Office of Security OperationsSurface Compliance, Orlando, FL

Secure Rail 2017

April 5, 2017

TSA Orlando Secure Rail 2017

▪ Edward P. Malinowicz, Lead Transportation Security Inspector - Surface, TSA

▪ Hans D. Hayes, Transportation Security Inspector - Surface, TSA

▪ Edison Velez Jr., Transportation Security Inspector - Surface, TSA

Presentation Panel

TSA Orlando

▪ Surface Field Offices– 49 offices throughout the United States

▪ Surface transportation industry involvement– Freight Rail

– Mass Transit

– Highway (trucking, motor coach, school bus)

– Maritime

– Pipeline

▪ Responsible for regulatory inspections, security assessments, and security liaison with all modes of surface transportation

TSA is Outside of the Airport?

Secure Rail 2017

TSA Orlando TSI – Surface Field Operations Map

= Surface Transportation Security Center= FY2017 Surface Inspection Field Offices

Office of Security OperationsSurface Compliance, Orlando, FL

Baseline Assessment for Security

Enhancements

(BASE)

TSA Orlando

▪ The BASE:

– is Not a compliance/regulatory inspection

– is Not used to enforce or supplement compliance/regulatory inspections

– is Not a test

– is Not legally binding

– is Not used by other Federal Agencies

– is Not a “screening” initiative

❖ BASE IS a supporting document that meets the vulnerability assessment requirement for FEMA federal grant funding…a continuing success story

What is a BASE?

BASE

TSA Orlando

▪ A no cost, voluntary assessment designed to evaluate the status

of security and emergency response programs on transit systems

throughout the nation

▪ The TSA/FTA 17 Security and Emergency Management Action

Items for transit agencies. Embedded in the TSA/FTA 17:

• APTA Security Standards

• TSA Six (6) TSF critical elements

• TSA’s recommended security practices not regulated

▪ Smaller systems are able to participate in an abbreviated version

of BASE

▪ BASE has been used in 523 Transit systems to date

Mass Transit BASE

BASE

TSA Orlando

1. ESTABLISH a baseline of the

transportation agency’s internal security

processes, procedures and policies.

2. IDENTIFY security program strengths

and vulnerabilities.

3. ELEVATE the transportation agency’s

overall security posture through the

development of Options for

Consideration to help mitigate any

security program vulnerabilities

identified during the review.

4. ENHANCE security partnerships

between TSA and transit stakeholders

through ongoing engagement.

GOALS

BASE

TSA Orlando

1. Establish written Security Programs and Emergency Management Plans.

2. Define roles and responsibilities for security and emergency management.

3. Ensure that operations and maintenance supervisors, forepersons, and managers are held accountable for security issues under their control.

4. Coordinate Security and Emergency Management Plan(s) with local and regional agencies.

5. Establish and maintain a Security and Emergency Training Program.

6. Establish plans and protocols to respond to the National Terrorism Advisory System (NTAS) alert system.

7. Implement and reinforce a Public Security and Emergency Awareness program.

8. Establish and use a risk management process.

9. Establish and use an information sharing process for threat and intelligence information.

10. Conduct Tabletop and Functional Drills.

11. Developing a Comprehensive Cyber Security Strategy.

12. Control access to security critical facilities.

13. Conduct physical security inspections.

14. Conduct background investigations of employees and contractors.

15. Control access to documents of security-critical systems and facilities.

16. Ensure existence of a process for handling and access to Sensitive Security Information (SSI).

17. Conduct Security Program audits.

Security Action Item Categories

BASE

TSA Orlando

TSA Transit Security Fundamentals (TSF)

▪ Protection of high risk/high consequence underwater/underground

assets and systems. (VIPR)

▪ Protection of other high risk/high consequence assets that have

been identified through system-wide risk assessments.

(BASE)/(VIPR)

▪ Use of visible, unpredictable deterrence. (VIPR)/(RMAST)

▪ Targeted counter-terrorism training for key front-line staff.

(RMAST)

▪ Emergency preparedness drills and exercises. (EXIS)

▪ Public awareness and preparedness campaigns. (RMAST)/DHS

See-Say

❖ Total of 54 TSF Questions in the BASE

BASE

TSA Orlando

BASE Data Gathering Process

Interview Security

Coordinator

Review SSP and other

Documentation

Observe System Security

Measures in Place

Verify information with

management and frontline

employees

BASE

TSA Orlando

How is the BASE Conducted?

Documents Reviewed

Security Plans /

Procedures

Risk Assessment

Report

Emergency Response

Plans / Procedures

Safety Plans / Procedures

Training Material

IT Security Plans

Examples of types of documents that may be reviewed

Not all entities will have all documents listed and some items may be combined.

BASE

TSA Orlando

How is the BASE Conducted?

▪ Interview schedule is tailored to stakeholders expectations and operation

▪ Will take approximately 4 hours of direct stakeholder involvement

▪ Executive Summary report provided to stakeholder during a separate out-brief

– All findings identified and provided to entity

– Each category scored and overall score assigned

– Options for Consideration are provided

– Identifies security vulnerabilities to mitigate

BASE

TSA Orlando

Confidentiality

A Word About…

BASE

TSA Orlando

▪ Prepare with local TSA Surface Inspectors prior to interview(s)

▪ Answers are used to identify areas for improvement; provide as

much feedback as possible

▪ Utilize tools to identify and mitigate vulnerabilities to strengthen

existing security programs

– BASE Executive Summary – Options for Consideration

– BASE Resource Kit/T-START

– Continual engagement with local TSA Surface Inspectors

▪ BASE review is part of the Risk Management Cycle

Keys to a Successful BASE

BASE

TSA Orlando

The Benefits▪ Offers a no-cost security assessment, which may enhance the entity’s

overall security posture

▪ Provides a fresh perspective on security policies

▪ Hardens assets against both terrorist and criminal elements

▪ Establishes relationship with TSA’s local Surface office as a security partner and resource

– Availability of Intelligence Assets, Transportation Security Specialists Explosives (explosive awareness training), Exercise Facilitation (EXIS)

▪ Nationwide networking, state/federal/industry security forums, ability to share “Best Practices”

▪ Enhances the overall transportation security posture of the nation that help to reduce security gaps and the risk of terrorism

▪ Prepares stakeholders for possible future security regulations

BASE

Office of Security OperationsSurface Compliance, Orlando, FL

Risk Mitigation Activities for

Surface Transportation

(RMAST)

TSA Orlando RMAST

▪ The Risk Mitigation Activities for Surface Transportation (RMAST)

program was developed in support of the Transportation Security

Administration’s (TSA) Risk-Based Security (RBS) initiative

▪ The Surface Compliance Branch will use the knowledge and

experience of Transportation Security Inspectors-Surface (TSI-S)

to integrate a layered security approach, strengthening TSA’s

partnership and commitment to surface transportation

stakeholders

RMAST Program Overview

TSA Orlando

▪ Completely voluntary and will only augment current security

efforts undertaken by public transportation stakeholders through a

unified effort to strengthen security and mitigate risk.

▪ Applies intelligence-driven, risk-based security principles and

includes procedures for information sharing to mitigate possible

identified vulnerabilities

▪ Supports the Nationwide Suspicious Activity Reporting Initiative

(NSARI)

RMAST Program Objectives

RMAST

TSA Orlando

RMAST Activities

Public Observations

Site Security Observations

Stakeholder Training

Event

RMAST

TSA Orlando RMAST

Public observations are conducted to identify suspicious activities, security vulnerabilities,

and/or suspicious behaviors that could be indicative of pre-operational planning related to

terrorism. This RMAST activity supports the Nationwide SAR initiative.

Public Observations

TSA Orlando RMAST

Site Security Observations are conducted to determine if the physical security measures and

operational deterrence components are in place to effectively mitigating risk.

Site Security Observations

TSA Orlando RMAST

TSI’s use TSA approved public security awareness programs to brief stakeholders. TSIs work with

local Transportation Security Specialists-Explosives (TSSEs) and Field Intelligence Officers (FIOs) for IED

and Intelligence briefings.

Stakeholder Training Event

Office of Security OperationsSurface Compliance, Orlando, FL

Exercise Information System

(EXIS)

TSA Orlando EXIS

Risk Management Cycle

Define the Context

Identify Potential

Risk

Assess & Analyze

Risk

Develop Alternatives

Decide & Implement

Evaluate & Monitor

TSA Orlando

BASE

EXIS Stakeholder / TSI T-BASE

Relationship

RMAST

Risk Mitigation Cycle

EXIS

TSA Orlando

▪ EXIS examines, through a tabletop exercise, a surface transportation operator’s implementation of transportation security focusing on the mission areas of:

– Prevention

– Protection

– Mitigation

– Response

– Recovery

▪ This initiative helps to fulfill the Congressional mandate contained in 6 USC 1136. Security Exercises.

▪ Tabletop exercises are intended to explore or evaluate multi-agency coordination of preventative and protective actions related to a terrorist attack.

Exercise Information System (EXIS)

EXIS

TSA Orlando

▪ HQ Surface personnel review the stakeholder’s security plan and BASE results to develop an exercise scenario– Exercise facilitators are MEP certified (by FEMA) under HSEEP guidelines– Highly trained to conduct exercise scenarios and “bring them to life”– Demonstrated “real world” applications—and customized stakeholder-specific videos– Lauded by over 23 stakeholder agencies

▪ Enhance existing internal and external relationships – EXIS brings the key players to the table, from administrators to operators

– TSA Facilitators walk through the exercise to ensure maximum participation

– Demonstrates both strengths and issues of established processes

– Enhances stakeholder engagement with mutual aid partners

– Common goal of increased security preparedness.

▪ Participation by the agency’s key personnel is essential

▪ No right or wrong—goal is process improvement

Exercise Information System (EXIS)

EXIS

TSA Orlando

▪ Region 1 – (NY,NJ, CT, DE, MA,RI,VT,NH,ME)

– Kevin Hoban Kevin.Hoban@tsa.dhs.gov / (518) 207-5631

▪ Region 2 – (AL, FL, GA, SC)

– Curt Secrest Curt.secrest@tsa.dhs.gov / (904) 380-4075

▪ Region 3 – (OH,MI,IN,IL,MO,IA,WI,MN,ND,SD,NE,KS)

– Bob Dickson Bob.Dickson@tsadhs.gov / (816) 260-4669

▪ Region 4 – (MS,LA, AR, OK,TX,NM)

– Michael Verbraska Michael.Verbraska@tsa.dhs.gov / (469) 948-1100

▪ Region 5 – (AK,WA,OR,ID,MT,WY,UT,CO)

– Robert McGuire Robert.mcguire1@tsa.dhs.gov / (206) (408)-8310

▪ Region 6 – (CA,NV,AZ)

– Robert McGuire Robert.mcguire1@tsa.dhs.gov / (206) (408)-8310

▪ Region 7– (PA, MD, DC, VA, WV, KY, TN, NC)

– Jake Mehl Jacob.mehl@tsa.dhs.gov / (571) 227-5452

Regional Security Inspectors

Surface Programs

TSA Orlando

▪ Edward (Eddie) Malinowicz

– edward.malinowicz@tsa.dhs.gov

– Desk: 407 563-4085 Cellular: 407 402-0832

▪ Hans D. Hayes

– hans.hayes@tsa.dhs.gov

– Desk: 407 563-4069 Cellular: 407 506-5128

▪ Edison Velez Jr.

– edison.velez@tsa.dhs.gov

– Desk: 407 563-6680 Cellular: 407 951-9739

Orlando Surface Team

Local POCs

TSA Orlando

Questions

Secure Rail 2017