Conducting risk analysis in public transport networks – guidelines for users

Abstract

Ensuring the security of public transport is particularly challenging for reasons such as the open and accessible nature of public transport networks and the limited resources of the operators. Conducting a security risk assessment study is therefore a useful starting point. First, a risk analysis is conducted to establish the occurrence and impact of threats on the network. This is then followed by a vulnerability assessment study, which helps to decide where and how to invest scarce resources to protect the system. To summarize, we can say that: Risk Assessment = Risk Analysis + Vulnerability Assessment. Due to length restrictions, the present article will focus on risk analysis. The issue of the vulnerability assessment can be found in the full study*. A security risk analysis is different to a safety risk analysis. For example, a safety risk analysis can make use of frequency of occurrence of safety events using data from experience. Due to the rarity of terrorist attacks on public transport, the element of frequency cannot be used for a security risk analysis. The International Association of Public Transport (UITP) Security Commission† identified security risk assessment as a priority topic for research. Therefore, in the context of COUNTERACT, a European project funded by the European Commission, UITP and the project team developed ‘Generic Guidelines for Conducting Security Risk Assessment in Public Transport Networks’. The user-friendly guidelines, which were successfully tested by an urban public transport operator, outline a qualitative risk assessment methodology which can be adapted by the operator to suit specific needs, in a step-by-step approach, specifically designed for public transport. This article will outline how the methodology was developed, as well as lessons learned from the test which was carried out. To supplement these User Guidelines, further details of the risk assessment methodology are presented in the accompanying paper by Sanchez.