This document and trademark(s) contained herein are protected by law as indicated in a notice appearing later in this work. This electronic representation of RAND intellectual property is provided for non- commercial use only. Permission is required from RAND to reproduce, or reuse in another form, any of our research documents for commercial use. Limited Electronic Distribution Rights This PDF document was made available from www.rand.org as a public service of the RAND Corporation. 6 Jump down to document THE ARTS CHILD POLICY CIVIL JUSTICE EDUCATION ENERGY AND ENVIRONMENT HEALTH AND HEALTH CARE INTERNATIONAL AFFAIRS NATIONAL SECURITY POPULATION AND AGING PUBLIC SAFETY SCIENCE AND TECHNOLOGY SUBSTANCE ABUSE TERRORISM AND HOMELAND SECURITY TRANSPORTATION AND INFRASTRUCTURE WORKFORCE AND WORKPLACE The RAND Corporation is a nonprofit research organization providing objective analysis and effective solutions that address the challenges facing the public and private sectors around the world. Visit RAND at www.rand.org Explore RAND Homeland Security Program View document details For More Information Purchase this document Browse Books & Publications Make a charitable contribution Support RAND This product is part of the RAND Corporation technical report series. Reports may include research findings on a specific topic that is limited in scope; present discus- sions of the methodology employed in research; provide literature reviews, survey instruments, modeling exercises, guidelines for practitioners and research profes- sionals, and supporting documentation; or deliver preliminary findings. All RAND reports undergo rigorous peer review to ensure that they meet high standards for re- search quality and objectivity. Freedom and Information Assessing Publicly Available Data Regarding U.S. Transportation Infrastructure Security Eric Landree, Christopher Paul, Beth Grill, Aruna Balakrishnan, Bradley Wilson, Martin C. Libicki The RAND Corporation is a nonprofit research organization providing objective analysis and effective solutions that address the challenges facing the public and private sectors around the world. RAND’s publications do not necessarily reflect the opinions of its research clients and sponsors. R ® is a registered trademark. © Copyright 2007 RAND Corporation All rights reserved. No part of this book may be reproduced in any form by any electronic or mechanical means (including photocopying, recording, or information storage and retrieval) without permission in writing from RAND. Published 2007 by the RAND Corporation 1776 Main Street, P.O. Box 2138, Santa Monica, CA 90407-2138 1200 South Hayes Street, Arlington, VA 22202-5050 4570 Fifth Avenue, Suite 600, Pittsburgh, PA 15213-2665 RAND URL: http://www.rand.org/ To order RAND documents or to obtain additional information, contact Distribution Services: Telephone: (310) 451-7002; Fax: (310) 451-6915; Email: order@rand.org Library of Congress Cataloging-in-Publication Data Landree, Eric. Freedom and information : assessing publicly available data regarding U.S. transportation infrastructure security / Eric Landree [et al.]. p. cm. Includes bibliographical references. ISBN-13: 978-0-8330-4031-2 (pbk.) 1. Terrorism—United States—Prevention—Evaluation. 2. Terrorism—Risk assessment—United States. 3. Transportation—Effect of terrorism on—United States. 4. Transportation—Security measures—United States. 5. Infrastructure (Economics)—United States—Safety measures. 6. National security—United States— Planning. I. Title. HV6432.L363 2004 363.325'93880973—dc22 2006032345 The research described in this report was conducted under the auspices of the Homeland Security Program within RAND Infrastructure, Safety, and Environment (ISE). iii Preface e goal of this investigation was to determine how much data regarding U.S. anti- and coun- terterrorism systems, countermeasures, and defenses are publicly available and could be found by individuals seeking to harm U.S. domestic interests. e study focused on information that would be freely accessible through Web search and review of library materials. To obtain a reasonably detailed picture of the available information while still covering a range of pos- sible scenarios, researchers examined six different hypothetical terrorist operations involving three categories of transportation infrastructure: air, rail, and maritime. e research team also developed a framework for comparing the amount of information that is publicly available across different terror attack scenarios and infrastructure targets. e Department of Homeland Security Science and Technology Directorate, Office of Comparative Studies sponsored the study. is report is a response to the U.S. General Ser- vices Administration Request for Quotation 41016-Homeland Security Research Studies. e information presented here should be of interest to homeland security policymakers, and owners, operators, and defenders of elements of the U.S. transportation infrastructure that rely on anti- and counterterrorism defenses for security from terrorist attacks. is report is one of two under the study “Understanding Terrorist Motives, Targets, and Responses,” with Martin Libicki as Principal Investigator. e companion monograph is Exploring Terrorist Targeting Preferences (Libicki, Chalk, and Sisson, 2007). The RAND Homeland Security Program is research was conducted under the auspices of the Homeland Security Program within RAND Infrastructure, Safety, and Environment (ISE). e mission of RAND Infrastruc- ture, Safety, and Environment is to improve the development, operation, use, and protection of society’s essential physical assets and natural resources and to enhance the related social assets of safety and security of individuals in transit and in their workplaces and communities. Homeland Security Program research supports the Department of Homeland Security and other agencies charged with preventing and mitigating the effects of terrorist activity within U.S. borders. Projects address critical infrastructure protection, emergency management, ter- rorism risk management, border control, first responders and preparedness, domestic threat assessments, domestic intelligence, and workforce and training. iv Freedom and Informatiion Questions or comments about this report should be sent to the project leader, Eric Lan- dree (Eric_Landree@rand.org). Information about the Homeland Security Program is avail- able online (http://www.rand.org/ise/security/). Inquiries about homeland security research projects should be sent to the following address: Michael Wermuth, Director Homeland Security Program, ISE RAND Corporation 1200 South Hayes Street Arlington, VA 22202-5050 703-413-1100, x5414 Michael_Wermuth@rand.org Contents v Preface iii Figures vii Tables ix Summary xi Acknowledgments xv Abbreviations xvii CHAPTER ONE Introduction 1 Levels of Risk in Information Gathering 3 Negligible-Risk Information Gathering 3 Low-Risk Information Gathering 3 Medium-Risk Information Gathering 4 High-Risk Information Gathering 4 Determinants of Information Gathering 4 Choice of Target 5 Stage of Attack Planning 5 Availability of Information on the World Wide Web 6 Information in the Public Domain: How Much? What Kind? 7 Assessing the Results of Information Search: How Much Is Enough? 10 Attacks on the Transportation Infrastructure: Six Scenarios 10 Scenarios for Attacks on the Rail Infrastructure 11 Scenarios for Attacks on the Air Infrastructure 11 Scenarios for Attacks on the Sea Infrastructure 11 An Illustrative Red-Team Approach 13 Overview of the Report 14 CHAPTER TWO Defining Terrorists’ Information Requirements: e ModIPB Framework 15 e al Qaeda Manual 16 e Modified IPB Framework 19 Moving from Abstract Framework to Real-World Information Requirements 24 vi Freedom and Informatiion CHAPTER THRE E Summary of Red-Team Findings and Validation 27 Scenario 1: A Poison Gas Attack on the NYC Subway (42nd Street Station) 27 Scenario 2: Bomb in a Passenger Plane Cargo Hold (at LAX) 28 Scenario 3: Shipping a Nuclear Device in a Cargo Container rough LA/LB 28 Scenario 4: Madrid-Style Bomb Attack on Commuter Train in the NYC East River Tunnel 29 Scenario 5: MANPADS Attack on a Flight Bound into LAX 30 Scenario 6: Suicide Boat Rams a Docked Cruise Ship at the Port of Los Angeles 31 Validation 31 CHAPTER FOUR Conclusions and Recommendations 33 Availability of Information in Public Sources 33 Stoplight Summary 35 Implications of the Availability of Information 40 Policy Recommendations 41 Summary 43 APPENDIXES A. What the Red Team Found 45 B. Crosswalk of ModIPB and al Qaeda Manual 75 Bibliography 81 Figures vii S.1. Notional Representation of Information Collected by Red Team xiii 1.1. Notional View of Information About a Target 9 A.1. Schematic Diagrams of Times Square Station 52 A.2. Station Map of the MTA Long Island Rail Road 66 A.3. Photograph of Douglaston Station 68 [...]... to these data and, in many cases, are obliged to protect them This report should give those charged with infrastructure security and relevant policymakers a good idea of the shape and general contents of the off-site, publicly available information set for selected scenarios and elements of the U.S transportation infrastructure By understand- 10 Freedom and Information ing all three sets and their intersections,... terrorists in the act of gathering information on-site Finally, the third set consists of information that is on-site “employee information, ” that is, information available to those who are employees of or closely affiliated with the infrastructure itself Employee information would include both public information and insider information A Venn diagram of these overlapping sets of information is presented in... relative sizes and overlap of these different sets of information depends on many factors, such as the specific responsibilities of the employee and the skill, motivation, or goals of the information gatherers Introduction 9 Figure 1.1 Notional View of Information About a Target Set 1: Off-site, Public Information (A) Set 3: On-site, Employee Information Set 2: On-site, Public Information (B) (C) RAND TR360-1.1... overhead images, schemat- xiv Freedom and Informatiion ics of sites and equipment, and news reports Moreover, new information is being added to the public domain every day, along with new capabilities for searching and fusing information Thus, procedures for securing sensitive information should be evaluated regularly, taking into account developments in technologies for storing and retrieving data, with... constellations of factors that identify information- gathering activities as constituting no-, low-, medium-, and high-risk information gathering Negligible-Risk Information Gathering Negligible-risk information gathering6 includes surfing the Web, listening to or watching mass media, reading for-sale material (e.g., newspapers), and perusing information in public libraries The information that these sources... quite costly, and involves a great deal of effort Here, we discuss three factors that are likely to affect information gathering: target choice, attack-planning stage, and availability of information on the World Wide Web We note, however, that the relationship between these variables and information gathering is complex For example, target choice will certainly affect information gathering, but information. .. within the set of information defined as “on-site employee information (point C in Figure 1.1) Information that can only be found in the third set (on-site employee information) and in neither of the two sets is insider information Once policymakers or infrastructure defenders have a good idea of the kinds of data in each of these information sets, they can decide more readily which information to try... public information about security can have paradoxical effects On the one hand, it can help them plan operations; on the other hand, it may deter the execution of those operations Finding a proper balance and deciding what “should” be publicly available remains a challenge and is beyond the scope of this report Policymakers and infrastructure owners and operators must also know not only what information. .. New information requirements that emerge later in the planning process may merit renewed low-cost, low-risk, and low-effort research Overall, the phase of operational planning influences what information terrorists need and, consequently, what they must do to get it and what risks and costs to bear in the process There are, of course, critical differences between likely terrorist researchers and the RAND... empirical question and may well include information that is sought to provide assurance and confidence to the terrorists but would not affect any decision made about the operation 15 16 Freedom and Information items deemed relevant to each scenario Upon review, for each scenario, a subset of the IPB categories was identified as “critical” or “showstopper” information requirements A showstopper is information . public and private sectors around the world. Visit RAND at www.rand.org Explore RAND Homeland Security Program View document details For More Information Purchase. (Eric_Landree@rand.org). Information about the Homeland Security Program is avail- able online (http://www.rand.org/ise/security/). Inquiries about homeland