Homeland Security Watch

DHS released a document today that provides an overview of the FY 2007 infrastructure grant programs at DHS, covering five distinct programs for port security, transit security, truck security, bus security, and buffer zone protection. As was the case with last week’s urban area grants, the port and transit grants allocations are broken up into distinct risk tiers, within which “Tier 1″ high-risk areas will receive approx. 83% of the transit security funding and 60% of the port security funding. Looking at the document, it appears that nearly every Tier 1 transit system or port will receive a significant increase in funding, with the exception of the Louisiana ports. The San Francisco Bay Area ports are up for an especially large increase, from $1.2 million in FY06 to $11.2 million in FY07, a decision that reverses what was a drastic cut in 2006.

Within these programs, Tier 2, 3, or 4 transit systems and ports will have to compete for their allocations from smaller fixed pools of funds. This could lead to cities that were likely on the borderline between Tier 1 and Tier 2 having lower levels of grant funding in 2007, e.g. Seattle’s transit system and the Ports of Baltimore and Charleston.

DHS deserves strong kudos for releasing this document in January, relatively early in fiscal year 2007. By comparison, in FY 2006 this document was not released until the very last week of the fiscal year, a delay that was detrimental to the ability of these transportation systems to manage security activities. Hopefully this is a sign of an better-managed grants process at DHS.

I’ll add a link to the transcript of the press conference announcing these grants when it becomes available.

Update (1/10): The transcript of the press conference is available here. And detailed guidance documents on the port security and transit security grant programs are available here.

TSA held a press conference this morning to release a Notice of Proposed Rule Making (NPRM) for rail security regulations. The complete draft regs are available at this link, and will be open for comment for the next 60 days. The press release describes the major measures within the regs:

The proposed rule is part of a package of new security measures that will require freight rail carriers to ensure 100 percent positive hand-off of Toxic Inhalation Hazard (TIH) materials, establish security protocols for custody transfers of TIH rail cars in the high threat urban areas, and appoint a rail security coordinator to share information with the federal government, as well as formalizing the Transportation Security Administration’s (TSA) freight and passenger rail inspection authority.

This AP story and this NYT piece discuss the draft regs and offer some initial reactions to them from Capitol Hill.

At first glance, the portions of the NPRM that deal with hazardous materials on freight rail look solid; this is a high-risk segment of the broader rail environment, and safeguards on the security and chain of custody of hazmat rail cars is needed, going beyond what has generally been a relatively solid effort to date by the freight rail industry. But the NPRM essentially punts the ball on the topic of passenger rail, beyond establishing some vague reporting requirements. While it’s true that passenger rail security is inherently difficult in comparison with aviation security, given the open nature of rail and transit systems, I would have expected more of a discussion of these passenger issues in the regs.

On Tuesday the White House issued an executive order (EO) entitled “Strengthening Surface Transportation Security.” The order mandates that DHS will put forward a sector-specific plan for surface transportation security under the auspices of the NIPP, and utilize that effort to identify gaps, determine funding priorities, issue new security requirements, and improve information-sharing capabilities in the sector.

This executive order comes only weeks before the start of the 110th Congress, during which the new Democratic leadership plans to prioritize rail and transit security legislation. This executive order seems like an attempt to pre-empt these efforts, and incoming House Homeland Security Chairman Bennie Thompson described this executive order in a press release as a “smokescreen.”

I have a similar reaction reading the executive order, which essentially admits that this issue has been ignored over the past five years. Why didn’t DHS develop a strategic plan for rail, transit, and trucking security two, or three, or four years ago? Why does it take this political sea-change to serve as a forcing action? While there are certainly limits to what can be done effectively to secure these modes of transport, there is definitely more that needs to be done, and hopefully we’ll see progress in these modes in the coming year.

You can read all of my posts on ground transport security issues over the past year in this topic thread.

The group Citizens for Rail Safety released a report yesterday entitled “Training in Hazmat and Rail Security: Current status and Future Needs of Rail Workers and Community Members.” The report examines an issue that I haven’t seen much discussion on in the past few years: the training of rail workers on hazmat-related security issues. This matter is especially critical given the fact that hazmat-carrying railcars that are often stored in non-secured locations for days and weeks, as the report notes in numerous examples. Such railcars prevent a vulnerable target, and when they are located in urban areas (as is often the case), present a dangerous risk. The paper argues for better training of rail workers on hazmat-related issues as a response to this reality, a step that seems a sensible response to this reality.

The Department of Homeland Security announced its FY 2006 allocations for the port, transit, and intercity bus homeland security grant programs, as detailed in this document. Looking at the allocations, it’s possible to detect a handful of trends:

• Ports with extensive petrochemical assets, primarily along the Gulf Coast, made out very well in the allocations. The eight ports in Texas and Louisiana received funding totaling $57.7 million - approx. 1/3rd of the total allocation.
• New York’s funding increased sharply, from $6.6 million in FY 2005 to $25.7 million in FY 2006 - not surprising given the fallout from the general grant allocations in June.
• Ports in California made out poorly in the allocations. LA/Long Beach’s funding was halved from $24 million to $12 million, and other major ports - Oakland, San Diego - received little or no funding (a fact not lost on the Contra Costa Times).
• Chicago, somewhat surprisingly, received a large allocation of $11.5 million, after have received less than $2 million in all previous rounds of port security grants combined.

A likely general explanation for these decisions, I would expect, is that certain ports (e.g. LA / Long Beach) have already made extensive investments in security, and DHS is spreading funds to a second tier of ports who have not received funding in previous rounds and are insufficiently protected by comparison and have higher “need” scores.

German authorities today disclosed a terror plot targeted at regional trains that was disrupted several weeks ago, as reported by Deutsche Welle:

Two suitcases containing bombs and found on trains in Germany were likely to have formed part of a terrorist plot, German investigators said Friday.

The bombs were found in the German cities of Dortmund and Koblenz on July 31 with German Criminal Police Office (BKA) chief Jörg Ziercke saying that were arranged to explode simultaneously at 2:30 p.m. Neither of the bombs was detonated.

“It’s more likely than unlikely that there was a terrorist background,” Ziercke told a news conference in Wiesbaden. If the around 25-kilo (55-lb.) suitcase bombs had exploded they would have lead to “a fireball” in the train carriages and an “indeterminate number of injured and possible deaths,” he said.

Speaking in Berlin Friday, German Interior Minister Wolfgang Schäuble also warned that Germany should brace itself for similar attempts. “Unfortunately, we must assume that the danger of a repeat of these attempted attacks.”

The recent plot that this most resembles is the Madrid bombings, which were also targeted at regional commuter trains, and detonated with near-simultaneity. German authorities released pictures of men that they believe were connected to the plot, taken from video surveillance of train stations - another proof point for the value of this technology. Coverage of the story in the Frankfurter Allgemeine Zeitung (in German) notes that a menu from a restaurant in Lebanon was found near one of the bombs, a potential hint (or deliberate false lead?) about the origin of the plot.

Update (8/19): One of the suspects has been arrested.

I had an interesting ride on the DC metro this morning. The train car I entered had a Metro transit security officer on board, and about a minute after I got on, he notified a guy who was standing right next to me that the guy was triggering his Radiation Detection Pager (I believe it was this model). Its reading jumped rapidly from a level of ‘1′ to a level of ‘5′. The officer began asking him a number of questions. Did you have an x-ray or other medical treatment recently? No. Do you have a smoke alarm with you? No, he said, but I had changed the battery on it within the previous day. Do you have anything else on your person that might set this off? No. He then waived the radiation detector again, showing him clearly that something on his person - not in his bags - was setting this off.

The train arrived at the next station, and the two of them got off and he waved the radiation detection over him again out on the platform. The passenger got back on the train, and the officer left the car - there was some kind of medical emergency elsewhere on the train - and that was it. End of incident.

As far as I could tell, the officer never resolved why the radiation detector was going off near the guy. And he did not ever ask the man his name, or take down any other personal information.

Is this the right way to deal for Metro officials to deal with incidents such as this? Wouldn’t a better response have been to stay with the guy until this was resolved, and take down his personal information - and if necessary, send an FBI agent out to his primary residence to see if there were any abnormal readings of radiation?

There’s at least a 99% chance that this was unconnected to any malicious threat. But in spite of those odds, I don’t think it was right to simply let this pass without taking further action (at the very least getting his name). And not only for terror-related reasons, but also for public safety purposes - perhaps the guy was being exposed at home or elsewhere, without his knowledge, to some dangerous source of radiation.

So what’s the story? How often do these ‘detections’ occur on the Metro? (I’ve traveled on the metro at least a thousand times in the last few years, and have never witnessed an incident like this before). What’s the policy to deal with them? Was this response within that policy?

Seven separate explosions ripped through evening commuter trains in Mumbai, India today. The toll of casualties stands at 135+ dead and 400+ injured as of posting, and is likely to continue to rise. Most early reports cite Kashmiri separatists as the likely culprits, given a known preference for multiple simultaneous attacks and the fact that there were six grenade attacks in the Kashmiri city of Srinagar earlier today, killing seven. Is the fact that it occurred on the 11th of the month - like 9/11 and the 3/11 Madrid bombings - intentional?

For more information, check out the Counterterrorism Blog, this local Mumbai blog, and updated coverage on the websites of The Hindu and The Times of India.

New from the taxpayer-funded Congressional Research Service, available right now exclusively at HLS Watch:

Transportation Security: Issues for the 109th Congress, July 5, 2006 (RL33512).

The report provides a good, concise summary of current issues before Congress in all modes of transportation security: air, land, and sea.

The 1st anniversary of the London transit and bus bombings prompted DHS to issue a press release today citing their accomplishments in the areas of rail and transit security. This afternoon Sec. Chertoff is holding a press conference in Boston to discuss the topic. All of this follows the announcement yesterday of the FY 2006 transit security grants. That makes this week a rare moment of attention for transit security, a topic which has often seemed like a backburner issue at the Department of Homeland Security, especially given Sec. Chertoff’s ill-advised remark on transit security last year:

In an interview with the AP, Chertoff said: ”The truth of the matter is, a fully loaded airplane with jet fuel, a commercial airliner, has the capacity to kill 3,000 people. A bomb in a subway car may kill 30 people. When you start to think about your priorities, you’re going to think about making sure you don’t have a catastrophic thing first.”

Asked whether this meant that communities should be ready to provide the bulk of the protection for local transit systems, Chertoff said, ”Yep.”

I’ve defended this statement by Sec. Chertoff before, arguing that from a risk assessment perspective, he was factually correct. The revelations in The One-Perfect Doctrine on the “mubtakkar” and the plotted cyanide gas attack on the NY subway make me now think that he had underestimated the potential consequences of a subway attack, but I still agree with his main point: that the rail and transit sector doesn’t require the same level of security as aviation. But the status quo level of funding is inadequate, as Dan Prieto convincingly argues today in the Washington Times:

We need to rethink the enormous federal spending bias in favor of aviation security. State and local transit authorities are doing the best they can to improve the security of public transportation, spending $1.7 billion of their own limited resources from September 11, 2001, through 2003. But the vast majority of that spending went to cover temporary security measures, such as the cost of employee overtime during periods of alert. That has left insufficient resources for needed permanent improvements in security.

Without greater federal assistance, the country will fail to make the investments that the most vulnerable transit systems in our largest cities need now: interoperable communications, security cameras, technologies to detect bombs and chemical, biological and nuclear agents and investments in better ventilation, fire safety, lighting and tunnel and stairwell access, which can dramatically improve the chances of surviving an attack.

Improving public transportation security need not mean unlimited spending. Directed federal assistance over several years would result in $3 billion to $5 billion in meaningful improvements. Better yet, the value of such investments will be magnified since security upgrades can also benefit overall safety and day-to-day transit operations. Surely $3 billion to protect subway riders against terrorists can’t be too much to ask when last year’s transportation bill contained up to $3 billion for bicycle and walking trails.

Surprisingly, much of the money for public transportation security can be had without busting the budget. Aviation security spending by the Transportation Security Administration (TSA) should decline naturally over the near- to medium-term, because a large portion of spending since September 11 reflects the one-time costs of hardened cockpit doors and airport screening devices — spending that does not need to be repeated year after year.

The need for investment that would improve the ability of passengers to evacuate from subway systems is particularly acute. Last week passengers on the DC Metro experienced hour-long delays due to flooding at several stations. Trains were stacked up and idled in long, dark, narrow tunnels for long periods of time. What if there were a bombing or a chemical attack? What’s being done to ensure orderly evacuation that minimizes loss of life? Not enough, I’m afraid.

The New York Daily News broke a story this morning about a disrupted plot to bomb the Holland Tunnel and perhaps other assets in NYC:

The FBI has uncovered what officials consider a serious plot by jihadists to bomb the Holland Tunnel in hopes of causing a torrent of water to deluge lower Manhattan, the Daily News has learned.

The terrorists sought to drown the Financial District as New Orleans was by Hurricane Katrina, sources said. They also wanted to attack subways and other tunnels.

Counterterrorism officials are alarmed by the “lone wolf” terror plot because they allegedly got a pledge of financial and tactical support from Jordanian associates of top terrorist Abu Musab al-Zarqawi before he was killed in Iraq, a counterterrorism source told The News.

It’s not clear, however, if any cash or assistance was delivered.

The News has learned that at the request of U.S. officials, authorities in Beirut arrested one of the alleged conspirators, identified as Amir Andalousli, in recent months. Agents were scrambling yesterday to try to nab other suspects, sources said.

DHS and the FBI released a statement in response to the story today, confirming that it had disrupted an attack that was in the “planning stages.” Subsequent reportage has noted that this plot was largely hatched on internet chat rooms, and was far from operational. The AP quotes Rep. Peter King noting that “there was nothing imminent [about the plot], but it was being monitored for long period of time.” And a second Daily News story highlights the absurdity of the idea that an attack on the Holland Tunnel would flood the financial district of Manhattan.

Requiescat in Pace.

The Democratic staff of the House Homeland Security Committee released a report yesterday entitled “Detour Ahead: Critical Vulnerabilities in America’s Rail and Mass Transit Security Programs.” The report provides a solid overview of this issue, looking at the history of threats to rail and mass transit systems, chronicling was DHS has done to address these threats, and putting forward a set of immediate recommendations for how to improve security in these critical systems.

The report acknowledges that security in rail and mass transit systems is inherently difficult, given the open nature of these systems, in comparison with “closed systems” such as the commercial aviation sector. It does not recommend measures that would harm the efficiency of these systems. But it makes a strong case that much more can be done to improve security, by focusing on clarifying jurisdictional issues among competing agencies, investing in security training for rail and mass transit workforces, and setting a clear agenda for next-generation technologies that could improve the security of the sector.

Overall, a solid and balanced report, and one which DHS should take seriously.

Author Ron Suskind has a whopper of a chapter from his new book The One Percent Doctrine in this week’s issue of Time Magazine which penetrates the inner sanctums of the war on terror and describes a terrorist plot to attack the New York subway system with the chemical hydrogen cyanide that was close to execution, before being called off by Al-Qaeda #2 Ayman al-Zawahiri:

[Al-Qaeda mole ‘Ali’] said that al-Ayeri had come to tell al-Zawahiri of a plot that was well under way in the United States. It was a hydrogen cyanide attack planned for the New York City subways. The cell members had traveled to New York City through North Africa in the fall of 2002 and had thoroughly cased the locations for the attacks. The device would be the mubtakkar. There would be several placed in subway cars and other strategic locations and activated remotely. This was well past conception and early planning. The group was operational. They were 45 days from zero hour.

Then Ali told his handlers something that left intelligence officials speechless and vexed. Al-Zawahiri had called off the attacks. Ali did not know the precise explanation why. He just knew al-Zawahiri had called them off.

Assuming this story is accurate, it confirms what I’ve believed (and many other analysts have argued) for a while: that the core of al-Qaeda is focused on catastrophic attacks on the United States - probably using nuclear or biological weapons - and everything other type of attack is secondary from their perspective (or detrimental, to the extent that it would lead to increased protection and vigilance). This story offers a strong counterpoint to those who have argued that the WMD threat is overhyped, or that we aren’t doing enough to protect “soft” targets.

And even though al-Zawahiri evidently called off this plot, this story also raises questions about what we’re doing to protect the nation’s mass transit systems. Even if the “core” al-Qaeda isn’t interested in them, per this story, they are still at risk from loose al-Qaeda affiliates or other groups. Last year the Congress appropriated $150 million for rail and mass-transit grants for FY 2006, via the Transit Security Grant Program. We’re now nine months into FY 2006, and DHS hasn’t even begun to distribute a penny of this $150 million (or if they have, they haven’t advertised it). That’s unacceptable.

Overall, a fascinating story - definitely read the whole thing.

The House Homeland Security Committee is holding a hearing today to release the SAFE Truckers Act (H.R. 5604), a bipartisan bill intended to improve the security of the trucking system. A press release by bill co-sponsor Jane Harman summarizes the intent of the bill:

“The successful movement of goods by truck is vital to the American economy, but it presents a soft underbelly in our homeland security efforts,” Harman said. “We need to focus our limited resources on where we are vulnerable, and that means knowing who is behind the wheel of a big-rig with dangerous materials.”

The SAFE Truckers Act calls for fingerprint-based background checks for a limited list of drivers handling security sensitive materials (SSMAT). It also requires the Transportation Security Administration to issue SSMAT documentation together with the Transportation Worker Identification Credential (TWIC) program, helping streamline security credentials for workers. The new bill also calls for verification of all transportation documents and civil penalties on shippers failing to do so.

This is a good bill, smartly focusing resources on the trucks that pose the greatest threat, and establishing civil and criminal penalties for non-compliance, while at the same time removing some of the burden on trucks that pose a low threat. Hopefully this bill will get some traction in Congress; perhaps it could be attached to related transportation security legislation (e.g. S. 2459 or S. 2791) currently moving forward in Congress.

Update (6/22): The prepared statements from the hearing are now available online:

Robert Jamison, TSA
David McClimon, Con-way Freight
Todd Spencer, Independent Drivers Association
Cynthia Hilton, Institute of Makers of Explosives

Secrecy News has obtained copies of two recently-declassified (but heavily redacted) reports by the Canadian Security Intelligence Service:

“International and National Terrorist Threats to Surface Transportation,” 2002.

“The International Terrorist Threat to Maritime Transportation,” 2003.

The two reports are interesting reads even in their redacted states, and given the paucity of publicly-available threat analysis from governments, they’re useful for validating open-source threat analysis.

The Intelligence and Security Committee of the UK House of Commons released its “Report into the London Terrorist Attacks on 7 July 2005″ today. The government’s official response to the report is available at this link. CNN provides a synopsis:

If more resources had been in place sooner there would have been a greater chance of preventing the July 7 Tube and bus bombings in London, an official report says.

The report by the House of Commons Intelligence and Security Committee also recommended a more transparent threat level and alert system in Britain.

It said it was likely two of the bombers had links with al Qaeda — though the extent of al Qaeda involvement in Britain’s worst-ever terrorist atrocity remained unclear.

The chances of preventing the July 7 attacks, which killed 52 people and wounded 700 others, might have been greater had different investigative decisions been made by Britain’s security services, the report said.

The section of the report on threat assessment and public warning is particularly interesting, and relevant for the U.S. debate on the same issues - a debate that has become dormant in the past year but is still far from resolved.

Update (5/11): In response to the report, new UK Homeland Security John Reid told the House of Commons that the British government has prevented three terrorist attacks since 7/7.

Update 2 (5/11): Here’s a related report from the UK Home Office, also released today.

From the Washington Post:

Two incidents of “suspicious videotaping” of a European mass-transit system this year prompted a U.S. government warning to domestic homeland security officials this week about possible terrorist surveillance.

The unclassified Department of Homeland Security “public-sector notice” did not describe the incidents or where they occurred, but said they took place in the past 120 days. The bulletin, issued Tuesday, said the episodes provided “indications of continued terrorist interest in mass-transit systems as targets and potentially useful insight into terrorist surveillance techniques.” ….

“There is not specific or credible intelligence at this time suggesting a threat to U.S.-based mass-transit systems,” said Russ Knocke, spokesman for the Homeland Security Department. “We regularly share information with our homeland security advisers and law enforcement partners . . . to continue to encourage vigilance.”

British newspapers report today that the UK government is making a significant investment in airline-style passenger screening technology at rail stations. From The Telegraph:

Security scanners are to be deployed at major railway stations, Alistair Darling, the Transport Secretary has claimed.

The portable technology will be used in a number of cities including Cardiff, Glasgow, Manchester, Leeds and Edinburgh.

The move follows a successful trial of metal detectors at several Tube stations in London, which led to 100 arrests and the seizure of 68 knives after around 10,000 passengers were checked.

Within limits, this is a prudent investment by the UK, to the extent it introduces unpredictability into the system as a tool for preventing and deterring criminal and terrorist activity. But I don’t think 100% screening is either feasible or desirable, except perhaps on high-speed rail lines (i.e. TGV, ICE, Eurostar) which offer a higher-profile target.

Fleet Owner magazine has an article today that interviews the departing director of the American Trucking Association’s Highway Watch program, cites the program’s accomplishments, and highlights some of the challenges that it faces:

To date, Highway Watch has trained nearly 250,000 transportation professionals to identify and report emergencies and suspicious activities. [Don] Rondeau noted that although many large carriers have been trained and developed security protocols, he believes vulnerabilities remain in many medium and small trucking companies.

“I think that it will be difficult but we must do it,” Rondeau said. “We have to recognize that the owner-operator and the mid-sized trucking companies make up the bulk of the industry. They make up a significant portion of the risk associated with any potential event. If you’re a bad guy would you take advantage of a large corporation, or a guy that’s driving in his office? At the end of the day…we’d be remiss if we didn’t make sure that all members that are elements of the transportation sector could harden their security.”

I agree that these are real risks. The security of an open system like trucking is in a sense only as good as its weakest link. That’s why I worry that we haven’t done enough to secure the trucking sector, especially hazmat trucks, and the 770,000 shipments of hazardous materials that are moved on trucks each day. As I noted in a post in December 2005, the only two significant things that DHS has really done on trucking security are fund Highway Watch and conduct background checks on hazmat drivers. And while useful, that is not enough.

Does the trucking sector need the same degree of security as the aviation system? Absolutely not, since the threats and consequences are different, and the system is inherently difficult to protect. But we know that terrorists have used trucks dozens of times to carry out attacks. MIPT’s terrorism database includes 432 incident documents that include the word “truck.” And we know that there are scenarios where a truck can be used to cause substantial damage, both from painful experience and from hypothetical scenarios such as an intentional BLEVE. (See this video of an accidental LPG tanker truck BLEVE).

The threats and needs for trucking security are without a doubt greater than the level of funding that DHS has provided to address them. Instead, the DHS FY 2007 budget request shows little interest in trucking security; funding for Highway Watch (via the trucking industry security grant program) is nowhere to be found, and the TSA wants to eliminate funding for a hazardous materials truck tracking pilot project which is funded at $4 million this year. And there are no new initiatives to supercede these programs, as far as I can tell.

More thought needs to be given to a strategic, layered approach to trucking security - one that has a role for Highway Watch, but doesn’t end there, and includes activities such as better training and enhanced information-sharing for state Highway Patrols, incentives for the voluntary inclusion of security tools in truck telematic systems, a more direct role for security investment in the Intelligent Transportation Systems funding stream, and integration with air and maritime security activities.

From the New York Times today:

The railways transport more than 1.7 million shipments of hazardous materials every year, including 100,000 tank cars filled with toxic gases like chlorine and anhydrous ammonia.

According to a recent study by the Navy, an accident or terrorist attack involving a single car of chlorine near a densely populated area could kill as many as 100,000 people.

In New Jersey, where so many chemical factories and refineries are crowded near major population centers, including a stretch near Newark Liberty International Airport that has been called “the most dangerous two miles in America,” the difficulty of managing that potentially deadly cargo is particularly complex.

Since 9/11, railroads have spent millions to install fences and security cameras and add additional officers around the state, but industry officials concede that their facilities are far too large to be completely sealed. Leaders of railroad workers’ unions say it is not uncommon for tanker cars to be left unattended for days, and that security along the rails is frighteningly inadequate. And the sight of graffiti-covered tank cars filled with deadly gases is a reminder of the holes in the security system.

I agree with the Association of American Railroads’ assertion in the article that they have taken steps to address rail security issues - by every account I’ve heard, they have been much more proactive than other industries at improving their own security. But when I read passages like this one below, it’s clear that DHS and other relevant government agencies need a greater sense of urgency about improving rail security:

“Chemical transport is clearly the greatest vulnerability in the country today, and for some reason — and I’m not sure what it is — the federal government has not acted,” said Richard A. Falkenrath, President Bush’s former deputy homeland security adviser. “There’s no legislation necessary, the government already has the authority to require stronger containers, reroute shipments, and allow the kind of tracking that would allow local police agencies to know what they have to contend with in their communities. But to date it hasn’t been done.”

Several Democratic Senators held a press conference on Thursday on the subject of rail security two years after the Madrid bombings. From a Knight Ridder story:

[Sen. Joseph] Biden asserted that the U.S. rail system is a soft target for terrorists. Since the 9-11 attacks there has been “virtually no new security” for rail infrastructure, he said. In fact, he said, rail security receives half the amount of funding compared to airport security even with the vast number of rail passengers. He said that the floor plans for New York City’s Grand Central Station were in possession of the terrorists who bombed Madrid in March 11, 2004, killing 190….

“Since 9-11, we’ve done an admirable job beefing up the security of our airlines, but we’re still not doing all we can to keep our vulnerable rail and transit lines safe and secure,” said Sen. Thomas Carper of Delaware.

Sen. Bob Menendez of New Jersey said the administration is inattentive to the possibility of such terror attacks. While the Madrid train attacks were a wake-up call and the London bombings were a reminder, Menendez said, the administration has pressed the snooze button by failing to implement security upgrades.

Biden said that, while addressing the security of all of the nation’s rails is insurmountable, “we can focus where we’re most vulnerable.”

The article also cites a TSA spokesperson outlining recent activity on rail security, but the article indicates dissatisfaction among these senators with these efforts. And a related Gannett story notes plans to introduce new legislation related to this threat:

Sen. Joe Biden, of Delaware, said Thursday he will introduce legislation to create a “national rail police force” to protect Amtrak.

Biden said his bill would spend $82 million annually for a 1,000-member “federal marshal” force for Amtrak. Currently, there are 288 Amtrak officers for the entire nation, he said.

I think that more needs to be done in the area of rail and transit security, but I’m not sure that this proposal is the right answer, especially at this scale. There were around 630 million domestic aviation trips in 2004, and around 3,000 air marshals according to published reports. But there were only about 25 million trips on Amtrak (excluding commuter rail) in 2004, which suggests that a “rail marshal” force of 1,000 would be too large. A smaller force for the high-speed and higher-threat Northeast Corridor might be appropriate, and we should also consider new investments in screening, explosive detection (sniffer dogs), and track monitoring as part of a layered security strategy for the rail system.

Veronique de Rugy from AEI and Nick Gillespie from Reason magazine published their latest broadside against homeland security spending over the weekend in the San Francisco Chronicle. The article contains the same themes that they’ve been sounding for at least a couple of years: taxpayers are getting “fleeced” because DHS and the states are wasting money on things they don’t need:

Rest easy, America. As a response to the Sept. 11 attacks, the Princeton, N.J., Fire Department now owns Nautilus exercise equipment, free weights and a Bowflex machine. The police dogs of Columbus, Ohio, are protected by Kevlar vests, thank God. Mason County, Wash., is the proud owner of a half-dozen state-of-the-art emergency radios (never mind that they are incompatible with existing county radios).

All of these crucial purchases — and many more like them — were paid for with homeland security grants. Doesn’t it make you feel more secure that $100,000 in such money went to fund the federal Child Pornography Tipline? That $38 million went to cover fire claims related to the April 2001 Cerro Grande fire in New Mexico?…

I made the argument that these themes are very misleading in this post and this post last month, noting then that these articles repeat the same, tired examples of homeland security waste, but have no evidence of wasteful spending on systematic basis. The same is true with this story.

In addition to their well-worn arguments, De Rugy and Gillespie introduce a few new wrinkles into their line of argument to attempt to persuade the reader that taxpayers are being fleeced on homeland security. For example:

Total homeland security spending in 2006 will be at least $50 billion, split between the Department of Homeland Security and many other agencies, including, improbably, the Environmental Protection Agency, the Department of Commerce and NASA.

The latter part of the sentence implies that homeland security funds are been tossed around indiscriminately within the federal government to non-security agencies, which is blatantly misleading. This document from the OMB provides information on what EPA, Commerce, and NASA are spending money on for homeland security. EPA has lead responsibility for ensuring the security of the nation’s drinking water. Is that waste? Commerce’s homeland security spending largely consists of export control enforcement for sensitive technologies and homeland security standards-setting at NIST - both sensible activities. And NASA’s spending is solely for the physical security of its own facilities around the country, many of which require a high level of security based on their risk - certainly a sensible thing to fund.

And later in the story they criticize transit security funding:

In the aftermath of the two attacks on the London subway system in July, lawmakers and lobbyists proposed increases from $100 million to $6 billion in funding to secure public transportation. Yet if the London bombings teach us anything, it’s that throwing money at transit security is unlikely to have an impact. After decades of combating Irish Republican Army terrorists, the London subway system is known to be one of the best protected in the world, but the large public investment in surveillance did not prevent the two terrorist attacks. The second incident occurred even while the system was in maximum alert mode. Experts agree that options are limited, if not nonexistent, for preventing such strikes. So why spend money on it?

I agree that many of the large-dollar proposals for transit security were overboard. But to suggest giving up and spending no money on transit security because of the London attacks is the height of folly. The lesson that I took away from London was that their investment in surveillance was worthwhile, given the way that were able to quickly solve the case. Surveillance also has a value as a deterrent against attacks. And there are other sensible investments that should be made in transit security, such as chem-bio detectors, exit lighting, and public awareness campaigns.

There’s no excuse for wasteful homeland security spending: it should be pointed out and criticized. But it’s misleading and perhaps even dangerous to try to use these examples to imply that America should decrease its homeland security spending, at a time when we still have much, much more that we need to be doing to protect the country.

The Washington Post writes today about new pilot project activity in NJ to test rail and transit screening technologies:

Manhattan-bound commuters passed through metal detectors and shoved their briefcases and knapsacks through X-ray machines Tuesday in the first test of airport-style security in a rail system.

Government screeners searched bags and scanned passengers for explosives, but unlike in airports, commuters did not have to remove their shoes or change and cell phones from their pockets. Officials hope the screening won’t take more than a minute per passenger.

The 30-day pilot project, led by the Department of Homeland Security, is part of a two-phase program with a $10 million price tag. In 2004, the Transportation Security Administration conducted a similar pilot program at New Carrollton and Union Station in the D.C. area and in New Haven, Conn. But federal officials used different equipment and screeners randomly selected passengers for testing.

I think it’s a very appropriate use of DHS resources to be testing these technologies, even though the use of checkpoint-style screening will probably never be feasible in most transit and rail systems due to cost and the relative consequences of an attack. It’s probably appropriate to have checkpoint-style screening for high-speed rail (i.e. Acela trains), as is already the case on some of the high-speed lines in Europe (such as the Paris-London Eurostar trains), but not for slower trains and transit systems.

The article also notes that DHS plans to test “non-obtrusive scanning devices such as MRI and infrared technology” in a second phase of the Jersey City pilot. If these types of technologies prove to be effective, then they are probably a better long-term solution for rail and transit security than aviation-style screening.

The UCLA International Institute has just published an article highlighting a new report on designing safer transit security, soon to be released by the Ronald W. Burkle Center for International Relations at UCLA and the Mineta Transport Institute. Although the full report is not yet available, the main ideas in it are previewed in this article.

Some of the key findings:

According to UCLA Urban Planning Chair Anastasia Loukaitou-Sideris, who led a team of researchers in a study of post-9/11 mass-transit security in the United States and foreign capitals, casualties in bombing attacks on mass transit result mainly from flying shrapnel, and replacing glass and other materials is cheaper than many upgrades. Good environmental design, which is easiest to achieve when transit stations are first built, also makes packages hard to hide and has the welcome side-effect of reducing petty crime.

And:

One contentious issue among policy-makers is whether to ask for passengers’ assistance in identifying suspicious packages and other threats. In the United States, Loukaitou-Sideris said, educational campaigns designed to involve transit riders in security are not advanced.

Loukaitou-Sideris contrasted the approaches of officials in London who encourage input from riders and some in Madrid who fear that announcements about suspicious packages will scare people away. She prefers the British approach and argues that, with concerns about terrorism running high globally, “I don’t think that announcements over the microphones are really going to scare people.”

This looks like a sensible, well-researched study at first impression, and the survey data from nearly 250 transit agencies worldwide should provide a valuable baseline assessment for future transit security initiatives. I look forward to seeing the full report.

The Washington Post has a front page story on Wednesday on new “Viper Teams” being established by TSA to conduct new surveillance and law enforcement activities. The first two paragraphs:

Teams of undercover air marshals and uniformed law enforcement officers will fan out to bus and train stations, ferries, and mass transit facilities across the country this week in a new test program to conduct surveillance and “counter potential criminal terrorist activity in all modes of transportation,” according to internal federal documents.

According to internal Transportation Security Administration documents, the program calls for newly created “Visible Intermodal Protection and Response” teams — called “Viper” teams — to take positions in public areas along Amtrak’s Northeast Corridor and Los Angeles rail lines; ferries in Washington state; and mass transit systems in Atlanta, Philadelphia and Baltimore. Viper teams will also patrol the Washington Metro system.

My initial reactions to this story:

1. Any time that TSA expands its efforts beyond aviation and works on other modes of transportation (land and sea, consistent with the ATSA “all-modes” vision for TSA), I say “bravo.”

2. The fact that air marshals will be sharing knowledge about how to conduct surveillance activities with screeners is a good thing, and is exactly the kind of regular ‘knowledge transfer’ that should be taking place across all groups of people working on homeland security.

3. TSA is probably going to take at least a mild political hit for this story; given the air marshal incident last week and the wrongful shooting on the London Underground in July, now might not be the smartest time to put air marshals in the subways…especially if they are armed and still have shoot-to-kill powers (which isn’t clear from the story).

Read the whole thing.

Update: The Post reported on Thursday that TSA has stalled its initial plans as a result of the initial story, which exposed confusion and some reluctance among transit systems about the Viper Teams.

Bruce Schneier posts today on the Highway Watch program for truck security, and comments that it “has merit” because “it’s dynamic, it’s distributed, it relies on trained people paying attention, and it’s not focused on a specific threat.”

Those attributes are true, but I’m a bit less sanguine about the program, mainly because I don’t think it’s commensurate with the nature of the threat (given that trucks have been part of the m.o. of dozens of terror attacks around the world), and is a poor substitute for a comprehensive and strategic approach to truck security. I’ve been paying attention to this issue for a while now…and while there are no easy answers, given the wide open nature of the system, I do think that there needs to be a more systematic approach.

Today, four years after 9/11, the only two things that have really been done domestically on trucking security are Highway Watch (and the related ISAC) and background checks for hazmat truck drivers.

There are other things that could be considered to improve the security of the system. For example, is enough being done to ensure that al-Qaeda isn’t creating front companies that own and operate trucks? If a truck containing hazardous or explosive materials is stolen, what can law enforcement do to track it down? Is enough being done to make it more difficult for bad guys to rent trucks? Are there existing air and maritime security programs that have relevance for trucking security?

I don’t have answers to these questions, because we haven’t even begun to test hypothetical systems, policies, and technologies that might apply. There hasn’t really been a debate on what a smart, efficient truck security might look like, and we’ve defaulted to the policy of “let the truckers take care of it” with Highway Watch. If there is a terrorist attack in the U.S. involving a truck, we’re likely to see over-reaction in the other direction as a result. That’s why I think that Schneier’s a bit too optimistic in his post.