| ABOUT RITA | CONTACT US | PRESS ROOM | CAREERS | SITE MAP |
|
 |
|
Volpe Journal 30th Anniversary - A Special Edition
|
Combatting security threats is like finding needles in an endless row of haystacks. The risks take many forms--from a lone gunman entering a facility to a small band of computer hackers or an organized group wielding explosives or chemical agents. Strategies to address security problems focus on identifying and preventing threats and minimizing potential impacts. These measures range from sophisticated technologies to strategic plans, policies, and procedures that incorporate security into standard operations. The Center's physical security efforts emphasize the protection of people, cargo, and infrastructure, while its work in information security protects critical computer and communication systems. Defending Buildings and People; Civilians and MilitaryThe Center's physical security initiatives began in the early 1970s, supporting the Federal Aviation Administration's (FAA) efforts to address a rash of airplane hijackings. Volpe teams helped develop and evaluate the technology to detect weapons and explosives that is now familiar to any air traveler. Government facilities soon benefited from the Center's growing expertise in security work. One major project developed a security system for the Bureau of Engraving and Printing to protect the nation's money supply. Over the years, the Center has assisted many government agencies in assessing and upgrading security for facilities worldwide. |
A critical component of the Center's work has been supporting military logistics. Effective security is crucial to the Department of Defense's (DoD) ability to safely and efficiently move personnel and materials, provide appropriate defense, and carry out foreign policy initiatives. In-transit visibility systems developed by the Center have assisted a variety of operations. The sophisticated technology has tracked the movement of military vehicles traveling through the Saudi Arabian desert, and United Nations humanitarian aid shipments through Kosovo.
Working with the U.S. Immigration and Naturalization Service (INS), the Volpe Center has also used technology to facilitate the secure movement of people and goods across U.S. borders. The Center's SENTRI system uses transponders to speed up border crossings for pre-screened auto travelers, while INSPASS uses sophisticated biometrics to read the hand geometry of people entering the country through airports. Both systems integrate commercial off-the-shelf software in innovative ways.
Defending Information Infrastructure
Our increasing reliance on computer systems has made them, and our transportation system, vulnerable to sabotage. Hackers and cyberterrorists can gain access to sensitive information or disable systems that manage critical national infrastructure and operations. Protecting information presents unique challenges, since an invisible perpetrator can inflict damage from thousands of miles away. The complexity of computer systems also opens the door to numerous risks. The Volpe Center applies a comprehensive approach to computer security, thoroughly evaluating a system's potential technical, operational, administrative, and physical vulnerabilities.
One of the nation's most critical computer operations is the FAA's air traffic control system, which manages thousands of planes each day. The Volpe Center performed detailed risk and vulnerability assessments and developed procedures and technical solutions to ensure system integrity and fail-safe functionality.
Are We Ready for the Next Threat? Knowledge is the First Best Defense
One of the Volpe Center's primary approaches to security is "readiness evaluation," which helps clients to identify and understand the consequences of potential threats before developing strategies to manage them. The Center is increasingly involved in assessing the vulnerability of physical and information infrastructure and systems. Thorough assessment supports the creation of effective, comprehensive, and integrated solutions. It also emphasizes the inclusion of security measures in new facilities.
Recently, the Volpe Center conducted a risk and vulnerability analysis of the nation's transportation infrastructure, and supported the Presidential Commission on Critical Infrastructure Protection (PCCIP). The Center has also assessed vulnerability of the Global Positioning System (GPS) navigation system and Intelligent Transportation Systems, and assessed U.S. Postal Service technology and operations to improve identification and handling of hazardous materials.
Volpe experts from different fields share their learning and experience to continually offer new information, informed perspectives, and best practices to provide clients with the most effective, state-of-the-art security protection measures possible.
A Race Between Threat and Response
Threats to our security are constantly evolving in sophistication. Advanced chemical and biological agents can inflict greater damage than conventional weaponry. Changing times and circumstances can also create new risks. Post-Cold War efforts at the Center, for example, include assisting Russia during the dismantling of its nuclear arsenal.
Because so much damage can be inflicted by so few, terrorist threats are considered to be a form of "asymmetric warfare." Protecting our security is a battle against a moving target that must be fought continuously, combining existing knowledge and resources with creative thinking not only to thwart existing risks, but to anticipate and address those to come. The Volpe Center has made significant contributions to security over the last 30 years, and will continue its commitment to keeping the country's people, resources, and institutions safe.
The following pages contain more detailed examples of the Volpe Center's work in the national security transportation arena.
Physical Security
Airport Security
Early in the 1970s, in the aftermath of the first wave of airplane hijackings, the Volpe Center was asked to evaluate electromagnetic detectors for concealed weapons that hijackers might carry on board. The Center evaluated technology borrowed from the coal-mining industry, which had for some time been using pass-through metal detectors with its coal conveyor belts to check for stray pieces of broken machinery as the coal came out of the mine. The detectors were redesigned to make them suitable to use with humans, and by 1973, the first systems were being installed in U.S. airports. The same detectors are now also used in many public buildings to make sure no one who enters is concealing a weapon.
Following on the heels of the Center's metal detector work were projects evaluating equipment designed to detect explosives in cargo and luggage. Since the mid-70s, the Volpe Center has participated in a number of initiatives to develop explosives detection strategies and devices, and to study ways to deploy these strategies in airports and buildings. Volpe continued to support the FAA in evaluating new refinements of existing x-ray and CAT scan techniques, and new approaches to sensing not only explosives but flammable liquids, until the mid-90s. In 1996, an analytical model developed by the Volpe Center was used to help determine the most cost-effective strategy for national implementation of baggage screening systems.
In the mid-90s, the Center worked with the FAA and the aviation industry to develop recommendations for airport employee identification badges, and worked with the airlines to demonstrate a "Universal Access System" at two U.S. airports. The Volpe Center helped the Miami-Dade Aviation Authority develop a security master plan for Miami International Airport in 1998, and assisted four airlines in developing security plans for a new terminal at John F. Kennedy International Airport in New York.
In the 1990s, the Center applied its growing knowledge of facility security systems to help develop improved infrastructure protection for several federal agencies.
Protecting Government Facilities
In the last ten years, the Center has participated in several projects to deploy or upgrade security systems throughout the government, including projects outside the transportation community. By doing so, the Center has acquired expertise in state-of-the-art security technologies, which can ultimately be applied to transportation environments.
 Providing security for the U.S. Capitol and its surrounding complex has never been more critical. The Volpe Center supports the Capitol Police in their security efforts. |
In the late 1980s, the Center helped the DoD evaluate intrusion detection technologies to protect DoD facilities and equipment. In the early 1990s, the Volpe Center assisted the Department of State (DOS) in identifying vulnerabilities in shipments overseas, and developing and testing improved intrusion sensors.
In the 1990s, the Center applied its growing knowledge of facility security systems to help develop improved infrastructure protection for several agencies, including U.S. Customs aviation facilities, the national computer center of the Social Security Administration, and the headquarters of the Government Accounting Office. In 1995, the Bureau of Engraving and Printing asked the Center to design and install an integrated security system for the national currency production facility in Washington, D.C. The Center completed this multimillion-dollar program ahead of schedule and under budget. In 1999, following the fatal shooting of two of its federal officers, the U.S. Capitol Police requested that the Volpe Center develop an integrated security system for the U.S. Capitol building and congressional office complex. A closed-circuit television system is being implemented that allows activities throughout the Capitol Complex to be monitored from a central control facility.
The Center is also developing a new access control system for the DOS. This system will be implemented at DOS headquarters and other facilities in the United States. It will use smart card technology to control access to facilities by employees and visitors, as well as employee access to computer networks.
Volpe is currently evaluating the latest counterterrorism technologies for the DoD. The Center manages the Entry Point Screening Program for the DoD's Interagency Technical Support Working Group; identifies technologies for screening vehicles, freight, and people for explosives; and evaluates these systems at critical DoD locations overseas. The Center is also helping DoD apply vessel tracking systems, such as those developed for the Panama Canal, to protect U.S. Navy equipment and personnel.
Protecting Our Borders
With the number of annual entries into the United States nearing 500 million by the early 1990s, INS officials faced the problem of how to screen ever larger numbers of people. So, in 1992, the INS requested that the Volpe Center conduct preliminary research into how biometric technology might be used to automate immigration processing.
Biometric systems use any of several physical characteristics of a person for identification. The most familiar is fingerprinting, but other systems use voice authentication, handwriting, iris recognition, and hand geometry.
INSPASS - Reading Hand Geometry
 An INSPASS kiosk which enables pre-enrolled persons to enter the United States at busy U.S. and Canadian airports without waiting in the long lines for a traditional immigration inspection. |
The first automated inspection system using biometric verification developed by the Volpe Center was unveiled in 1993 with the deployment of automated kiosks at John F. Kennedy International Airport and Newark International Airport, and at Pearson International Airport in Toronto, Canada. This program, named INSPASS, is intended to focus on airports with arriving international flights as well as on border crossings where high volumes of pedestrian traffic need to be processed by immigration inspectors.
Business travelers who come into the United States at least three times a year can apply for an identification card at an INSPASS enrollment center. Then, upon arrival, the traveler inserts the INSPASS card into the kiosk and places his or her hand where indicated. Once the system has verified the biometric reading of the person identified on the card, it prints a receipt to prove immigration admittance. The entire process takes less than a minute, a fraction of the time that would be required for an immigration inspector to manually review the traveler's credentials.
SENTRI - Easing Border Congestion with Dedicated Commuter Lanes
The Volpe Center was a member of a team, consisting of the INS, U.S. Customs, the Federal Bureau of Investigation, and the Drug Enforcement Agency, that collaborated in the design of a system called the Secure Network for Travelers' Rapid Inspection, or SENTRI, designed to ease congestion at heavily traveled borders by setting up dedicated commuter lanes. The vehicles of those travelers who are enrolled in the program and have passed the rigorous background checks are allowed into the dedicated lane.
 Dedicated commuter lane at Otay Mesa on the Mexico-United States border allows regular commuters to cross borders safely, securely, and quickly. |
Then, as the vehicle approaches the border, the system matches the people in the vehicle with pictures stored in its database of people authorized to enter the country. If there is a match and no violations appear, the vehicle can proceed past the gate. The whole border crossing is thus reduced to about three minutes.
In 1996, the border between Montana and Canada was the scene of the opening of the first Automated Permit Port, a fully automated voice-verification system that allows enrolled participants to cross the border outside normal port operating hours without the need for border personnel. From 1997 to 2000, the Volpe Center implemented remote immigration inspection systems at dozens of marine and land border crossings.
Security Procedures and Training
The Volpe Center promotes a systems approach to security that encompasses training, policy development, organizational development, and many other factors in addition to technology. Examples of this approach are the Center's recent extensive survey of passenger profiling at U.S. airports, and a study evaluating the effectiveness of security personnel in screening passengers at airport checkpoints. Process engineering, human factors, and training have been critical elements in the deployment of integrated security systems at the Bureau of Engraving and Printing and the U.S. Capitol.
The Center is also improving security awareness and training. For the FAA and the U.S. Coast Guard, Volpe developed and conducted training courses for information system developers and network administrators. The U.S. Postal Service recognized the potential for accidental or intentional risks from hazardous materials being aboard a plane as part of a shipment of mail, although no air disasters have been caused by U.S mail shipments. The Postal Service asked Volpe for assistance in training its employees how to recognize and handle potentially dangerous packages in the mail. The Center conducted a needs assessment and developed training materials for 350,000 employees, covering facility awareness, dock/platform transfers, processing and distribution, and flight assignment.
In 1996, Volpe developed a course for first responders to chemical and biological incidents on public transit systems, and conducted a training course for first responders in the San Francisco Bay Area. The Center has also developed courses on emergency response to other types of transit incidents, and works with the Research and Special Programs Administration (RSPA) and the Transportation Safety Institute to implement these courses throughout the country. The Center is also assisting RSPA's Office of Emergency Transportation to develop options for the movement of emergency teams to crisis locations.
Federal legislation requires that all rail transit systems develop safety plans that address security, so the Volpe Center is lending its assistance to the Federal Transit Administration's State Safety Oversight Program for Rail Fixed Guideway Systems, and has created guidelines for developing transit security procedures and programs. The Center disseminates this guidance through a Web site, workshops, newsletters, and training courses.
Information and Telecommunications Security
The transportation sector relies on various advanced communications and information systems to perform specific transportation operations. However, these key infrastructures are extremely vulnerable to misuse and disruption.
A prime example of sensitive information disruption occurred when a teenage boy nicknamed "Jester" used his home computer, a modem, and self-taught hacking skills to infiltrate the local telephone company's switching network at the airport in Worcester, Massachusetts. The subsequent breach in security caused a system crash that knocked out telecommunications for six hours, disrupting communications to and from the airport control tower. During the ensuing investigation, airport officials discovered that the boy had had little difficulty infiltrating the switching system because the system lacked password protection.
 Hackers can gain access to online freight shipment records unless sophisticated cyberdefenses are put in place. |
The Center's involvement with electronic and information security began as part of an extensive program to develop improved mass transit technology in the 1980s, when Volpe helped transit authorities investigate electromagnetic interference (EMI) on new subway lines. The Center was able to capitalize on its expertise in EMI to assist DoD in shielding its computers from "leaking" information. Building on that project, Center computer specialists began working with the FAA to develop awareness of the need for security for their information systems and networks. In 1994, the Center helped the FAA develop a report to Congress outlining the potential vulnerabilities in air traffic telecommunications systems.
 Global information is captured and transmitted every 15 seconds via the INTRANSIT tracking system. |
The Volpe Center has also assisted the FAA in implementing improved information security measures. The Volpe Center has performed many information security assessments for the FAA's Air Traffic Services, and in 2000, the Center helped the FAA install the Computer Security Incident Response Capability (CSIRC). The CSIRC system utilizes advanced sensor technology to warn the FAA of potential intrusions into their air traffic control systems and networks.
The Volpe Center is the home of the INTRANSIT (INternational TRANSportation Information Tracking) program, with expertise in providing communications, tracking, identifying, and tagging for logistics and security efforts. INTRANSIT's computer and electronic capabilities include creating and deploying information systems, as well as providing key training and operations assistance. The focus of the program is global acquisition and movement of information. Examples of INTRANSIT projects in the 1990s include tracking aircraft for the Air Force and Patriot missiles for the DoD; supporting the 82nd Airborne in Haiti; setting up asset visibility networks in Bosnia, Somalia, and Haiti; and monitoring the removal of hazardous materials from Europe.
INTRANSIT's electronic and satellite-monitoring capabilities have a number of applications for international security operations. For example, from 1992 to 1995, the Volpe Center participated in a project to improve the monitoring of goods shipments to enforce the sanctions imposed in Yugoslavia. Goods crossing borders were difficult to monitor for compliance with the terms of the sanctions. The Volpe Center developed a system that greatly reduced opportunities for violations.
Policy Analysis, Risk Assessments, and Outreach Activities
In 1996, the Center supported the Presidential Commission on Critical Infrastructure Protection (PCCIP) to evaluate the vulnerabilities of the nation's transportation infrastructure and make recommendations to protect critical transportation assets. The commission focused on potential cyber attacks to the transportation system, particularly the air traffic control system. The Volpe Center evaluated the vulnerabilities of the National Airspace System (NAS), and concluded that connections with the Internet, open architectures, and system interoperability may introduce air traffic control system vulnerabilities. The Center later assisted the FAA in developing its response to 1998's Presidential Decision Directive 63, which mandated a national effort to assure the country's security, by ranking the elements of the NAS in terms of vulnerability and potential impact if compromised.
GPS Vulnerability
 GPS uses a minimum of 24 satellites and ground receivers to track movement for navigation. (Illustration by Norris S. Padmore) |
One of the most serious findings of the PCCIP was the nation's growing dependence on GPS. The Volpe Center developed an in-depth assessment of the vulnerabilities of GPS, and in a report released in 2001, recommended that GPS not be relied upon as the sole means of navigation for transportation systems, and that there be effective backup systems to GPS wherever possible. A major reason for GPS vulnerability is its susceptibility to jamming and spoofing, to signals with deliberately misleading information, and to unintentional interference such as solar flares. GPS security can be improved by strengthening the current system's resistance to disruption, and by integrating GPS with independent systems. Volpe's Center for Navigation is working to ensure sufficient robustness in GPS-based technologies by developing systems with adequate integrity monitoring.
Over the last five years, the Volpe Center has assisted the FAA in developing information security policy and training and has conducted vulnerability assessments for over two dozen major elements of the NAS.
Volpe Center outreach meetings, designed to identify transportation system vulnerabilities, all identified the need for improved coordination and collaboration among public and private organizations to formulate protection strategies and carry out response plans.
Transportation System Assessments
Following the PCCIP initiative, RSPA received funding to evaluate surface transportation system vulnerabilities. The Volpe Center developed a comprehensive assessment of the vulnerabilities of highway, transit, rail, marine, pipeline, and intermodal transportation. Many scenarios were evaluated, describing the potential impact of terrorist and criminal attacks. The National Research Council (NRC) then formed a committee to evaluate the vulnerabilities outlined in the Volpe Center report, and to formulate priorities for future research and development. The NRC committee commended the Volpe Center for the quality of the assessment, and went on to recommend further research to develop countermeasures against chemical/biological and cyber attacks. The Center is currently conducting a study for RSPA on the interrelationships between transportation and other infrastructures, such as energy.
Pipeline Security
At the request of RSPA, the Volpe Center is supporting an initiative to assess the nation's 1.6 million miles of pipeline to determine whether supervisory control and data acquisition (SCADA) systems should be required on hazardous liquid pipelines. The SCADA system uses computer technology to gather data on pipeline pressure, temperature, and delivery flow rates from remote locations along the pipeline, which carries 600 billion ton-miles of oil and 19 trillion cubic feet of gas each year. Working directly with RSPA's Office of Pipeline Safety, Volpe staff found that SCADA and leak detection systems depend on the sophistication of the host computer, and concluded that while many computer operators have invested heavily in SCADA systems, very few have invested in effective software-based leak detection systems. Because of the pipeline industry's lack of uniformity, each system used for leak detection must be configured for a particular pipeline infrastructure. Volpe determined that while a SCADA or leak detection system can be constructed for most pipelines, the high cost and changing technology of such systems has slowed adoption of computer-based leak detection programs. The Volpe Center is working to implement a leak detection system that is both effective and cost-efficient.
Intermodal Best Practices
Working with the National Science and Technology Council, the Volpe Center developed a compilation of the intermodal cargo industry's security best practices. This report has been distributed widely to industry, and the Volpe staff has presented the findings at numerous symposia, such as the National Cargo Security Council. The Center has also conducted detailed assessments of port facilities, evaluating the vulnerability of logistics processes and electronic commerce to both physical and cyber attacks. The Center is currently conducting a study for RSPA of the potential impact of disruptions to electronic commerce.
The Volpe Center has participated in several other initiatives to help guide future security research and development, and to facilitate the exchange of information on transportation security vulnerabilities and on developing countermeasures. It has hosted numerous outreach events to discuss transportation infrastructure vulnerabilities, emergency response strategies, and growing vulnerabilities of information systems and networks. These events brought together leaders from government at the federal, state, and local level, as well as key players from industry and academia. A common theme of the sessions was the need for improved coordination and collaboration among public and private organizations to formulate protection strategies and carry out response plans.