As the Transportation Security Administration's (TSA) first Director of Highway and Motor Carrier Programs, Dan Hartman is responsible for the security of the United States' motor coach and pupil transportation, trucking operations and highway infrastructure systems. In this interview, Hartman explains how the administration's Corporate Security Review (CSR) Program helps surface transportation owners and operators to protect their critical assets and how CSRs benefit Highway and Motor Carrier Programs and TSA's stakeholders.
Please provide a brief overview of the Transportation Security Administration (TSA) and of your duties as Director of Highway and Motor Carrier Programs.
In November 2001, Congress passed the Aviation and Transportation Security Act in response to the terrorist attacks of September 11, 2001 and created TSA as an agency within the U.S. Department of Transportation. In early 2003, TSA was moved into the Department of Homeland Security with other federal agencies to share missions.
Simply stated, TSA is responsible for transportation security. This includes the major modes of transportation—aviation, railroads, pipelines, highway, mass transit and maritime. The most visible face of TSA is, of course, the screening personnel that the public encounters at airports. However, TSA has developed programs within all of the transportation modes to protect the public and to prevent terrorist attacks.
As the Director of Highway and Motor Carrier Programs, I am an executive-level security management official and a senior technical expert on highway security. The highway in this sense is defined as the infrastructure (roads, tunnels, bridges and passengers), which is transported by motor coach, school bus and cargo, including the conveyance used. It is my responsibility to partner with all parties involved in “highway” to develop national programs. These programs range from strengthening the infrastructure to identifying security system vulnerabilities and the subsequent development of mitigation strategies for use in the industry.
TSA uses a Corporate Security Review (CSR) Program that gives the administration a general understanding of each surface transportation owner's or operator's ability to protect its critical assets. Please further describe the methodology used in conducting a CSR and explain how CSRs benefit Highway and Motor Carrier Programs specifically.
Prior to September 11, 2001, there was no consistent focus on the security of our transportation systems. When I was first tasked with developing programs to reduce security vulnerabilities in our highway system, I wanted to base these programs on data. Unfortunately, there was very little data available and the little that did exist was not collected in any uniform manner or stored in any database. When asked about the level of security within our nation's highways, it was difficult to make any assessment because of the scarcity of data. So we decided to develop a tool that could, at a minimum, bring back data to make assessments and informed management decisions. The CSR currently contains 77 questions aimed at collecting this data to help us to baseline the industry. In addition, since the review is conducted onsite with corporate managers, it allows us to validate whether management is actually implementing the plan. Any identified gaps in the plan are also discussed, and suggestions for countermeasures are provided to the corporate owners. CSRs are currently performed on state transportation departments, motor coach companies, bridge owners/operators, and we plan to begin reviewing trucking and truck rental leasing companies.
I should point out that participating in a CSR is a voluntary effort. TSA does not have any regulations that require security plans or any requirements that stipulate what must be in the plan. We actually call the state or company in advance and ask if they would like us to conduct a review. An advance copy of the questions is also sent before the visit to allow more time for response. To date, no highway entity has ever turned down our offer of a CSR!
The CSRs have given us a great foothold in baselining the security posture of our highway system. The data generated from the reviews will also help us to determine if security regulations are needed for the industry. And the data helps us to use our resources to address vulnerabilities. Follow-up reviews will be invaluable in establishing trends to see if our efforts result in measurable security improvements.
Another benefit derived from the CSRs is the collection and dissemination of “best practices.” Each review seems to capture a new idea, a new countermeasure or a unique way of combating a terrorist attempt. We are assimilating these “best practices” and sharing them with states and with the industry.
Of all the benefits, though, I believe that the relationship we forge with our state, local and industry partners is the greatest benefit. TSA's field presence during CSRs encourages a higher degree of stakeholder confidence in the agency and rapidly builds trusted partnerships, which results in both synergy and a united front in the war against terrorism.
How do CSRs fit in with the four goals of TSA's strategic plan (Domain Awareness, Prevent and Protect, Respond and Restore, Organizational Effectiveness)?
CSRs stress the need for and the importance of a security plan. A model plan addresses the critical areas of domain awareness, prevention and protection, response and restoration and organizational effectiveness. I believe domain awareness is strengthened by creating new and more comfortable ways of sharing information and intelligence between industry, federal, state and local stakeholders. During the CSR, we often suggest new approaches to the stakeholder's existing plans to protect their assets and help to tailor security needs into their own initiatives and programs of response and restoration. We quickly realized after the first few state transportation reviews that most states have taken an “all-hazards” approach in creating their plan since they are responsible for reestablishing the flow of people and cargo as rapidly as possible after a transportation incident. The incident could have been a terrorist attack, or it could have also been caused by anything from a violent storm to civil unrest. Our goal is to ensure that security threats are properly addressed in the plan and that efforts to address one hazard will not create security breaches on another front.
What factors must TSA consider when selecting the systems in which to perform a CSR?
Secretary Michael Chertoff often addresses this issue when asked to describe the department's risk-based system. He says that the following three elements must be included:
If any information within the three elements above is incomplete, we also consider such items as the probability of an attack on that system/asset, the importance of that system to the highway network and the potential impact on other modal operations such as aviation, pipelines, mass transit, rail or our maritime systems.
We also visit stakeholders who have demonstrated success in using unique countermeasures or security procedures so that we can continue to build our “best practices” portfolio.
We know that terrorists want to inflict the greatest harm possible to make their statement, and they want their results to be dramatic. Obviously, we want to thwart that attack. Unfortunately, I do not know of any algorithms that will unerringly point us in the right direction 100% of the time since the terms of the equation constantly change.
The Federal Highway Administration (FHWA) and the Federal Motor Carrier Safety Administration (FMCSA) both participate in highway CSRs. How does this joint coordination work, and how does it impact the final CSR?
I think we have been and will continue to be sensitive to the time demands placed upon our state departments of transportation and on the industry. Both FMCSA and FHWA have active field programs in which site visits are necessary to carry out safety missions. We coordinate schedules to avoid any redundancies, and we will alter schedules to accommodate an entity that we want to review. We invite our sister U.S. Department of Transportation administrations to participate with us during a CSR because we believe safety and security have joint missions. Bringing together safety and security organizations in front of the CSR stakeholder spurs conversations that might not have taken place before. This enriches the data collected and the overall CSR learning experience for all entities involved.
As of September 2005, a total of 35 CSRs have been performed on highway entities. What kind of response has TSA received from its stakeholders?
The program has received substantial support from its modal stakeholders. With respect to the highways mode, we are surprised by the enthusiastic reception we have received from state departments of transportation, motor carriers and school bus operators. We are also pleased to find that the stakeholder community has ambitiously pursued security efforts on its own and welcomes our teams as a way of validating and improving upon their efforts. We have worked hard to apprise the various highway associations about our CSR program. The net result today is that we actually have more invitations in the queue for CSRs than we have the ability to meet.
Teams of TSA modal experts conduct CSRs. If the information obtained during a CSR shows any security gaps or deficiencies, how does the team begin to develop strategies and best practices for the stakeholder to follow?
The last phase of the onsite review involves a close-out session with corporate management. During this time, any gaps discovered in the security plan are discussed, and strategies for countermeasures are surfaced. Depending on the deficiencies, our team's knowledge of best practices collected from other stakeholders is invaluable, and hopefully, measures can be mapped out for implementation during this closeout session. If we do not have any immediate solutions for the stakeholder, the team will initiate a discussion with headquarters personnel and other modal leaders for a solution. Your question shows why the collection and dissemination of data is so important to TSA. We believe that many of the solutions are contained in the data. So we are taking great strides to store data and to make it available for analysis.
In what ways have CSRs helped to improve highway and motor carrier security in particular?
CSRs have given us the opportunity to synergize the security expertise of TSA with the understanding, knowledge and experience of the stakeholders. I would like to use the passenger carrier industry as an example. The discussions we conducted during the CSRs on the motor coach and school bus industry revealed that more guidance was needed on how to put a plan together. This resulted in a team effort with TSA, the national motor coach associations and our Department of Homeland Security (DHS) partner, the Office of State and Local Government Coordination, which backed the effort with grant monies. Together, we rolled up our sleeves and developed a model industry security plan—a plan that could be used as a template by the entire industry.
Again, using the motor coach industry as an example, we discovered a critical need to manage and to protect passengers in a heightened alert situation. This need initiated our Bus Explosive Screening Technologies (BEST) Pilot project. We wanted to know if motor coach company employees could be easily trained on the use of explosive trace detection (ETD) equipment and if screening processes could be used in a motor coach terminal without any significant disruption to either the passengers or to the company's operation. The testing phase is over, and we are currently evaluating the data.
Are safety, health and environmental (SH&E) professionals consulted during a CSR? If so, what are their responsibilities?
When my staff begins to plan for a CSR, they call the corporate officials in advance of the visit and explain the types of questions that will be asked and the type of information that will be sought during the review. We ask that a cross-section of individuals in their organization be available to cover the areas of security—physical and cyber, business operations and training. Some of the entities we reviewed made SH&E professionals available for questioning and close-out discussions. This was helpful in determining communication capabilities across the organization, and we recognize the important role of SH&E. Having our Federal Department of Transportation safety partners (FMCSA and FHWA) along with us on the review also augments the discussion with the organization's SH&E personnel.
As Director of Highway and Motor Carrier Programs, what role do you play in the development and enforcement of transportation security standards?
I am fortunate to have a great staff with years of prior experience in the highway and motor carrier sector. My role is to set the direction and goals for this staff and to promote their interaction with our stakeholders. The government cannot create an effective security net on its own. And I believe that the industry knows this and is willing to form partnerships.
TSA has the authority to issue regulations and security directives, but the extent to which standards need to be mandated is still an open question. I think it is more important for me as Director to ensure that highway and motor carrier security systems mesh well with rail, maritime, aviation, pipeline and mass transit plans. One of TSA's early leaders, Admiral James Loy, who brought me into this agency, used to say that we cannot chase the “bad guys” from one mode of transportation to another. My job is to work with the directors of the other modes to make sure that TSA has a united, uniform approach to protect all modes and that programs developed in my office fit into the larger picture of transportation security in the United States.
Does TSA plan to modify or improve its current CSR Program within the next year? If so, please explain what changes will be made.
I think that the program has tremendous growth potential, and we expect steady and continual improvements for years to come. The make-up of the Highway and Motor Carrier industry is vast, varied and complex. So far, we have conducted reviews of 30 states. Next year, we will continue to review states, but there will be an increased emphasis on school bus and motor coach reviews. We also hope to focus on transporters of hazardous materials and to develop a program with the truck rental and leasing population.
As we move forward, we will continue to seek suggestions from industry associations and other federal and state officials for improvements. Because of the enormity of the task ahead of us, we need to find ways to leverage scarce resources. Change will be inevitable.
If all of us work together to instill the need to make security second-nature in the design of roadways, tunnels and bridges and to include this essential element as part of conducting the nation's transportation business everyday, then change will be positive.Biography
Dan Hartman has worked for the Department of Homeland Security's Transportation Security Administration (TSA) since December 2002. As the first Director of Transportation Infrastructure Security, he was responsible for the development and direction of national security programs that protect the nation's mass transit, highway, pipeline, rail and maritime infrastructures from terrorist and other intentionally disruptive acts. When TSA reorganized in January 2005, Hartman became the first Director of Highway and Motor Carrier Programs, and in this position, he is responsible for the security of the nation's motor coach and pupil transportation, trucking operations and highway infrastructure systems.