Critical Infrastructure: Transportation Systems
KeywordsSecurity Resilience Natural disasters Manmade disasters Transportation infrastructure Transportation modes
Transportation infrastructure is the collection of rights-of-way, terminals, maintenance support facilities, and communications and control fixed assets necessary for the movement of goods and people from one location to another. Its protection is found in the means of preventing its damage or destruction but also in those activities that mitigate any potential damage in order that the infrastructure be returned to service in the most efficient and effective manner.
Protecting transportation infrastructure in the United States requires an understanding of its ownership, the characteristics of each mode, the relevant governing political jurisdictions, and various protective approaches including public policy initiatives. Moreover, there is the realization that the topic of infrastructure is bifurcated into physical and informational categories, again each with particular modal variations and operating characteristics.
Infrastructure ownership can be divided between the public and private sectors; however, because transportation exists as a system, these normally operate in a nearly seamless fashion as both passengers and cargo may traverse both between points of origin and those of destination. Again, because transportation is a system, multiple modes may be utilized as well as multimodal transportation activities and more recently by the long-term growth in intermodal services. Where the matter becomes more complex is with those situations where multiple modes may share the same rights-of-way or facilities or be in close proximity. An example of this within the same mode are where Amtrak, the National Rail Passenger Corporation, shares trackage with Norfolk Southern, a freight railroad operating in the private sector. There are also instances of Amtrak owning tracks that are immediately adjacent to those of CSX, another freight railroad, or light-rail operated by the Port Authority Trans Hudson (PATH) in greater New York/New Jersey (Plant and Young 2007). A most frequently found situation is where highways and railroads operate in close proximity such as with parts of the Interstate 95 corridor.
This entry shall endeavor to address protecting the infrastructure associated with railroads, roads and highways (aka motor carriage), maritime transport including both inland waterways and open sea, pipeline, and aviation. This is an extensive topic, and the reader is directed to the modal-specific entries found elsewhere in this encyclopedia for in-depth coverage.
Differentiating Links and Nodes
Infrastructure includes terminals and intermodal connections that logisticians term as nodes and rights-of-way connecting those nodes known as links but also maintenance facilities, administration buildings, classification yards, and communications towers for traffic control. As further detail, terminals need to be thought of as those points where transportation services are accessed. Rights-of-way need to be built over a range of geographies; hence, they require bridges, tunnels, culverts, and dredged channels. Rights-of-way exist as expanses of land for carrying rail lines and roadways but also as sea-lanes, air corridors, and subterranean routes carrying pipelines (Plant and Young 2007; Talarico et al. 2016).
There is a range of information-related infrastructure components that continue to grow as technology advances. In earlier times, these marked safe routes of travel, the most obvious of which would be lighthouses, but were later joined by buoys and even later by traffic lights and railway signals. Aviation is now controlled by air traffic control systems, and all forms of information-related infrastructure have become digital combining robust communications capabilities as well (Edwards and Goodrich 2013).
Transportation as a Derived Demand Activity
With few exceptions, the demand for transportation within any mode is derived from the demand for the underlying goods or for the need of people to be transported from a place of supply to one of need. As the population migrates and available products proliferate, the demand patterns also shift. Existing infrastructure may need to be expanded or even new infrastructure built. Moreover, some existing infrastructure may need to be de-emphasized. However, a hallmark of transportation infrastructure is that it may see service for a period spanning a century or more; hence, the priorities assigned to it at one point may no longer be relevant at a later date (Garrison and Levinson 2014).
Most people do not think about transportation infrastructure despite their being dependent upon the service it enables. While it is “just there,” it is also expected to be “just there” whenever someone needs to travel from point A to point B or when they have some form of material or service need in everyday life. This is to say that transportation infrastructure is largely invisible until it represents an inconvenience.
Unimodal and Multimodal Considerations
Various modes have different requirements for infrastructure but also differing ownership and maintenance needs. For example, airlines require significant investment in terminals and air traffic control systems; however, the former, while requiring significant acreage, are remote from one another. Airlines and marine transportation are similar in that there is sizeable investment at origins and destinations; there is no private ownership of their rights-of-way, specifically air corridors and the open sea (Garrison and Levinson 2014).
In contrast, railroads are required to own their own rights-of-way (although there are exceptions where ownership is a government unit, especially with regard to passenger railroads) and incur major initial investment as well as ongoing maintenance costs. While each mode has its own particular infrastructure requirements, each of those components needs to be protected from both natural and man-made harm.
Protection from What?
Taxonomy of threats
Moderately rapid onset
The variables of speed of onset, location, scale, timing, and whether the incident is natural or man-made have a clear bearing on how and to what extent a particular element of infrastructure needs to be protected. Note, too, that protection needs to be considered both when the particular asset is built and during its useful life.
Speed of onset is to also suggest a modicum of unpredictability with regard to timing, magnitude, location, and frequency (or regularity of threat).
The extent to which multiple infrastructure components are affected at any particular time. An example would be the loss of a specific bridge plus a nearby power station, both used by an electrified commuter railroad.
High stakes – in other words, human life is threatened, or are people’s physical well-being adversely affected
The infrastructure component is either so large or complex that its damage or destruction will require a lengthy period of time to repair or replace
The infrastructure component is in a remote location where equipment, personnel, and needed materials are not easily accessed?
There may be cascading impacts such as when a tsunami is triggered by an earthquake or that a terrorist organization may take advantage of a natural disaster occurrence.
Public Policy and the National Infrastructure Protection Plan
Through much of US history, the protection of infrastructure has been highly fragmented with the key exceptions being during wartime when key elements warranted specific extra protection as was the case with those port areas that were embarking troops or war materiel. A specific case during World War II was the Pennsylvania Railroad’s Horseshoe Curve in Western Pennsylvania, which at the time handled a disproportionately high volume of freight destined to the European front. Its importance was such that Germany actually landed a team of saboteurs tasked with the curve’s destruction – fortunately the plan never came to fruition, the agents were captured, tried, and executed (Plant and Young 2007).
With the number of public and private entities involved, it is reasonable to recognize that different entities will have different tolerances for risk depending on their specific business plans, resources, and regulatory environments. Protecting infrastructure, therefore, becomes a matter of applying risk management practices of both government and industry within the constraints of available resources and incentives and the range of consequences (Lee 2009).
While individual entities are responsible for managing risk to their organization, public-private partnerships improve understanding of the threats, vulnerabilities, and consequences of how to manage them through the sharing of indicators and practices and the coordination of policies, response, and recovery activities. (NIPP 2013)
Risk needs to be identified and managed in a coordinated way in order that security and resilience resources can be efficiently allocated. Security and resilience need to be considered joint being the security can be thought of as preventing an occurrence and protecting the infrastructure element as well as limiting the impact in the event of an occurrence.
The understanding and addressing of risks from cross-sector dependencies and interdependencies is essential. It is essential that different sectors understand one another. For example, the nation’s railroads operate as individual corporations, but they also function as a network. This means that during the normal course of business, they interchange freight cars in order that a shipment can move from one coast to the other by transiting the rails of multiple firms. In similar fashion during, for example, a natural disaster or a man-made act such as sabotage, entire trains or individual freight cars can be routed on competitors’ lines in order that the disruption to the supply chain is minimized.
Cross-community information sharing is essential. Cross-community is defined as public and private sectors but also across industries. Transportation is a derived demand activity that means that there is an inherent relationship between transportation service providers and their respective shippers and consignees.
The importance of particular units of critical infrastructure transcends national boundaries thus requiring cross-border collaboration, mutual assistance, and other forms of cooperative agreements.
Many if not most supply chains are now global, meaning that the interdependency between US interests and those of foreign partners is inseparable. Firms are increasingly aware that their success may not just be dependent upon their tier-1 suppliers but that tier-2, tier-3, and tier-n may pose a considerable previously unrecognized risk. Consequently, with that many tiers of concern, the vulnerability can be significant as transportation infrastructure embracing multiple modes are employed. Between transporting raw materials, semifinished components for further assembly, and finished goods, today’s products may wind up traveling thousands of miles before ever reaching the consumer (Supply Chain Council 2017).
Security and resilience need to be considered when assets, systems, and networks are being designed. Consideration must be given to determining the most effective and efficient approaches to identify, deter, detect, disrupt, and prepare for threats and hazards, mitigate vulnerabilities, and minimize their consequences. Building resilience into the infrastructure can be thought to be a, if not the, major consideration (McDougall and Radvanovsky 2008).
The NIPP received a major boost when the issue of critical infrastructure was emphasized in the Presidential Policy Directive 21 (PPD 21) in 2013. PPD 21 unscored the importance of critical infrastructure as a key element in national security but also for the nation’s economic well-being as well. Moreover, it charged 11 key federal agencies with developing critical infrastructure security and resilience functional relationships for 16 industry sectors, evaluating the public-private partnership model, identifying systems requirements to enable information sharing, developing a situational awareness capability, and the creation of a national research and development plan. While the term critical infrastructure encompasses a broad spectrum of assets, the key agencies of interest in this encyclopedia entry are the Department of Homeland Security and the Department of Transportation, specifically the Transportation Security Administration (TSA) (PPD-21 2013).
Cataloging Critical Infrastructure and Key Resources
US transportation links and nodes infrastructure and its ownership
State and local government; quasi-governmental authorities
Secondary commercial airports
General aviation airports
As above plus private ownership
Federal and state government
State and local government; quasi-governmental authorities; private ownership
Dredged rivers and harbors
Federal government; state and local government
Ports authority and private ownership
Cruise and ferry terminals
Terminals and pumping stations
State and local government, quasi-governmental authorities; private enterprise
State and local government, quasi-government authorities; private enterprise
Railroad – freight
Private ownership although some government ownership exists
Railyards, intermodal terminals
Railroad – Passenger
Federal, state, local and quasi-governmental authorities
Federal, state, local, and quasi- governmental authorities
Roads and highways
Interstate limited access
State and local government; quasi-governmental authority, some private sector (toll roads)
US transportation: major elements and information infrastructure (excludes rights-of-way)
State and local government, quasi-governmental authorities, private ownership
Air traffic control system
Federal government, quasi-governmental authorities
Aids to navigation (e.g., buoys), lock traffic control systems
Federal and state government, quasi-governmental authorities, private enterprise
Aids to navigation (e.g., buoys and lighthouses)
Federal government, private industry
Traffic control systems
State and local government, quasi-governmental authority, private ownership
Traffic control systems
Railroad – freight
Same as under right-of-way in Table 2
Communication and signaling systems
Secondary bridges and culverts
Freight car location systems
Railroad – Passenger
Federal, state, local, and quasi-governmental authorities
Communication and signaling systems
State, local, and quasi- government authorities
Secondary bridges and culverts
Electrified line catenary or third rail
Roads and Highways
State and local government; quasi-governmental authority
Traffic control systems
State and local government, quasi-governmental authorities
Secondary bridges and culverts
Key US infrastructure components by mode
Hub airports plus those for commercially served communities
Usually operate some general aviation
General aviation airports
Petroleum, petrochemical, and natural gas
Railroads – freight
Does not include miles, freight railroads operate over passenger railroad-owned tracks
Size not differentiated
Railroads – passenger
Passenger railroads most often tenants on freight rails
Size not differentiated
Interstate and national highway miles
Includes only paved road surface miles
Size not differentiated
Transportation as Networks: Multimodalism and Interdependence
In the above table, there are several notes concerning modes of sharing rights-of-way, terminals, and other infrastructures. While this does pose problems with regard to statistics, it also means that multiple entities will need to address the risk assessments as well as determine the priorities that must be addressed with respect to security and resiliency. Up to this point, the issue of intermodalism and multimodalism have not been addressed; however, these themes are increasingly cogent given, for example, that many truckers now rely on the railroads for their long-distance hauls and the ocean marine carriers are highly dependent on them for the inland movement of containers, both for export and import (Garrison and Levinson 2014; Price and Hashemi 2016).
Understanding the NIPP Framework
Step 1 of FEMA’s critical infrastructure risk management framework speaks to the establishment of goals and objectives that are established at the sector level; however, the most difficult and perplexing aspect of transportation in general and its infrastructure in particular is that it touches every aspect of the economy and in all manner of the health and well-being of the population. There is no sector that is unaffected by transportation inasmuch as it affects food, communications, clothing, shelter, education, energy, finance, utilities, and services. Services can be interpreted as private sector of government services that would include defense, police and fire protection, and even entertainment. The purpose here is not to set goals and objectives but to raise an awareness of the difficulty such a task can be with a sector that is so pervasive (NIPP 2013).
Risk management enables the critical infrastructure community to focus on those threats and hazards that are likely to cause harm, and employ approaches that are designed to prevent or mitigate the effects of those incidents. It also increases security and strengthens resilience by identifying and prioritizing actions to ensure continuity of essential functions and services and support enhanced response and restoration. (NIPP 2013)
Step 2 was essentially undertaken on a macro basis in Tables 2 and 3. Key is that the description reads “identify assets, systems, and networks” given that individual assets need to function as components within systems and networks. Note that the term systems is meant to denote a group of assets working together as a whole and that networks are groups of systems functioning together. In a transportation example, a container yard within a port area is a particular asset, whereas adding the containership, the berths, and the gantry cranes together is the container shipping system when linked with other ports. To view such within the structure of a network, one must add the highway and rail systems that access a given port area. The partners will each have a different view of the meaning of criticality based on the respective risks involved which mean those that are required for maintaining continued operations for the delivery of goods and services to their customers (NIPP 2013).
Threats – natural or man-made occurrences that have the potential to harm life, information, operations, the environment, property, and the overall economy.
Vulnerability – some feature the leaves an asset open to exploitation or susceptible to a specific hazard.
Consequence – the effect that an event or incident may have including any potential cascading effect.
Combined, these provide the basis for assessing and analyzing risk. While it is advocated that each of the many stakeholders engage in this process, the reality is that it is a complex and messy affair given the large number of participants each with a different set of priorities as well as risk tolerance and financial objectives. Moreover, the complexity increases exponentially as the scope of a potential incident or event increases (NIPP 2013). For example, the loss of a single highway overpass on a rural highway in Central Pennsylvania will be very different than the loss of an interstate highway span crossing the Mississippi River. Even with such a simple comparison, the importance of that Pennsylvania incident would be different should that road be the major access to an army installation such as Fort Indiantown Gap.
Using security protective measures to detect or delay an attack or intrusion. Several Class I railroads have begun using drones to surveil those miles of right-of-way that transit sparsely populated and remote areas. With regard to natural disasters, airlines for many years have staffed their own weather services in cooperation with the National Oceanographic and Atmospheric Administration. Moreover, Walmart, the retailer but also the operator of a very large private truck fleet, has similar resources.
Detecting malicious activities that threaten critical infrastructure and related operations and systems across sectors. BNSF Railway and others have engaged private citizens in their Citizens for Rail Security effort, which functions as an enlarged neighborhood watch (Young, Gordon, and Plant, p. 178). Moreover, the US Coast Guard participates in America’s Waterway Watch where recreational boaters are encouraged to “see something, say something” whenever they detect activities that seem out of place (USCG Aux 2018).
Implementing intrusion detection and vetting measures for sensitive and mission-critical activities to prevent unauthorized access. Implementation of the Transportation Workers Identification Card (TWIC) endeavors to credential respective personnel. In more critical activities, such as data centers and most truck terminals, specific identification measures are now commonplace and go beyond simple picture identification initiatives and may include biometric and fingerprint identification (Edwards and Goodrich 2013).
Monitoring facilities and networks potentially targeted for attack. Aside from the traditional closed-circuit TV monitoring that has been around for decades, more sensitive locations are installing geofencing technology that uses RFID tags to determine what or who is accessing a given area as well as those that are moving off their intended routing (Young et al. 2017).
Monitoring cyber systems for potential incursions into control systems such as air traffic control, train control systems, and pipeline traffic management. Defense-sensitive firms have for some time employed software that cannot only determine that attacks are occurring but in general terms who the source may be (Lee 2009).
Reduction of vulnerability is a practice that works equally well for both natural and man-made threats. Consider the following:
Build security and resilience into the design and operation of assets, systems, and networks. For a recent example, tank cars used for hauling crude oil underwent significant specification improvement that includes double-walled vessels and protection of related appurtenances because protecting infrastructure can also be a matter of improving the vehicles operating over transportation infrastructure (Edwards and Goodrich 2013).
Improving siting of infrastructure to avoid those areas prone to natural disasters or susceptible to exploitation. While this sounds obvious, its implementation may prove difficult especially with regard to maritime operations where access to deep water, both for channels and port facilities, is a prerequisite for attracting the services of, for example, container lines.
Develop and conduct training exercises to raise awareness and understanding of common vulnerabilities and potential mitigation approaches. Airport transit and passenger railroads have long engaged in such practices, and a common approach to mitigation is mutual aid agreements between first responders (Lee 2009).
Develop contingency plans for those events that have a higher likelihood of occurring. Railroads have long had agreements to use the tracks of competitors in the event of a disaster. This was seen numerous times when Gulf Coast hurricanes damaged stretches of track or bridges. Another example is the hurricane and tsunami evacuation routes posted in many coastal areas (McDougall and Radvanovsky 2008).
Notice that security and safety are, while related, different concerns. Moreover, resilience need to be considered together because as with the former, the focus is on prevention and protection, whereas with the latter, it is preparedness to mitigate, respond, and recover (Zoli and Steinberg 2016).
Step 5 demands that every event be assessed with regard to the effectiveness of those measures that were employed to prevent, protect, mitigate, respond, and recover from any event where transportation infrastructure was threatened, damaged, or destroyed. An after action report needs to assess what worked and what did not. This subsequently becomes the principal component of the feedback loop that serves to inform Step 1, the modification of goals and objectives, but also each of the other predecessor steps (NIPP 2013).
Infrastructure is always in the process of being replaced, upgraded, or generally maintained but also expanded to reflect increases in demand.
The demands placed on a particular element of the transportation infrastructure will change over time due to changes in economics including location of competing modes of transportation, location of those demanding transportation services, and the price of fuel and economics that may be related to such variables such as the price of fuel, taxation, and demographics.
Demand may shift due to the actions of government including taxation, weight and size regulations governing vehicles, and land use constraints.
The use may be affected by changes in the way costs are assessed, which could include the establishment of tolls, raising or existing tolls, or imposing time of day congestion pricing schemes.
- Edwards, F., & Goodrich, D. (2013). Introduction to transportation security. Boca Raton: CRC Press.Google Scholar
- Garrison, W., & Levinson, D. (2014). The transportation experience (2nd ed.). New York: Oxford University Press.Google Scholar
- Lee, E. (2009). Homeland security and private sector business. Boca Raton: CRC Press.Google Scholar
- McDougall, A., & Radvanovsky, R. (2008). Transportation systems security. Boca Raton: CRC Press.Google Scholar
- National Infrastructure Protection Plan. (2013). Partnering for critical infrastructure protection and resilience. Washington, DC: Department of Homeland Security.Google Scholar
- Plant, J., & Young, R. (2007). Securing and protecting America’s Rail System: U.S. Railroads and opportunities for terrorist threats. Boston: Citizens for Rail Safety.Google Scholar
- Presidential Policy Directive-21: Critical infrastructure protection and resilience (2013). Washington, DC: The White House.Google Scholar
- Price, W., & Hashemi, A. (2016). Seaport operations and security. In S. Hakim, G. Albert, & Y. Shiftan (Eds.), Securing transportation systems. Hoboken: Wiley.Google Scholar
- Supply Chain Council. (2017). Supply chain operations reference model (version12) quick reference guide. Available at https://www.apics.org/docs/default-source/scc-non-research/apicsscc_scor_quick_reference_guide.pdf. Accessed 15 Aug 2018.
- Talarico, L., Sorensen, K., Reniers, G., & Springael, J. (2016). Pipeline Security. In S. Hakim, G. Albert, & Y. Shiftan (Eds.), Securing Transportation Systems. Hoboken: Wiley.Google Scholar
- USCG Auxiliary. (2018). America’s Waterway Watch. http://www.cgaux.org/aww/php. Accessed 22 Aug 2018.
- Zoli, C., & Steinberg, L. (2016). Adaptive, resilience and critical infrastructure security: Emergent challenges for transportation and cyberphysical infrastructure. In S. Hakim, G. Albert, & Y. Shiftan (Eds.), Securing transportation systems. Hoboken: Wiley.Google Scholar