With rail security planning, information sharing is key

— by Julie Sneider, Senior Associate Editor

The Sept. 11, 2001, terrorist attacks abruptly changed security planning at U.S. freight and passenger railroads, from what historically had been a focus on crime prevention to one that stressed the urgency of detecting and preventing terrorism. Now railroads develop their security plans using an integrated and coordinated sharing of information with U.S. government agencies, industry trade organizations and each other on the latest risks and threats to their physical and cyber security.

That information is shared through constant communication with the Association of American Railroads (AAR), American Public Transportation Association (APTA) and the American Short Line and Regional Railroad Association (ASLRRA), and U.S. Transportation Security Administration, Department of Homeland Security and the FBI.

Today, railroads' security teams are updated daily on any major security threats or incidents, even those that are not directly related to railroads. For instance, the cyber hack at Sony Pictures Entertainment, the deadly Taliban assault on a school in Pakistan and the terrorist-hostage situation in an Australian cafe in December 2014 all were subjects of security reports provided to railroad security personnel, says Tom Farmer, AAR's assistant vice president for security. Farmer will be among the speakers at Progressive Railroading's Secure Rail Conference, Feb. 3-4, in Orlando, Fla. (See sidebar below.)

Working together

Prior to 9/11, railroads didn’t regularly share security-related information with each other, Farmer says. Now, through their industry associations, railroads take an integrated planning approach that emphasizes preparation for potential physical or cyber security threats. Based on the TSA alert-level system, the industry has its own four-level alert program that would go into effect in the event of an attack against an individual railroad or the industry as a whole. The levels follow railroads' security measures and change and adapt to new threats as they evolve, Farmer says.

To keep security measures up-to-date with the latest dangers, AAR, APTA and ASLRRA have committees or working groups that regularly discuss, develop and tweak recommended security practices, tactics and policies in consultation with government officials and security experts.

"Our intelligence priorities focus on making sure we learn as much as we can about how terrorist acts are prepared for, planned and committed so that we can be aware of the opportunities in which security could make a difference in doing the right things to make sure our infrastructure and operations are less susceptible," Farmer says.

For example, after terrorists set off three bombs on London's Underground subway system and another on a London bus in July 2005, U.S. railroad officials sought as many details as possible, including things that occurred in the months leading up to the event; observable indictors that were present and significant; and security practices that could have helped stave off the event.

"The more information we have, the more insight we have and the more proactive we can be," adds Farmer.

Monitoring activity patterns

Farmer says AAR representatives meet in person with government security officials four times a year to discuss security matters, but he's in daily communication with his counterparts at DHS, TSA and FBI. Information shared can include classified and unclassified intelligence. An AAR security incident/suspicious activity monitoring system allows railroads to share concerns and observations of criminal or security events that AAR can analyze for emerging patterns. Depending on what's going on in the world, communications can go out to railroad security personnel on a daily basis.

In addition to organized terrorism bombings, railroad security personnel are being trained to prevent, prepare for and respond to activity such as theft of metal and equipment, graffiti and other vandalism, and active shooter situations, Farmer says.

On the cyber side, railroads have been paying attention to potential electronic security breaches since the late 1990s, when the public and private sectors were gearing up for Y2K, Farmer says. Class Is and Amtrak initially formed the Rail Information Security Committee out of concern that the transition to the year 2000 was going to cause significant disruptions to computer systems; an updated version of that committee continues to monitor cyber hacks, attempts or risks.

Another increasingly important element in security is education and training for anyone who could be affected — passengers, railroad employees, railroad police and local law enforcement — to be aware of their surroundings and report suspicious objects or activity.

The "say something if you see something" awareness campaigns have been key to security efforts at passenger railroads, says Greg Hull, APTA's assistant vice president for public safety operation and technical service. Such campaigns can be used to educate the public on recognizing potential signs of organized terrorist attacks as well as individual crimes against riders and agency employees, Hull says.

"What we've seen our industry do in recent years is refocus the whole spectrum of security by looking at it as a continuum, from the quality-of-life issues to the extreme of countering terrorism," Hull says. "The idea is that if we’re not attentive to what we are doing on a day-to-day basis, then we won’t have the building blocks on which to build to deal with severe threats such as terrorism."

Agencies that don’t aggressively address quality-of-life factors such as theft, graffiti and other forms of vandalism could create an opportunity in the minds of wrongdoers. Engaging the public in looking out for and reporting suspicious activity and educating employees how to recognize indicators of potential security threats are critical to agencies’ security programs.

To aid in monitoring for threats, agencies have implemented new surveillance systems and technologies on trains and inside stations. An increasing number of railroads also are implementing smartphone apps that allow riders and/or employees to report concerns to law enforcement and security administrators.

Daily reports for transit

In addition to its security working groups, APTA shares transit security knowledge with its members through the Public Transit Information Sharing and Analysis Center (PT-ISAC). Established with funding from the TSA, the PT-ISAC collects, analyzes and disseminates security alerts and incident reports daily to participating transit agencies. The "Transit and Rail Intelligence Awareness Daily" report provides a synopsis of suspicious activities, terrorism and counterterrorism analyses based on information gleaned from government agencies and other sources.

Additionally, APTA holds monthly calls with TSA and industry representatives on specific incidents and special-event planning to discuss security details, says Dave Hahn, APTA’s senior program specialist for safety and security.

Metal theft a concern

The day-to-day security issues that passenger railroads routinely confront include fare evasions; thefts of electronic devices in stations and on trains; assaults of and aggressive behavior toward passengers and agency employees; graffiti and vandalism; and thefts from vehicles in station parking lots.

Theft — particularly of metal — is among the most-cited security concerns of regionals and short lines, says August "Chip" Greiner, a DHS/TSA rail coordinator and chief of police for the Morristown & Erie Railway in Morristown, N.J. Greiner, who chairs the ASLRRA Police and Security Committee, is scheduled to serve on a discussion panel of police chiefs at Progressive Railroading’s Secure Rail conference next month.

Greiner classifies the metal theft problem in two categories: organized "professional" scrap-metal thieves and individual "casual" thieves or "opportunists." Organized thieves know which metals are of higher value, such as copper.

"The professionals who operate solo and in teams are the ones I'm most concerned about because they're the repeat offenders," Greiner says. "It's not unusual for me to arrest metal thieves and find out they've hit other railroads and travel to sell scrap metal to out-of-state dealers. Most of the scrap dealers in my area have a good idea of what is railroad material, and will contact me when they see it. But what the organized [thieves] are doing now is taking the scrap farther distances before they sell it."

The second category — the opportunists — typically are petty criminals or drug addicts looking to make a quick sale, Greiner says. One way to address the problem is by educating local scrap dealers to recognize metal that comes from railroads and to alert police when it comes into their shops. For scrap dealers in his jurisdiction, Greiner developed a printed guide illustrating railroad metal and equipment commonly targeted by thieves.

Moreover, railroad industry officials in recent years have been encouraging legislators to pass laws that make it harder to sell stolen metal by requiring dealers to stop paying cash for scrap and to contact law enforcement when someone tries to sell them metal that they suspect is stolen. Pennsylvania's legislature, which passed the Scrap Material Theft Prevention Act in 2014, is among states that have passed such laws.

Regardless of a railroad's size or mode, having an effective security program boils down to alert and vigilant personnel, says Greiner.

"The focus is on awareness, awareness, awareness," he says. "That's made a huge difference in rail security."