Vulnerability Assessment
Vulnerability Assessment Overview
Each railroad carrier must complete a Vulnerability Assessment of all railroad carrier critical assets and infrastructure, and the carrier’s transportation and storage of SSM in rail cars, excluding residue.
Vulnerability Assessment Structure
A rail carrier Vulnerability Assessment shall include:
The identification of all railroad carrier critical assets and infrastructure needed to conduct railroad operations including intermodal terminals, tunnels, bridges, switching and storage areas, SSM transported by the railroad carrier and information systems as appropriate.
Each asset should be assessed as the target of at least the following acts of terrorism (attack scenarios): a VBIED attack, an IED attack, and a cyber attack (if applicable). Additional attack scenarios should be assessed if applicable.
The identification of the vulnerabilities of the identified critical railroad assets and infrastructure to each applicable act of terrorism including the identification of strengths and weaknesses and the existing countermeasures and their level of effectiveness in reducing identified vulnerabilities taking into account the following:
Physical security including fencing, alarms, monitoring using cameras and patrols, warning signs and lighting;
Randomness of operations;
Access control of employees, contractors, visitors and trespassers to critical areas;
Programmable electronic devices, computers, or other automated systems which are used in providing the transportation;
Communications systems and utilities needed for railroad security purposes including dispatching and notification systems;
Planning including the coordination with the public emergency responders and law enforcement agencies;
Employee and contractor personnel screening;
Employee security training, and;
Dwell time of rail cars containing SSM cars in rail yards, terminals, and on railroad-controlled leased track.
The identification of redundant and backup systems required to provide for the continued operation of critical elements of a railroad carrier’s system in the event of an act of terrorism, including disruption of commercial electric power or communications network.
An analysis of the consequences of each applicable act of terrorism on the identified critical assets. This includes estimating the impact the act of terrorism will have on railroad operations, the population, national security, and the national economy.
A risk assessment for each identified critical railroad carrier asset and infrastructure that takes into account the relative degree of risk in terms of the consequences of the act of terrorism and the likelihood of a success of the act of terrorism and threat information available to the rail carrier.
Vulnerability Assessment Methodologies
The rail carrier vulnerability assessment must be conducted using a tool or methods which meet the above criteria and must be accepted by DHS/TSA.
Some examples of the publicly available methodologies that meet these criteria include but are not limited to the DHS Transit Risk Assessment Module (TRAM) and the Intelligence Community’s Analytical Risk Management (ARM) Process. Various commercially available tools meet these criteria.
Applicants should send an email to [email protected] for additional information.
| File Type | application/msword |
| File Title | Vulnerability Assessment |
| Author | msheaffe |
| Last Modified By | SGreene3 |
| File Modified | 2009-05-06 |
| File Created | 2009-05-06 |