Transportation Systems Security
Author: Allan McDougall
Transportation systems security is an integral part of counterterrorism and homeland security. Highlighting all aspects, this comprehensive text presents strategic, practical, and operational applications for the physical, procedural, and psychological safeguards that are needed to keep all modes of transportation up and running. Topics include systems layout, core performance issues, and risk assessment; predicting internal and external loss; drills, exercises, and training; as well as layered systems, compliance, and shared information. Each chapter features questions and case scenarios to facilitate understanding. A fictitious company is used to depict various scenarios in order to illustrate the theoretical concepts discussed by the authors.
Table of Contents:
Preface xvAcknowledgments xix
Authors xxi
Introduction to Transportation Systems 1
Introduction 1
Requirements for Securing the Sector 2
The Transportation Sector as Linked Systems 4
Impact Resulting from System Failure or Interruption 4
Trends within the Transportation Sector 6
Fragility and Reliability 7
Understanding Transportation System Security 8
Transportation System Topography 11
Introduction 11
General Overview 12
Nodes and Conduits 12
Directly and Indirectly Derived Demands 14
Factors Affecting Directly Derived Demands 14
Factors Affecting Indirect Demands 16
Routing of Conduits 19
Spoke-and-Hub Systems 19
Control Points versus Nodes 20
Control Points in Fixed Conduits 20
Control Points along Flexible Conduits 21
Terminal or Transfer? 21
System as a Sum of Interlinked Systems 22
Recap of the System 24
Constraints within the System 25
Coordination Networks 25
Coordination Network-Operations 25
How the Coordination Network Interacts with the System 26
Conduit-Based Networks: Operations and Deployment 27
Use of Systems for Automation 27
Persons and Associations and Networks of Persons 28
Aviation (Air) 28
Marine 28
Rail 28
Trucking 28
Sector-Wide 29
Factors to Consider 29
Business Goals and Mission Analysis 33
Introduction 33
Scales of Operability 33
General Interaction 35
How Is the System Mission Achieved? 36
Considerations of the Transportation System 37
System-Level Mission Statement 38
Transportation System Security Mission Statement 38
Determining the Mission Statement for Organizations 39
Strategic Level Mission Statements as Organizational Constraints 40
Operational Level within the Structure 42
Interaction between the Strategic and Operational Levels 42
Role of the Operational Level 43
Tactical Level within the Structure 43
Interaction between the Operational and Tactical Levels 44
Overview of the Structure 45
Limitations on Controls 45
Limitations on the Strategic Level 45
Limitations on the Operational Level 47
Limitations on the Tactical Level 47
Generation of the Mission Statements 48
ABC Transport's Security Mission Statements 49
How Does the Mission Statement Fit into Critical Infrastructure Protection? 49
Questions 50
General Definitions and Approaches 53
Introduction 53
Persons, Assets, Facilities, Information, and Activities 54
Follow-the-Pipe Approach 54
Mission-Driven Value 55
Vulnerability-Driven Considerations 55
Integrating the C-I-A Triad 57
Confidentiality 57
Integrity 58
Availability 59
Integrating the D-M-L Triad 60
Disclosure 61
Modification 61
Loss 62
CIP Management Approach 62
Criticality 63
Means, Opportunity, and Intent 63
Convergence within the Transportation System 64
The Concept of Risk, Residual Risk, and Risk Appetite 65
Who Decides the Threshold for Risk Appetite? 68
Avoiding, Addressing, Transferring, Accepting, and Ignoring Risk 68
Avoiding Risk 69
Addressing Risk 69
Transferring Risk 70
Accepting Risk 71
Ignoring Risk 71
Responses to Risk and Regulation 72
Risk Awareness 73
The Concept of Safeguards 74
Tactical-Level Safeguards 75
Operational-Level Safeguards 75
Strategic-Level Safeguards 76
Regulator-Driven Safeguards 76
Prevention, Detection, Response, and Recovery 77
Prevention 77
Detection and Response 78
Recovery 80
Looking at Vulnerabilities 80
Interim versus Proposed Measures 81
Layered Defenses 82
The Macro Level 83
ABC Transport 83
Local versus Systems Approaches 89
Introduction 89
Structures of Networks 90
The Flux of the Transportation System 91
Imperatives Driving Network Component Behavior 92
Aligning Imperatives with the Mission Statement 93
Relationship between Imperatives and Levels 95
Tactical-Level Imperatives 95
Operational-Level Imperatives 96
Strategic-Level Imperatives 97
Aligning the Levels of the Organization 97
Communications among the Levels 98
Pace of Evolution 99
Internal Influences versus External Influences 100
Transorganizational Constraints 100
Alignment with Mission Statements 100
Influences on Follow the Pipe 101
Alignment of Transorganizational Groups with the Matrix 101
Constraints by Regulators 102
Questions 103
Answers 104
Criticality, Impact, Consequence, and Internal and External Distributed Risk 107
Introduction 107
Assignment of Value 108
Criticality 109
Single Points of Failure 109
Consideration for Nationally Declared Critical Infrastructure 110
Impact 110
Tactical-Level Impact 111
Operational-Level Impact 111
Strategic-Level Impact 112
Consideration for Control Systems 113
Consequence 113
Risk 114
Internal Risk 114
External Risk 115
Risk Calculations 115
ABC Transport Example 116
Questions 119
Mitigation and Cost Benefit 121
Introduction 121
First Step to Mitigating Risk-Strategy 121
Key Considerations 122
Management Tolerances toward Risk 122
Costs 122
Resistance to Change 123
Selecting a Mitigation Strategy 123
Ignoring Risk 124
ABC Transport Example 124
Tactical-Level Considerations 125
ABC Transport Example 126
Operational-Level Considerations 126
ABC Transport Example 127
Strategic-Level Considerations 127
System-Level Considerations 129
Cost Considerations 130
Benefit Considerations 130
Aligning Procedures with Performance 131
Setting Strong Procedures 131
Prevention 132
Detection 133
Response 134
Recovery 135
Linking Business Activities 136
Robustness, Resiliency, and Redundancy 137
Robustness 137
Resiliency 137
Redundancy 137
Cascading Impacts 138
Setting Goals and Benchmarks 138
Generating the Manual 139
Questions 139
Certification, Accreditation, Registration, and Licensing 141
Introduction 141
Linking to Mitigation 142
Certification 142
Accreditation 143
Registration 144
Licensing 145
The Trusted Transportation System 145
ABC Transport Example 146
Continuity of Operations Planning 147
Questions 149
Continuity of Operations 151
Introduction 151
What Is COOP? 152
Aligning COOP, BCP, and Contingency Planning 153
Background of COOP 154
Objectives 155
Elements 156
Operations 157
Issues Implementing COOP 158
Aligning with Preventive Safeguards 159
ABC Transport Example: Business Continuity Planning 159
Detection 161
ABC Transport Example: Corporate Policy 163
Response and Mitigation 163
ABC Transport Example: ABC Employees 163
ABC Transport Example: The Regional Office 164
ABC Transport Example: Senior Management 164
Recovery 165
Supply Chain Management Security 166
Questions 167
Networks and Communities of Trust 171
Introduction 171
Value of Community Involvement 172
Prevention 172
Detection 173
Response 174
Recovery 174
Community Building as a Continuum 175
Setting of Arrangements 176
Communities and Council Building 177
Tactical, Operational, and Strategic Considerations 177
Communities, Trusted Networks, and Operations 178
ABC Transport Example 179
Questions 180
Establishing and Monitoring Learning Systems 183
Introduction 183
Intent of the Learning System 184
How the Intent Is Met 184
Assessing or Evaluating against Criteria 185
Prioritizing Based on Divergence 186
Determining Causes 186
Communicating Results 187
Challenges with ISACs 188
How Would Information Be Shared? 189
Legal Issues with ISACs 190
Consequences of Accidental Disclosure of Information 191
Intellectual Property and ISACs 192
Trend Analysis 192
Reporting Trends 192
Information Sharing and Definition and Categorization Challenges 193
ABC Transport 194
Questions 195
Fragility and Fragility Analysis Management 197
Introduction 197
Requirement for Information 198
Repositories of Information 198
Lines of Communication 201
Data Categorization 202
Adaptability of the Categorization Process 203
Adaptability of Data Sets or Mutability 204
Assessment 205
Integration into Mitigation Strategies 206
Addressing Capacity in Decision-Making Gaps 209
Translating of Strategies into Action 209
The Rough Fragility Score for Evolution 210
Additional Factors with Respect to Fragility 213
Rating Geographic, Sphere of Control, and Interdependency Fragility 214
Fragility Factor 217
Relating to Resiliency and Redundancy 217
Fragility and the Path of Least Resistance 218
Mean Time between Business Failure (MTBBF) 218
Mean Time between Market Failure (MTBMF) 219
Persistent Fragility Leading to System Revolution 220
Management of Fragility 220
Relating to Prevention, Detection, Response, and Recovery 221
Transportation System Security, Risk, and Fragility 221
Questions 221
Sample Memorandum of Understanding between The Radio Amateurs of Canada Inc. and The Canadian Red Cross Society 223
Memorandum of Understanding between The Radio Amateurs of Canada Inc. and The Canadian Red Cross Society 223
Appendix A 224
Guidelines for Cooperation 224
Appendix B 225
Organization of The Canadian Red Cross Society 225
Organization of The Radio Amateurs of Canada Inc 225
Manager's Working Tool 227
Product or Service Delivery 227
Geography and Community Building 231
Data Categorization and Information Management 236
Establish a Learning System 238
Maintenance and Sustainability 242
Index 245
Blindside: How to Anticipate Forcing Events and Wild Cards in Global Politics
Author: Francis Fukuyama
A host of catastrophes, natural and otherwise, as well as some pleasant surprises--such as the sudden end of the cold war--have caught governments and societies unprepared in recent decades. September 11 is only the most obvious example among many unforeseen events that have changed, even redefined, our lives. We have every reason to expect more surprises in future.
Certain kinds of unanticipated scenarios--particularly those of low probability and high impact--have the potential to escalate into systemic crises. Even positive surprises can pose major policy challenges. Contemporary policymakers, however, lack the understanding and the tools they need to manage low-probability, high-impact events. Refining our understanding and developing such tools are the twin foci of this insightful and perceptive volume, edited by renowned author Francis Fukuyama and sponsored by The American Interest magazine.
Organized into five sections, Blindside addresses the psychological and institutional obstacles that prevent leaders from planning for negative low-probability events and allocating the necessary resources to deal with them. Case studies pinpoint the failures--institutional as well as personal--that allowed key historical events to take leaders by surprise, and other chapters examine the philosophies and methodologies of forecasting. The book's final section offers a debate and two discussions with internationally prominent authorities who assess how individuals, communities, and local and national governments have handled low-probability, high-impact contingencies. They suggest what these entities can do to move forward in a period of heightened concern aboutboth man-made and natural disasters.
How can we avoid being blindsided by unforeseen events? There is no easy or obvious answer. But we first must understand the obstacles that prevent us from seeing the future clearly and then from acting appropriately. This readable and fascinating book is an important step in that direction.
No comments:
Post a Comment