1st Edition

Transportation Systems Security

By Allan McDougall, Robert Radvanovsky Copyright 2008
    280 Pages 17 B/W Illustrations
    by Routledge

    Highlighting the importance of transportation to a country’s infrastructure and survival, Transportation Systems Security presents the strategic and practical considerations involved in the implementation of physical, procedural, and managerial safeguards required to keep all modes of transportation up and running during an actual or potential disaster.
    Structured in an easy cognitive fashion, the book begins with a basic introduction providing terms and definitions. It describes both physical and information system layouts and defines who controls what parts of the process, how far control is extended, and who oversees controls within the system.
    Building on this foundation, subsequent chapters discuss problems such as the need for a more defined “domain-based” approach when threats, assets, vulnerabilities, and safeguards are not under local control. The book describes and refines the concepts of criticality, impact, and consequence as they relate to the assignation of value for personnel, assets, facilities, information and activities in terms of how they might support performance.
    By comparing continuity of operations planning (COOP) to business continuity planning (BCP), the book presents security measures as a value-added benefit rather than a hindrance to business and introduces the notion of certification, accreditation, and licensure. It demonstrates safeguards that layer outward from the entity and across the system with the ability to prevent, detect, and notify, as well as respond to and recover from a crisis.
    Emphasizing the sharing of information and methods, the book encourages security to become an integrated component within the system, not just imposed on top of it. It takes a holistic approach to the transportation infrastructure, introducing the concept of fragility and the measurable factors involved, and including a 20 page questionnaire to help managers determine their company’s fragility in terms of transportation security.

    Introduction to Transportation Systems
    Requirements for Securing the Sector
    The Transportation Sector as Linked Systems
    Impact Resulting from System Failure or Interruption
    Trends within the Transportation Sector
    Fragility and Reliability
    Understanding Transportation System Security
    Transportation System Topography
    General Overview
    Nodes and Conduits
    Directly and Indirectly Derived Demands
    Factors Affecting Directly Derived Demands
    Factors Affecting Indirect Demands
    Routing of Conduits
    Spoke-and-Hub Systems
    Control Points versus Nodes
    Control Points in Fixed Conduits
    Control Points along Flexible Conduits
    Terminal or Transfer?
    System as a Sum of Interlinked Systems
    Recap of the System
    Constraints within the System
    Coordination Networks
    Coordination Network—Operations
    How the Coordination Network Interacts with the System
    Conduit-Based Networks: Operations and Deployment
    Use of Systems for Automation
    Persons and Associations and Networks of Persons
    Sector-Wide
    Factors to Consider
    Business Goals and Mission Analysis
    Scales of Operability
    General Interaction
    How Is the System Mission Achieved?
    Considerations of the Transportation System
    System-Level Mission Statement
    Transportation System Security Mission Statement
    Determining the Mission Statement for Organizations
    Strategic Level Mission Statements as Organizational Constraints
    Operational Level within the Structure
    Interaction between the Strategic and Operational Levels
    Role of the Operational Level
    Tactical Level within the Structure
    Interaction between the Operational and Tactical Levels
    Overview of the Structure
    Limitations on Controls
    Limitations on the Strategic Level
    Limitations on the Operational Level
    Limitations on the Tactical Level
    Generation of the Mission Statements
    ABC Transport’s Security Mission Statements
    How Does the Mission Statement Fit into Critical Infrastructure Protection?
    Questions
    General Definitions and Approaches
    Persons, Assets, Facilities, Information, and Activities
    Follow-the-Pipe Approach
    Mission-Driven Value
    Vulnerability-Driven Considerations
    Integrating the C-I-A Triad
    Integrating the D-M-L Triad
    CIP Management Approach
    Criticality
    Means, Opportunity, and Intent
    Convergence within the Transportation System
    The Concept of Risk, Residual Risk, and Risk Appetite
    Who Decides the Threshold for Risk Appetite?
    Avoiding, Addressing, Transferring, Accepting, and Ignoring Risk
    Responses to Risk and Regulation
    Risk Awareness
    The Concept of Safeguards
    Prevention, Detection, Response, and Recovery
    Looking at Vulnerabilities
    Interim versus Proposed Measures
    Layered Defenses
    The Macro Level
    ABC Transport
    Local versus Systems Approaches
    Structures of Networks
    The Flux of the Transportation System
    Imperatives Driving Network Component Behavior
    Aligning Imperatives with the Mission Statement
    Relationship between Imperatives and Levels
    Tactical-Level Imperatives
    Operational-Level Imperatives
    Strategic-Level Imperatives
    Aligning the Levels of the Organization
    Communications among the Levels
    Pace of Evolution
    Internal Influences versus External Influences
    Transorganizational Constraints
    Alignment with Mission Statements
    Influences on Follow the Pipe
    Alignment of Transorganizational Groups with the Matrix
    Constraints by Regulators
    Questions
    Answers
    Criticality, Impact, Consequence, and Internal and External Distributed Risk
    Assignment of Value
    Criticality
    Impact
    Consequence
    Risk
    Risk Calculations
    ABC Transport Example
    Questions
    Mitigation and Cost Benefit
    First Step to Mitigating Risk—Strategy
    Key Considerations
    Selecting a Mitigation Strategy
    Tactical-Level Considerations
    Operational-Level Considerations
    Strategic-Level Considerations
    System-Level Considerations
    Cost Considerations
    Benefit Considerations
    Aligning Procedures with Performance
    Setting Strong Procedures
    Linking Business Activities
    Robustness, Resiliency, and Redundancy
    Setting Goals and Benchmarks
    Generating the Manual
    Questions
    Certification, Accreditation, Registration, and Licensing
    Linking to Mitigation
    Certification
    Accreditation
    Registration
    Licensing
    The Trusted Transportation System
    ABC Transport Example
    Continuity of Operations Planning
    Questions
    Continuity of Operations
    What Is COOP?
    Aligning COOP, BCP, and Contingency Planning
    Background of COOP
    Objectives
    Elements
    Operations
    Issues Implementing COOP
    Aligning with Preventive Safeguards
    Detection
    Response and Mitigation
    Recovery
    Supply Chain Management Security
    Questions
    Networks and Communities of Trust
    Value of Community Involvement
    Prevention
    Detection
    Response
    Recovery
    Community Building as a Continuum
    Setting of Arrangements
    Communities and Council Building
    Tactical, Operational, and Strategic Considerations
    Communities, Trusted Networks, and Operations
    ABC Transport Example
    Questions
    Establishing and Monitoring Learning Systems
    Intent of the Learning System
    How the Intent Is Met
    Assessing or Evaluating against Criteria
    Prioritizing Based on Divergence
    Determining Causes
    Communicating Results
    Challenges with ISACs
    How Would Information Be Shared?
    Legal Issues with ISACs
    Consequences of Accidental Disclosure of Information
    Intellectual Property and ISACs
    Trend Analysis
    Reporting Trends
    Information Sharing and Definition and Categorization Challenges
    ABC Transport
    Questions
    Fragility and Fragility Analysis Management
    Requirement for Information
    Repositories of Information
    Lines of Communication
    Data Categorization
    Adaptability of the Categorization Process
    Adaptability of Data Sets or Mutability
    Assessment
    Integration into Mitigation Strategies
    Addressing Capacity in Decision-Making Gaps
    Translating of Strategies into Action
    The Rough Fragility Score for Evolution
    Additional Factors with Respect to Fragility
    Rating Geographic, Sphere of Control, and Interdependency Fragility
    Fragility Factor
    Relating to Resiliency and Redundancy
    Fragility and the Path of Least Resistance
    Mean Time between Business Failure (MTBBF)
    Mean Time between Market Failure (MTBMF)
    Persistent Fragility Leading to System Revolution
    Management of Fragility
    Relating to Prevention, Detection, Response, and Recovery
    Transportation System Security, Risk, and Fragility
    Questions
    Appendix A:
    Sample Memorandum of Understanding between the Radio Amateurs of Canada, Inc. and the Canadian Red Cross Society
    Memorandum of Understanding between the Radio Amateurs of Canada Inc. and the Canadian Red Cross Society
    Appendix A Guidelines for Cooperation
    Appendix B
    Organization of The Canadian Red Cross Society
    Organization of the Radio Amateurs of Canada, Inc.
    Appendix B: Manager’s Working Tool
    Section 1: Product or Service Delivery
    Section 2: Geography and Community Building
    Section 3: Data Categorization and Information Management
    Section 4: Establish a Learning System
    Section 5: Maintenance and Sustainability

    Biography

    Robert Radvanovsky, Allan McDougall