Risk on the Rails: An Update

This is an update to this post from a couple of weeks ago:

The Government Accountability Office (GAO) released a new statement on rail security. They continue to prod DHS and the Transportation Security Administration (TSA) to complete the required risk assessment and strategic plans for rail security:

[A]s of March 2, 2007, TSA has not issued the required Transportation Sector Specific Plan and supporting plans for passenger rail and other surface transportation modes, based on risk assessments. Until TSA does so, it lacks a clearly communicated strategy with goals and objectives for securing the transportation sector, including passenger rail.

GAO reiterates its support of a risk-management approach to rail security. While acknowledging the complexity and difficulty of managing risk on the rails, due to the inherently open nature of the rail system itself, the number of stakeholders involved, etc., the GAO continues to point out that, despite making progress, DHS and TSA have not completed the required system-wide risk assessment and resulting strategy:

DHS has made progress in assessing the risks facing the U.S. passenger rail system, but has not issued a plan based on those risk assessments for securing the entire transportation sector and supporting plans for each mode of surface transportation, as required by and in accordance with the National Infrastructure Protection Plan.

TSA expects the 50 largest rail transit agencies to complete security self-assessments in early 2007. According to TSA, the agency is using the results of these assessments to set priorities, and has identified underground and underwater rail infrastructure and high-density passenger rail stations as assets at highest risk.

In short, there's progress but more is needed. TSA continues to assess risk on an ongoing basis (e.g., identifying underground and underwater rail and high-density passenger rail as high-risk assets) without an overall picture of the risk environment on the rails.