Wednesday, February 9, 2011

Remote Monitoring Equipment of Rail Tank Cars

SECURITY WARNING: If you are reading this blog in Washington State you may want to close this blog without reading further. It discloses information from the Washington State Fusion Center that is clearly marked unclassified, but not to be disseminated to the public. Sorry about that…

Late last month the Washington State Fusion Center (WSFC) published a bulletin (a copy can be found on my site) regarding the report of a suspicious device on a chlorine railcar. It turns out that the device wasn’t a terrorist IED, but rather a Remote Monitoring Equipment (RME) device; an electronic transponder used to track railcars, particularly hazmat railcars. The bulletin shows a picture of a little metal box (complete with what appears to be a small radio antenna) sitting on top of the rail car.

Clearly the personnel at the local rail yard were not familiar with the device and reported it to their local fire department. Those rail workers are to be commended on their reporting of, what was to them, a suspicious device on a chlorine rail car. This is one of the instances when a suspicious activity report (SAR) turned out not to be so suspicious once it was investigated. I just hope they weren’t made fun of once it was determined what the device actually was.

WSFC is to be commended for their rapid turn-around of this information. The original incident was reported on January 22nd and the Bulletin was published on January 26th. Considering that the incident happened on a Saturday and some fairly detailed research was done on the various RME’s currently in use, this is a very quick response; KUDOS. I hope that DHS (TSA in particular since they regulate freight rail security) picked up on this report and spread it throughout the rail security community.

Now the Problem

I really get a bit miffed when the government tries to restrict access to information that is clearly necessary to properly do ones job. This is a perfect case in point. At the bottom of each page of this bulletin (almost certainly on the bottom of all WSFC bulletins) we find:

“NOTE: This information is the property of the Washington State Fusion Center and may be distributed to federal, state, tribal, or local government law enforcement officials and EMS/fire personnel with a legitimate need-to-know. Further distribution without Washington State Fusion Center authorization is prohibited. Precautions should be taken to ensure this information is stored and/or destroyed in a manner that precludes unauthorized access.”
Clearly this information needs to be communicated to all personnel (mostly outside of the government) that are required to conduct security inspections of railcars. This includes train crews, rail yard workers, shippers and receivers; all people specifically denied access without specific approval of WSFC. Will the individual names have to be submitted and vetted? Why? All of the information (other than the sanitized initial SAR) is readily available on the internet.

Now, I really doubt that anyone at WSFC really considers this information to be sensitive. I suspect that their bulletins are automatically printed with this as part of the standard footer. That certainly would make it easier to ensure that truly sensitive (but unclassified) information is appropriately marked. Unfortunately that type process requires the releasing official to make an effort to remove the marking from a document.

This makes it almost certain that the marking will not be removed. After all, in most security professional’s minds it is better to over-classify than to let sensitive information slip out of control. That way you don’t give the enemy any advantage…. Besides, what harm could it do?

What could have happened with the initial SAR if it had gone to a police station that was concerned about a potential terrorist attack on that chlorine rail car, a police station that did not receive/see this bulletin? An initial investigation would find an unidentified box with an apparent radio receiver on top of a TIH rail car. If a bomb squad was called in the unidentified, but sealed metal box would be assumed to be a bomb equipped with anti-tamper devices (to a hammer everything looks like a nail). The box is going to be ‘disrupted’ and everyone involved is going to look foolish when it turns out to be nothing. So much for any future SARS from that rail yard.

On the other hand, if this document is widely distributed to those people that would be expected to come into contact with these railcars, they could conduct the appropriate inspection of the device to locate the identification tag. After verifying the identification information, the device could essentially be ignored. If there were discrepancies in the identification information, further investigation would be warranted.

So TSA, how about producing your own version of this bulletin and get it distributed to all fusion centers and all rail security officers. That way we can insure that this information gets in the hands of those that really need it, even if they aren’t in the govmint.

No comments:

/* Use this with templates/template-twocol.html */