America’s railroads are a critical component of our national infrastructure, moving the people, raw materials and finished goods that make modern life possible.
That’s why the nation’s freight and passenger railroads have worked daily with government agencies and security, law enforcement, and intelligence professionals for nearly two decades to monitor the nearly 140,000-mile rail network, understand potential threats, and protect physical and digital assets.
A Unified Security Plan
In 1999, the freight rail industry established the Rail Information Security Committee as part of a cybersecurity initiative that anticipated the expanding role of information technology in business and operations. Immediately following the 9/11 attacks in 2001, railroads came together to assess security risks and produce a unified security plan. The assessments focused on operations, infrastructure, hazardous materials (hazmat) transportation, military shipments, and communications and computer systems with the goal of detecting and preventing terrorism.
The industry-wide security plan — which accounts for physical and cyber security measures — was implemented before the Department of Homeland Security (DHS) was created and before the Transportation Security Administration (TSA) expanded its security procedures. As the cornerstone of today’s security operations, the plan allows the rail industry and its security partners to evaluate and respond to threats and address security concerns in real-time.
Intelligence & Security Information Sharing
Protecting the rail network is a 24/7 effort that depends upon constantly sharing accurate and up-to-date intelligence and security information for physical and cyber security. Railroads disseminate, receive and analyze intelligence every day with public and internal law enforcement, TSA, other DHS components, Federal Bureau of Investigation, and Transport Canada to inform effective security practices, measures and procedures.
Railroads also learn from non-rail incidents happening around the world to better understand how illicit activities are planned and executed in order to adjust plans and measures. Additionally, a dedicated industry alert network disseminates timely security information to the nation’s freight and passenger railroads almost daily.
Preparedness & Training
The skilled professionals that form America’s strong rail workforce perform a vital role in the industry’s layered security approach. Railroad employees receive security training, augmented by shared intelligence and related security information. “Frontline employees” — those operating trains or working in terminals and stations near rights of way — are attentive to their surroundings and immediately report suspicious activities, behaviors and objects.
- Freight railroads and their security partners participate in an annual industry-wide exercise that simulates physical and cyber threats to evaluate preparedness and enhance procedures.
- Railroads have participated in hundreds of security preparedness exercises with local police and emergency responders as well as U.S. and Canadian government departments and agencies.
- Individual railroads maintain security training programs and initiatives; more than 80,000 employees received training in 2016 alone.
The mantra “See Something, Say Something” extends to railroad tracks and rail yards. Railroads work closely with local law enforcement, emergency responders and the public to broaden security awareness, address security-related concerns and enhance preparedness. In 2016 alone, railroads participated in more than 5,160 security-awareness and emergency preparedness activities with local authorities and emergency responders.
Rail Industry Priorities in Cybersecurity Legislation
Freight rail recognizes that cyber resiliency is a must, as is maintaining the public’s trust as a critical infrastructure organization. The changing threat environment demands that private and public entities’ response capabilities remain nimble and effective without concerns for liability or punishment. As Congress considers cybersecurity legislation, learn more about freight rail’s recommendations.