BACKGROUND

The nation's transportation infrastructure is at risk from terrorist attacks due to the symbolic nature of the assets, their economic and mobility importance, and the potential for loss of life of users of the assets. Risks to transportation infrastructure generally involve the following: physical facilities, vehicles and vessels, information systems that monitor and manage the flow of goods, and people on the transportation system. This project focuses on physical facilities along with related information infrastructure; it does not include cyber-security.

State DOTs are responsible for assets in highways, transit, maritime, rail, and general aviation. To judge potential investments in risk reduction across the portfolio of state DOT modes, assessment methodologies are needed to define threats, vulnerabilities, criticality, and potential countermeasures in a detailed, balanced way.

OBJECTIVE

The objective of this research is to develop a Guide to Risk Management of Multimodal Transportation Infrastructure. The Guide will provide state DOTs and other transportation entities with a risk management methodology that can be used to conduct threat, vulnerability, and criticality assessments of their facilities and to determine cost-effective countermeasures to prevent, detect, and reduce threats to assets on a multimodal basis.

The product of this project will be a recommended replacement to the 2002 AASHTO Guide to Highway Vulnerability Assessment for Critical Identification and Protection. The recommended replacement (the Guide) will expand, enhance, and update the 2002 AASHTO guide to include all DOT transportation modes and to include a methodology for determining cost-effective countermeasures.

The contents of the Guide will include:

(1) a method for screening the entire population of transportation facilities to determine critical elements (including personnel, communications, and physical infrastructure);
(2) a method for risk management (including threat, vulnerability, and criticality assessments) of the critical infrastructure;
(3) a method for identification of cost-effective countermeasures;
(4) a method for calculation of risk reduction achieved through application of countermeasures;
(5) a method for identification of ancillary benefits (e.g., safety, multi-hazard risk reduction, operational efficiency, benefits to other critical sectors of the economy); and
(6) a data model that will facilitate the development of outputs that can be used (a) in a statewide transportation-infrastructure security plan and (b) to fulfill application requirements for various funding sources.

It is essential that the Guide be user-friendly and implementable with a reasonable level of effort, recognizing the variability of the states.

Accomplishment of the objective will require at least the following tasks.

TASKS

PHASE 1

Task 1. Produce an inventory of available security-related risk assessment methodologies and tools, including those in the 2002 AASHTO guide; FTA's Public Transportation System Security and Emergency Preparedness Planning Guide; the TSA Risk Management Program; DHS/American Society of Mechanical Engineers Guidance on Risk Analysis and Management for Critical Asset Protection; and DHS/Office for Domestic Preparedness Grants (see Special Note F). Also interview states and other entities to determine threat, vulnerability, and criticality assessments that have been conducted and the methodologies employed. Review the latest terrorism-risk management activities (as available) from foreign countries. The inventory should include, at a minimum, inputs, outputs, required data, major steps in methods, applicability to transportation modes, level of automation, degree of complexity, and level of effort. Highlight those methodologies that are likely to become required, whether by regulation or as conditions for receiving funding.

Task 2. From the inventory in Task 1, identify the key assumptions; steps used in conducting threat, vulnerability, and criticality assessments; components of the models used; and data requirements for the Guide (i.e., data needed for use in the screening methodology, for quantifying risk, for identifying applicable countermeasures, and for cost-benefit analysis). Review the "NCHRP Workshop Comments" from the Bridge/Tunnel/Highway Infrastructure Vulnerability Assessment Workshops, the FHWA Bridge/Tunnel Vulnerability Workshops, and the Recommendations for Bridge and Tunnel Security (the Blue Ribbon Panel report). Identify effective practices for potential inclusion in the Guide.

Task 3. Produce a recommended methodology and a detailed outline for the Guide, identifying where the components come from, and how the recommended methodology improves on the 2002 AASHTO methodology. Illustrate how the recommended methodology works with examples that show how specific actions reduce risk and how one evaluates which actions are most effective. A table such as that in Figure C-12 on p. 55 of the Recommendations for Bridge and Tunnel Security would help make this clear.

Task 4. Demonstrate, with examples, the applicability of the proposed methodology to highways, transit, maritime, rail, and general aviation.

Task 5. Submit an interim report on the information developed in Tasks 1 through 4. The interim report shall also contain a detailed work plan, with proposed revisions as appropriate, for field testing the draft Guide in Phase 2.

PHASE 2

Task 6. Based on panel feedback, revise the Phase 2 work plan.

Task 7. Using the data elements from the inventory in Task 1, develop a data model that will accommodate the requirements of multiple assessment methodologies. Illustrate how the data in the data model can be used to implement the risk assessment methodologies (including threat, vulnerability, and criticality assessments) highlighted in Task 1.

Task 8. Augment the 2002 AASHTO guide's listing of cost-effective, operational and engineered countermeasures for the various types of critical assets to include countermeasures relevant to all modes of transportation. Consider countermeasures that are capable of some degree of variation with varying threat levels (e.g., degree of patrolling).

Task 9. Submit a draft Guide for panel review.

Task 10. Based on panel feedback, revise the draft Guide. Evaluate the utility of the draft Guide as used by three states. Include states with varying needs, modes, risks, and perceptions of risk.

Task 11. Submit a draft final Guide. Include examples that demonstrate the methodology for applicability to highways, transit, maritime, rail, and general aviation. In a separate technical memo, report to the panel on the evaluation of the draft Guide in Task 10.

Task 12. Submit a revised Guide, together with a response to panel comments on the draft. In addition, provide a final report that documents the entire research effort and a companion executive summary that outlines the research results.

Status: Complete. An interim meeting with the panel was held in June 2006. A preliminary draft final report was received in January 2007.  An interim meeting with the panel was held in January 2007.  A revised final report was received in December 2007.  At the final panel meeting in January 2008, additional changes were recommended. A revised final report was received in September 2008. A TRB webinar was held in November 2009.

Product Availability: NCHRP Report 525: Surface Transportation Security, Volume 15: Costing Asset Protection: An All Hazards Guide for Transportation Agencies (CAPTA) is available for purchase and/or download.