From 2004 to 2008, terrorists killed over 2000 people and injured over 9000 more in 530 separate attacks targeting passenger rail systems. The Transportation Security Administration (TSA) considers passenger railroads to be high consequence targets in terms of potential loss of life and economic disruption as they carry large numbers of people in a confined environment, offer the opportunity for specific populations to be targeted at particular destinations, and often have iconic structures.
Regarding the more limited subset of high-speed passenger trains (HSR) worldwide, between 1970 and 2012, there were 33 high-speed rail attacks, which killed 32 people. The August 2015 attempted French high-speed train terrorist attack is a reminder that intercity high-speed passenger trains are likely targets for terrorism.
While cyberattacks have occurred, terrorist attacks on passenger rail systems have primarily targeted physical systems, notably Madrid in 2004, London in 2005, Mumbai in 2006, and Kunming in 2014. The French HSR line is fenced, but in 1995, saboteurs penetrated the fence and planted a bomb. Tragedy was averted when the bomb failed to explode.
The Texas Central Railway (TCR), a private corporation, is proposing a high-speed intercity passenger train system to operate between Dallas and Houston using Japanese technology and methods. TCR proposes a 205-mph train; however, existing high-speed rail in the U.S. does not exceed 110 mph, except for a 28 mile stretch of 150 mph-capable track in the northeast. This is not the first high-speed rail proposal for Texas, and there are other proposals in various stages in other states. However, this project has the potential to be the first of its kind implemented in the country, which one writer has said would “be a transformative event in the history of the nation’s transportation system.”
Through the Transportation Security Administration (TSA), the federal government has security oversight for passenger rail systems. Its approach for rail is similar to that for intercity buses, as opposed to the screening and security levels provided for air transportation. State homeland security requirements and programs for Texas are authorized by Chapter 421 of the Texas Government Code. The statutes require the governor to develop a homeland security strategy with specific plans for protecting critical infrastructure and coordinating with other public and private sector entities, among other duties.
Current statutory guidance and requirements regarding critical infrastructure protection are minimal and broad. If a first-of-its-kind, large-scale, privatized infrastructure project, which presents an attractive target for terrorists, goes into revenue service, the paradigm will have shifted. The security framework may well be tested under real-world conditions with any shortcomings becoming glaringly apparent.
Short of statutory change, the state does not appear to have the ability to impose any security standards or requirements on the project, which raises these questions: should the train operators be required to participate in intelligence-gathering efforts? Is it in the state’s interest to mandate a level of law enforcement presence, either on board the train or at stations? Will financial backers of the Texas Central Railway (TCR) system require security standards, both as a means of protecting the asset and its ability to generate revenue to repay its debts?
The Argonne National Laboratory has created a framework for use in evaluating site security that lists six major components: security management, physical security, information sharing, security force, dependencies, and protective measures. Evaluating these components through selected subcomponents and applying the utility tree analysis outlined by Morgan D. Jones, along with probability and fault tree analysis, yields a number of possible options and approaches. This results in a finding that the State of Texas should require homeland security standards for HSR. Given the unique and precedent setting nature of the project, the legislature should be proactive in creating specific requirements or expectations. In addition, it should ensure state enforcement agencies have sufficient authority to ensure the provision of public safety for a private sector transportation project. These requirements may include a legal ability to acquire and enforce representations made regarding the system’s security provisions and also should address how law enforcement is achieved, how the project interacts with the intelligence community, and baseline requirements for cyber security, passenger data privacy, vulnerability and threat assessment, and community considerations and involvement along the route.
 Nabajyoti Barkakati, and David Maurer, Technology Assessment: Explosives Detection Technologies to Protect Passenger Rail (Washington, DC: US Government Accountability Office, 2010), 12.
 73 Fed. Reg. 72130 (2008).
 Brian Michael Jenkins et al., Formulating a Strategy for Securing High-Speed Rail in the United States (San Jose, CA: Mineta Transportation Institute, 2013), 9.
 Aliya Sternstein, “Hackers Manipulated Railway Computers, TSA Memo Says,” NextGov, January 23, 2012, http://www.nextgov.com/cybersecurity/2012/01/hackers-manipulated-railway-computers-tsa-memo-says/50498/.
 Brian Michael Jenkins, Bruce R. Butterworth, and Jean-Francois Clair, The 1995 Attempted Derailing of the French TGV (High-Speed Train) and a Quantitative Analysis of 181 Rail Sabotage Attempts (San Jose, CA: Mineta Transportation Institute, 2010).
 Jody Serrano, “High-Speed Rail Firm’s Chief: Public Meetings Set for Proposal,” The Texas Tribune, September 20, 2014.
 Aman Batheja, and Stephen J. Smith, “The Bullet Train that Could Change Everything,” The Texas Tribune, August 18, 2014.
 Yonah Freemark, “Why Can’t the United States Build a High-Speed Rail System?” The Atlantic’s CityLab, August 13, 2014, http://www.citylab.com/politics/2014/08/why-cant-the-united-states-build-a-high-speed-rail-system/375980/.
 Marc H. Burns, High-Speed Rail in the Rear-View Mirror: A Final Report of the Texas High-Speed Rail Authority (Austin, TX: MH Burns, 1995).
 Batheja, and Smith, “The Bullet Train that Could Change Everything.”
 Texas Legislative Council, Texas Government Code, Chapter 421: Homeland Security (Austin, TX: Texas Legislative Council, 2003).
 “Better Infrastructure Risk and Resilience,” Argonne National Laboratory, last modified August, 2010, accessed October 6, 2015, http://www.anl.gov/articles/better-infrastructure-risk-and-resilience.
 U.S. Department of Homeland Security. “Enhanced Critical Infrastructure Protection,” last modified September 9, 2015, accessed October 6, 2015, http://www.dhs.gov/ecip.
 Robert E. Fisher et al., Constructing Vulnerability and Protective Measures Indices for the Enhanced Critical Infrastructure Protection Program (No. ANL/DIS-09-4), (Argonne, IL: Argonne National Laboratory, 2009), http://www.osti.gov/scitech/biblio/966343.
 Morgan D. Jones, The Thinker’s Toolkit: Fourteen Powerful Techniques for Problem Solving (New York: Three Rivers Press, 1998), 252.