I promised a "Rail Security" piece several months ago. Heavy workload and a back log of reading and correspondence has delayed any updates. I am remiss... The following article is from the TSA wwebsite and details the rail security solution DHS has defined.
"This document contains recommended security action items for the rail transportation of materials poisonous by inhalation, commonly referred to as Toxic Inhalation Hazard (TIH) materials. Adoption of these measures is voluntary. Movement of large quantities of TIH materials by rail in proximity to population centers warrants special consideration and attention. These materials have the potential of causing significant numbers of fatalities and injuries if intentionally released in an urban environment.
The efficient operation of our critical interstate rail system requires a uniform nationwide approach to railroad security. The security action items listed in this document have been identified by the Department of Homeland Security (DHS) and the Department of Transportation (DOT) during risk assessments and security reviews and build upon existing DOT hazardous materials regulations. In particular the DOT regulations at 49 CFR Sections 172.704 and 172.800-804 require each transporter of hazardous materials, including TIH materials, to develop and implement security plans and to train appropriate employees in security measures. DHS and DOT are issuing these voluntary action items as measures that should be considered when security plans are developed, implemented, and revised. The action items are voluntary to allow the railroad carriers to adopt measures best suited to their particular circumstances provided the measures are consistent with existing regulations. It is not our intent that these security action items be enacted into law by state and local governments. Existing federal regulations likely would preempt any such law.
The security action items have been divided into three categories 1) system security; 2) access control; and 3) en-route security. System security and access control refer to practices affecting the security of the railroad and its property. En-route security refers to the actual movement and handling of railcars containing TIH materials.
DHS and DOT recognize that no one solution fits all locations and circumstances. These security action items allow for flexibility in implementation based upon the assessed vulnerability of a particular process or operation. Where applicable, implementation of these action items to their fullest extent practicable should be the goal of the affected property owner and operator.
DHS and DOT reserve the right to update or modify these security action items as circumstances warrant.
System Security Practices Affecting the Transportation of TIH Materials
1. Designate an individual with overall responsibility for hazardous materials transportation security planning, training, and implementation. This individual should report directly to an executive officer of the company. Designate an individual with overall responsibility for security planning and countermeasure implementation for company -designated critical infrastructure.2. Conduct exercises, at least annually, to verify the effectiveness of security plan(s).3. Develop and conduct an internal or external company audit program to independently verify that the security plan is being effectively implemented. The audit process should include a policy for record keeping of the audit and a method for management review and performance measurement.4. Identify and then annually review company-designated critical infrastructure. Ensure that changes or additions to the operating environment have been properly addressed.5. Maintain a communications network to receive timely government notices of current threat conditions and available intelligence information. Adjust security measures as necessary to reflect current threats and vulnerabilities based on available information.6. Make use of opportunities to establish liaison and regular communication with federal, state, and local law enforcement, emergency responders, security agencies, and industry partners. Strive to make local law enforcement aware of railroad security issues.7. Establish liaison and collaboration with other railroad security offices to promote information sharing and security enhancements.8. As with industry safety programs, regularly reinforce security awareness and operational security concepts to all employees at all levels of the organization.9. Reinforce the need for employees to immediately report to the proper authorities all suspicious persons, activities, or objects encountered.10. Have contingency plans in place to supplement company security personnel to protect company-designated critical infrastructure as threat conditions warrant such as contracts to engage private security guard providers or procedures to request supplemental physical security assistance of federal, state, local, and tribal authorities.11. Restrict access to information controlled by the railroad that it determines to be sensitive, in particular information about hazardous materials shipments and security measures.12. Make available emergency response planning materials, and when requested, work with local communities to facilitate their training and preparation to deploy and respond to an emergency or security incident.13. Cooperatively work with the federal, state, local, and tribal governments to identify through risk assessments those locations where security risks are the highest. Cooperatively work with the federal, state, local, and tribal governments to identify and implement protective measures at these locations.
Access Control Security Practices
14. Focus proactive community safety and security outreach and trespasser abatement programs in areas adjacent to company-designated critical infrastructure to reduce the likelihood of unauthorized individuals on company property and to enhance public awareness of the importance of reporting suspicious activity.15. To the extent feasible and practicable, utilize photo identification procedures for company-designated critical infrastructure. Establish procedures for background checks and safety and security training for contractor employees with unmonitored access to company-designated critical infrastructure.16. To the extent feasible and practicable, and as threat conditions warrant, restrict the access of contractors and visitors at non-public areas of company-designated critical infrastructure and monitor the activities of visitors in or around such infrastructure.17. Establish employee identification measures for all employees. Conduct spot checks of identification as threat conditions warrant.18. Implement measures to deter unauthorized entry and increase the probability of detection at company-designated critical infrastructure as threat conditions warrant. To the extent patrols are utilized, vary the pattern and schedule to avoid predictability.19. Utilize interlocking signals and/or operating rules to prevent trains from occupying moveable bridges until they are locked in place.
En-Route Security Practices
20. Maintain systems to locate rail cars transporting TIH materials in a timely manner to enable the implementation of security measures when necessary and provide information on the location of rail cars carrying TIH materials to DHS and DOT, as requested, in case of events of national significance.21. During required on-ground safety inspections of cars containing TIH materials, inspect for any apparent signs of tampering, sabotage, attached explosives, and other suggested items. Train employees to recognize suspicious activity and report security concerns found during inspections.22. Provide local authorities with information on the hazardous materials transported through their communities consistent with AAR Circular OT-55.23. Consider alternative routes when they are economically practicable and result in reduced overall safety and security risks. Work with the DHS and DOT in developing better software tools to analyze routes.24. In rail yards, to the extent feasible, place cars containing TIH materials where the most practical protection can be provided against tampering and outside interference when appropriate for the threat level in the geographic area in accordance with the AAR Security Management Plan."
I translated this information into another opportunity in CCTV, Access Control, Analytics and even wireless mesh networks. That's how my mind works.... till next time
Friday, July 10, 2009
Saturday, April 18, 2009
New Legislation on Background Checks
In one of the hundreds of articles I get, this nugget caught my eye. It concerns a new resource for criminal background checks. I am very familiar with this tool from my law enforcment days. I thought it might be worth sharing.
"Background check legislation introduced in Congress
-->
New legislation could give installers, monitoring companies access to federal criminal database
BY JOEL GRIFFIN, ASSISTANT EDITOR
SecurityInfoWatch.com
Updated: 04-10-2009 1:55 pm
According to a report issued by the National Burglar and Fire Alarm Association on Wednesday, legislation recently introduced in congress could provide installation and monitoring companies with the resources to ensure the employees they hire aren’t a threat to the homes, businesses and families they’re suppose to help protect.
The bill, the "Electronic Life Safety and Security System Federal Background Check Act of 2009" (HR 1939), was introduced by Rep. Blaine Luetkemeyer (R-Mo.) and would give these companies the ability to check a potential employee’s criminal history against the National Crime Information Center or NCIC, a federal criminal database.
“It’s a great piece of legislation that we’re proposing… and it allows us to be able to provide a tool for our members to be able to get background checks,” said NBFAA President Michael Miller. “One of the issues that we have is (just getting) a criminal background license that’s either state only, local only or federal only and we need all three basically, because when we get employees that come to us from other states, the FBI federal background check is the one that assures us that we’ve got somebody that’s not a criminal. So it would be a fantastic tool to have for our members.”
Similar access has already been granted to banks, credit unions and private security guard firms.
Miller said that he expects to learn more about the bill’s status later this month when he other members of the alarm industry visit Capitol Hill."
"Background check legislation introduced in Congress
-->
New legislation could give installers, monitoring companies access to federal criminal database
BY JOEL GRIFFIN, ASSISTANT EDITOR
SecurityInfoWatch.com
Updated: 04-10-2009 1:55 pm
According to a report issued by the National Burglar and Fire Alarm Association on Wednesday, legislation recently introduced in congress could provide installation and monitoring companies with the resources to ensure the employees they hire aren’t a threat to the homes, businesses and families they’re suppose to help protect.
The bill, the "Electronic Life Safety and Security System Federal Background Check Act of 2009" (HR 1939), was introduced by Rep. Blaine Luetkemeyer (R-Mo.) and would give these companies the ability to check a potential employee’s criminal history against the National Crime Information Center or NCIC, a federal criminal database.
“It’s a great piece of legislation that we’re proposing… and it allows us to be able to provide a tool for our members to be able to get background checks,” said NBFAA President Michael Miller. “One of the issues that we have is (just getting) a criminal background license that’s either state only, local only or federal only and we need all three basically, because when we get employees that come to us from other states, the FBI federal background check is the one that assures us that we’ve got somebody that’s not a criminal. So it would be a fantastic tool to have for our members.”
Similar access has already been granted to banks, credit unions and private security guard firms.
Miller said that he expects to learn more about the bill’s status later this month when he other members of the alarm industry visit Capitol Hill."
Tuesday, March 31, 2009
I have become fascinated by the different applications of our security world, or better yet, our world thrugh security. As a physical security specialist I deal with CCTV, Accees Control, Fire Detection, Intrusion, Video Analytics, etc. Then I started looking at the transportation vertical and it's newest 'toys'.
For instance: TWIC -
"The Transportation Worker Identification Credential (TWIC) is a security measure that ensures individuals who pose a threat do not gain unescorted access to secure areas of the nation's maritime transportation system.
TWIC was established by Congress through the Maritime Transportation Security Act (MTSA) and is administered by the Transportation Security Administration (TSA) and U.S. Coast Guard. TWICs are tamper-resistant biometric credentials that will be issued to workers who require unescorted access to secure areas of ports, vessels, outer continental shelf facilities and all credentialed merchant mariners. It is anticipated that more than 1 million workers including longshoremen, truckers, port employees and others will be required to obtain a TWIC.
Enrollment and issuance began at the Port of Wilmington, Delaware October 16, 2007 and will continue through calendar year 2008 and part of 2009. To obtain a TWIC, an individual must provide biographic and biometric information such as fingerprints, sit for a digital photograph and successfully pass a security threat assessment conducted by TSA. Pre-enrollment is recommended as it is designed to save the applicant time by enabling them to provide their biographical information and make an appointment for in-person enrollment.
Currently, there are no regulatory requirements pertaining to the use of TWIC readers. However, initial testing and evaluation of TWIC readers is will begin in calendar year 2008 as part of the pilot phase."
Then there is: Behavior Detection Officers (BDO)
Layers of Security
"The Behavior Detection Officer (BDO) program utilizes non-intrusive behavior observation and analysis techniques to identify potentially high-risk passengers. BDOs are designed to detect individuals exhibiting behaviors that indicate they may be a threat to aviation and/or transportation security. The program is a derivative of other successful behavioral analysis programs that have been employed by law enforcement and security personnel both in the U.S. and around the world.
TSA's BDO-trained security officers are screening travelers for involuntary physical and physiological reactions that people exhibit in response to a fear of being discovered. TSA recognizes that an individual exhibiting some of these behaviors does not automatically mean a person has terrorist or criminal intent. BDOs do, however, help our security officers focus appropriate resources on determining if an individual presents a higher risk or if his/her behavior has a non-threatening origin. Individuals exhibiting specific observable behaviors may be referred for additional screening at the checkpoint to include a handwanding, limited pat down and physical inspection of one's carry-on baggage. Referrals are based on specific observed behaviors only, not on one's appearance, race, ethnicity or religion.
BDOs add an element of unpredictability to the security screening process that is easy for passengers to navigate but difficult for terrorists to manipulate. It serves as an important additional layer of security in the airport environment, requires no additional specialized screening equipment, can easily be deployed to other modes of transportation and presents yet one more challenge the terrorists need to overcome in attempt to defeat our security system.
BDOs are currently operating at approximately 161 major airports nationwide."
And then there is: Transit Inspectors-
"Through the Surface Transportation Security Inspection Program, or STSI, the TSA has deployed 100 inspectors assigned to 18 field offices across the country, to provide support to our nation’s largest mass transit systems.
VIPR Teams- Federal Air Marshalls, Surface Transportation, Canine Teams and advanced screening technology working as Visible Intermodal Protection Response, or VIPR Teams, offer the ability to raise the level of security in any mode of transportation anywhere in the country quickly and effectively.
Canine teams- Explosives detection canine teams provide strong detection and deterrent capabilities and can be sent quickly to key junction points across systems, stations, terminals, or other facilities.
Grants- Our work focuses greater information sharing, increased training and public awareness, and providing greater assistance and funding for rail transit activities. Grants and awards to rail systems around the country total millions of dollars yearly. "
AMAZING, who knew?
Next time I will explore rail security applications. Hope you join me....
For instance: TWIC -
"The Transportation Worker Identification Credential (TWIC) is a security measure that ensures individuals who pose a threat do not gain unescorted access to secure areas of the nation's maritime transportation system.
TWIC was established by Congress through the Maritime Transportation Security Act (MTSA) and is administered by the Transportation Security Administration (TSA) and U.S. Coast Guard. TWICs are tamper-resistant biometric credentials that will be issued to workers who require unescorted access to secure areas of ports, vessels, outer continental shelf facilities and all credentialed merchant mariners. It is anticipated that more than 1 million workers including longshoremen, truckers, port employees and others will be required to obtain a TWIC.
Enrollment and issuance began at the Port of Wilmington, Delaware October 16, 2007 and will continue through calendar year 2008 and part of 2009. To obtain a TWIC, an individual must provide biographic and biometric information such as fingerprints, sit for a digital photograph and successfully pass a security threat assessment conducted by TSA. Pre-enrollment is recommended as it is designed to save the applicant time by enabling them to provide their biographical information and make an appointment for in-person enrollment.
Currently, there are no regulatory requirements pertaining to the use of TWIC readers. However, initial testing and evaluation of TWIC readers is will begin in calendar year 2008 as part of the pilot phase."
Then there is: Behavior Detection Officers (BDO)
Layers of Security
"The Behavior Detection Officer (BDO) program utilizes non-intrusive behavior observation and analysis techniques to identify potentially high-risk passengers. BDOs are designed to detect individuals exhibiting behaviors that indicate they may be a threat to aviation and/or transportation security. The program is a derivative of other successful behavioral analysis programs that have been employed by law enforcement and security personnel both in the U.S. and around the world.
TSA's BDO-trained security officers are screening travelers for involuntary physical and physiological reactions that people exhibit in response to a fear of being discovered. TSA recognizes that an individual exhibiting some of these behaviors does not automatically mean a person has terrorist or criminal intent. BDOs do, however, help our security officers focus appropriate resources on determining if an individual presents a higher risk or if his/her behavior has a non-threatening origin. Individuals exhibiting specific observable behaviors may be referred for additional screening at the checkpoint to include a handwanding, limited pat down and physical inspection of one's carry-on baggage. Referrals are based on specific observed behaviors only, not on one's appearance, race, ethnicity or religion.
BDOs add an element of unpredictability to the security screening process that is easy for passengers to navigate but difficult for terrorists to manipulate. It serves as an important additional layer of security in the airport environment, requires no additional specialized screening equipment, can easily be deployed to other modes of transportation and presents yet one more challenge the terrorists need to overcome in attempt to defeat our security system.
BDOs are currently operating at approximately 161 major airports nationwide."
And then there is: Transit Inspectors-
"Through the Surface Transportation Security Inspection Program, or STSI, the TSA has deployed 100 inspectors assigned to 18 field offices across the country, to provide support to our nation’s largest mass transit systems.
VIPR Teams- Federal Air Marshalls, Surface Transportation, Canine Teams and advanced screening technology working as Visible Intermodal Protection Response, or VIPR Teams, offer the ability to raise the level of security in any mode of transportation anywhere in the country quickly and effectively.
Canine teams- Explosives detection canine teams provide strong detection and deterrent capabilities and can be sent quickly to key junction points across systems, stations, terminals, or other facilities.
Grants- Our work focuses greater information sharing, increased training and public awareness, and providing greater assistance and funding for rail transit activities. Grants and awards to rail systems around the country total millions of dollars yearly. "
AMAZING, who knew?
Next time I will explore rail security applications. Hope you join me....
Thursday, March 19, 2009
H.264 / MPEG 4
For some of us video 'experts', the issue of what video standard to use (or sell) has reared it's ugly head by now. MPEG-4 and the newer H.264 are the latest standards and some consider them branches of the same tree. They are both standards based on video compression or video coding technology from circa. 1995.
A encoder\decoder pair operates by the encoder converting video into a compressed format and the decoder converts the video back into an uncompressed format. This compression is neccessary to store or transmit video images. All of the standards do this, but the later, more efficient H.264 development does it much better. There is a lot of technical information on how this is done, ie: prediction, transform, quantization, enrtopy encoding. We won't go into this here.
What is important is the application and performance. Compared with MPEG-2 and MPEG-4, H.264 can deliver better image quality at the same compressed bitrate or lower the bitrate for the same image quality.
An example would be the DVD technology. A single layer DVD can store a 2 hr movie in MPEG-2 format. H.264 can double that to 4 hours of movie quality video in the same space.
H.264 Resolution is higher which serves the High Definition trends well. The images are amazing.
There is a cost for this increased performance, as you would imagine. The CPU needs greater computational capacity. In other words, more processing power. The secret for us will be finding the maufaturer that can do this cost effectifvely. Each manufacturer has developed their own method of developing and delivering the science.
H.264 is still an exciting development. This type of technological advancement is why I love working in this field. We ge to play with the new toys first.
A encoder\decoder pair operates by the encoder converting video into a compressed format and the decoder converts the video back into an uncompressed format. This compression is neccessary to store or transmit video images. All of the standards do this, but the later, more efficient H.264 development does it much better. There is a lot of technical information on how this is done, ie: prediction, transform, quantization, enrtopy encoding. We won't go into this here.
What is important is the application and performance. Compared with MPEG-2 and MPEG-4, H.264 can deliver better image quality at the same compressed bitrate or lower the bitrate for the same image quality.
An example would be the DVD technology. A single layer DVD can store a 2 hr movie in MPEG-2 format. H.264 can double that to 4 hours of movie quality video in the same space.
H.264 Resolution is higher which serves the High Definition trends well. The images are amazing.
There is a cost for this increased performance, as you would imagine. The CPU needs greater computational capacity. In other words, more processing power. The secret for us will be finding the maufaturer that can do this cost effectifvely. Each manufacturer has developed their own method of developing and delivering the science.
H.264 is still an exciting development. This type of technological advancement is why I love working in this field. We ge to play with the new toys first.
Tuesday, March 17, 2009
Conduit for Perspicuity - the beginning
"a channel for plain speaking. "
As security professionals, much information flows through all of our pipelines incessantly via email, bulletins, listservs, social networking sites and the like. It can be overwhelming to read let alone fully comprehend what may be important to us as practitioners and to our customers. I hope to condense the stream of data bombarding each of us daily via this electronic summary. Colleagues, I hope you return often and find something useful each time......................passerby's, perhaps you'll be somewhat enlightened, but if you are merely entertained, that will be just fine.....
As security professionals, much information flows through all of our pipelines incessantly via email, bulletins, listservs, social networking sites and the like. It can be overwhelming to read let alone fully comprehend what may be important to us as practitioners and to our customers. I hope to condense the stream of data bombarding each of us daily via this electronic summary. Colleagues, I hope you return often and find something useful each time......................passerby's, perhaps you'll be somewhat enlightened, but if you are merely entertained, that will be just fine.....
Subscribe to:
Comments (Atom)