32 F
Washington D.C.
Thursday, December 12, 2024

How Vulnerable to Attack Is U.S. Mass Transit and Passenger Rail?

Transit security measures emphasize managing the consequences of an attack while attempting to reduce the risks of an attack as much as possible.

You board a subway car on what appears to be a common Tuesday morning rush hour heading into the city. It’s a subway, and you are not thinking about how it’s part of the Transportation Systems Sector – part of our nation’s critical infrastructure as defined by a U.S. Presidential Policy Directive. You are thinking of what work and chaos awaits you at your job. In the corner of your eye, you see a man donning a gas mask, which puzzles you. He then hurls smoke grenades and starts shooting as screams, smoke, and chaos fill the car. You find yourself on the floor, wounded and staring at the car’s ceiling. As other panicked passengers hover over you administering aid, you think, what the hell happened? And then you think, how can we stop this from ever happening again? Sadly, lone-wolf mass transit attacks may never be preventable, but systems and policies in the U.S. have made them rare events.

The Transportation Systems Sector is defined by Presidential Policy Directive (PPD)-21 as one of the 16 critical infrastructure sectors of the United States of America. Due to its designation as critical infrastructure, the Transportation Systems Sector is included in the National Infrastructure Protection Plan (NIPP), a risk-management framework implemented to address the unique characteristics and risk landscape of U.S. critical infrastructure.[1] In that framework, responsibilities for overseeing security and resilience for critical infrastructure are divided amongst multiple U.S. agencies. For the Transportation Systems Sector, the NIPP designates the U.S. Department of Homeland Security (DHS) and the U.S. Department of Transportation (DOT) as co-sector specific agencies. DHS delegates its responsibilities to the Transportation Security Administration (TSA) and the United States Coast Guard (USCG). In a combined effort, DOT, TSA, and the USCG jointly perform efforts to ensure the security and resilience of the Transportation Systems Sector.[2]

The Transportation Systems Sector consists of seven key subsectors: aviation, highway and motor carrier, maritime transportation system, mass transit and passenger rail, pipeline systems, freight rail, and postal and shipping.[3] This article will specifically focus on the mass transit and passenger rail (MTPR) subsector and what measures are in place to protect it from a physical attack. To expand, MTPR service takes four forms: heavy rail (e.g., Washington D.C.’s Metro subway), commuter rail (e.g., Maryland Area Rail Commuter [MARC] and Virginia Railway Express [VRE] trains), light rail (e.g., Dallas Area Rapid Transit [DART]), and intercity passenger rail (American Track [AMTRAK]).[4] Each of these forms of MTPR share certain characteristics that make them vulnerable to attack: they make timed scheduled stops along fixed routes, their operations depend on people having quick and easy access to stations and trains, and the number of access points and volume of ridership make it impractical to subject all rail passengers to the type of personal and baggage screening that airline passengers undergo.[5] Many of these vulnerabilities have been known for a while and were even highlighted in The 9/11 Commission Report, which noted, “Surface transportation systems such as railroads and mass transit remain hard to protect because they are so accessible and extensive.”[6]

To be able to understand the significance of these vulnerabilities, it is important to put the magnitude of MTPR in the U.S. into perspective. Passenger rail systems – primarily subway systems – in the U.S. carry about five times as many passengers each day as do airlines, over many thousands of miles of track, serving stations that are designed primarily for easy access.[7] During pre-pandemic times in the year 2019 alone, the American Public Transportation Association (APTA) estimated that there were 3.79 billion unlinked passenger trips conducted on heavy rail, 503 million trips on light rail, and 515 million trips on commuter rail.[8] During pandemic conditions in 2021, APTA estimated 1.66 billion trips on heavy rail, 228 million on light rail, and 175 million on commuter rail.[9] Even through the global COVID-19 pandemic, MTPR passenger volumes remain at a staggering level. Given the aforementioned vulnerabilities and the sheer volume of passengers, one can clearly see that MTPR is a “soft target” for a malicious actor(s) seeking to inflict mass causalities and/or damage and destroy critical infrastructure.

Despite MTPR appearing as a “soft target,” terrorist attacks on passenger rail in more developed countries are statistically rare events. Over a period of 50 years from 1970 to 2019, a total of 346 terrorist attacks against MTPR occurred across 27 countries. Specifically, the United States suffered 27 such attacks, equating to slightly more than 0.5 attacks per year. In addition, at least nine terrorist plots against public surface transportation targets were uncovered by U.S. authorities.[10] Even though a terror attack on MTPR is statistically rare, given the characteristics of the environment, one successful attack could be record-setting in terms of casualties and damage. Because of this, it is important to note that “security does not prevent terrorism; it merely increases the chance of terrorist failure or displaces the risk to other, more vulnerable targets.”[11] Another factor to consider when addressing the likelihood of a terrorist attack on MTPR is the recent significant change in terrorist ideology. Based on data from the University of Maryland’s Global Terrorism Database (GTD), recent terror attacks have been more indiscriminate to possibly achieve higher quantities of death and destruction.[12] These acts of violence against random targets make the potential of an attack on MTPR even harder to calculate, complicating the security environment for protection.

Based on historical events, there are four ways terrorists have targeted MTPR for a physical attack: armed assault, improvised explosive devices (IEDs), insider threat sabotage causing derailment, and a chemical/biological attack. As Brian Jenkins and Bruce Butterworth of the Mineta Transportation Institute note in their study of terrorist attacks against passenger rail transportation: “In recent decades, terrorists have attacked public service transportation systems because they see crowded stations and commuter trains as killing fields. Unlike the terrorists of the 1970s, they seek high body counts. Their use of inherently indiscriminate tactics – Improvised Explosive Devices (IEDs), VBIEDs [Vehicle Borne IEDs], mass shootings, attempts to derail passenger trains – suggest that slaughter is the objective.”[13]

With a variety of physical attack vectors for terrorists to utilize, it is common practice for security officials to analyze events from the past to learn and better prepare for potential future attacks. In a similar fashion, we will break down each vector and highlight pertinent details that expose vulnerabilities in MTPR. To begin, a small-arms assault was conducted on the New York City subway on April 12, 2022. The perpetrator, a 62-year-old male armed with a Glock 9mm handgun, was disguised as a construction worker upon boarding the subway. After boarding, the subject threw smoke grenades and opened fire on the passengers in the train, which injured 23 people.[14] The subject eventually fled the scene but was captured after a 30-hour manhunt. In this attack, the perpetrator utilized cover to blend into the transit surroundings, possibly enhancing his ability to avoid detection by security officials. In addition, the use of smoke grenades created mass confusion and hysteria in a densely populated train car, enhancing the effectiveness of his attack and allowing for an escape. The 30-hour manhunt exposed a lapse in the New York City subway’s camera monitoring system, as there was no available footage of the individual to distribute to the public. Despite the operational success of the attack, none of the 23 wounded individuals succumbed to their injuries, fortunately minimalizing the attack’s deadly intent.

IEDs, a different attack vector to which MTPR is vulnerable, can target multiple areas in the MTPR system. IEDs have been used across the world to target passengers on trains, in a station, or on a platform. If successfully utilized against targets in a confined space, IEDs can cause mass casualties and damage. Another way in which terrorists use IEDs to target MTPR is for derailment purposes. Bombing is the most common tactic in train-track attacks, accounting for 85.9 percent of the attacks in the past 30 years.[15] Using information from a 2010 study, saboteurs succeeded in derailing all or a portion of a train 58 percent of the time in 81 qualifying attempts.[16] With knowledge of the pattern and timing of the trains, the terrorists often placed IEDs next to the tracks or buried them beneath the rails in a timeframe in which it would be nearly impossible for security officials to detect the bombs and react.

Another form of sabotage by derailment occurred in the form of an insider threat. On March 31, 2020, a train engineer drove a train at high speed, did not slow down near the end of the railroad track, and intentionally derailed a train off the tracks near the United States Naval Ship Mercy, a hospital ship then docked in the Port of Los Angeles.[17] Motivated by a conspiracy theory against the Mercy and its role in the COVID-19 pandemic, the individual claimed they conducted the attack because they believed the ship had an alternate purpose relating to government takeover and wanted to “wake people up.” The individual acted alone and did not pre-plan the attack. The derailment caused an estimated $700,000 in damages and the train engineer ultimately plead guilty to terrorism charges.[18]

Finally, a chemical/biological attack is another vector that terrorists have used to target MTPR. In 1995, the Tokyo subway system fell victim to an attack by the terrorist group Aum Shinrikyo. The cult was able to manufacture sarin nerve gas and deployed a group of five operatives to five subway cars on three separate lines that converged near government offices in Tokyo. After dispersing the gas on the subway, the assailants fled the scene, escaped in a vehicle, and self-administered an antidote to the sarin.[19] By the end, over 5,000 “casualties” sought medical attention, of whom 984 were moderately poisoned and 54 were severely poisoned; 12 died.[20] The Aum Shinrikyo attack demonstrated that with motive, planning, coordination, and execution, a small group of assailants can inflict mass hysteria and casualty to an MTPR system.

Over the course of time, security professionals and policymakers have been able to learn from attacks on critical infrastructure and MTPR specifically to create systems, policies, and procedures to hopefully prevent but also be prepared in the event of a terrorist attack on MTPR. Leading the way for reform, The 9/11 Commission called for a systematic analysis of transportation assets, the risks to those assets, and the cost and benefits of different approaches to defending those assets. The Intelligence Reform and Terrorism Prevention Act of 2004 furthered The 9/11 Commission’s goals, as it directed DHS to create a national strategy for transportation security. This plan ultimately identified national transportation assets, set risk-based priorities for their protection, assigned responsibilities for their protection, and recommended appropriate levels of and sources of funding for these efforts.[21] Along the same lines, the Implementing Recommendations of the 9/11 Commission Act of 2007 included provisions on MTPR security and authorized $3.5 billion for FY2008-FY2011 for grants for public transportation security. The act required public transportation agencies and railroads considered to be high-risk targets by DHS to have security plans approved by DHS, required DHS to conduct a name-based security background check and an immigration status check on all public transportation and railroad frontline employees, and gave DHS the authority to regulate rail and transit employee security training standards.[22]

After gaining authority through policy, DHS issued security directives for MTPR. These directives have not been made public, but according to reports include removing or hardening trash containers on boarding platforms that could be used to hide bombs, increasing the presence of security officers, using video surveillance in and around stations, using bomb-sniffing dogs for random inspections of passengers and baggage, and encouraging riders to look for suspicious activity.[23] Due to the volume of ridership and number of access points on MTPR, it would be impractical for DHS to subject all rail passengers to the type of personal and baggage screening airline passengers undergo. As a result, transit security measures emphasize managing the consequences of an attack while attempting to reduce the risks of an attack as much as possible. To do this, DHS implements:

  • Vulnerability assessments
  • Emergency planning
  • Emergency response training and drilling of transit personnel (ideally in coordination with police, fire, and emergency medical personnel)
  • Increasing the number of transit security personnel
  • Video equipment installation in vehicles and stations
  • Random inspections of bags, platforms, and trains[24]

To successfully conduct these protective measures, DHS leverages TSA’s resources

and structure. While some of the security responsibility for MTPR is divided amongst rail operators and local law enforcement agencies, TSA provides oversight, coordination, and assistance. TSA, under DHS, is responsible for planning, training, exercises, information and intelligence sharing, operational detection and deterrence, and community outreach.[25] Through its Visible Intermodal Prevention and Response (VIPR) teams, TSA provides operational support to local law enforcement officials that includes periodic patrols of transit and passenger rail systems to create “unpredictable visual deterrents.”[26] In addition, TSA surface transportation security inspectors conduct assessments of transit systems (and other surface modes) through the agency’s Baseline Assessment for Security Enhancement (BASE) program. TSA also developed a security training and security exercise program for transit known as Risk Mitigation Activities for Surface Transportation (RMAST).[27] Overall, TSA’s primary objectives for reducing risk in transit are to:

  • Increase system resilience by protecting high-risk/high-consequence assets (i.e., critical tunnels, stations, and bridges)
  • Expand visible deterrence activities (i.e., canine teams, passenger screening teams, and antiterrorism teams)
  • Engage the public and transit operators in the counterterrorism mission[28]           

As a pivotal node in U.S. critical infrastructure, MTPR is an important asset to protect. Over the course of history, MTPR has been identified as vulnerable by malicious actors and has been targeted through multiple physical attack vectors. Using armed assault, IEDs, insider threat sabotage for derailment purposes, and chemical/biological attacks, terrorists have shown a persistence to target MTPR, a system that in the U.S. alone can conduct 3.79 billion unlinked passenger trips per year. To protect an asset with the magnitude of MTPR, the U.S. has implemented security policies and procedures that span the federal, state, local, and private-sector levels. With DHS and specifically TSA taking the lead in security initiatives for MTPR, programs such as the Visible Intermodal Prevention and Response Team (VIPR), Baseline Assessment Security Enhancement (BASE), and Risk Mitigation Activities for Surface Transportation (RMAST) are programs designed to facilitate cooperation and information sharing across communities to prevent an attack or mitigate and manage the consequences of an attack. By successfully conducting planning, training, exercises, information and intelligence sharing, operational detection and deterrence, and community outreach, TSA has a track record that shows efficiency in conducting its protective mission against persistent security threats.

While it is still possible for security lapses to occur and for terrorists to conduct successful attacks, we assess the U.S. has an effective system in place to mitigate the risk and occurrence of physical attacks against MTPR. With intent, a capable terrorist could almost certainly conduct a “lone wolf” or unsophisticated attack at any given moment. However, as was seen in the April 2022 NYC subway shooting, these types of events commonly have less impact than more sophisticated attacks. To prevent more sophisticated attacks, the U.S. has systems in place that would detect the plan before the attack or allow security officials to be prepared to quickly react and respond. In addition to homeland initiatives for security, it is important to note the effectiveness of the United States’ campaign on terrorism abroad and how it affects terrorist activity in the U.S. As Jenkins and Butterworth note: “Remote recruiting has had an effect on terrorist attacks. Most of the recent attacks have been carried out by self-selecting individuals inspired by violent images and ideologies rather than by groups. Today’s terrorists lack resources… the lack of central direction also may explain why there seems to be little evidence of growing sophistication in terrorist attacks over the past 10 or 15 years. Counterterrorist measures – breaking up large terrorist organizations; denying them sanction; forcing them to rely on extortion; hindering the formation of new domestic groups; preventing continuing campaigns that allow learning – have kept skill levels low.”[29]

All things considered, there are undoubtedly vulnerabilities to MTPR that malicious actors can exploit to conduct a physical attack. However, with continued vigilance, dedication of resources, and further expansion and evolution of security measures, the U.S. can remain effective in deterring and/or mitigating physical attacks on MTPR and keep risk at an acceptable level considering the volume of usage.

 

Disclaimer: The authors are responsible for the content of this article. The views expressed do not reflect the official policy or position of the National Intelligence University, the U.S. Intelligence Community, the Office of the Director of National Intelligence, or the U.S. Government.

 

Bibliography

BBC News. 2022. “Police Arrest Suspect in New York Subway Shooting ‘without Incident,’” April 14, 2022. https://www.bbc.com/news/world-us-canada-61100179.

Brown, Brett. 2022. “Public Transportation Ridership Report.” https://www.apta.com/wp-content/uploads/2021-Q4-Ridership-APTA.pdf.

CISA. 2014. “Transportation Systems Sector.” https://www.cisa.gov/transportation-systems-sector.

Dickens, Matthew. 2019. “Public Transportation Ridership Report.” https://www.apta.com/wp-content/uploads/2019-Q4-Ridership-APTA.pdf.

Elias, Bart, John Frittelli, and David Peterman. 2021. “Transportation Security: Background and Issues for the 117th Congress.” https://sgp.fas.org/crs/homesec/R46678.pdf.

Elias, Bart, and David Peterman. 2016. “Transportation Security: Issues for the 114th Congress Specialist in Aviation Policy.” https://sgp.fas.org/crs/homesec/RL33512.pdf.

Jenkins, Brian. 2017. “The Challenge of Protecting Transit and Passenger Rail: Understanding How Security Works against Terrorism.” https://transweb.sjsu.edu/sites/default/files/1130-how-transit-and-passenger-rail-security-protect-against-terrorism.pdf.

Jenkins, Brian, and Bruce Butterworth. 2018. “Train Wrecks and Track Attacks: An Analysis of Attempts by Terrorists and Other Extremists to Derail Trains or Disrupt Rail Transportation.” https://transweb.sjsu.edu/sites/default/files/1794_Jenkins_Train-Wrecks-Train-Attacks.pdf.

———. 2020. “How Sophisticated Are Terrorist Attacks on Passenger Rail Transportation.” https://transweb.sjsu.edu/sites/default/files/SP0520-Jenkins-Terrorist-Attacks-Passenger-Rail-Transportation.pdf.

“National Commission on Terrorist Attacks upon the United States.” 2004. 9-11commission.gov. August 21, 2004. https://9-11commission.gov/report/.

Peterman, David. 2005. “CRS Report for Congress Passenger Rail Security: Overview of Issues.” https://sgp.fas.org/crs/homesec/RL32625.pdf.

“San Pedro Train Engineer Pleads Guilty to Terrorism Charge for Intentionally Derailing Locomotive near U.S. Navy Hospital Ship.” 2021. www.justice.gov. December 16, 2021. https://www.justice.gov/usao-cdca/pr/san-pedro-train-engineer-pleads-guilty-terrorism-charge-intentionally-derailing.

“TSA 101 Mass Transit and Passenger Rail Security.” n.d. https://www.transit.dot.gov/sites/fta.dot.gov/files/docs/regulations-and-guidance/safety/66201/rail-security-what-you-need-know-tsa.pdf.

Vale, Allister. 2005. “What Lessons Can We Learn from the Japanese Sarin Attacks?” Przeglad Lekarski 62, no. 6: 528–32. https://pubmed.ncbi.nlm.nih.gov/16225116/.

[1]  CISA. 2014. “Transportation Systems Sector.”

[2]  Ibid

[3]  Ibid

[4]  Peterman, David. 2005. “CRS Report for Congress Passenger Rail Security: Overview of Issues.”

[5]  Ibid

[6]  “National Commission on Terrorist Attacks upon the United States,” 2004. (Page 394).

[7]  Elias, Bart, John Frittelli, and David Peterman. 2021. “Transportation Security: Background and Issues for the 117th Congress.” (Page 17)

[8]  Dickens, Matthew. 2019. “Public Transportation Ridership Report.”

[9]  Brown, Brett. 2022. “Public Transportation Ridership Report.”

[10]  Jenkins, Brian, and Bruce Butterworth. 2020. “How Sophisticated Are Terrorist Attacks on Passenger Rail Transportation.” (Page 10)

[11]  Jenkins, Brian. 2017. “The Challenge of Protecting Transit and Passenger Rail: Understanding How Security Works against Terrorism.” (Page 4)

[12]  Ibid. (Page 9)

[13]  Jenkins, Brian, and Bruce Butterworth. 2020. “How Sophisticated Are Terrorist Attacks on Passenger Rail Transportation.” (Page 14)

[14]  BBC News. 2022. “Police Arrest Suspect in New York Subway Shooting ‘without Incident.’”

[15]  Jenkins, Brian, and Bruce Butterworth. 2018. “Train Wrecks and Track Attacks: An Analysis of Attempts by Terrorists and Other Extremists to Derail Trains or Disrupt Rail Transportation.” (Page 2)

[16]  Ibid

[17]  “San Pedro Train Engineer Pleads Guilty to Terrorism Charge for Intentionally Derailing Locomotive near U.S. Navy Hospital Ship.” 2021. www.justice.gov.

[18]  Ibid

[19]  Jenkins, Brian, and Bruce Butterworth. 2020. “How Sophisticated Are Terrorist Attacks on Passenger Rail Transportation.” (Page 7)

[20]  Vale, Allister. 2005. “What Lessons Can We Learn from the Japanese Sarin Attacks?”

[21]  Elias, Bart, and David Peterman. 2016. “Transportation Security: Issues for the 114th Congress Specialist in Aviation Policy.” (Page 16)

[22]  Ibid

[23]  Peterman, David. 2005. “CRS Report for Congress Passenger Rail Security: Overview of Issues.”

[24]  Elias, Bart, John Frittelli, and David Peterman. 2021. “Transportation Security: Background and Issues for the 117th Congress.” (Page 17-18)

[25]  “TSA 101 Mass Transit and Passenger Rail Security.”

[26]  Elias, Bart, John Frittelli, and David Peterman. 2021. “Transportation Security: Background and Issues for the 117th Congress.” (Page 18)

[27]  Ibid

[28]  Ibid

[29]  Jenkins, Brian, and Bruce Butterworth. 2020. “How Sophisticated Are Terrorist Attacks on Passenger Rail Transportation.” (Page 4-5)

Anthony Citarella and Mitchell E. Simmons Ph.D.
Anthony Citarella and Mitchell E. Simmons Ph.D.
Anthony Citarella is a Department of Defense employee studying at the National Intelligence University (NIU) in Bethesda, Maryland. Mr. Citarella is currently pursuing a Master of Science of Strategic Intelligence degree from NIU. Prior to NIU, Mr. Citarella graduated Magna Cum Laude and earned a Bachelor of Arts in Political Science as well as minors in Middle East & Islamic Studies and Peace & Justice Studies from Gettysburg College in Pennsylvania. As an undergraduate, he was a participant in the Eisenhower Institute's "Inside the Middle East" program, where he learned and utilized open-source intelligence analysis techniques. Mr. Citarella was also an Undergraduate Fellow for the Eisenhower Institute in 2017, where he contributed to the U.S. Department of State's research on domestic refugee policy. Mr. Citarella has experience working with local and state level law enforcement, to include time at the New Jersey State Police's Regional Operations Intelligence Center on the Threat Analysis Unit. Mitchell E. Simmons Ph.D., Lieutenant Colonel, United States Air Force (Retired) is the Associate Dean for Academic Affairs and Program Director in the Anthony Oettinger School of Science and Technology Intelligence at the National Intelligence University in Bethesda, Maryland. Dr. Simmons teaches courses in Intelligence Collection, National Security Policy and Intelligence, and Infrastructure Assessment Vulnerability. He has over 25 years of experience in acquisition, engineering, and infrastructure vulnerability within and supporting the Intelligence Community. His expertise includes physical and functional vulnerability of hardened and deeply buried targets and critical infrastructure from traditional and asymmetric threats. Dr. Simmons holds a Bachelor and Master of Science in Mechanical Engineering from Ohio University, a Master of Science in Administration from Central Michigan University, and a Doctorate in Engineering Management from The Union Institute and University.

Related Articles

Latest Articles