DHS plans Web site to help identify transportation vulnerabilities

The Homeland Security Department plans to set up a free Web site that will allow owners and operators of transportation systems to voluntarily assess their security protections against terrorist attacks and receive recommendations on how to make improvements, the department announced this week.

DHS is seeking public and industry comment on the Vulnerability Identification Self-Assessment Tool. The department submitted a request Wednesday to the Office of Management and Budget for emergency processing and approval authority to move forward on developing the tool. Comments are due to OMB by Sept. 9. The tool would be free to users and managed by the Transportation Security Administration.

"After its inception, TSA faced the challenge of securing all of the different modes within the transportation sector," the Federal Register notice states. "A methodology was required in order to support inter- and intramodal analysis and decision-making. Millions of assets exist within the transportation sector, ranging from over 500,000 highway-bridges to over 19,000 general aviation airports.

"Given this population of assets, it became apparent that a mechanism was needed to solicit data from the asset owners/operators," the notice added. "TSA needs this data, such as the assets' security measures currently deployed, along with a high-level assessment of system security effectiveness, in order to prioritize resources."

If the tool is approved, owners or operators within the transportation sector would be able to voluntarily enter information about their security measures and risks into a Web interface at no charge. Transportation systems eligible include aviation, rail, pipelines, highways and bridges, and mass transit.

The interface would request information concerning security countermeasures, such as plans, policies and procedures, training; access controls, physical security assets, security technologies and equipment, communications security, and information security.

"Users first list the asset's baseline security countermeasures that apply for each of the threat scenarios, and then rate the effectiveness of the countermeasures in detecting and/or preventing the terrorist's actions against each threat scenario," the notice stated. Users are then asked to assess the impact on security of adding countermeasures or enhancing existing countermeasures if the national threat level is raised to code orange, or if their infrastructure is identified as being a specific terrorist target.

"Upon completion of the tool assessment, users receive a report that summarizes their inputs," the notice added. "They may then use this report to develop a security plan or to identify areas of potential vulnerability. Users have the option to submit the completed assessment to DHS. If submitted, the department reviews the assessment for consistency and provides feedback to the users."

According to the notice, DHS estimates there are potentially 3 million respondents in the United States. Out of that, DHS predicts that about 300,000 - or 10 percent -- might use the new tool.