WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a need to know, as defined in 49 CFR 1520, except with the written permission of the FEMA Administrator, Washington, DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 522. | ||||||||||||||
SENSITIVE SECURITY INFORMATION | ||||||||||||||
General | ||||||||||||||
Guide Book | This tool has an accompanying Guide book entitled: "Risk Assessment, A How-To Guide for Executing a Simplified Enterprise Risk Assessment of a Public Transportation System." Please review the guide before using the tool. | |||||||||||||
Threat | The indication of potential harm to life, information, operations, the environment and/or property. A threat may be a natural or human-created occurrence and includes capabilities, intentions, and attack methods of adversaries used to exploit circumstances or occurrences with the intent to cause harm. Threat refers to an individual, entity, action, or occurrence. For the purpose of calculating security risk, "threat" from intentional acts accounts for both the intent and capability of the adversary and is an expression of the likelihood of an incident being attempted by an adversary. For other (non-intentional) hazards, threat is generally estimated as the likelihood that a hazard will manifest. | |||||||||||||
Vulnerability | A physical feature or operational attribute that renders an entity, asset, system, network, or geographic area open to exploitation or susceptible to a given hazard. A vulnerability may be a characteristic of design, location, security posture, operation, or any combination thereof, that renders an entity, asset, system, network, or geographic area susceptible to disruption, destruction, or exploitation. In developing a numeric valuation of vulnerability, it may be considered as the likelihood of an attack succeeding (or an incident affecting) a given asset and the extent to which that success or affect would rise. | |||||||||||||
Consequence | Effect of an event, incident, or occurrence. Consequence is commonly measured in four ways: human, economic, mission, and psychological, but may also include other factors such as impact on the environment. | |||||||||||||
Risk | DHS defines "risk" as the potential for an adverse outcome assessed as a function of hazard/threats, assets and their vulnerabilities, and consequence. PT-RAM is focused more directly on "security risk," defined as risk associated with the security/vulnerability of systems, web sites, information and networks. In using the results of PT-RAM, the assessed risk might be thought of as the potential for an unwanted outcome based on the threats, vulnerabilities, and consequences associated with an incident, event, or occurrence as applied to an asset. In numerical terms within this assessment, the risk value is derived from the assigned values of consequence, vulnerability and threat in a given planning scenario. | |||||||||||||
Risk Rating | In a risk assessment, risk is "scored" or "rated" as a numerical result to a semi-quantitative risk assessment process. In the PT-RAM, Risk is categorized as Highest, Very High, High, Moderate and Lower, in accordance with a color code: | |||||||||||||
Not Assessed | Lower Risk | Moderate Risk | High Risk | Very High Risk | Highest Risk | |||||||||
Critical Asset | A specific person, structure, facility, information, material, or process that is of such extraordinary importance that its incapacitation or destruction would have a very serious, debilitating effect on the ability of the system to function effectively. This would include contracts, facilities, property, records, funds or resources, personnel, intelligence, technology, or physical infrastructure, or anything useful that contributes to the success of the enterprise. Assets are things of value or properties to which value can be assigned. In some domains, capabilities and activities may be considered assets as well. Assets are critical based upon importance to a mission or function, or continuity of operations. | |||||||||||||
Additional Asset | This tool includes a provision for assessment of assets other than the selected representative asset. For example, a system operator may wish to assess risk for many line stations as opposed to one representative station. This can be done using the Additional Assets feature. | |||||||||||||
Type of System | Refers to the general type of transit system being reviewed. The PT-RAM is designed to support assessment of 5 types of systems: commuter rail, local mass transit heavy rail such as a subway system, light rail or streetcar systems, bus (both commuter and local), and ferry systems. Assets which support multiple systems can be considered collectively (once, with a notation on the Risk Summary Sheet). | |||||||||||||
Planning Scenario | A Planning Scenario is a hypothetical situation comprised of a hazard, an entity impacted by that hazard, and associated conditions. As used in the PT-RAM, it is the pairing of a specific asset and a specific incident. | |||||||||||||
Security Incidents | ||||||||||||||
Security Incident | An occurrence caused by either human action or natural phenomena, that may cause harm and that may require action. Security incidents can include major disasters, emergencies, terrorist attacks, terrorist threats, wildland and urban fires, floods, hazardous materials spills, nuclear accidents, aircraft accidents, earthquakes, hurricanes, tornadoes, tropical storms, war-related disasters, public health and medical emergencies, law enforcement encounters and other occurrences requiring a mitigating response. A security incident may be cascading – that is, the consequence of one incident may be the creation of subsequent, linked incidents. A power outage can cause a train derailment, causing the release of a toxic chemical. For purposes of this assessment, a security incident should be evaluated independently if its consequences are likely to be significant relative to a critical asset. | |||||||||||||
Type 1 Incidents: Primary Effect Incidents | Armed Assault/Active Shooter | Attack by 1 or several individuals using simple, easily acquired weapons including vehicles, firearms, pipe bombs, suicide bombs. | ||||||||||||
VBIED or IED | An improvised explosive device deployed via automobile with explosive equivalent up to 150lb. of TNT or truck/bus with explosive equivalent of 500lbs. of TNT, or man portable with an explosive equivalent of 40lbs. TNT. | |||||||||||||
Hijack | Attack by 1 person (against a wheeled vehicle) or 3 or more persons (against a train) using simple, easily acquired weapons (including charges sufficient to destroy/derail the vehicle) for purposes of seizing control of a vehicle in the prosecution of a further attack. | |||||||||||||
Coordinated Complex Attack | Attack by more than 2 teams of greater than 1 individual using simple weapons, or by more than 1 team plus a planted explosive, occurring at 2 or more points within single system and one hour; system is the ultimate target. | |||||||||||||
Cyber Attack | Attack occurring on or conducted through a computer network that actually or imminently jeopardizes the integrity, confidentiality, or availability of computers, information or communications systems or networks, PCS, DCS, SCADA or Supervisory Systems, or any physical or virtual infrastructure supporting such systems. | |||||||||||||
Type 2 Incidents: Secondary Effect Incidents | Natural Disaster | A natural event such as a severe storm, flood, wild fire, earth movement, etc. | ||||||||||||
Industrial Disaster | An adverse condition or occurrence in an industrial or infrastructure system, that requires coordinated action across multiple entities and/or levels of government to resolve. For purposes of PT-RAM, consider an accidental or intentional disaster at a major facility adjacent to or in a position to impact the system. Consider chemical spill, toxic release, explosion, train derailment, structure collapse, fire, etc. | |||||||||||||
Derailment/Collision | Occurs when on-track equipment leaves the rail or guide system, or when an impact occurs between railcars, buses, watercraft and/or other vehicles or fixed objects. Derailments and collisions may be intentional or unintentional. In some cases, they may result in the loss/failure of control centers, control equipment or other essential components of infrastructure. | |||||||||||||
Widespread Power Outage | Widespread power outage arising from an attack on or failure of power generation, transfer, distribution or management. | |||||||||||||
Type 3 Incidents: Low Probability - Extreme Consequences Attack | Weapon of Mass Destruction | An attack employing a weapon of mass destruction, which could include a bio agent, a radiological dispersant device, a chemical weapon or a nuclear device. Please see the guide for additional information. | ||||||||||||
Critical/Representative Assets | ||||||||||||||
Commuter Rail Systems | ||||||||||||||
Commuter Rail System Public Area | Headquarters Building | The building housing the executive and administrative offices of the system | ||||||||||||
Major Passenger Terminals | The primary or brand name passenger terminal for the system | |||||||||||||
Major Line Stations | A major station other than the central terminal | |||||||||||||
Parking Structures | A parking structure (not an on-grade lot) usually for passengers | |||||||||||||
Commuter Rail System Rolling Stock | Consist - Type 1 | A lineup or sequence of rail cars, with or without a locomotive, that form a unit | ||||||||||||
Consist - Type 2 | Another type of lineup or sequence of rail cars, with or without a locomotive, that form a unit | |||||||||||||
Commuter Rail System Control | Primary Control Center | The facility from which primary system control is exercised | ||||||||||||
Control Towers | Sub-stations supporting the primary control center | |||||||||||||
Cyber Systems | Logical systems (hardware, software, firmware, etc.) supporting system operation | |||||||||||||
Commuter Rail System Operations | Right of Way (ROW) | The fixed route carrying the rail or other infrastructure used to manage rolling stock | ||||||||||||
Signals & PTC | Equipment designed to monitor the safe operation of rolling stock and to intervene if necessary, and/or equipment for signaling vehicle operators | |||||||||||||
Switches | Equipment designed to start, stop or redirect rolling stock | |||||||||||||
Commuter Rail System ROW Infrastructure | Bridges | Bridges or viaducts carrying right of way | ||||||||||||
Elevated Track | Track raised on conduits - generally not earthen | |||||||||||||
Tunnels | Bored or cut-and-fill tunnels through which traffic transits | |||||||||||||
Choke Points on ROW | Places where a significant portion of traffic transits a restricted space | |||||||||||||
Commuter Rail System Safety | Fire Suppression | Systems designed and installed to detect and extinguish fires automatically | ||||||||||||
Air Handling | HVAC, smoke control or other ventilation systems | |||||||||||||
Commuter Rail System Support | Power Generation/Distribution | Infrastructure providing electric power to system, safety features, and/or control | ||||||||||||
Yards | Places where rolling stock is marshaled or stored | |||||||||||||
Maintenance Barns/Facilities | Places and facilities where rolling stock is maintained or repaired | |||||||||||||
Heavy Rail (Subway) | ||||||||||||||
Heavy Rail System Public Area | Headquarters Building | See above | ||||||||||||
Major Passenger Terminals | See above | |||||||||||||
Major Line Stations | See above | |||||||||||||
Parking Structures | See above | |||||||||||||
Heavy Rail System Rolling Stock | Consist - Type 1 | See above | ||||||||||||
Consist - Type 2 | See above | |||||||||||||
Heavy Rail System Control | Primary Control Center | See above | ||||||||||||
Cyber Systems | See above | |||||||||||||
Heavy Rail System Operations | Right of Way (ROW) | See above | ||||||||||||
Signals & PTC | See above | |||||||||||||
Switches | See above | |||||||||||||
Heavy Rail System ROW Infrastructure | Bridges | See above | ||||||||||||
Elevated Track | See above | |||||||||||||
Tunnels | See above | |||||||||||||
Choke Points on ROW | See above | |||||||||||||
Heavy Rail System Safety | Fire Suppression | See above | ||||||||||||
Air Handling | See above | |||||||||||||
Heavy Rail System Support | Power Generation/Distribution | See above | ||||||||||||
Yards | See above | |||||||||||||
Maintenance Barns/Facilities | See above | |||||||||||||
Light Rail/Streetcar | ||||||||||||||
Light Rail System Public Area | Headquarters Building | See above | ||||||||||||
Major Passenger Terminals | See above | |||||||||||||
Major Line Stations | See above | |||||||||||||
Parking Structures | See above | |||||||||||||
Light Rail System Rolling Stock | Consist - Type 1 | See above | ||||||||||||
Consist - Type 2 | See above | |||||||||||||
Light Rail System Control | Primary Control Center | See above | ||||||||||||
Cyber Systems | See above | |||||||||||||
Light Rail System Operations | Right of Way (ROW) | See above | ||||||||||||
Signals & PTC | See above | |||||||||||||
Switches | See above | |||||||||||||
Light Rail System ROW Infrastructure | Bridges | See above | ||||||||||||
Elevated Track | See above | |||||||||||||
Tunnels | See above | |||||||||||||
Choke Points on ROW | See above | |||||||||||||
Light Rail System Safety | Fire Suppression | See above | ||||||||||||
Light Rail System Support | Power Generation/Distribution | See above | ||||||||||||
Yards | See above | |||||||||||||
Maintenance Barns/Facilities | See above | |||||||||||||
Bus (Intracity Bus, Commuter Bus) | ||||||||||||||
Bus System Public Area | Headquarters Building | See above | ||||||||||||
System Owned Bus Station | The primary or brand name passenger terminal for the system | |||||||||||||
Bus System Rolling Stock | Bus - Type 1 | A widely used type of bus - this may be a large cruiser for example | ||||||||||||
Bus - Type 2 | Another type of bus, used differently or structurally different, or both | |||||||||||||
Bus System Control | Dispatch/Control Center | The facility from which primary system control is exercised | ||||||||||||
Cyber Systems | See above | |||||||||||||
Bus System Support | Fueling Facilities/Depots | The facility where fuels are delivered, stored and filled to rolling stock | ||||||||||||
Maintenance Barns/Facilities | See above | |||||||||||||
Ferry Service | ||||||||||||||
Ferry System Public Area | Headquarters Building | See above | ||||||||||||
System Owned Ferry Terminals | The primary or brand name ferry terminal for the system | |||||||||||||
Parking Structures | See above | |||||||||||||
Ferry System Vessels | Ferry Vessel - Type 1 | A merchant vessel used to carry passengers, and sometimes vehicles and cargo, across a body of water | ||||||||||||
Ferry Vessel - Type 2 | Another type of merchant vessel used to carry passengers, and sometimes vehicles and cargo, across a body of water | |||||||||||||
Ferry System Control | Primary Control Center | See above | ||||||||||||
Cyber Systems | See above | |||||||||||||
Ferry System Operations | Aids to Navigation | Systems designed to assist mariners in avoiding hazards and route finding | ||||||||||||
Support Craft | Watercraft supporting ferry operations such as tug boats, security vessels, etc. | |||||||||||||
Ferry System Support | Maintenance Facilities | Places and facilities where vessels are maintained or repaired | ||||||||||||
SENSITIVE SECURITY INFORMATION | ||||||||||||||
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a need to know, as defined in 49 CFR 1520, except with the written permission of the FEMA Administrator, Washington, DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 522. TSGP OMB # 1660-0112 | ||||||||||||||
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a need to know, as defined in 49 CFR 1520, except with the written permission of the FEMA Administrator, Washington, DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 522. | ||||||||||||||
SENSITIVE SECURITY INFORMATION | ||||||||||||||
Elements of Security Risk | ||||||||||||||
Criticality | A thing or a capability is critical when it is essential to the operation of a system; is essential to human health and safety; or is essential to the ability to govern, provide essential services, or to provide community and/or national security. When considering the degree to which a thing or capability is critical, consider the extent to which a system would be disabled, the role of that system in society, the duration of the disruption, work-arounds to include expensive/manpower intensive options, and the extent to which such work-arounds could be employed and deployed. For example, manpower can substituted for some aspects of system management, but normally only at great cost, significant loss in efficiency, and for a limited duration regardless of cost. | |||||||||||||
Threat | Intent & Capability | Threat from intentional acts accounts for both the intent and capability of the adversary and is an expression of the likelihood of an incident being attempted. For other (non-intentional) hazards, threat is estimated as the likelihood that a hazard will manifest. | ||||||||||||
Vulnerability | Exposure | Exposure considers two factors. The first is the extent to which this asset is open to compromise by the incident type. For example, the Port of Houston is not exposed to blizzards or ice storms, but the Port of New York might be, at least to some degree. The second, which applies to acts of malfeasance, is the extent to which the application of this incident to this asset is reasonable. For example, a terrorist who has constructed a sophisticated chemical weapon is unlikely to use that weapon in an attack on a transit system's maintenance facility when it could be more easily and effectively deployed against a major terminal or a high occupancy carriage. | ||||||||||||
Protective Measures | Protective Measures considers equipment, procedures, etc. that are in place and designed to prevent, protect, detect, respond to and/or recover from the incident type as it impacts this asset. Generally, protective measures are active (as opposed to the basic nature of the asset, considered below) or are developed and maintained capability, such as training personnel to run, hide or fight in response to an active shooter, or developing an effective "see something, say something" culture. | |||||||||||||
Robustness/Resilience | Robustness and resilience is also a double consideration. First, it considers the inherent or natural strength of the asset to absorb the incident under assessment without significant damage. For example, Grand Central Station may be quite robust against many explosive devices, simply owing to the way it is constructed. A modern tank farm may be quite robust against a single device because tanks are too widely separated for one device to damage multiple tanks. This is a consideration of the inherent ability of an asset to withstand the incident type with little or no damage even in the absence of human intervention. Resilience is concerned with both the ability to adjust to the loss at the macro level (moving to electric vehicles for ambulance services in response to loss of gasoline refining capacity) or for rapid implementation of work-arounds pending a fast recovery from the loss. | |||||||||||||
Consequence | Human Impact | Human impact should be scored in accordance with the sensitivity of the assessing entity to loss of life and/or severe injuries or other human impacts. A national security entity (Army, Coast Guard) is likely less sensitive to loss of life than a grade school. "Severe" for one could be a significantly higher number for the Army than for a school. Human impact considers loss of life as the first and most significant consideration, but also considers life-changing injury, permanent displacement, and similar less extreme impacts. At the national level, losses similar to or beyond 9/11 are extreme, similar to or beyond the Las Vegas attack, severe. | ||||||||||||
Economic Impact | Economic impact considers the 1st level loss of assets (a building destroyed) and 2nd level impacts (businesses lost due to the loss of the customers who worked in, or came regularly to the lost building). Do not consider business merely displaced. Do consider damage to long term viability (i.e. loss of tourism that may not recover), and unambiguous cascade impact. Consider direct cost to recover and future increased operation costs (such as significantly increased security costs). | |||||||||||||
Psychological Impact | Effect of an incident, event, or occurrence on the mental or emotional state of individuals or groups resulting in a change in perception and/or behavior. In the context of homeland security, psychological consequences are negative and refer to the impact of an incident, event, or occurrence on the behavior or emotional and mental state of an affected population. | |||||||||||||
Scales | ||||||||||||||
Criticality | ||||||||||||||
In general, the descriptions and suggested weights of risk factors are provided as reference points and should not be interpreted literally. Please note that when considering criticality, individual elements of criticality are not additive, that is, a thing does not have to achieve every criteria to be scaled at the level being considered. More generally, the panel should interpolate among the descriptors and consider them as suggestions or points of departure for discussion, and not established "rules." The exception is for protective measures as related to cyber attacks. In that case, the expert panel should determine if the system under consideration has installed logical security meeting current NIST standards. If yes, the panel may consider ratings of 2 or 1. If a system's logical security measures do not meet current NIST standards, the expert panel should not assign any rating lower (more favorable) than 3 for protective measures. | ||||||||||||||
5 | Physical/cyber damage to this asset will likely leave the agency unable to operate all or most of the system for an extended period. Workarounds will be expensive, inefficient, and disruptive to the community. The loss of life, loss of public confidence and/or loss of the ability of the regional government or economy to function are potentially extreme. | |||||||||||||
4 | Physical/cyber damage to this asset carries a significant risk of leaving the agency unable to operate all or most of the system for a significant period. Repair/recovery will be very expensive. Workarounds will be expensive, inefficient, and disruptive to the community. The loss of life, loss of public confidence and/or loss of the ability of the regional government or economy to function are potentially very high. | |||||||||||||
3 | Physical/cyber damage to this asset carries a risk of leaving the agency unable to operate all or most of the system for one or several days. Repair/recovery will be highly expensive. Workarounds will be inefficient and possibly disruptive to the community. The loss of life, loss of public confidence and/or loss of the ability of the regional government or economy to function are potentially high. | |||||||||||||
2 | Physical/cyber damage to this asset carries a risk of leaving the agency unable to operate parts of the system for one or several days. Workarounds may be inefficient and possibly have ripple effects in the community. The loss of life, loss of public confidence and/or loss of the ability of the regional government or economy to function are potentially significant. | |||||||||||||
1 | Without this asset, the system can operate as normal with minimal loss of capacity. Workarounds can be sustained long term. Physical/cyber damage to this asset carries a risk of hindering the agency’s ability to operate parts of the system for one or several days. Workarounds are readily available and can be implemented with minimal impact on the community. The potential for loss of life, public confidence and/or ability of the regional government or economy to function are present. | |||||||||||||
0 | Physical/cyber damage to this asset carries no risk hindering the agency’s ability to operate the system. Workarounds are available, are reasonably efficient and can be implemented with minimal effect on the community. The loss of life, loss of public confidence and/or loss of the ability of the regional government or economy to function are not present. | |||||||||||||
Vulnerability | ||||||||||||||
Natural Exposure | Asset is fully exposed with no inherent protection in an area where natural events (storms, flooding, earthquakes, etc.) occur frequently. An incident of typical proportions will severely compromise the asset. | |||||||||||||
5 | ||||||||||||||
Natural Exposure | Asset is generally exposed with little inherent protection in an area where natural events (storms, flooding, earthquakes, etc.) occur semi-regularly. An incident of typical proportions may compromise the asset, while a severe incident will certainly compromise it. | |||||||||||||
4 | ||||||||||||||
Natural Exposure | Asset is partially exposed with some inherent protection in an area where natural events (storms, flooding, earthquakes, etc.) occur infrequently. An incident of severe proportions may compromise the asset. | |||||||||||||
3 | ||||||||||||||
Natural Exposure | Asset is not exposed and has inherent protection in an area where natural events (storms, flooding, earthquakes, etc.) occur very infrequently. Only an incident of extreme proportions could partially compromise the asset. | |||||||||||||
2 | ||||||||||||||
Natural Exposure | Asset is not exposed and is inherently protected in an area where natural events (storms, flooding, earthquakes, etc.) could possibly occur, but have never occurred/been an issue. An incident cannot directly compromise the asset, but an extreme event could cause secondary effects. | |||||||||||||
1 | ||||||||||||||
Natural Exposure | Not applicable | |||||||||||||
0 | ||||||||||||||
Technical Exposure | Asset is fully exposed and there are no natural/man-made redundancies to keep an accident from taking place. An operational mishap of normal proportions risks severely compromising the asset. | |||||||||||||
5 | ||||||||||||||
Technical Exposure | Asset is generally exposed and there are few natural/man-made redundancies to keep an accident from taking place. An operational mishap of normal proportions risks compromising the asset. | |||||||||||||
4 | ||||||||||||||
Technical Exposure | Asset is partially exposed and there are some natural/man-made redundancies to keep an accident from taking place. An operational mishap of significant proportions risks compromising the asset. | |||||||||||||
3 | ||||||||||||||
Technical Exposure | Asset is not exposed and there are natural/man-made redundancies to keep an accident from taking place. An operational mishap of extreme proportions may risk compromising the asset. | |||||||||||||
2 | ||||||||||||||
Technical Exposure | Asset is not exposed and there are numerous natural/man-made redundancies to keep an accident from taking place. An operational mishap of extreme proportions will not compromise the asset, but secondary effects might. | |||||||||||||
1 | ||||||||||||||
Technical Exposure | Not applicable | |||||||||||||
0 | ||||||||||||||
Security Exposure | Asset is fully exposed and there are no natural/man-made redundancies to keep an attack from taking place. A simple, unplanned attack by an individual risks severely compromising the asset. | |||||||||||||
5 | ||||||||||||||
Security Exposure | Asset is fully exposed and there are no natural/man-made redundancies to keep an attack from taking place. A simple attack by an individual or small group risks compromising the asset. | |||||||||||||
4 | ||||||||||||||
Security Exposure | Asset is fully exposed and there are no natural/man-made redundancies to keep an attack from taking place. A coordinated attack by a group of professionals risks compromising the asset. | |||||||||||||
3 | ||||||||||||||
Security Exposure | Asset is fully exposed and there are no natural/man-made redundancies to keep an attack from taking place. A complex, coordinated attack by numerous professionals may risk compromising the asset. | |||||||||||||
2 | ||||||||||||||
Security Exposure | Asset is fully exposed and there are no natural/man-made redundancies to keep an attack from taking place. A complex, coordinated attack by numerous groups of professionals will not compromise the asset, but might trigger secondary effects that do. | |||||||||||||
1 | ||||||||||||||
Security Exposure | Not applicable | |||||||||||||
0 | ||||||||||||||
Protective Measures | This type of attack against this type of target is practically certain to succeed if attempted, assuming planning and execution is basically competent. | |||||||||||||
5 | ||||||||||||||
Protective Measures | This type of attack against this asset is likely to succeed if planning and execution is competent. | |||||||||||||
4 | ||||||||||||||
Protective Measures | This type of attack against this asset may succeed if there is skillful planning and execution. | |||||||||||||
3 | ||||||||||||||
Protective Measures | This type of attack against this asset can succeed if there is very skillful planning and execution, but there is a strong possibility that it would be defeated. | |||||||||||||
2 | ||||||||||||||
Protective Measures | This type of attack against this asset can only succeed if there is extremely skillful planning and execution, but there is a high likelihood that it would be defeated. | |||||||||||||
1 | ||||||||||||||
Protective Measures | Not applicable | |||||||||||||
0 | ||||||||||||||
Robustness | This asset has no inherent strength and is a discrete point target. If compromised, it may not be possible to return it to full service. | |||||||||||||
5 | ||||||||||||||
Robustness | This asset has limited inherent strength and is not dispersed. If compromised, it can be returned to full service at considerable cost over an extended period of repair. | |||||||||||||
4 | ||||||||||||||
Robustness | This asset has moderate inherent strength or is partially dispersed. If compromised, it can be returned to full service in a manageable time and at a manageable cost. | |||||||||||||
3 | ||||||||||||||
Robustness | This asset has considerable inherent strength or is widely dispersed. If compromised, it can be rapidly returned to full service. | |||||||||||||
2 | ||||||||||||||
Robustness | This asset is inherently strong, widely dispersed, or otherwise difficult or impossible to compromise for the long term. | |||||||||||||
1 | ||||||||||||||
Robustness | Not applicable | |||||||||||||
0 | ||||||||||||||
Consequence | ||||||||||||||
Human | Event will result in loss of life that drastically exceeds established mass-casualty management processes and capabilities. The combined capabilities of all regional jurisdictions able to respond in a timely manner may not be sufficient to mount a timely and effective response. This is an incident that may include loss-of-life of a magnitude that we would consider a major disaster. Additional less-than-lethal human impact such as management of injured and/or "worried well" that exceeds local and regional capabilities by orders of magnitude should be considered. For the Federal Government, 9/11 and Hurricane Katrina would fall into this category. | |||||||||||||
5 | ||||||||||||||
Human | This event will likely result in loss of life that exceeds established mass-casualty management processes and capabilities. The combined capabilities of many regional jurisdictions able to respond in a timely manner would be needed to deal with this event. This incident may include loss-of-life of a magnitude we would consider severe. Additional less-than-lethal human impact such as management of injured and/or "worried well" that will exceed local and may exceed regional capabilities should be considered. For the Federal Government, a terrorist attack such as the combined, coordinated attack on the city of Mumbai would meet this criteria. | |||||||||||||
4 | ||||||||||||||
Human | This event may result in loss of life that severely stresses established mass-casualty management processes and capabilities. The capabilities of more than one additional regional jurisdiction able to respond in a timely manner may be required. This may include loss-of-life of a magnitude we would consider a major event. Additional less than lethal human impact such as management of injured and/or "worried well" that may exceed local capabilities should be considered. For the Federal Government, a terrorist attack such as the Oklahoma City bombing would meet this criteria. | |||||||||||||
3 | ||||||||||||||
Human | This event may result in loss of life that requires highly efficient, well-coordinated mass-casualty management. The capabilities of an additional regional jurisdiction able to respond in a timely manner may be required. This could include loss-of-life of a magnitude we would consider moderate. Additional less than lethal human impact such as management of injured and/or "worried well" that may stress local capabilities should be considered. For the Federal Government, a terrorist attack such as the Las Vegas shooting would meet this criteria. | |||||||||||||
2 | ||||||||||||||
Human | This event may result in loss of life that requires mass-casualty management. The capabilities of a significant portion of local response capability may be required. This incident could include loss-of-life of a magnitude that we regularly plan for. Additional less than lethal human impact such as management of injured and/or "worried well" that may occupy local capabilities should be considered. like a mass shooting For the Federal Government, a terrorist attack such as the Virginia Tech shooting would meet this criteria. | |||||||||||||
1 | ||||||||||||||
Human | Not applicable | |||||||||||||
0 | ||||||||||||||
Economic | Primary and secondary impact will likely exceed 50% of the company/locality operating budget. Also, 20% or more of organizational jobs are likely to be permanently lost. Similar or higher numbers of outside job losses are possible. Iconic assets may be lost permanently. Repair and recovery would be prohibitively expensive and will almost certainly require federal assistance, either financially, technically, or both. | |||||||||||||
5 | ||||||||||||||
Economic | Primary and secondary impact will likely exceed 25% of the company/locality operating budget. Also, 10% or more of organizational jobs are likely to be permanently lost and similar or higher numbers of outside job losses are possible. Iconic assets may be lost permanently, Repair and recovery would be very time consuming and expensive and will likely require federal assistance, either financially, technically, or both. | |||||||||||||
4 | ||||||||||||||
Economic | Primary and secondary impact will likely exceed 10% of the company/locality operating budget. Some organizational jobs are likely to be permanently lost. Outside job losses are possible. Iconic assets may be lost for an extended time (1+ years). Repair and recovery would be time-consuming and expensive, and may require federal assistance, either financially, technically, or both. | |||||||||||||
3 | ||||||||||||||
Economic | Primary and secondary impact will likely exceed 5% of the company/locality operating budget. Some organizational jobs are likely to be permanently lost, with additional outside job losses possible. Assets may be unusable for more than six months. Repair and recovery would be manageable but potentially time consuming, but could be expedited with federal assistance, either financially, technically, or both. | |||||||||||||
2 | ||||||||||||||
Economic | Primary and secondary impacts may place heavy stress on organizational/locality budgets. Impacts will include some temporary job losses and will not be filled in the near term, with additional impacts including loss of infrastructure, loss of business not replaced, and outlays for response and post-event temporary security measures. Federal assistance will not be required. | |||||||||||||
1 | ||||||||||||||
Economic | Not applicable | |||||||||||||
0 | ||||||||||||||
Psychological | The event will cause an extreme effect on the mental or emotional state of individuals or groups resulting in a permanent and significant change in the policies and practices of government, and a permanent change in perception and/or behavior. | |||||||||||||
5 | ||||||||||||||
Psychological | The event will cause a severe effect on the mental or emotional state of individuals or groups resulting in a permanent change in the policies and practices of government, and a permanent or near-permanent change in perception and/or behavior. | |||||||||||||
4 | ||||||||||||||
Psychological | The event will have a significant effect on the mental or emotional state of individuals or groups resulting in some modification to government policies and practices, and a long-term change in perception and/or behavior. | |||||||||||||
3 | ||||||||||||||
Psychological | The event will have a noticeable effect on the mental or emotional state of individuals or groups resulting in a long-term change in perception and/or behavior. | |||||||||||||
2 | ||||||||||||||
Psychological | The event will have a temporary effect on the mental or emotional state of individuals or groups and may result in a temporary change in perception and/or behavior. | |||||||||||||
1 | ||||||||||||||
Psychological | Not applicable | |||||||||||||
0 | ||||||||||||||
SENSITIVE SECURITY INFORMATION | ||||||||||||||
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a need to know, as defined in 49 CFR 1520, except with the written permission of the FEMA Administrator, Washington, DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 522. | ||||||||||||||
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a need to know, as defined in 49 CFR 1520, except with the written permission of the FEMA Administrator, Washington, DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 522. | |||||
SENSITIVE SECURITY INFORMATION | |||||
Facilitator: | Recorder: | ||||
Risk Analysis of: | |||||
CRITICAL/REPRESENTATIVE ASSETS | |||||
Commuter Rail | |||||
Asset Category | Asset Type | Asset Number | Selected Asset (most critical or most representative) | Assigned Criticality Value | |
Commuter Rail System Public Area | Headquarters Building | CR | 1 | ||
Major Passenger Terminals | CR | 2 | |||
Major Line Stations | CR | 3 | |||
Parking Structures | CR | 4 | |||
Commuter Rail System Rolling Stock | Consist - Type 1 | CR | 5 | ||
Consist - Type 2 | CR | 6 | |||
Commuter Rail System Control | Primary Control Center | CR | 7 | ||
Control Towers | CR | 8 | |||
Cyber Systems | CR | 9 | |||
Commuter Rail System Operations | Right of Way (ROW) | CR | 10 | ||
Signals & PTC | CR | 11 | |||
Switches | CR | 12 | |||
Commuter Rail System ROW Infrastructure | Bridges | CR | 13 | ||
Elevated Track | CR | 14 | |||
Tunnels | CR | 15 | |||
Choke Points on ROW | CR | 16 | |||
Commuter Rail System Safety | Fire Suppression | CR | 17 | ||
Air Handling | CR | 18 | |||
Commuter Rail System Support | Power Generation/Distribution | CR | 19 | ||
Yards | CR | 20 | |||
Maintenance Barns/Facilities | CR | 21 | |||
Heavy Rail (Subway) | |||||
Asset Category | Asset Type | Asset Number | Selected Asset (most critical or most representative) | Assigned Criticality Value | |
Heavy Rail System Public Area | Headquarters Building | HR | 1 | ||
Major Passenger Terminals | HR | 2 | |||
Major Line Stations | HR | 3 | |||
Parking Structures | HR | 4 | |||
Heavy Rail System Rolling Stock | Consist - Type 1 | HR | 5 | ||
Consist - Type 2 | HR | 6 | |||
Heavy Rail System Control | Primary Control Center | HR | 7 | ||
Cyber Systems | HR | 8 | |||
Right of Way (ROW) | HR | 9 | |||
Heavy Rail System Operations | Signals & PTC | HR | 10 | ||
Switches | HR | 11 | |||
Heavy Rail System ROW Infrastructure | Bridges | HR | 12 | ||
Elevated Track | HR | 13 | |||
Tunnels | HR | 14 | |||
Choke Points on ROW | HR | 15 | |||
Heavy Rail System Safety | Fire Suppression | HR | 16 | ||
Air Handling | HR | 17 | |||
Heavy Rail System Support | Power Generation/Distribution | HR | 18 | ||
Yards | HR | 19 | |||
Maintenance Barns/Facilities | HR | 20 | |||
Light Rail/Streetcar | |||||
Asset Category | Asset Type | Asset Number | Selected Asset (most critical or most representative) | Assigned Criticality Value | |
Light Rail System Public Area | Headquarters Building | LR | 1 | ||
Major Passenger Terminals | LR | 2 | |||
Major Line Stations | LR | 3 | |||
Parking Structures | LR | 4 | |||
Light Rail System Rolling Stock | Consist - Type 1 | LR | 5 | ||
Consist - Type 2 | LR | 6 | |||
Light Rail System Control | Primary Control Center | LR | 7 | ||
Cyber Systems | LR | 8 | |||
Right of Way (ROW) | LR | 9 | |||
Light Rail System Operations | Signals & PTC | LR | 10 | ||
Switches | LR | 11 | |||
Light Rail System ROW Infrastructure | Bridges | LR | 12 | ||
Elevated Track | LR | 13 | |||
Tunnels | LR | 14 | |||
Choke Points on ROW | LR | 15 | |||
Light Rail System Safety | Fire Suppression | LR | 16 | ||
Light Rail System Support | Power Generation/Distribution | LR | 17 | ||
Yards | LR | 18 | |||
Maintenance Barns/Facilities | LR | 19 | |||
Bus (Intracity Bus, Commuter Bus) | |||||
Asset Category | Asset Type | Asset Number | Selected Asset (most critical or most representative) | Assigned Criticality Value | |
Bus System Public Area | Headquarters Building | BUS | 1 | ||
System Owned Bus Station | BUS | 2 | |||
Bus System Rolling Stock | Bus - Type 1 | BUS | 3 | ||
Bus - Type 2 | BUS | 4 | |||
Bus System Control | Dispatch/Control Center | BUS | 5 | ||
Cyber Systems | BUS | 6 | |||
Bus System Support | Fueling Facilities/Depots | BUS | 7 | ||
Maintenance Barns/Facilities | BUS | 8 | |||
Ferry Service | |||||
Asset Category | Asset Type | Asset Number | Selected Asset (most critical or most representative) | Assigned Criticality Value | |
Ferry System Public Area | Headquarters Building | FS | 1 | ||
System Owned Ferry Terminals | FS | 2 | |||
Parking Structures | FS | 3 | |||
Ferry System Vessels | Ferry Vessel - Type 1 | FS | 4 | ||
Ferry Vessel - Type 2 | FS | 5 | |||
Ferry System Control | Primary Control Center | FS | 6 | ||
Cyber Systems | FS | 7 | |||
Ferry System Operations | Aids to Navigation | FS | 8 | ||
Support Craft | FS | 9 | |||
Ferry System Support | Maintenance Facilities | FS | 10 | ||
Additional Assets Considered | |||||
System | Asset Type | Asset Number | Selected Asset (most critical or most representative) | Assigned Criticality Value | |
AA | 1 | ||||
AA | 2 | ||||
AA | 3 | ||||
AA | 4 | ||||
AA | 5 | ||||
AA | 6 | ||||
AA | 7 | ||||
AA | 8 | ||||
AA | 9 | ||||
AA | 10 | ||||
SENSITIVE SECURITY INFORMATION | |||||
WARNING: This document contains Sensitive Security Information that is controlled under 49 CFR 1520. No part of this document may be released to persons without a need to know, as defined in 49 CFR 1520, except with the written permission of the FEMA Administrator, Washington, DC. Unauthorized release may result in civil penalty or other action. For U.S. Government agencies, public release is governed by 5 U.S.C. 522. | |||||
File Type | application/vnd.openxmlformats-officedocument.spreadsheetml.sheet |
File Modified | 0000-00-00 |
File Created | 0000-00-00 |