Transportation Security Administration’s Office of Intelligence
- 8 pages
- For Official Use Only
- February 28, 2011
(U//FOUO) The Transportation Security Administration’s Office of Intelligence (TSA-OI) unclassified annual Freight Rail Threat Assessment addresses the overall threat to the U.S. freight rail industry and presents conclusions regarding likely targets and actors based upon a review of successful attacks against rail systems overseas.
(U//FOUO) The U.S. freight railroad sector incorporates 565 railroads operating on 139,679 miles of track throughout North America, including the United States, Canada, and Mexico. According to the Association of American Railroads (AAR), seven large freight, or Class I, railroad companies own and operate the majority of railroad track and rail property in the country. The AAR defines Class I railroads in the United States as those with the highest revenue. These seven Class I companies share trackage rights among themselves with shortline freight, and with commuter and passenger railroads. Freight railroads employ 168,891 people, maintain more than 1.5 million rail cars in North America, and transport approximately 43 percent of U.S. domestic freight and valuable commodities—including petroleum, chemicals, farm products, automobiles, food, lumber, and coal. Freight and passenger rail operations are often interdependent and use the same infrastructure, including track, signals, and in some cases control centers.
(U//FOUO) TSA-OI has no specific, credible intelligence to suggest violent transnational or domestic extremist groups are planning to attack the U.S. freight rail system, or use the system to facilitate an attack against another target. TSA-OI assesses with moderate confidencei that the risk of an attack to the U.S. freight rail industry is low.
(U//FOUO) TSA-OI assesses with high confidence that passenger trains or stations are more likely to be targeted than freight trains. The interdependency of the freight and passenger rail infrastructure in the United States increases the likelihood that any threats or attacks against passenger rail could impact freight rail as well.
(U//FOUO) TSA-OI judges that al-Qa’ida (AQ), its affiliates, and other terrorists motivated by violent extremist views would be the most likely actors to target the U.S. freight rail system. This judgment is based on recent attacks against freight rail and passenger trains overseas and the recent stated goals of al-Qa’ida’s senior leadership to attack U.S. transportation.
(U//FOUO) Based upon a review of worldwide attacks on freight rail targets, TSA-OI assesses that improvised explosive devices (IEDs) would be the most likely means of attack against the U.S. freight rail system.
(U//FOUO) There is little evidence of a specific terrorist threat to freight rail Supervisory Control and Data Acquisition (SCADA) or other Industrial Control Systems (ICS), but al-Qa’ida and other violent extremist groups have a sustained interest in acquiring the skills to conduct cyber attacks.
(U) Toxic Inhalation Hazards (TIH)
(U//FOUO) According to the Association of American Railroads Bureau of Explosives, each year, more than
76,000 bulk rail shipments of materials poisonous by inhalation, commonly referred to as toxic inhalation
hazard (TIH), traverse nearly all major American cities and metropolitan regions. Because of its pervasiveness
(more than 30,000 shipments per year) and toxic effects (500 parts-per-million can cause health problems),
chlorine is of particular concern to the freight rail industry.
(U//FOUO) No terrorist group has ever attacked a rail car transporting TIH commodities. Additionally, TSA-OI
has no current intelligence to indicate that al-Qa’ida or any other terrorist organization is planning to conduct
an attack on a TIH car. Nevertheless, a successful attack on a freight rail car transporting TIH through a
densely populated urban area could meet al-Qa’ida’s strategic goals of attacking targets that would generate
mass casualties, economic damage, and fear.
(U//FOUO) Although there is little evidence of a specific terrorist threat to freight rail Supervisory Control and Data Acquisition (SCADA) or other Industrial Control Systems (ICS), intelligence reporting indicates al-Qa’ida and other violent extremist groups have a sustained interest in acquiring the skills to conduct cyber attacks. Independent hackers, as well as foreign governments, have also been linked to repeated intrusions into U.S. business and control system computer networks.
(U//FOUO)• In 2003, a U.S. freight rail company’s business systems became infected with a non-directed computer worm. Much of the consequent degradation of rail operations stemmed from mitigation efforts to contain the intrusion, highlighting how computer system performance can be directly affected in unexpected or unanticipated ways (whether intentionally or otherwise).