become even more critical.
    Since FY07, NJ TRANSIT has received much needed operating support 
for security efforts. The police officers funded by these grants will 
be completely dedicated to counter-terror and will be a critical 
component to out prevention efforts. I urge the Committee to continue 
this support.
    Thank you again for the opportunity to testify today. I look 
forward to answering any questions you may have.

    Senator Lautenberg. Thank each of you for your valuable 
testimony.
    I want to just get an idea of what communications you get 
from the Department of Homeland Security--after the recent 
subway attacks, for instance.
    And, Mr. Elliott, we include you in the rail discussion, 
even though we don't say ``freight.'' But, the fact is, it's a 
very important element of our total economic system.
    And so, the attack was there. Other attacks on passenger 
rail, mass transit systems throughout the world. What kind of 
actions did the Department of Homeland Security take to help 
you increase your level of security?
    Mr. O'Connor. Senator the day of the last attack, in 
Moscow, we did get a call from TSA. I and, actually, Chief 
Kelly are part of a group; it's called a Peer Advisory Group. 
It's about a dozen police chiefs from around the country that 
conference once a month to discuss security issues. But, that 
call came about 12 or 1 o'clock that day. Obviously, the 
attacks had occurred almost 12 hours earlier, and many of us 
had already gone through what we thought we had to, in terms of 
reassuring the public.
    So, while the--while it was commendable, on the TSA's part, 
to get the group together and kind of share information on what 
we're doing, I think it would have been more helpful if they 
were out a little bit quicker so that we could have had a 
common response to reassure the public.
    Senator Lautenberg. Chief Kelly?
    Mr. Kelly. Senator, thank you for the question. I echo 
Chief O'Connor's remarks, in that we do get information from 
the TSA, but normally it's not as timely as it could be. I----
    Senator Lautenberg. How about the kind of communications 
you get, as well as the timing.
    Mr. Kelly. We receive briefings, generally--in addition to 
the phone call, briefings via e-mail on a daily basis. However, 
when it comes to attacks, such as Moscow or Mumbai or Madrid, 
we're receiving in-depth briefings from our law enforcement 
partners in the region. And usually--I don't want to speak for 
Chief O'Connor, but I get in-depth briefings from my detective 
assigned to the Joint Terrorism Task Force, in a very timely 
manner, telling us what we're facing and what we need to do.
    Mr. O'Connor. Just to follow up on that, in the Zazi 
investigation I got a call directly from the head of the New 
York Joint Terrorism Task Force when those warrants were being 
executed that night. So, we knew, before it went public, you 
know, what was happening and what the public might be alarmed 
about, and that gave us advance notice to prepare for that.
    Senator Lautenberg. Yes. Mr. Elliott, do you have any 
comment to make on this connection?
    Mr. Elliott. Yes. I would, Senator. With over 8 million 
train miles of passenger and commuter operations on our private 
freight lines every year, we cannot disassociate ourself from 
the very real concern--security concern to passenger 
operations. I will tell you that, even though, from a freight 
railroad perspective, the relationship that we have with our 
passenger and commuter partners is admirable, including a 
longstanding relationship with Chief O'Connor, especially, in 
the Amtrak Police Department. I would like to echo his 
sentiment. I think the information we receive is adequate, but 
I don't think it's timely enough. I think one of the great 
things about the U.S. rail industry today is our ability to 
quickly respond to good intelligence. And if we don't get that 
good intelligence in a timely basis, then we are not able to 
take the steps that we need to provide both freight rail 
infrastructure, as well as the passengers that might be riding 
on that portion of the rail.
    Senator Lautenberg. Does TSA give any of you advice on new 
technological discoveries, new equipment, new ideas on 
protecting your responsibilities? I'm not just trying to get 
TSA in a vise here, but I'm interested in what each of you 
does, each and every day. You have enormous responsibility of 
life and limb, the economy, the functioning of our society. Is 
TSA a significant source for data and information on what you 
can do to improve your operation, without simply suggesting you 
get more resources, which I think also----
    Mr. O'Connor. Through the years, Senator, we have partnered 
with TSA to experiment or run pilot programs on different 
technology, whether it be millimeter wave technology that 
they're trying detect someone carrying a suicide vest on their 
body, radiological detectors, explosive trace detection. That's 
one of the areas where DHS and TSA has been particularly 
helpful. I think they need to do more, you know, and I think 
that they have to, kind of, speed up getting some technology to 
us, in terms of cameras and face recognition and, you know, the 
ability to detect people who may be leaving things behind on 
trains and in stations. But, that's one area where TSA has been 
helpful to Amtrak.
    Senator Lautenberg. There have been, thank goodness, no 
terrorist attacks on rail systems in our country. Attacks 
around the world have resulted in significant loss of life and 
system disruptions. The TSA only allocates about two percent of 
its budget for surface transportation security. How does--this 
structure, this prioritization by the Department affect you and 
your ability to meet your security needs?
    Mr. Kelly. Senator, while--it wouldn't be fair to compare 
aviation to surface security. As I mentioned in my testimony, 
it's never----
    Senator Lautenberg. You said----
    Mr. Kelly.--been more----
    Senator Lautenberg.--900,000 people board your trains every 
day?
    Mr. Kelly. Yes, sir. But, it's an open system, as compared 
to a sterile environment. It has never been more critical than 
it is now, with the budget constraints, I believe, that are 
pressing against most transit properties. We--we've received 
about $59 million in support through Federal grants since 2003. 
And it's critical that that continues so that we can continue 
to provide the level of security that we do.
    Mr. O'Connor. Senator, several of the panelists previously 
testified that decisions like this should really be based upon 
risk. And clearly, I think the risk to surface transportation 
has become greater over the years. So, that, to me, would 
suggest that TSA and DHS should take a step back and see if 
their formula that they thought was the right one several years 
back is still the right one today. You know, it would appear to 
me, as you said earlier, with 2 million to 35 million 
passengers at risk, the formula needs to be revisited.
    Senator Lautenberg. But, also there are 45,000 people, 
thank goodness, inspecting baggage and passengers to make sure, 
as much as possible, that bad people don't get on the airplane. 
On a comparative basis, however, because of the widespread use 
of that surface transportation, it's--I'm not sure that there 
can be any comparison to that which is spent--87 percent of the 
budget is spent on aviation. And the question is, have we done 
enough--are we doing enough?
    Chief Kelly, I hear what you're saying. I mean, we know 
that there are significant budget cuts in--New Jersey Transit 
and other facilities in the state, unfortunately. But, the 
question is, At what point do we impair our ability to provide 
the kind of security--that's a rhetorical question, you don't 
have to answer, because I know what your thoughts might be, 
even what your words might be different from--the fact of the 
matter is that these things could have consequences--that are 
unthinkable.
    I was a Commissioner of the Port Authority before I came to 
the Senate. And one of the first things I did was to go down in 
the Port Authority tube tunnel. I wanted to see what it was 
like. And I found things in unacceptable condition, fire doors 
locked and a electrical system that was so antiquated--one 
system is one series, another is a different kind of system. 
So, one system, if you lose a bulb, half of the system goes 
out, things of that nature. It was shocking. And they got on it 
in a hurry, but the inspection for these things is essential. I 
mean, security is not simply, as all of you know, a terrorist 
taking action against our citizens, but there are also other 
security measures--fire, et cetera, and the terrible thing we 
saw on 9/11 that----
    So, what I'm trying to do is to make sure that there is an 
awareness by TSA that response time has to be far better than 
that which--and I'm not asking for your opinion, I want to 
spare you that, but I'm giving you mine, based on what we heard 
here at the table today. And the thing that we have to do is 
step up to our full responsibility.
    And I'm pleased to have you here with us. I appreciate the 
time that you've given.
    We will keep the record open, to see if any other questions 
occur that we might want to talk to you about.
    I want to ask Mr. Elliott a question. In 2007 CSX provided 
New Jersey's regional operations, intelligence center with 
access to online systems that allow the center to track the 
location and contents of CSX trains in real time. You mentioned 
this. How has this partnership, do you think, improved rail 
security? And might it be replicated throughout the country?
    Mr. Elliott. Well, thank you, Senator Lautenberg, for the 
question. As you asked me the question, I think the example of 
the partnership that we have with the New Jersey State 
Department of Homeland Security is, again, an admirable one. 
Much is to the credit of then-Director of Homeland Security, 
Dick Canas. He is no longer in that position, but I give much 
of the credit for the success of that public-private 
partnership to his candor, his vision, and his frankness in 
wanting freight rail transportation to be an equal partner in 
helping to ensure the safety and security within the state.
    And what we did, through the technology that we provided, 
was actually provide transparency to the state homeland 
security group within New Jersey. That allowed them 
transparency. This is something that then-Director Canas was 
very interested in having, so he could go to the leadership in 
New Jersey, and he could honestly say--and you talked about 
that corridor, the chemical coast up in North Jersey. Senator, 
so he could honestly say that he knew where every train was on 
CSX, and where every hazardous-material car might be in that 
train. We provided him with that transparency.
    I think, in return, the Department of Homeland Security in 
New Jersey did some very positive things, unlike we have seen 
in any other state, in that they utilized some of their hard-
to-get Federal DHS dollars and put that toward infrastructure 
protection of freight rail assets. And that is not something 
else that we have seen a model of.
    As you know, while we receive some Federal dollars, it is 
solely for training. We get no Federal funds to enhance any of 
our security assets. But, in the case of New Jersey, they found 
a way to work closely with their freight rail partner, CSX, to 
come up with a win-win scenario. And, again, this is 
something--both the technology and the transparency--that we 
try to provide and we have in place in eight states. And we are 
actually working with approximately four other states to 
provide the same technology. And you heard me mention that both 
the TSA Freedom Center, in Herndon, and the DOT Crisis Center, 
here in Washington, both have that technology.
    But, do I think it could be replicated? Yes. I think there 
is a need for--in the right hands, in the right secure hands--
for security analysts and security officials to be able to have 
a better understanding where the Nation's freight railroads are 
operating. And give them better information so they, in turn, 
can do their part to help protect us.
    Senator Lautenberg. Do you talk to others in the freight 
business about security measures? Is there an interchange of 
information?
    Mr. Elliott. Yes. Through our trade association, the 
Association of American Railroads, there is a standing security 
committee. And there is regular interaction, regular dialogue 
on what we are doing throughout the industry to enhance 
security.
    Senator Lautenberg. Well, each of you has a responsibility 
that overlaps with your neighbor across the table. And the 
exchange of information is critical, information about things 
that might be happening, but also about improving your 
communications, timing and efficiency. And I would ask you, 
please--you know how to get a hold of my office, and if you 
have any commentary that goes beyond the questions that we may 
submit for the record, we'd invite you to volunteer your views 
on any of the ideas that come your way as a result of your 
people being in the field.
    I wanted to check one thing with you, Mr. Kelly, before we 
finish. And I promise, this is the last, and I'll let you go, 
and I'll go. And that is, you talked about the complement that 
you have in your police department; 244----
    Mr. Kelly. Yes, sir.
    Senator Lautenberg.--positions. And did you have to take 
some cuts in that now?
    Mr. Kelly. The police department lost no sworn positions, 
sir. We did----
    Senator Lautenberg. All right----
    Mr. Kelly.--we did lose some positions in the police 
department, but none of them were police officers.
    Senator Lautenberg. Thank you all very much for being here.
    [Whereupon, at 4:21 p.m., the hearing was adjourned.]

                            A P P E N D I X

Response to Written Questions Submitted by Hon. John D. Rockefeller IV 
                          to Hon. David Heyman

    Question 1. Can you please provide a status update, timeline, and 
plan of action for when each of the rules mandated in the Implementing 
the Recommendations of the 9/11 Commission Act related to comprehensive 
security training for rail, transit, and bus workers will be issued?
    Answer. TSA has combined three requirements in the ``Implementing 
Recommendations of the 9/11 Commission Act of 2007'' (9/11 Act) for 
security training rules into a single regulation. Sections 1408, 1517, 
and 1534 of the 9/11 Act require the Secretary to develop and issue 
regulations for training frontline employees of public transportation, 
railroad, and over-the-road-bus operators, respectively. The Notice of 
Proposed Rulemaking (NPRM) is being developed, as required by the 9/11 
Act, in consultation with representatives of government and law 
enforcement experts, emergency responders, private sector operators, 
and labor organizations. TSA anticipates that the NPRM would be 
available for public comment in early calendar year 2011.

    Question 2. To what extent is each surface transportation mode 
applying, or adapting, the National Infrastructure Protection Plan's 
threat, vulnerability, and consequence construct to their respective 
modes to produce comprehensive risk assessments and to rank assets or 
systems accordingly? Which modes have made the most progress in this 
effort?
    Answer. As described in the National Infrastructure Protection Plan 
(NIPP), the Transportation Security Administration (TSA) is a co-Sector 
Specific Agency (SSA) for the Transportation Sector along with the U.S. 
Coast Guard (USCG), and TSA is responsible for developing and carrying 
out the provisions of the Sector Specific Plan (SSP) for Transportation 
Systems--including the modal annexes for the surface transportation 
modes. The USCG is a co-SSA for the Transportation Sector for the 
maritime mode of transportation. The Transportation Systems SSP 
addresses the applicability of the NIPP's risk management framework 
construct to the Transportation Sector-Specific programs and how the 
sector has responded to the request to rank assets or systems 
accordingly.
    Specifically, several risk assessment tools have been developed and 
implemented in support of the sector risk management framework, to 
identify and address measures required to build resilience in all the 
modes of transportation. The sector developed a comprehensive 
methodology for conducting annual assessments of terrorism-related 
risks across the sector. The Transportation Sector Security Risk 
Assessment (TSSRA) was designed to provide data for modal and cross-
modal risk analyses and enable the Department of Homeland Security 
(DHS) to develop a baseline understanding of the risk landscape facing 
the sector. Similar methodologies such as the USCG's Maritime Security 
Risk Analysis Model (MSRAM), and the Baseline Assessment for Security 
Enhancement in the mass transit mode have a more finite scope than 
TSSRA, but share the goal of helping to determine the individual mode's 
most important risk considerations.
    The Highway and Motor Carrier Security Division in TSA has 
developed a risk based methodology to determine the most critical 
highway infrastructures and has begun conducting in-depth risk 
assessments of these structures. TSA provided the individual states 
with the methodology to determine that these structures and this 
information were forwarded by each state to TSA. Although results were 
not received from all states, TSA, working with the Army Corps of 
Engineers, has begun conducting assessments on the top 58 and 
anticipates completing approximately 25-30 by the end of 2010. At the 
National level, the Office of Infrastructure Protection, Homeland 
Infrastructure Threat and Risk Analysis Center (HITRAC) is engaged in a 
systematic building of capability of transportation networks, system 
interdependencies, and consequence assessments through the National 
Infrastructure Simulation and Analysis Center (NISAC) to assist with 
both risk assessment and consequence management during real world 
events.
    Additionally, the Highway and Motor Carrier Security Division in 
TSA has completed industry risk assessments on the school 
transportation industry and the trucking industry as required by the 9/
11 Act. TSA is also completing industry risk assessments on the over-
the-road bus industry, an overview of the states' Departments of 
Transportation structures, and an overall assessment of the entire 
highway mode.

    Question 3. Given that the Surface Transportation Security Program 
is under supervision of the aviation-focused Federal Security 
Directors, what steps does TSA take to ensure that surface 
transportation security gets the appropriate level of priority?
    Answer. The Transportation Security Administration provides program 
oversight from headquarters to ensure work products at each location 
meet the frequency and quality mandated in the regulatory activities 
plan. In addition to oversight reports, six Regional Security 
Inspectors-Surface with extensive surface expertise are assigned to 
regions and conduct regular site visits to ensure standardization. 
Surface security training for all FSDs and AFSD-Is is ongoing to ensure 
they have the proper foundation to lead and manage the surface 
transportation security within their respective Area of Responsibility 
(AOR).

    Question 4. How does TSA ensure that those responsible for surface 
transportation security have the necessary level of expertise?
    Answer. The Transportation Security Administration has established 
experience requirements for transportation security inspectors. Those 
in lead or supervisory positions are required to have surface 
experience to provide stability to the surface program. Inspectors are 
assessed against these requirements throughout the interview, hiring, 
and promotion processes.

    Question 5. What is the status of TSA's efforts to develop a 
national bridge strategy to supplement the Highway Infrastructure and 
Motor Carrier Annex to assist the stakeholder community in assessing 
both the criticality and the security vulnerabilities of its assets?
    Answer. The Transportation Security Administration (TSA) is moving 
ahead to: identify critical structures; conduct vulnerability 
assessments on those structures; identify and share with stakeholders 
appropriate structural and operational vulnerability mitigation steps 
and tools; identify and recommend contemporary technological mitigation 
products; and promote appropriate security elements in planning and 
funding stages of new or significantly modified critical highway 
structures.
    A National Strategy for Highway Bridge Security was developed in a 
multi-agency work group chaired by TSA and signed into policy by then-
TSA Administrator Kip Hawley in 2008. It is currently under biennial 
review and possible update by the same work group. Participants in that 
group included TSA, the DHS Offices of Policy, Infrastructure 
Protection (IP) and Science and Technology (S&T), as well as the 
USDOT's Federal Highway Administration. Since the Strategy's approval, 
the principles agreed upon have guided TSA's initial selection and 
inspection of highway structures in a cooperative campaign with its 
fellow Federal agencies.
    Using Strategy principles, TSA identified a list of 58 critical 
infrastructures to be assessed over the next 2 years, including 45 
bridges and 13 tunnels. TSA has engaged the U.S. Army Corps of 
Engineers (USACE) through an Interagency Agreement to complete the 
assessments. Since February 2010, the USACE has completed eight bridge 
assessments. It is anticipated that the USACE will complete 20 to 30 
assessments by the end of calendar year 2010. TSA will share the 
findings of these assessments with appropriate stakeholder communities.
    IP conducts specialized field assessments to identify 
vulnerabilities of nationally significant critical infrastructure and 
key resources (CIKR). These vulnerability assessments provide the 
foundation of the risk-based implementation of protective programs 
designed to prevent, deter, and mitigate the risk of a terrorist attack 
while enabling timely, efficient response and restoration in an all-
hazards post-event situation. IP has conducted 274 vulnerability 
assessments on CIKR Transportation Sector assets, including 102 
assessments of surface transportation assets, on the Level 1/Level 2 
List since 2004.
    These assessments are conducted on a strictly voluntary basis. IP 
has no regulatory authority on transportation sector assets to conduct 
assessments and relies on the cooperation of its private sector 
partners. The final assessment report is classified Protected Critical 
Infrastructure Information (PCII), and is limited in distribution.
                                 ______
                                 
Response to Written Questions Submitted by Hon. Frank R. Lautenberg to 
                           Hon. David Heyman

    Question 1. Please provide the Committee with your training program 
for surface transportation inspectors and VIPR teams.
    Answer. Transportation Security Administration (TSA) Surface 
Inspectors receive 5 weeks of initial training that covers: Department 
of Homeland Security and TSA missions, core values, roles and 
responsibilities; the Aviation and Transportation Security Act (ATSA), 
the Implementing Recommendations of the 9/11 Commission Act of 2007, 
and other guiding legislation or documents; ethics and other legal 
issues; 49 CFR Part 1580 Rail Transportation Security; and TSA 
compliance and enforcement strategies. In addition, Surface Inspectors 
attend a one-week Railroad Operations Safety and Security training 
course that covers: safety; industry terminology; railroad and transit 
system organizational structure; rail and transit system operations; 
infrastructure; hazmat; emergency response; and railroad/rail mass 
transit security initiatives.
    Follow-on training consists of various courses conducted by the 
Federal Law Enforcement Training Center, the Transit Safety Institute, 
the New Mexico Tech Energetic Materials Research and Testing Center; 
and the Federal Emergency Management Agency (FEMA).
    The TSA Office of Law Enforcement/Federal Air Marshal Service has 
established an Intermodal Training Branch (ITB) at its training center 
in Atlantic City, New Jersey. The goal of the ITB is to develop Surface 
mode specific training curricula and tactics for Federal Air Marshals 
to utilize while conducting Visible Intermodal Prevention and Response 
(VIPR) operations. Training courses have been developed and are being 
implemented at the field level.
    TSA VIPR assets at the management and field levels attend a 
Railroad Operations, Safety and Security Training class in Pueblo, 
Colorado, in an effort to familiarize them with the surface 
transportation domain. TSA also continues to leverage its 
transportation stakeholder/partners by attending training sponsored by 
transportation entities regarding operational safety and tactics in the 
surface transportation domain.
    Locally, the TSA coordinates with the transit agency to train 
inspectors as well as other VIPR team members to operate within their 
system. The training usually includes work and track safety and an 
overview of the station to include emergency exits. The Inspectors have 
also been trained to conduct station profiles, which are also part of 
pre-operational planning for VIPR.

    Question 2. For several years TSA has partnered with the private 
freight railroads and the Department of Transportation to develop the 
Rail Corridor Risk Management System to measure the risk of 
transporting hazardous materials by rail. How will the Department 
continue to support this important Rail Corridor Risk Management 
System?
    Answer. Since its inception in 2005, the Freight Rail Security 
Grant Program (FRSGP) has allocated funding for the development of a 
Rail Corridor Risk Management System (RCRMS) to assist railroads with 
the analysis of routes used to transport certain hazardous materials. 
The Transportation Security Administration (TSA) believes that the 
RCRMS is now in an operations and maintenance phase and that future 
funding should be provided by the regulated parties that use RCRMS to 
assist them in complying with the provisions of 49 CFR 172.820. 
However, TSA will continue to work with the Federal Railroad 
Administration (FRA) to evaluate new funding needs for new 
capabilities, as/if they arise. TSA will also continue to work with FRA 
in reviewing the routing analyses submitted by the railroads by 
providing relevant threat and vulnerability intelligence to inform the 
RCRMS.

    Question 3. As part of your rail risk assessment, have you 
considered whether encouragement of the chemicals industry to develop 
alternative products or manufacturing processes would have an effect on 
security risks?
    Answer. The freight railroad risk assessment prepared by the 
Transportation Security Administration does not directly address the 
issue of product substitution or inherently safer technologies to 
replace toxic inhalation hazard (TIH) materials in rail transportation. 
The primary objective of the railroad risk assessment was to identify 
the risk to and from freight rail transportation in its current state.

    Question 4. When will TSA develop performance measures to evaluate 
grants provided under its various transportation security grants?
    Answer. The Transportation Security Administration (TSA) is 
currently working with the Federal Emergency Management Agency (FEMA) 
to develop performance measures for grant programs that can be 
objectively measured and incorporated into ongoing and regular site 
monitoring visits. TSA is also working to identify current mitigation 
actions for high-risk critical infrastructure assets, including how/
when they will be fully remediated. These actions will provide tangible 
results on the effectiveness of grant funding for implementation in the 
Fiscal Year 2011 grants cycle.

    Question 5. When will TSA have measures in place to determine the 
effectiveness of its VIPR teams, as recommended by GAO?
    Answer. The Transportation Security Administration (TSA) continues 
to work on enhancing and refining the current Visible Intermodal 
Prevention and Response (VIPR) performance metrics as improvements are 
made to data collection and analytical capabilities.
    To continue to address the opportunities cited by the Government 
Accountability Office, the VIPR program is incorporating additional 
functionality into a new information system being implemented during 
calendar year 2010. This system will be readily available to all VIPR 
team members for documenting, planning, deploying, and follow-up of the 
VIPR program activities. Analysis of performance data over time at both 
the local and national levels will increase understanding of VIPR 
program effectiveness.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Maria Cantwell to 
                           Hon. David Heyman

    Question 1. As you know, ferry transportation is a critical 
component of Washington State's transportation system. I know that DHS 
has been very concerned about the vulnerability of ferries to terrorist 
attack. I appreciate how well you have worked with the Washington State 
Ferry System on security issues. How does the department evaluate the 
current safety and security regimes across the various ferry systems 
operating in the U.S.?
    Answer. The United States Coast Guard's (USCG) Ports, Waterways, 
and Coastal Security (PWCS) strategy views security as a shared 
responsibility, requiring collaboration and cooperation at all levels 
of government, with the private sector, and international partners. All 
passenger vessels (including ferries) of over 100 gross tons that are 
capable of carrying more than 150 passengers in domestic service, or 
that are capable of carrying more than 12 passengers on an 
international voyage, are required to comply with the Maritime 
Transportation Security Act (MTSA) of 2002, and its regulatory 
provisions found in 33 CFR Parts 101-105.
    The Transportation Security Administration (TSA) supports the USCG 
in ensuring compliance by applicable maritime facilities and vessels 
(including ferries) with 33 CFR parts 101-105 by leveraging its core 
competencies of passenger screening, explosives detection, 
Transportation Worker Identification Credentialing (TWIC) management, 
and intermodal transportation security.

    Question 2. Are there aspects of ferry security that are of special 
concern to the Department?
    Answer. The United States Coast Guard (USCG), in conjunction with 
U.S. Customs and Border Protection (CBP), and other Federal, State and 
local officials, has been interested in reducing the security risk 
posed by ferry vessels. Under the USCG's Operation Neptune Shield, 
Sector Commanders are directed to escort a percentage of high capacity 
passenger vessels, including ferries, to deter and protect them against 
small vessel attacks.

    Question 3. Are we investing adequately in ferry safety and 
security in light of the number of passengers and vehicles ferries 
transport?
    Answer. Maritime security is achieved through the combined and 
coordinated efforts of international, private, and governmental 
maritime security community members. A layered strategy is used to 
create a security regime that reduces risk and shares cost. For 
example, the FEMA administered Port Security Grant Program (PSGP) has 
made over $1 billion available to eligible maritime stakeholders, 
including ferry systems, since the inception of the program in 2002. To 
reduce or eliminate vulnerabilities, certain high risk ferry systems, 
for a number of years, had access to their own separate allotment of 
PSGP money for which only they could apply. Though there is no longer a 
separate ferry allotment, eligible ferry systems can still apply for 
money from the general PSGP fund.

    Question 4. Can you assure us that container cargo coming into the 
Port of Prince Rupert, British Columbia, and across the U.S.-Canada 
land border is subject to the same security scrutiny as import 
containers entering through U.S. ports?
    Answer. U.S. Customs and Border Protection (CBP) exercises level of 
security scrutiny for container cargo coming into the Port of Prince 
Rupert, British Columbia as it does for import containers entering 
through other U.S. ports absent specific threat streams. Conveyances 
arriving in the United States from Canada through land border ports of 
entry by truck or rail are arriving from foreign origins, and are thus 
subject to the same level of security scrutiny as containers being 
imported directly through U.S. ports.
    Regardless of the mode of transportation, CBP concentrates its 
efforts on its primary mission of preventing terrorists and terrorist 
weapons from entering the United States, while at the same time 
facilitating legitimate trade and travel. CBP must secure America's 
borders while doing it in a way that does not stifle the flow of 
legitimate trade and travel through our borders.
    We are accomplishing these equally important goals through the use 
of advance information, risk-management targeting systems, detection 
technologies and extended border strategies. CBP employs a layered 
enforcement approach to safeguarding U.S. borders from threat by land, 
air, and sea.
    CBP recognizes that no single strategy or risk assessment is 100 
percent effective and accurate, thus CBP focuses on layering multiple 
initiatives together to accomplish its mission. CBP works aggressively 
with trade and government partners to legislate improvements regarding 
data timeliness and quality, which augment the abilities of highly 
trained personnel to using cutting edge technology for targeting, 
detecting and securing terrorists, or implements of terrorism, destined 
to the United States.
    The strategies and technologies used within our agency to help 
combat terrorism and prevent instruments of terror from entering the 
United States include:

   The National Targeting Center (NTC)--A single location for 
        coordinating critical intelligence within CBP and with the 
        Intelligence Community to rapidly implement targeting responses 
        for passengers and cargo;

   The Automated Targeting System (ATS)--A decision support 
        system that enables CBP to utilize automated risk-scoring 
        algorithms to vet relative levels of risk for cargo shipments 
        and passengers and focus inspection efforts. ATS is a highly 
        adaptive system that allows CBP to fuse data from enforcement 
        and commercial sources to assess risks. For cargo, ATS 
        integrates entry declaration, carrier manifest data and 
        enforcement data, and utilizes extensive and comprehensive 
        historical data to identify unusual and high-risk shipments. 
        The industry data that feeds ATS is substantial, and the Trade 
        Act regulations requires detailed and accurate cargo 
        information in advance of arrival to facilitate risk 
        evaluation;

   Regulatory Changes for Reporting Requirements--CBP actively 
        works with the trade community to evaluate new and refined 
        reporting requirements that can enhance supply chain 
        transparency and security. Recent and significant examples 
        include the 24-Hour Rule and the Trade Act. These regulatory 
        changes give CBP the authority and mechanisms needed to receive 
        detailed electronic cargo information on all U.S.-bound sea 
        cargo before it leaves a foreign seaport; allows receipt of 
        cargo information for air, rail and truck shipments, and 
        permits targeting decisions to be made before the arrival of 
        conveyances;

   The Container Security Initiative (CSI)--CBP is targeting--
        and with our foreign counterparts--screening targeted 
        containers; that may be used to conceal terrorist weapons 
        before they are loaded on ships destined for the United States;

   The Customs-Trade Partnership Against Terrorism (C-TPAT)--
        Through C-TPAT, CBP has partnered with the private sector to 
        implement security standards and best practices that better 
        protect the entire supply chain against exploitation by 
        terrorists--from foreign loading docks to U.S. ports of entry;

   Non-Intrusive Inspection (NII) and Radiation Detection 
        Technologies--Another facet of our layered defense that enables 
        CBP to screen a larger portion of the stream of commercial 
        traffic in less time while facilitating legitimate trade and 
        travel. These tools provide CBP with a significant capability 
        to detect and interdict terrorist weapons and other contraband 
        at U.S. ports;

   Air Cargo Interagency Collaborations--Efforts between CBP 
        and other agencies have been established to strengthen air 
        cargo security;

   And, the implementation of ``Smart Border'' agreements that 
        involve a number of actions to improve information exchange and 
        adopt benchmarked security measures that will reduce the 
        terrorist threat at our borders, such as the sharing of 
        significant seizure information that would enhance future 
        targeting efforts.

    These layers are interdependent and deployed simultaneously, to 
substantially increase the likelihood that contraband, including 
terrorists and weapons of terror will be detected. No single strategy 
could provide the level of security that CBP has worked to achieve and 
maintain since the tragic events of September 11, 2001.

    Question 5. DNDO hasn't yet come up with a radiation screening 
solution for on-dock container transfers from ship to rail, so 
containers at Port of Tacoma have to be unloaded, scanned and then 
loaded on trains. Prince Rupert has on-dock intermodal rail facilities 
like Tacoma. Are they going to the same lengths to screen containers 
for radiation?
    Answer. The Canada Border Services Agency (CBSA) concept of 
operations (CONOPS) for scanning ship-to-rail containers at Prince 
Rupert is similar to the CONOPS used at most of the terminals at Port 
of Tacoma (POT). The CONOPS used at Prince Rupert and most of the 
terminals at POT involves yard-haulers (i.e., tractor and trailer with 
container) driving through ``standard'' 4-panel radiation portal 
monitors (RPMs) at multiple locations on each terminal. The Pierce 
County Terminal at the POT, however, has a much more challenging issue. 
They use straddle-carriers to move containers from the ship to the 
stacks and/or the train and have no physical space or infrastructure to 
add RPMs or tractor/trailer equipment. A straddle-carrier is much too 
large (size and shielding) to be scanned with a `standard' RPM, which 
is driving the proof-of-concepts in the On-Dock Rail Program.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Amy Klobuchar to 
                           Hon. David Heyman

    Question 1. As a former prosecutor, I am always concerned that 
state and local law enforcement entities play an informed and active 
role in security initiatives. Can you explain in more detail how TSA is 
working to incorporate state and local law enforcement into mass 
transit security? What are some of your suggestions as to how we can 
better improve on that partnership?
    Answer. The Transportation Security Administration (TSA) augments 
the efforts of Federal, state and local resources to deter potential 
terrorist and criminal activity across various modes of transportation 
by effective deployment of Visible Intermodal Prevention and Response 
(VIPR) teams.
    VIPR teams work alongside stakeholders, including law enforcement, 
utilizing a variety of security tactics that are accomplished through 
coordination with stakeholders to deploy Federal, state and local 
resources, as well as integrated TSA assets, to conduct random high 
visibility patrols, passenger and baggage screening operations, and 
deployment of explosive detection canine teams, and technology.
    TSA takes a proactive approach to initiating, building and 
maintaining stakeholder relationships by conducting face-to-face 
meetings, and conducting stakeholder teleconferences. TSA also meets 
bi-annually with the major rail and mass transit police chiefs at the 
Safety and Security Roundtable co-sponsored by the Departments of 
Transportation and Homeland Security, and maintains liaison with rail 
and mass transit police chiefs at the annual International Association 
of Chiefs of Police conference.
    National Explosives Detection Canine Team Program (NEDCTP) has 
partnered and entered into Cooperative Agreements with 19 law 
enforcement agencies in the Mass Transit/Maritime arena. TSA also 
partially funds over 100 state and local explosives detection canine 
teams in mass transit/maritime, to offset operating costs experienced 
by municipalities.
    Additionally, the Buffer Zone Protection Program (BZPP) is a DHS-
administered, $50 million targeted infrastructure protection grant 
program for local law enforcement focused on identifying and mitigating 
vulnerabilities at the highest-risk critical infrastructure sites and 
providing funding to local law enforcement for equipment acquisition 
and planning activities to address gaps and enhance security 
capabilities. The BZPP is designed to increase first responder 
capabilities and preparedness by bringing together private sector 
security personnel and first responders in a collaborative security 
planning process that enhances the buffer zone--the area outside a 
facility that can be used by an adversary to conduct surveillance or 
launch an attack, around individual assets.
    Since FY 2004, IP has conducted 165 BZPP assessments on Level 1/
Level 2 assets throughout the Transportation Sector, and distributed 
$25 million in grant funding. As a subset, 19 BZPP assessments have 
been conducted in the mass transit subsector, providing a total of 
approximately $4.5 million in grant funding.

    Question 2. In your testimony, you mentioned that in October 2009, 
Amtrak and TSA partnered to conduct random passenger and baggage 
screening at multiple locations across the Northeast Corridor. I 
understand you intend to expand this initiative nationwide. You cite 
this program as among DHS' most effective deterrence and detection 
tools for countering terrorist threats. Can you elaborate on it?
    Answer. The 2009 initiative referenced above was an Amtrak-led, 
Transportation Security Administration (TSA) supported, simultaneous 
security operation that occurred during the morning and evening rush 
hours throughout the Northeast Corridor from New England to Northern 
Virginia. Amtrak Police, TSA Transportation Security Inspectors, and 
more than 100 police departments across 13 states mobilized for this 
coordinated operation that included random passenger and baggage 
screening at multiple locations among the 150 railway stations involved 
in the event.
    The joint operation demonstrated the capability to implement 
random, unpredictable security enhancements, quickly and on short 
notice, at multiple passenger rail locations. Similar to previous 
operations held over the last 2 years, these continuing operations, 
through their emphasis on mutual cooperation, set the stage for future 
quick, short notice use of this capability. In addition to random 
passenger and baggage screening, other security enhancements 
implemented during the initiative that contributed to its success 
included the Visible Intermodal Prevention and Response (VIPR) 
operations and canine teams. The readiness of Amtrak; state, local and 
transit law enforcement partners; and TSA to act jointly and 
simultaneously was part of the continuous effort to advance a 
collaborative security strategy for the Northeast Corridor.

    Question 3. In your testimony, you mentioned that in October 2009, 
Amtrak and TSA partnered to conduct random passenger and baggage 
screening at multiple locations across the Northeast Corridor. I 
understand you intend to expand this initiative nationwide. What 
evidence do you have to show that randomized screening has lowered the 
threat level to trains running on the Northeast Corridor?
    Answer. There are significant indicators that suggest that the pro-
active security program encouraged and fostered by TSA and its security 
partners, and consisting of numerous individual security programs and 
efforts, have served to lessen the overall risk to trains operating in 
the Northeast Corridor. These include: greater public awareness of 
increased, security measures based on visibility and media coverage 
underlining rail passenger vigilance; better communications with local 
law enforcement agencies, the transit police, and security forces as 
evidenced through the success of joint operations; and more efficient 
and timely sharing of information between law enforcement agencies.
                                 ______
                                 
             United States Government Accountability Office
                                       Washington, DC, June 3, 2010
Hon. John D. Rockefeller IV,
Chairman,
Committee on Commerce, Science, and Transportation,
U.S. Senate.

Hon. Frank R. Lautenberg,
Chairman,
Subcommittee on Surface Transportation and Merchant Marine 
            Infrastructure, Safety, and Security,
Committee on Commerce, Science, and Transportation,
U.S. Senate.

Subject: Surface Transportation Security: GAO Responses to Post-hearing 
            Questions for the Record

    On April 21, 2010, I testified before your committee at a hearing 
on Surface Transportation Security.\1\ This letter responds to the four 
questions for the record you posed. Your questions and my responses 
follow.
---------------------------------------------------------------------------
    \1\ GAO, Surface Transportation Security: TSA Has Taken Actions to 
Manage Risk, Improve Coordination, and Measure Performance, but 
Additional Actions Would Enhance Its Efforts, GAO-10-650T (Washington, 
D.C.: Apr. 21, 2010).

    Question 1. What measures can TSA or DHS put into place to 
determine if homeland security funds are effectively reducing risks to 
the Nation's surface transportation security networks?
    Answer. In recent years, the President and Congress have provided 
that Federal agencies with homeland security responsibilities should 
apply risk management principles to inform their decisionmaking 
regarding allocating limited resources and prioritizing security 
activities. DHS's risk management principles include using metrics and 
other evaluation procedures to measure progress and assess the 
effectiveness of protection programs. However, we have previously 
reported that TSA has not established a mechanism to monitor how 
effectively the agency has implemented its risk management framework 
and used these results to improve its performance.\2\ We recommended 
that TSA establish a system to monitor and improve how effectively 
DHS's risk management framework is being implemented. DHS concurred 
with our recommendation and in August 2009 stated that TSA has 
established an Executive Risk Steering Committee that will, among other 
activities, oversee TSA's risk management strategy and provide a 
structure to support standing and ad-hoc risk management working 
groups.
---------------------------------------------------------------------------
    \2\ GAO, Transportation Security: Comprehensive Risk Assessments 
and Stronger Internal Controls Needed to Help Inform TSA Resource 
Allocation, GAO-09-492 (Washington, D.C.: Mar. 2009)
---------------------------------------------------------------------------
    We have also reported that TSA has not always taken necessary steps 
to inform its resource allocation or fully assessed alternatives that 
could be pursued to achieve efficiencies and potentially enhance 
security.\3\ In March 2009, we recommended that TSA take several 
actions to promote the effective use of risk management, including 
adopting security goals that define specific outcomes, conditions, end 
points, and performance targets; conducting comprehensive risk 
assessments that combine individual assessments of threat, 
vulnerability, and consequence; and analyzing these risk assessments to 
produce a comparative analysis of risk across the entire transportation 
sector to guide current and future investment decisions.\4\ DHS 
concurred with our recommendation and in April 2010, TSA officials 
stated that the agency had revised its risk management framework, along 
with its Transportation Security Sector-Specific Plan and accompanying 
modal annexes. They added that these documents are undergoing final 
agency review. Until TSA completes risk assessments for each individual 
transportation mode and analyzes these assessments to produce a 
comparative risk analysis across all modes, the agency is limited in 
its ability to ensure that it is allocating its resources to those 
areas with the highest priority risks.
---------------------------------------------------------------------------
    \3\ See GAO-09-492; Commercial Vehicle Security: Risk -Based 
Approach Needed to Secure the Commercial Vehicle Sector, GAO-09-85 
(Washington, D.C.: Feb. 2009); Highway Infrastructure: Federal Efforts 
to Strengthen Security Should Be Better Coordinated and Targeted on the 
Nation's Most Critical Highway Infrastructure, GAO-09-57 (Washington, 
D.C.: Jan. 2009); Passenger Rail Security: Enhanced Federal Leadership 
Needed to Prioritize and Guide Security Efforts, GAO-07-225T 
(Washington, D.C.: Jan. 18, 2007); and Transportation Security: 
Systematic Planning Needed to Optimize Resources, GAO-05-357T 
(Washington, D.C.: June 29, 2005).
    \4\ GAO-09-492.
---------------------------------------------------------------------------
    We have also reviewed DHS's Transit Security Grant Program (TSGP), 
which the agency uses to provide funds to owners and operators of mass 
transit and passenger rail systems to protect critical surface 
transportation infrastructure. In June 2009, we reported that the TSGP 
incorporated a risk model that included all three risk elements 
(threat, vulnerability, and consequence) and was intended to allocate 
grant funding to the highest-risk regions and transit agencies.\5\ 
However, we further reported that the TSGP risk model could be 
strengthened by measuring variations in vulnerability--which is 
considered a generally accepted practice in assessing terrorism risk--
and recommended that DHS develop a cost-effective method for 
incorporating vulnerability information into future iterations of the 
TSGP risk model.\6\ DHS agreed with our recommendation and in April 
2010, DHS stated that it has not yet taken action to vary vulnerability 
in its risk model, but is reevaluating the model for the Fiscal Year 
2011 cycle. Further, DHS stated that TSA is evaluating the feasibility 
of incorporating an analysis of the current state of an asset in 
determining grant funding for the Fiscal Year 2011 cycle, which the 
agency believes would address our recommendation. Until DHS considers 
possible variations in vulnerability in the TSGP risk model, the agency 
will be limited in its ability to assess risk and more precisely 
allocate transit security grants.
---------------------------------------------------------------------------
    \5\ GAO, Transit Security Grant Program: DHS Allocates Grants Based 
on Risk, but Its Risk Methodology, Management Controls, and Grant 
Oversight Can Be Strengthened, GAO-09-491 (Washington, D.C.: June 
2009).
    \6\ DHS has held vulnerability constant because it lacked data on 
the differences in vulnerability among transit agencies.

    Question 2. To what extent have Federal entities coordinated their 
efforts to assess the risks to the Nation's highway infrastructure?
    Answer. In January 2009, we reported that although several Federal 
entities, including TSA and the U.S. Coast Guard (USCG), had efforts 
underway to assess the risk to highway infrastructure, these 
assessments had not been systematically coordinated among key Federal 
partners.\7\ Specifically, we found that DHS agencies and offices, 
including TSA, DHS's Office of Intelligence and Analysis, and USCG, 
each had efforts underway to assess the threats posed to highway 
infrastructure, including the most likely tactics that terrorists may 
use and potential targets. We also reported that Federal agencies were 
assessing the security vulnerabilities of, and consequences of an 
attack on highway assets to some degree, although the scope and purpose 
of these individual efforts varied considerably. For example, TSA's 
Highway Motor Carrier (HMC) division had chosen to identify highway 
infrastructure vulnerabilities by working primarily with state 
departments of transportation to identify the extent to which common 
security practices are employed given staffing limitations and the 
substantial number of highway infrastructure assets under their 
jurisdiction. However, we reported that more comprehensive, asset-
specific vulnerability analyses were being conducted by both DHS's 
Office of Infrastructure Protection and the USCG, although the scope 
and purpose of the resulting products varied considerably. In addition, 
we reported that TSA conducts reviews of security practices at the 
state level through its Corporate Security Review (CSR) program to 
develop a baseline assessment of security nationwide. While TSA's CSR 
assessments have a wide scope, other Federal agencies operate programs 
that assess the security vulnerabilities of specific highway assets. 
However, we found that the various assessments conducted to date were 
not well coordinated among these key Federal partners, and the results 
have not been routinely shared. We noted that enhanced coordination 
with Federal partners could better enable TSA to determine the extent 
to which specific critical assets had been assessed and whether 
potential adjustments in its CSR methodology were necessary to target 
remaining critical infrastructure assets. We recommended that to 
enhance collaboration among entities involved in securing highway 
infrastructure and to better leverage Federal resources, DHS establish 
a mechanism to systematically coordinate risk assessment activities and 
share the results of these activities among the Federal partners. DHS 
concurred with the recommendation and in February 2010, TSA officials 
indicated that its HMC division had initiated an interagency agreement 
with the U.S. Army Corps of Engineers to conduct on-site risk 
assessments. The agency also reported that it has met with other 
Federal agencies that conduct security reviews of highway structures to 
identify existing data resources, establish a data-sharing system among 
key agencies, and discuss standards for future assessments.
---------------------------------------------------------------------------
    \7\ GAO-09-57.

    Question 3. To what extent has TSA assessed the security risk for 
the commercial vehicle sector and used its lessons learned to implement 
a security strategy?
    Answer. In February 2009, we reported that TSA had taken actions to 
assess the security risks associated with the commercial vehicle 
sector, including assessing threats and initiating vulnerability 
assessments, but more work remained to fully assess the security risks 
of commercial trucks and buses, and to ensure that this information is 
used to inform TSA's security strategy.\8\ Specifically, we reported 
that although TSA had completed a variety of threat assessments and was 
in the process of developing several threat scenarios with likelihood 
estimates, its key annual threat assessments did not include 
information about the likelihood of a terrorist attack method on a 
particular asset, system, or network, as required by the National 
Infrastructure Protection Plan (NIPP). We also found that although TSA 
cosponsored a large number of vulnerability assessments through a pilot 
initiative in the State of Missouri, the agency had made limited 
progress and had not established a plan or time frame for conducting a 
vulnerability assessment of this sector nationwide. Moreover, we 
reported that TSA had not determined how it will address 
recommendations from an evaluation of the Missouri pilot initiative 
regarding the ways in which future vulnerability assessments can be 
strengthened. In addition, we reported that TSA had not conducted 
assessments of consequences of a terrorist attack on the commercial 
vehicle sector, or developed a plan to conduct sectorwide consequence 
assessments. As a result, we found that TSA had not completed a 
sectorwide risk assessment of the commercial vehicle sector or 
determined the extent to which additional risk assessment efforts are 
needed, nor had it developed a plan or a time frame for doing so, 
including an assessment of the resources required to support these 
efforts. In addition, TSA had not fully used available information from 
its ongoing risk assessments to develop and implement its security 
strategy.
---------------------------------------------------------------------------
    \8\ GAO-09-85.
---------------------------------------------------------------------------
    We recommended that TSA establish a plan and a time frame for 
completing risk assessments of the commercial vehicle sector, and use 
this information to support future updates to the Transportation Sector 
Strategic Plan, to include conducting: (1) to the extent feasible, 
threat assessments that include information about the likelihood of a 
terrorist attack method on a particular asset, system, or network as 
required by the NIPP; (2) a vulnerability assessment of the commercial 
vehicle sector; and (3) consequence assessments of this sector. DHS 
concurred with this recommendation and in August 2009 stated that TSA 
is conducting comprehensive security assessments that will determine 
the risks associated with a terrorist attack upon the Nation's general 
trucking population, and specifically, the hazardous materials trucking 
system; and the Nation's school bus transportation system.

    Question 4. The GAO and the National Security Council have 
identified the need for performance measures to determine the 
effectiveness of grants provided under the TSGP. What performance 
measures should TSA have in place to determine if homeland security 
funds are effectively reducing risk?
    Answer. We reported in April 2009 that TSA's performance measures 
for surface transportation security initiatives should be targeted, 
measurable, outcome-based, and reasonably free of significant bias and 
subjectivity that would distort the accurate measure of performance.\9\ 
We also reported that performance measures should provide a reliable 
way to assess progress such that the same results would be achieved if 
applied repeatedly to the same situation. Moreover, since implementing 
the Transit Security Grant Program (TSGP) is a joint responsibility 
between TSA and the Federal Emergency Management Agency (FEMA), we 
reported in June 2009 on the importance of agency collaboration in 
developing performance measures for this program.\10\ For example, we 
identified that FEMA was taking some steps to develop their performance 
monitoring efforts; however, the agency had not collaborated with TSA 
to produce performance measures for assessing the effectiveness of 
TSGP-funded projects, such as how funding is used to help protect 
critical infrastructure and the traveling public from possible acts of 
terrorism. We further reported that FEMA did not yet have performance 
measures in place for its administrative duties, such as measuring the 
time taken to complete reviews of financial and administrative 
requirements. FEMA officials reported that while they were in the 
process of establishing baselines and targets for measures, additional 
work was needed to develop meaningful measures. We noted that until TSA 
and FEMA collaborate to develop a plan with related milestones, it will 
be difficult for the agencies to provide reasonable assurance that 
measures are being developed to ensure that the program is achieving 
its stated purpose of protecting critical surface transportation 
infrastructure. We recommended that TSA and FEMA collaborate to develop 
a plan and milestones for measuring the effectiveness of the TSGP and 
its administration. DHS concurred with our recommendation and in 
November 2009, FEMA officials stated that they agreed to develop a 
collaborative written plan with milestones as part of a formal 
agreement between TSA and FEMA on their roles and responsibilities with 
respect to managing the TSGP.
---------------------------------------------------------------------------
    \9\ See GAO, Freight Rail Security: Actions Have Been Taken to 
Enhance Security, but the Federal Strategy Can Be Strengthened and 
Security Efforts Better Monitored, GAO-09-243 (Washington, D.C.: Apr. 
2009).
    \10\ GAO-09-491.
---------------------------------------------------------------------------
                                           Stephen M. Lord,
                                                          Director,
                                  Homeland Security and Justice Issues.
                                 ______
                                 
Response to Written Questions Submitted by Hon. John D. Rockefeller IV 
                           to Carlton I. Mann

    Question 1. Does TSA effectively use risk in determining its 
resource allocations between its aviation security and surface 
transportation security missions?
    Answer. That is a larger question that we did not address in the 
three reports that provided the basis of our testimony. We did raise 
concerns in both the mass transit report and the surface inspector 
report that the surface inspection program's chain of command was 
unclear due to an aviation-focused command structure. We are not 
certain that TSA's staffing plan for its surface resources will enable 
surface inspectors to operate adequately and independently of TSA's 
aviation security mission.

    Question 2. To what extent have Federal entities coordinated their 
efforts to assess the risks to the Nation's highway infrastructure?
    Answer. We have not specifically reviewed the department's risk 
assessment activities for the Nation's highway infrastructure. We did 
gain some insight into related activities while conducting our review, 
Effectiveness of the Federal Trucking Industry Security Grant Program 
(OIG-08-100, September 2008). We became familiar with the Highway 
Infrastructure and Motor Carrier Modal Annex to the Transportation 
Sector-Specific Plan, which describes how Federal, state, local, and 
private sector entities will work together to protect the highway 
transportation system. We observed interaction between certain 
stakeholders, including how the Highway Information Sharing and 
Analysis Center meets highway and highway-transport-related security 
needs and issues. We recommended that DHS retain the Highway Watch 
program, but also concluded that DHS needed to look for ways to improve 
the effectiveness of the program.

    Question 3. To what extent has TSA assessed the security risk for 
the commercial vehicle sector and used its lessons learned to implement 
a security strategy?
    Answer. We have not performed sufficient work related to security 
risks for the commercial vehicle sector to answer this question.
                                 ______
                                 
 Response to Written Question Submitted by Hon. Frank R. Lautenberg to 
                            Carlton I. Mann

    Question. How should TSA be monitoring whether security 
deficiencies found by security inspectors during BASE reviews, 
Corporate Security Reviews, and other inspections are remedied?
    Answer. BASE Assessments are voluntary. To validate passenger rail 
stakeholder responses to BASE Assessments, TSA's surface inspectors 
review documents, meet with and question personnel, and observe 
security measures within the transit system. In freight rail, TSA 
conducts Security Action Item reviews and like BASE Assessments, 
compliance is voluntary. During our reviews, TSA reported that 
information it gathered from these inspection activities would drive 
the formulation of regulations. To the extent that these efforts lead 
to security standards and promulgation of regulations, TSA's ability to 
effect improvements or address noncompliance, would increase. TSA may 
also indirectly monitor how stakeholders address security deficiencies 
by incorporating how well they implement TSA's recommendations into 
eligibility criteria for relevant grant programs, such as the Transit 
Security Grant Program.
                                 ______
                                 
   Response to Written Questions Submitted by Hon. Amy Klobuchar to 
                            Carlton I. Mann

    Question 1. Assistant Inspector General Mann, in your testimony, 
you indicated that TSA needs better consistency in its interaction with 
mass transit rail stakeholders--again, a public-private partnership 
issue like we saw after the Christmas bombing attempt. Is TSA working 
effectively with private sector partners in implementing security 
programs and sharing guidance and information?
    Answer. In general, TSA's communication with mass transit 
stakeholders has improved since the Department of Homeland Security 
Appropriations Act of 2005 established the Surface Transportation 
Security Inspection Program (STSIP), and TSA has taken steps to 
streamline its programs and information sharing. Part of my comment 
about TSA's consistency related to TSA's evolving administration of its 
Visible Intermodal Prevention and Response program.
    We remain concerned whether recent changes to the organizational 
structure of the STSIP will enhance TSA's relationships and 
communication with its surface transportation partners. The presence of 
dedicated Assistant Federal Security Directors--Surface afforded TSA 
recognizable liaisons to transit systems and enabled information 
sharing.

    Question 2. In your view, what else must TSA do to integrate 
stakeholder expertise into its oversight and assistance programs?
    Answer. Integrating stakeholder expertise into its oversight and 
assistance programs is important. Regional Working Groups have provided 
a forum for stakeholders to provide input on TSA's programs. Despite 
having regional working groups, TSA and transit systems have not always 
agreed on transit systems' greatest risks and threats or the best 
approaches to addressing them. Surface Transportation Security 
Inspectors' presence in the field has benefited TSA's mission 
considerably due to their relationships with transit systems. We are 
uncertain how organization changes within the STSIP might affect those 
relationships or the program's ability to integrate information it 
collects from stakeholders. The STSIP must remain distinct from 
aviation-related security programs, or TSA risks alienating transit 
security stakeholders.
                                 ______
                                 
    Supplemental Prepared Statement of Howard R. ``Skip'' Elliott, 
Vice President--Public Safety and Environment, CSX Transportation, Inc.

    CSX Transportation, Inc. (``CSXT'') thanks the Committee for the 
opportunity to submit these supplemental comments in response to 
Senator Lautenberg's invitation at the close of the hearing on Securing 
the Nation's Rail and Other Surface Transportation Networks (the 
``hearing'') on April 21, 2010.
    These separate comments by CSXT are intended to first, address 
Senator Hutchinson's observations regarding the limited experience of 
many Transportation Security Administration (``TSA'') surface 
transportation inspectors, and second, to address Senator Lautenberg's 
comments regarding the need for more coordination between TSA and the 
private sector on surface transportation security issues.
    As indicated in our oral statement and more fully in our written 
statement submitted to the Committee at the hearing on April 21, 2010, 
CSXT maintains a steadfast commitment to the safety and security of our 
operations and the communities where we operate. We recognize that 
Government and Industry cooperation and collaboration are essential 
components of rail transportation security. At CSXT, we truly believe 
that partnerships and close coordination of security measures is 
essential to enhancing public safety and national security.
    As part of CSXT's ongoing commitment to, and relentless focus on, 
safety and security, CSXT continues to reach out to, and work with, 
Government and Industry officials to find solutions for rail security 
issues. At the hearing, we highlighted some of CSXT's public-private 
partnerships and initiatives to improve rail safety and security. We 
would like to take this opportunity to discuss a newly developed CSXT 
training program for TSA surface transportation security inspectors 
(``TSA Inspectors'') along our network.
    CSXT developed this training program to familiarize TSA Inspectors 
with the many ways in which CSXT is complying the Department of 
Homeland Security (``DHS'') regulations. This program will also give 
TSA Inspectors a detailed overview of CSXT's approach to rail security. 
CSXT's training program will also provide TSA Inspectors with a greater 
understanding of CSXT's network, operations, resources, and roles of 
employees at all levels to enhance rail transportation security. 
Although CSXT recognizes that TSA Inspectors may receive some type of 
general railroad familiarization training, each railroad has unique 
operating characteristics that underscore the importance of this 
carrier specific training.
    CSXT coordinated with TSA in the development of this training 
program. And, TSA has agreed to work with CSXT to implement this 
training program. We believe that this joint training partnership--the 
first of its kind in the rail industry--will enhance TSA Inspectors' 
knowledge and awareness of CSXT rail security initiatives. CSXT is 
proud of the cooperative and collaborative working relationship that we 
have developed with TSA, and we hope to continue this relationship in 
the future.

                                  
