The scope of this FOT was centered on activities that address the following risk areas:
- Driver verification
- Off-route vehicle alerts
- Stolen vehicles (both tractors and trailers)
- Unauthorized drivers
- Cargo tampering
- Suspicious cargo deliveries
The FOT was engineered to demonstrate an integrated operational approach that made use of COTS technologies and addressed as many of the prescribed research objectives as practicable. The following discussion documents these research objectives and identifies the technology applications deployed by the Battelle Team to address them.
3.1 Prescribed Research Objectives
Each of the risk areas identified above were further organized into the three phases of hazmat transportation: (1) the pickup of hazmat from shippers, (2) transportation of hazmat, and (3) the delivery of hazmat to the receiver at the final destination. In addition, the specific objectives that related to the public sector cut across each of these phases. The relationship between these phases and the public sector are outlined in Figure 5 along with the specific objectives the FOT was required to address.
Figure 5. Prescribed Research Objectives
3.2 Adaptation of the Research Objectives to the Field Operational Test
As an important first step in FOT, a risk/threat assessment (Task 1) was conducted to organize the safety and security risks and threats in the highway transportation of hazardous materials .
3.2.1 Threats and Vulnerabilities
The Battelle Team adopted a multi-step approach to conduct the threat and vulnerability analysis.
Figure 6 illustrates the assessment process developed to conduct this task. The assessment began with a look at the broad universe of hazmat transportation. This universe is extremely varied, encompassing a diverse set of factors that need to be considered in conducting a risk/threat assessment, including:
- Type and characteristics of commodity
- Quantity of hazmat in individual shipments
- Frequency of hazmat shipments
- Type of operation (e.g., bulk and non-bulk, private and for-hire)
- Routing and length of haul
- Commodity loading and transfer points
Figure 6. Process Flow
These factors were then considered from two very different perspectives: intentional vs. unintentional releases. Because the scope of work for the FOT included consideration of both security and safety, both intentional (i.e., terrorist threat) and unintentional (i.e., accidents and incidents) releases were addressed. As shown in Figure 6, a greater portion of this effort was focused on terrorist-based intentional releases, but safety-related unintentional releases were considered as well. This emphasis on security issues stems from the significant effort in the past to understand and address the safety implications of hazmat transportation; it is only recently that specific attention has been directed toward security issues.
To address intentional releases, general categorizations for shippers, carriers, consignees, and en route conditions were defined. The definitions for specific reference components included typical operations and characteristics. Carrier and en route conditions were grouped together. The reference components used were:
|Shipper:||Warehouse/reseller, hazmat manufacturer, academic/research facility, and hazmat waste generator|
|Consignee:||Residential consumer, warehouse/reseller, industrial consumer, construction or mining consumer, academic/research facility, and waste disposal facility|
|En Route:||Rural Interstate, urban Interstate, rural arterial or two-lane highway, urban arterial, truck stop, rest stop or parking area, weigh station and border crossing, carrier terminal, and transfer terminal.|
The primary purpose for defining reference components was to organize, identify, and represent typical vulnerabilities. Each reference component was defined not to represent industry best practices related to security but to reflect the combination of vulnerabilities that can be readily found throughout industry. A reference component cannot be deemed typical in aggregate, but individual characteristics are taken from typical cases. The reference components were developed from industry knowledge and were confirmed and augmented by visiting facilities and/or conducting interviews with persons responsible for the transportation of hazmat.
As Figure 6 shows, the next step in the assessment process was to identify vulnerabilities for each reference component. The vulnerabilities were then categorized according to physical security, information integrity, operations, or environment. The specific vulnerabilities highlighted for each reference component are listed in Table E-1 in Appendix E.
Attack Profiles and Safety Concerns
The Battelle Team also identified terrorist tactics that would be effective against hazmat transportation. These tactics are also called attack profiles. In the FOT, a comprehensive database of threats developed by a member of the Battelle Team, Total Security Services International, Inc. (TSSI), was examined for those threats relevant to the transportation of hazmat and specifically to the vulnerabilities identified for the reference components. Three key threats were identified: theft, interception (including diversion), and legal exploitation. For simplicity, diversion is considered a special case of interception and these two were combined and treated as a single threat. A simple definition of these threats follows.
|Theft -||to take control by stealth, deception, or force|
|Interception -||to release, detonate, or ignite while at or near a target|
|Legal exploitation -||to exploit the system in a "legal" way so as not to arouse suspicion, for example, to acquire hazmat by commercial transaction or diversion using "insiders"|
In addition, the two major types of transportation operations, bulk/truckload and less-than-truckload (LTL) shipments were considered in developing attack profiles. The three threat types were then applied against each of the two operational types to develop six different attack profiles that address the intentional use of hazmat as a weapon.
Safety concerns were also addressed at this stage by consideration of unintentional releases from accidents or incidents. Considerable prior work has addressed this issue from a purely risk perspective and the results from the most recent study for the FMCSA were included .
The attack profiles were then considered for different types of hazardous materials. The DOT hazard classifications were reviewed from a "weapons-based" perspective and new threat-based material categories were developed. When considering the use of hazmat as a weapon, additional distinctions are made between materials in the same U.S. DOT hazard class. For example, most gases with a toxic-by-inhalation (TIH) hazard are in a single U.S. DOT hazard class7. These TIH gases include those that are heavier than air (HTA) and those that are lighter than air (LTA). To a terrorist, these materials are distinctly different in their weapons potential and in how they would be used against a target (i.e., the tactics that would be used and even in which targets might be more appropriate). An HTA TIH gas might be more easily directed from a cargo tank on the surface into an enclosed underground area such as a subway station; whereas, an LTA TIH gas might be more easily spread throughout a multi-story building when released at ground level. In addition, if notification was received that a TIH shipment was unaccounted for (through the Highway Watch Information Sharing and Analysis Center, for example), a slightly different response could be initiated depending on whether the material was HTA or LTA. From these considerations, a slightly revised categorization of hazmat was developed that considered weapons-based distinctions (see Table E-2 in Appendix E). Additional discussion about these material categories can be found in the Task 1 report .
Table E-8 in Appendix E shows the prioritization of the six threat-based attack profiles as well as the two that are accident-based.
3.2.2 Scenario Development
A critical component in developing the Concept of Operations (ConOps) was the detailed definition of the four operating scenarios (Table 7). These eight attack profiles were then mapped against the four scenarios developed as part of the Battelle Team's initial planning efforts. This was done to determine if all of the attack profiles were addressed in the proposed approach.
Table 7. Proposed Scenario Descriptions
|Class 3, Flammable Liquid||Short-haul fuel delivery vehicles|
|Class 3, Flammable Liquid|
Class 6.1 Poison
Class 8 Corrosive
|LTL and dray chemical vehicles|
|Class 2.2 Non-Flammable with Inhalation|
Class 3 Flammable
Class 9.2, 4, D Ester
|Bulk chemical vehicles|
|Class 1.1 - 1.6||Explosive or radioactive materials vehicles|
The next step was to determine if the four proposed scenarios covered the various components (shipper, route, and consignee) of the hazardous materials movement process defined in the threat and vulnerability assessment . Because many of the scenarios were divided into sub-scenarios, the field test was able to cover more of the various components than it would have otherwise. Refer to Appendix A for a detailed description of each scenario and the specific shipper, route, and consignee elements that each contains. Based on the results of this mapping exercise, it was determined that the four proposed scenarios sufficiently covered the various components of the hazardous materials movement process listed above in Table 7.
The next step was to focus on evaluating the vulnerabilities identified in the threat and vulnerability assessment and determine which technologies would be tested in each specific scenario.
First, each proposed technology component was evaluated against the vulnerabilities to determine which technologies could address specific vulnerabilities. While there were over 30 specific vulnerabilities identified, some could not be addressed by technology solutions. The vulnerabilities were separated into four categories: operational, environmental, physical, and information integrity. Operational vulnerabilities (e.g., lack of delivery notification, limited driver verification) were those that could be addressed through changes and/or modifications to operational procedures. Many of these lent themselves to the application of technology solutions to reduce the vulnerability and increase security. Environmental vulnerabilities (e.g., high population nearby, traffic congestion) were those associated with the general environment surrounding the hazardous materials shipment. Typically, technology solutions will not have an impact on these vulnerabilities. Physical vulnerabilities (e.g., unsecured perimeter) typically represent a security concern that is associated with the physical surroundings and security. Many of these vulnerabilities can be addressed, but were out of the scope of the FOT. Finally, information security vulnerabilities represent concerns with the electronic security, access, and validity of data. Again, there are technology solutions that can be applied to these areas to improve their security, but this area was also outside the scope of this FOT.
Once the technologies were identified that could address the specific vulnerabilities within the scope of the FOT, it was necessary to evaluate the proposed solutions against FMCSA's research objectives. Table E-10 in Appendix E shows the relationship between the scenarios, vulnerabilities, and research objectives. As a result of this mapping, two of the research objectives originally specified by FMCSA were not supported by the vulnerabilities identified in the threat and vulnerability assessment. These two functional requirements were:
- Real-time emergency alert message notification by the vehicle after the vehicle is involved in a crash
- Auditable log of all shipments to be kept by the motor carrier
3.3 Technologies Addressing the Research Objectives
Selection of the technologies was focused around addressing the research objectives associated with the pick-up, en route, and delivery functions as well as addressing the vulnerabilities identified in the threat and vulnerability analysis. A description of each technology component is included later in Section 4.4.2 of this report. Table 8 presents a mapping of the FOT research objectives against the technologies selected for the test. A detailed description of how each functional requirement was addressed (technologies deployed, shippers, carriers, consignees, and outcome of the testing) is discussed later in Section 4.4.
There is only limited empirical research available on the impact of technology on user behavior, particularly truck drivers. Several studies are now underway to ascertain the effects of on-board technology usage and affects - particularly from a driver distraction perspective. Anecdotally, it is assumed that, as more and more "telematics" technologies are incorporated in a truck, the potential impact on safety and efficiency increases.
Outside of truck drivers, most economic studies support the use of technology as a productivity tool. From a behavioral perspective, the effects are not well understood.
Table 8. Mapping Research Objectives to FOT Technologies
|Research Objectives||Comm. (Satellite Terrestrial or Digital Ph)||Global Login||Biometric Verification||In-Dash Panic||Wireless Panic||On-Board Computer||Electronic Manifest||Electronic Seals||Geofencing||Untethered Trailer Track||Cargo Trailer Locking||Tethered Trailer Track||Remote Disabling||Psrc|
|1.1 Hazmat driver identification and verification by the shipper||S||X||X|| || || || || || || || || || || |
|1.2 Hazmat cargo verification by the driver, dispatcher, and receiver||S,T|| || || || || ||X|| || || || || || || |
|1.3 Hazmat driver identification and verification by the vehicle||S||X||X|| || || || || || || || || || || |
|1.4 Hazmat driver identification and verification by the dispatcher||S||X||X|| || || || || || || || || || || |
|1.5 Hazmat cargo tampering alert to the driver and the dispatcher||S|| || || || ||X|| ||X|| || ||X|| || || |
|1.6 Remote cargo locking and unlocking by the dispatcher||S|| || || || ||X|| ||X|| || ||X|| || || |
|2.1 Hazmat driver identification and verification by dispatcher||S||X||X|| || || || || || || || || || || |
|2.2 Hazmat driver identification and verification by roadside safety enforcement officers||S||X||X|| || || || || || || || || || ||X|
|2.3 Hazmat cargo location tracking by the dispatcher||S|| || || || || || || || || || ||X|| || |
|2.4 Hazmat cargo route adherence by the dispatcher and roadside safety enforcement officers, as required, based on the quantity and type of hazmat being transported||S|| || || || ||X|| || ||X|| || || || ||X|
|2.5 Untethered trailer notification and tracking by dispatcher||S|| || || || || || || || ||X|| ||X|| || |
|2.6 Hazmat cargo tampering alert to the driver and the dispatcher||S|| || || || || || ||X|| || || || || || |
|2.7 Remote cargo locking and unlocking by the dispatcher||S|| || || || ||X|| ||X|| || ||X|| || || |
|2.8 Real-time emergency alert message notification by the driver to the dispatcher||S,T|| || ||X||X|| || || || || || || || || |
|2.9 Real-time emergency alert message notification by the vehicle after the vehicle is involved in a crash|| || || || || || || || || || || || || || |
|2.10 Real-time emergency alert message notification by the vehicle to the dispatcher if vehicle senses an unauthorized driver||S||X||X|| || || || || || || || || || || |
|2.11 Real-time emergency alert message notification by the dispatcher to local and state law enforcement officials and emergency responders||S,D,T||X||X||X||X|| || || ||X|| || || || ||X|
|2.12 Remote hazmat vehicle disabling by the driver||S,T|| || || ||X|| || || || || || || ||X|| |
|2.13 Remote hazmat vehicle disabling by the dispatcher||S|| || || || ||X|| || || || || || ||X|| |
|2.14 Hazmat driver identification and verification by the vehicle if the vehicle is motionless for 10 minutes||S||X||X|| || ||X|| || || || || || || || |
|3.1 Remote cargo locking and unlocking by the dispatcher||S|| || || || ||X|| ||X|| || ||X|| || || |
|3.2 Hazmat driver identification and verification by the receiver|| || || || || || ||X|| || || || || || || |
|3.3 Hazmat cargo verification by the receiver||S|| || || || || ||X|| || || || || || || |
|3.4 Receiver confirmation of received cargo to the driver and dispatcher||S|| || || || || ||X|| || || || || || || |
|3.5 Auditable log of all shipments to be kept by the motor carrier|| || || || || || || || || || || || || || |
| || || || || || || || || || || || || || || |
Combining the selected hazmat materials and operational scenarios described above, with the technologies shown in Table 8 to address all the required functional requirements, a high-level system design was developed to meet the requirements developed as part of the Task 3 Requirements Analysis task. Figure 7 depicts the high-level system architecture for the Hazmat FOT. Detailed system- and technology-specific architecture diagrams can be found in the Hazmat FOT Task 4: System Requirements and Design Document (July 17, 2003).
Figure 7. Hazmat FOT High-Level System Architecture Overview
Not all TIH materials are gases; some liquids are also TIH materials, depending on their volatility and the concentrations at which they can cause serious injury or death.