North American Railroad System Security Plan

On September 18, 2001 the CEO’s of the North American Class 1 Freight Railroads and AMTRAK understood that the North American rail infrastructure was potentially at risk from terrorist attack.

IIT was chosen to support the AAR’s “Terrorism Risk Analysis and Security Management Project,” and conduct a comprehensive risk analysis. Both physical and IT infrastructures were considered. Using Federal Government and International Best Practices all of the North American Railroads’ critical assets were identified, analyzed, and prioritized. Specific security countermeasures and alert levels were created. Over 150 Railroad and IIT subject matter experts worked for nearly 3 months on this intensive effort. In December 2001, the CEOs of all of the major freight railroads and AMTRAK approved the “Terrorism Risk Analysis and Security Management Plan.” This plan of action coordinates and implements the extensive security efforts of the individual railroads.


• “Terrorism Risk Analysis and Security Management Plan” was adopted by CEO’s and is considered to be the ‘Gold Standard’ for all other industry Risk Analysis and Security Management Plans.
• AAR sponsors (and IIT operates) the Surface Transportation Information Sharing and Analysis Center (ST-ISAC), a private industry clearinghouse for security information that provides 24/7 threat warning and incident reporting.
• AAR Operations Center. IIT operates the 24/7 Railroad Security Operations Center. This center coordinates information between the railroads, the ST-ISAC, and both Federal and State Governments.

Based on IIT’s performance with the Surface Transportation ISAC, IIT was chosen to operate the Public Transportation ISAC for all transit agencies. The ISACs are key information sharing mechanisms for our critical national infrastructures.

Return to Critical Infrastructure Protection