Rail Transportation Security
The Transportation Security Administration (TSA) issues this final rule to enhance the security of our Nation's rail transportation system. This rule establishes security requirements for freight railroad carriers; intercity, commuter, and short-haul passenger train service providers; rail transit systems; and rail operations at certain, fixed-site facilities that ship or receive specified hazardous materials by rail. This rule codifies the scope of TSA's existing inspection program and requires regulated parties to allow TSA and Department of Homeland Security (DHS) officials to enter, inspect, and test property, facilities, conveyances, and records relevant to rail security. This rule also requires that regulated parties designate rail security coordinators and report significant security concerns.
This rule further requires that freight rail carriers and certain facilities handling specified hazardous materials be able to report location and shipping information to TSA upon request and implement chain of custody requirements to ensure a positive and secure exchange of specified hazardous materials. TSA also clarifies and amends the sensitive security information (SSI) protections to cover certain information associated with rail transportation.
6 actions from December 21st, 2006 to November 2008
December 21st, 2006
January 19th, 2007
- Notice--Public Meeting; Request for Comments
February 20th, 2007
- NPRM; Comment Period End
February 15th, 2007
- NPRM; Initial Regulatory Flexibility Analysis (IRFA)
February 20th, 2007
- NPRM; IRFA; Comment Period End
- Final Action
Table of Contents Back to Top
- FOR FURTHER INFORMATION CONTACT:
- SUPPLEMENTARY INFORMATION:
- Availability of Rulemaking Document
- Small Entity Inquiries
- Abbreviations and Terms Used in This Document
- Outline of Final Rule Preamble
- I. Background and Summary of This Final Rule
- A. Summary of This Rule
- B. Purpose of the Rule
- C. Changes From the NPRM
- 1. Sensitive Security Information
- 2. Rail Security-Sensitive Materials
- 3. Inspection Authority
- 4. Reporting Significant Security Concerns
- 5. Chain of Custody and Control Requirements
- 6. Location and Shipping Information for Certain Rail Cars
- 7. Harmonization of Federal Regulation of Nuclear Facilities
- II. Overlap Between TSA's Rule and Other DHS Regulations
- III. Rail Security-Sensitive Material
- IV. Public Comments on the NPRM and TSA Responses on Regulatory Provisions
- A. Summary
- B. Specification of Hazardous Materials
- C. Rail Security Coordinators
- 1. The RSC Role Must Be Performed by a Designated Individual
- 2. Scope of Section 1580.101
- 3. Scope of Section 1580.201
- 4. Responsibilities of the RSC
- 5. Rail Security Coordinators Identified Previously
- 6. Rail Security Coordinator Coordination With State and Local Governments
- 7. Rail Security Coordinator Training
- D. Inspection Authority
- 1. Unannounced Inspections
- 2. Use of Identification Media and Verification of Identity of TSA Inspectors
- 3. Warrantless Inspections
- a. Legal Authority To Conduct Warrantless Inspections
- b. Criminal Evidence Found During an Inspection
- 4. Enforcement Guidance for Inspectors
- 5. Review Process for Enforcement Decisions
- 6. Use of Third-Party Contractors for Inspections
- 7. Other Comments on TSA Inspection Authority
- E. Reporting Significant Security Concerns
- 1. General Comments
- a. Value of Proposed Requirement To Report Significant Security Concerns
- b. Scope of the Reporting Requirements
- 2. Time and Method of Reporting
- a. When must reports be made?
- b. Content and Method of Reporting
- 3. Coordination With Other Reporting Requirements
- 4. Reportable Events
- 5. Training
- 6. Sharing of Information Received
- 7. Other Comments on Reporting Significant Security Concerns
- F. Sensitive Security Information
- 1. Extent of Protection of Information as SSI
- 2. Access to Sensitive Security Information for State Oversight Agency or Designated Local or Tribal Officials
- 3. Security Clearance
- 4. Inspection Information
- 5. Simplified Marking
- 6. Broadening the Scope of Sensitive Security Information
- 7. Protection of SSI in Civil Litigation
- 8. Coordination With Other Information Protection Programs
- 9. Protection for Personal Information
- 10. Expansion of Sensitive Security Information to Other Modes of Transportation Besides Rail
- G. Chain of Custody and Control
- 1. Applicability
- 2. Attendance Requirement
- 3. Electronic Monitoring of Rail Cars
- 4. Rail Hazardous Materials Receivers
- 5. Document Requirement
- 6. Other Issues Concerning Chain of Custody and Control
- H. Location and Shipping Information for Certain Rail Cars
- 1. Applicability
- 2. Timeframe for Reporting Information
- 3. Technology for Reporting Information
- 4. TSA's Use of the Information
- I. Whistleblower Protection for Employees
- J. Preemption
- K. Comments on the Regulatory Impact Assessment
- 1. Whether the Benefits of the Rule Justify the Costs
- 2. Overestimated Compliance Costs
- 3. Underestimated Compliance Costs
- i. General
- ii. Chain of Custody and Control
- iii. Opportunity Cost of Foregone Investments in Rail Capacity
- 4. Incidence of Compliance Costs
- 5. Unintended Economic Consequence of Regulation
- 6. Insufficient Calculation of Benefits
- 7. Impact on Small Entities
- 8. Impact on International Trade
- L. Comments Beyond the Scope of the Rule
- V. Rulemaking Analyses and Notices
- A. Executive Order 12866 Assessment (Regulatory Planning and Review)Impact Summary
- Benefits of the Final Rule
- Costs of the Final Rule
- B. Regulatory Flexibility Act Assessment
- Background and Legal Authority
- Statement of Need for the Regulatory Action
- Issues Raised in Public Comments
- Description and Estimated Number of Small Entities
- Description of Compliance Requirements
- Flexibility in the Final Rule
- Identification of Duplication, Overlap, and Conflict With Other Rules
- C. Paperwork Reduction Act
- D. International Trade Impact Assessment
- E. Unfunded Mandates Reform Act Analysis
- F. Executive Order 13132, Federalism
- G. Environmental Analysis
- H. Energy Impact Analysis
- List of Subjects
- The Final Rule
- PART 1520—PROTECTION OF SENSITIVE SECURITY INFORMATION
- PART 1580—RAIL TRANSPORTATION SECURITY
- Subpart A—General
- Subpart B—Freight Rail Including Freight Railroad Carriers, Rail Hazardous Materials Shippers, Rail Hazardous Materials Receivers, and Private Cars
- Subpart C—Passenger Rail Including Passenger Railroad Carriers, Rail Transit Systems, Tourist, Scenic, Historic and Excursion Operators, and Private Cars
- Subpart A—General
- Subpart B—Freight Rail Including Freight Railroad Carriers, Rail Hazardous Materials Shippers, Rail Hazardous Materials Receivers, and Private Cars
- Subpart C—Passenger Rail Including Passenger Railroad Carriers, Rail Transit Systems, Tourist, Scenic, Historic and Excursion Operators, and Private Cars
Tables Back to Top
- Table 1—TSA Rail Security Final Rule Summary
- Figure 1—Firm Size Standards
- Figure 2—Types of Small Entities
- Figure 3—Railroad Types by Average Revenue and Number of Employees
- Figure 4—Transit Systems by Average Revenues
- Figure 5—Affected Small Rail Hazardous Materials Facilities
- Figure 6—Average Costs to Railroads by Size
- Figure 7—Average Costs for Small Transit Systems
- Figure 8—Average Costs for Small Rail Hazardous Materials Facilities (21 Employees)
- Figure 9—Average Costs for Small Rail Hazardous Materials Facilities (=21 Employees)
- Figure 10—Average First-Year Compliance Costs as a Percent of Revenue
- Appendix A to Part 1580—High Threat Urban Areas (HTUAs)
- Appendix B to Part 1580—Summary of the Applicability of Part 1580
DATES: Back to Top
This final rule is effective December 26, 2008.
FOR FURTHER INFORMATION CONTACT: Back to Top
For questions related to freight rail security: Scott Gorton, Transportation Sector Network Management, Freight Rail Security, TSA-28, Transportation Security Administration, 601 South 12th Street, Arlington, VA 22202-4220; telephone (571) 227-1251; facsimile (571) 227-1923; e-mail firstname.lastname@example.org.
For questions related to passenger rail security: Morvarid Zolghadr, Mass Transit and Passenger Rail Security, TSA-28, Transportation Security Administration, 601 South 12th Street, Arlington, VA 22202-4220; telephone (571) 227-2957; e-mail email@example.com.
For legal questions: David H. Kasminoff, Office of Chief Counsel, TSA-2, Transportation Security Administration, 601 South 12th Street, Arlington, VA 22202-4220; telephone (571) 227-3583; facsimile (571) 227-1378; e-mail firstname.lastname@example.org.
For questions related to SSI: Andrew E. Colsky, Office of the Special Counselor, SSI Office, TSA-31, Transportation Security Administration, 601 South 12th Street, Arlington, VA 22202-4220; telephone (571) 227-3513; facsimile (571) 227-2945; e-mail SSI@dhs.gov.
SUPPLEMENTARY INFORMATION: Back to Top
Availability of Rulemaking Document Back to Top
You can get an electronic copy of this rulemaking document by—
(1) Searching the Department of Transportation's electronic Docket Management System (DMS) Web page at http://dms.dot.gov/search;
(2) Visiting the Department of Transportation's Docket Operations facility located at 1200 New Jersey Avenue, SE., West Building, Ground Floor, Room W12-140, Washington, DC 20590. The facility is open from 9 a.m. to 5 p.m., Monday through Friday, excluding legal holidays. The Docket Operations telephone number is (202) 366-9826;
(3) Accessing the Government Printing Office's Web page at http://www.gpoaccess.gov/fr/index.html; or
(4) Visiting TSA's Security Regulations Web page at http://www.tsa.gov and accessing the link for “Research Center” at the top of the page.
In addition, copies are available by writing or calling one of the individuals in the FOR FURTHER INFORMATION CONTACT section. When making such a request, please identify the docket number of this rulemaking.
Small Entity Inquiries Back to Top
The Small Business Regulatory Enforcement Fairness Act (SBREFA) of 1996 requires TSA to comply with small entity requests for information and advice about compliance with statutes and regulations within TSA's jurisdiction. Any small entity that has a question regarding this document may contact one of the persons listed in the FOR FURTHER INFORMATION CONTACT section. Persons can obtain further information regarding SBREFA on the Small Business Administration's (SBA) Web page at http://www.sba.gov/advo/laws/law_lib.html.
Abbreviations and Terms Used in This Document Back to Top
AAR—Association of American Railroads
AEI—Automatic Equipment Identification
ASLRRA—American Short Line Regional Railroad Association
Amtrak—National Railroad Passenger Corporation
CFATS—Chemical Facility Anti-Terrorism Standards
CVI—Chemical-terrorism Vulnerability Information
DOD—Department of Defense
DOE—Department of Energy
DOT—Department of Transportation
EPA—Environmental Protection Agency
FIPS201—Federal Information Processing Standards Publication 201
FRA—Federal Railroad Administration
FRFA—Final Regulatory Flexibility Analysis
FSO—Facility Security Officer
FTA—Federal Transit Administration
FTE—Full Time Equivalent
GPS—Global Positioning System
HMR—Hazardous Materials Regulations
HSPD—Homeland Security Presidential Directive
HTUA—High Threat Urban Area
IED—Improvised Explosive Device
MOU—Memorandum of Understanding
MTSA—Maritime Transportation Security Act
NAICS—North American Industry Classification System
NRC—Nuclear Regulatory Commission
OA—State Safety Oversight Agency
PCII—Protected Critical Infrastructure Information
PHMSA—Pipeline and Hazardous Materials Safety Administration
PIH—Poisonous by Inhalation or Poison Inhalation Hazard (materials) (PIH is another term for TIH)
RSC—Rail Security Coordinator
SBA—Small Business Administration
SGI—Safeguards Information Program
SSI—Sensitive Security Information
STB—Surface Transportation Board
TIH—Toxic Inhalation Hazard (TIH is another term for PIH)
Outline of Final Rule Preamble Back to Top
I. Background and Summary of the Final Rule
A. Summary of the Rule
B. Purpose of the Rule
C. Changes From the NPRM
II. Overlap Between TSA's Rule and Other DHS Regulations
III. Rail Security-Sensitive Materials
IV. Public Comments on the NPRM and TSA Responses on Regulatory Provisions
B. Specification of Hazardous Materials
C. Rail Security Coordinators
D. Inspection Authority
E. Reporting Significant Security Concerns
F. Sensitive Security Information
G. Chain of Custody and Control
H. Location and Shipping Information for Certain Rail Cars
I. Whistleblower Protection for Employees
K. Comments on the Regulatory Impact Assessment
L. Comments Beyond the Scope of the Rulemaking
V. Rulemaking Analyses and Notices
A. Executive Order 12866 Assessment (Regulatory Planning and Review)
B. Regulatory Flexibility Act Assessment
C. Paperwork Reduction Act
D. International Trade Impact Assessment
E. Unfunded Mandates Reform Act Analyses
F. Executive Order 13132 (Federalism)
G. Environmental Analysis
H. Energy Impact Analysis
I. Background and Summary of This Final Rule Back to Top
A. Summary of This Rule
TSA's final rule applies several general requirements to all freight and passenger railroad carriers, certain facilities that ship or receive specified hazardous materials by rail, and rail transit systems:
- Rail Security Coordinator. Covered entities must designate a rail security coordinator (RSC) and at least one alternate RSC to be available to TSA on a 24-hour, seven days per week basis to serve as the primary contact for receipt of intelligence information and other security-related activities.
- Reporting. Covered entities must immediately report incidents, potential threats, and significant security concerns to TSA.
- TSA Inspection. Covered entities must allow TSA inspectors, and DHS officials working with TSA, to enter and conduct inspections, copy records, perform tests, and conduct other activities necessary to carry out TSA's statutory responsibilities.
- Sensitive Security Information (SSI). This rule clarifies and extends the protection afforded to SSI in rail transportation and further identifies covered persons to include railroad carriers; certain facilities that ship or receive specified hazardous materials by rail; transit systems; and State, local, and tribal employees, contractors, and grantees.
The rule also applies additional requirements to freight railroad carriers and certain facilities that ship or receive specified hazardous materials by rail:
- Location and Shipping Information. Covered entities must provide to TSA, upon request, the location and shipping information of rail cars within their physical custody or control that contain a specified category and quantity of hazardous material. Class I freight railroad carriers must provide the information to TSA no later than five minutes (for one car) or 30 minutes (for two or more cars) after receiving the request. Other railroad operators and rail hazardous materials shipper and receiver facilities must provide the information for one or more cars within 30 minutes after receiving the request.
- Chain of Custody and Control. Covered entities must provide for a secure chain of custody and control of rail cars containing a specified quantity and type of hazardous material.
As TSA specified in its Notice of Proposed Rulemaking (NPRM) for this rulemaking (see 71 FR 76852, December 21, 2006), chain of custody and location requirements apply to specified quantities of three categories of hazardous materials based on the Department of Transportation's (DOT's) Hazardous Materials Regulations (HMR) (49 CFR parts 171-180):
(1) A rail car containing more than 2,268 kg (5,000 lbs) of a Division 1.1, 1.2, or 1.3 (explosive) material, as defined in 49 CFR 173.50;
(2) A tank car containing a material poisonous by inhalation (PIH) as defined in 49 CFR 171.8, including anhydrous ammonia, Division 2.3 gases poisonous by inhalation as set forth in 49 CFR 173.115(c), and Division 6.1 liquids meeting the defining criteria in 49 CFR 173.132(a)(1)(iii) and assigned to hazard zone A or hazard zone B in accordance with 49 CFR 173.133(a), excluding residue quantities of these materials; and
(3) A rail car containing a highway route-controlled quantity of a Class 7 (radioactive) material, as defined in 49 CFR 173.403.
Appendix B to part 1580 of Title 49 of the Code of Federal Regulations, reproduced as Table 1 below, presents a brief summary of the security measures required for the different categories of rail transportation entities that this final rule governs.
|Security measure and rule section||Freight railroad carriers NOT transporting specified hazardous materials||Freight railroad carriers transporting specified hazardous materials (§ 1580.100(b))||Rail operations at certain facilities that ship (i.e., offer, prepare, or load for transportation) hazardous materials||Rail operations at certain facilities that receive or unload hazardous materials within an HTUA||Passenger railroad carriers and rail transit systems||Certain other rail operations (private, business/office, circus, tourist, historic, excursion)|
|1Only if notified in writing that a security threat exists.|
|Allow TSA to inspect (§ 1580.5)||X||X||X||X||X||X|
|Appoint rail security coordinator (§ 1580.101 freight; § 1580.201 passenger)||X||X||X||X||X||(1)|
|Report significant security concerns(§ 1580.105 freight; § 1580.203 passenger)||X||X||X||X||X||X|
|Provide location and shipping information for rail cars containing specified hazardous materials if requested (§ 1580.103)||X||X||X|
|Chain of custody and control requirements for transport of specified hazardous materials that are or may be in an HTUA (§ 1580.107)||X||X||X|
B. Purpose of the Rule
In developing this rule, TSA identified and addressed threats to rail transportation. With respect to passenger rail, TSA recognizes that passenger railroad carriers, commuter operations, and subway systems are high consequence targets in terms of potential loss of life and economic disruption. They carry large numbers of people in a confined environment, offer the opportunity for specific populations to be targeted at particular destinations, and often have stations located below or adjacent to high profile government buildings, major office complexes, and iconic structures. Terrorist bombings since 1995 highlight the need for improved government access to, and monitoring of, transportation of passengers by rail. Terrorists have attacked the Tokyo subway system (1995); areas in and around the Moscow subway system (2000, 2001, and 2004); Madrid commuter trains (2004); the London Underground system (2005); and the train system in Mumbai (formerly known as Bombay), India (2006).
TSA is also considering the threats that face freight rail transportation. Due to the open infrastructure of the rail transportation system, freight trains can be particularly vulnerable to attack. Currently, rail carriers and shippers lack positive chain of custody and control procedures for rail cars as they move through the transportation system (e.g., as entities load the rail cars at originating facilities, as carriers transport the cars over the tracks, and as entities unload the cars at receiving facilities). This can present a significant vulnerability. Whenever entities stop rail cars in transit and interchange them without appropriate security measures, it creates security vulnerabilities. Freight trains transporting hazardous materials are of even more concern, because an attack on those trains (e.g., through the placement of improvised explosive devices (IEDs)  or other forms of sabotage) could result in the release of hazardous materials.
TSA's NPRM proposed a number of measures to improve the security of freight rail and passenger rail, including rail transit. It also proposed security requirements for shippers and receivers of certain hazardous materials. This final rule adopts most of the provisions of the NPRM. TSA presented its rationale for each element of the NPRM in Section III of the preamble to the NPRM. 71 FR at 76861-76866. TSA describes the differences between the NPRM and this final rule in Section I.C of this preamble. TSA presents a summary of the public comments and responses in Section V of this preamble.
TSA's final rule adopts a risk-based approach by focusing on shipments of certain hazardous materials and establishing chain of custody and control procedures and other measures for rail cars that pose the greatest security vulnerabilities. While an IED attached to any rail car (such as a car transporting coal or household appliances) would obviously cause major damage to that car and its contents upon detonation, the more likely scenario is that terrorists would target a rail car containing highly toxic, explosive, or radioactive hazardous materials, which would cause the greatest loss of life and property and damage to the national economy.
To determine which hazardous materials to identify in the proposed regulation, TSA considered the hazardous materials for which security plans are required as specified in 49 CFR Part 172, Subpart I. (These requirements were included in a final rule adopted by the Pipeline and Hazardous Materials Safety Administration (PHMSA) under Docket Number HM-232.  ) From the list of materials in 49 CFR 172.800(b), TSA identified three categories  of hazardous materials that pose the greatest transportation security risk—materials that are poisonous by inhalation (PIH),  explosive, and radioactive. In the NPRM, TSA proposed to apply specific requirements to certain carriers and facilities that handle these materials. This final rule focuses on the same materials.
Each of these three categories of hazardous materials presents serious security risks. The release of PIH materials in a densely populated urban area would have catastrophic consequences. Such a release would endanger significant numbers of people. The consequences of an accidental PIH release in a rural area were seen in the January 6, 2005 rail accident in Graniteville, South Carolina. A Norfolk Southern Railway Company (NS) freight train carrying chlorine was improperly diverted from the main track onto a rail spur. The train struck a standing train on the rail spur, derailing three locomotives and sixteen rail cars and rupturing a single tank car carrying chlorine. Even in this sparsely populated area, the collision resulted in fatal injuries to eight residents and one railroad employee, injuries to 630 people, and the evacuation of 5,400 local residents. The property damage, including damages to the rolling stock and track, exceeded $6.9 million. While the accident was not the result of a terrorist attack, it nonetheless illustrates the danger of transporting PIH materials and the damage that can result from a release.
Although the number of rail shipments carrying explosives and radioactive materials is relatively low, a release of these materials could cause serious and devastating harm. If terrorists detonated certain explosives  at critical points in the transportation cycle, they could cause significant loss of life and damage to infrastructure, and harm the national economy through the accompanying disruption to commerce. Likewise, if terrorists perpetrated an attack against a rail car transporting certain radioactive materials,  they could endanger a significant number of people as well as disrupt the supply chain as a result of contamination.
This final rule addresses the above-identified threats to rail transportation in several ways. This rule codifies the authority for TSA inspections, requires the designation of a rail security coordinator (RSC), and requires the reporting of significant security concerns by most entities to which the rule is applicable. These requirements will improve TSA's ability to inspect rail operations and communicate with railroads and rail facilities. Through these mechanisms, TSA and DHS will obtain better information and monitoring capabilities concerning potential transportation security incidents involving rail transportation and travel. Also, this final rule's requirements related to hazardous materials, such as additional monitoring and protection of certain rail cars and increased availability of location and shipping information for certain rail cars, will decrease the vulnerabilities of these hazardous materials shipments to attack.
TSA has legal authority to impose these requirements. Under the Aviation and Transportation Security Act (ATSA)  and delegated authority from the Secretary of Homeland Security, TSA has broad responsibility and authority for “security in all modes of transportation * * * including security responsibilities * * * over modes of transportation that are exercised by the Department of Transportation.”  TSA has authorities in addition to those transferred from DOT.  TSA is empowered to develop policies, strategies, plans, and regulations for dealing with threats to all modes of transportation. As part of its security mission, TSA is responsible for assessing intelligence and other information to identify individuals who pose a threat to transportation security and to coordinate countermeasures with other Federal agencies to address such threats.  TSA enforces security-related regulations and requirements,  ensures the adequacy of security measures for the transportation of cargo,  oversees the implementation and ensures the adequacy of security measures at transportation facilities,  and carries out other appropriate duties relating to transportation security.  TSA has broad regulatory authority to achieve ATSA's objectives, and may issue, rescind, and revise such regulations as are necessary to carry out TSA functions.  TSA is also charged with serving as the primary liaison for transportation security to the intelligence and law enforcement communities. 
TSA's authority with respect to transportation security is comprehensive and supported with specific powers related to the development and enforcement of regulations, security directives (SDs), security plans, and other requirements. Accordingly, under this authority, TSA may assess a security risk for any mode of transportation, develop security measures for dealing with that risk, and enforce compliance with those measures.
The Federal hazardous materials transportation law (Federal hazmat law, 49 U.S.C. 5101 et seq.), authorizes the Secretary of DOT to “prescribe regulations for the safe transportation, including security, of hazardous material in intrastate, interstate, and foreign commerce.” The Secretary of DOT has delegated this authority to PHMSA. Under the mandate in § 5103(b), PHMSA promulgated the HMR (49 CFR parts 171-180), which govern safety aspects, including security, of the transportation of hazardous material the Secretary of DOT considers appropriate. In accordance with its security authority, in March 2003, PHMSA adopted new transportation security requirements for offerors and transporters of certain classes and quantities of hazardous materials and new security training requirements for hazardous materials employees. The security regulations require offerors and carriers to develop and implement security plans and to train their employees to recognize and respond to possible security threats.
On August 9, 2006, DOT/PHMSA and DHS/TSA signed an annex to the September 28, 2004, “Memorandum of Understanding Between the Department of Homeland Security and the Department of Transportation on Roles and Responsibilities” (DHS-DOT MOU).  The purpose of the annex is to delineate clear lines of authority and responsibility, promote communication and efficiency, and avoid duplication of effort through cooperation and collaboration in the area of hazardous materials transportation security based on existing legal authorities and core competencies. The annex acknowledges that DHS has lead authority and primary responsibility for security activities in all modes of transportation and notes that TSA is the lead Federal entity for transportation security.
Similarly, on September 28, 2006, DOT's Federal Railroad Administration (FRA) and TSA signed an annex to the DHS-DOT MOU to address each agency's roles and responsibilities for rail transportation security. The FRA-TSA annex recognizes that TSA is the lead Federal entity for transportation security in general and rail security in particular. Concerning safety, the FRA-TSA annex recognizes that FRA has authority over every area of railroad safety (including security) and that FRA enforces PHMSA's HMR. The FRA-TSA annex includes procedures for coordinating: (1) Planning, inspection, training, and enforcement activities; (2) criticality and vulnerability assessments and security reviews; (3) communication with affected stakeholders; and (4) the use of personnel and resources. Copies of the two annexes are available for review in the public docket for this rulemaking. Consistent with the principles outlined in the PHMSA-TSA and FRA-TSA annexes, PHMSA and FRA collaborated with TSA to develop this final rule.
On April 16, 2008, PHMSA published an interim final rule in the Federal Register to revise the current requirements in the HMR applicable to the safe and secure transportation of hazardous materials transported in commerce by rail. 73 FR 20752. Specifically, PHMSA adopted the following:
- Rail carriers transporting certain explosives, PIH material, and radioactive materials must compile information and data on the commodities transported, including the transportation routes over which they transport these commodities.
- Rail carriers transporting the specified hazardous materials must use the data they compile on commodities they transport to analyze the safety and security risks for the transportation routes used and all practicable alternative routes to the one used. Rail carriers must utilize these analyses to make transportation decisions that result in the transportation of these materials over the safest and most secure commercially practicable routes posing the least overall safety and security risks.
- Rail carriers must specifically address the security risks associated with shipments delayed in transit or temporarily stored in transit as part of their security plans.
- Rail carriers transporting covered hazardous materials must notify consignees if there is a significant unplanned delay affecting the delivery of the hazardous material.
- Rail carriers must work with shippers and consignees to minimize the time a rail car containing one of the specified hazardous materials is placed on track awaiting pick-up or delivery or transfer from one carrier to another.
- Rail carriers must conduct visual security inspections at ground level of rail cars containing hazardous materials to inspect for signs of tampering or the introduction of an IED.
C. Changes From the NPRM
This section summarizes the regulatory text changes that TSA has made to the NPRM in this final rule. In addition to the summary contained in this section, in many cases TSA has provided a more extensive discussion of the change, and the reason for the change, in the response to comments below. See Section IV “Public Comments on the NPRM and TSA Responses on Regulatory Provisions.” Finally, to the extent TSA has made technical corrections or corrected typographical errors, we do not specifically discuss them.
1. Sensitive Security Information
TSA has revised paragraph (b)(15) of 49 CFR 1520.5 to add rail to the categories of research and development information related to transportation security activities that is protected as SSI. TSA has revised paragraph (b) of 49 CFR 1520.11 to add State, local, and tribal government employees, contractors, and grantees to the list of persons with a potential need to know SSI. TSA made this change to be consistent with DHS policy on information sharing and allow States, localities and tribal governments, and their contractors and grantees, to have access to SSI if the information is needed for the performance of official duties, such as the prevention or mitigation of security incidents, contracts, or grants.
2. Rail Security-Sensitive Materials
This final rule defines the term “rail security-sensitive materials” to mean one or more of the categories and quantities of the materials set forth in the new § 1580.100(b), the transportation of which requires the operators to carry out the security measures in this rule. TSA has introduced this term to comply with §§ 1501(13) and 1551 of the “Implementing the Recommendations of the 9/11 Commission Act of 2007” (9/11 Commission Act).  Section 1501(13) defines “security-sensitive material” to mean a material or group of materials, in a particular quantity and form that the Secretary of Homeland Security, in consultation with the Secretary of Transportation, determines through rulemaking with opportunity for public comment, poses a significant risk to national security while being transported in commerce. Section 1551 directs the Secretary of Transportation, in consultation with the Secretary of Homeland Security, to publish a final rule based on the PHMSA NPRM published on December 21, 2006.  That section directs the Secretary of Transportation to ensure that the PHMSA final rule requires railroad carriers of “security-sensitive materials” to “select the safest and most secure route to be used in transporting” those materials and to select such route based on the railroad carrier's analysis of the safety and security risks on primary and alternate transportation routes over which the carrier has authority to operate.
Through this Rail Transportation Security rulemaking, TSA has provided the public with an opportunity to comment on its identification of security-sensitive materials in the rail sector. See Section III of this preamble. TSA has added the term “rail security-sensitive material” to 49 CFR 1580.3 to denote that the Secretary of Homeland Security has determined that the categories and quantities of hazardous materials set forth in 49 CFR 1580.100(b) pose a significant risk to national security while being transported in commerce by rail due to the potential use of one or more of these materials in an act of terrorism. TSA has therefore concluded that these categories and quantities of hazardous materials constitute “security-sensitive material” for purposes of triggering the railroad routing requirements in § 1551 of the 9/11 Commission Act.
3. Inspection Authority
In response to commenters who expressed concerns about verifying the identity and credentials of TSA inspectors, TSA has added a new paragraph (d) to 49 CFR 1580.5. It provides that TSA inspectors, and DHS officials working with TSA, will present their credentials for examination, at the request of the entity being inspected, with the understanding that the credentials may not be reproduced. Any regulated party wishing to authenticate the identity of an individual purporting to represent TSA may contact the Freedom Center at 703-563-3240 or 1-877-456-8722. 
4. Reporting Significant Security Concerns
In the NPRM, TSA stated that reports of potential threats and significant security concerns to DHS would be required “in a manner prescribed by TSA.”See 49 CFR 1580.105(b) and 1580.203(b). In this final rule, TSA has revised paragraph (b) of each section to indicate that the regulated parties must make the required reports by telephoning the Freedom Center at 703-563-3240 or 1-877-456-8722.
5. Chain of Custody and Control Requirements
Some commenters asked TSA to explain the concept of “attending a rail car” in the context of complying with the requirement in paragraphs (c) and (d) of 49 CFR 1580.107 “to ensure that the rail car is not left unattended at any time during the physical transfer of custody.” One commenter asked if “maintain[ing] positive control of the rail car” for purposes of 49 CFR 1580.107(f)(1) was merely synonymous with a prohibition against unattended pick up and delivery. In response, TSA has added a new paragraph (k) to 49 CFR 1580.107 to explain the terms “attended” and “maintains positive control.” As used in § 1580.107, a rail car is “attended” if an employee or authorized representative of the freight railroad carrier: (1) Is physically located on site in reasonable proximity to the rail car; (2) is capable of promptly responding to unauthorized access or activity at or near the rail car, including immediately contacting law enforcement or other authorities, and (3) immediately responds to any unauthorized access or activity at or near the rail car either personally or by contacting law enforcement or other authorities. Electronic monitoring is permitted so long as the responsible party is located on site and can accomplish an equivalent level of surveillance, response, and notification. Attending a rail car is a component part of maintaining positive control. As used in § 1580.107, when the rail hazardous materials receiver and freight railroad carrier communicate and cooperate with each other to ensure the security of the rail car during the physical transfer of custody, they are “maintaining positive control” of the car.
TSA has also included an explanation in paragraph (k) of the term “document the transfer.” As used in § 1580.107, a transfer of physical custody of a rail car is properly documented, either in writing or electronically, when the documentation contains, at a minimum: (1) The car's initial (also known as the reporting mark) and number; (2) the names or employee numbers of the individuals who attended the transfer; (3) the location where the transfer took place; and (4) the date and time the transfer was completed.
6. Location and Shipping Information for Certain Rail Cars
In the NPRM, TSA proposed a one-hour timeframe for freight railroad carriers, rail hazardous materials shippers, and rail hazardous materials receivers to report the location and shipping information to TSA or other DHS officials for a specified rail car(s). However, in recognition of the fact that such information is critical to addressing specific security threats or incidents, TSA sought comment on the feasibility of a shorter timeframe, such as five minutes or thirty minutes. Based upon comments received and TSA's understanding of the technological capabilities of the regulated parties, we have changed the reporting timeframe in 49 CFR 1580.103 by revising paragraph (d) and adding a new paragraph (e). Paragraph (d) requires all Class I freight railroad carriers subject to § 1580.103 to provide location and shipping information to TSA within five minutes if the request concerns only one car and within thirty minutes if the request concerns two or more rail cars. Paragraph (e) requires all other entities subject to § 1580.103 to provide the information to TSA within thirty minutes, regardless of how many rail cars the request concerns. TSA has also added a new paragraph (h) to § 1580.103 to indicate that TSA has adopted the same definition of “Class I carrier” as used by the Surface Transportation Board (STB). See 49 CFR part 1201, General Instructions 1-1.
The NPRM would have required each regulated party to develop procedures for determining location and shipping information, if requested by TSA, for covered rail cars under their physical custody and control, but the NPRM did not propose to require the regulated party to provide TSA with a contact telephone number to use when requesting this information. TSA has added a new paragraph (g) to § 1580.103, requiring each regulated party to provide TSA with a telephone number that is monitored by a live person on a 24-hours a day, seven days a week basis. This will assure a prompt response on those occasions when TSA needs information.
7. Harmonization of Federal Regulation of Nuclear Facilities
TSA recognizes that its statutory authorities and obligations may extend to facilities involved in the production and utilization of nuclear materials or weapons already subject to safety, security, and inspection requirements imposed by the Nuclear Regulatory Commission (NRC) and the Department of Energy (DOE). To ensure that regulated entities are not subject to duplicative or conflicting regulatory or inspection requirements, TSA has included section 1580.111 of the regulations, which states that TSA will coordinate activities under this subpart with the NRC and DOE with respect to regulation of rail hazardous materials shippers and receivers that are also licensed or regulated by the NRC or DOE under the Atomic Energy Act of 1954, as amended, to maintain consistency with the requirements imposed by the NRC and DOE. TSA will enter into appropriate agency-to-agency agreements with the NRC and DOE to carry out section 1580.111.
II. Overlap Between TSA's Rule and Other DHS Regulations Back to Top
This Rail Transportation Security final rule affects entities that also may be subject to the requirements of other DHS rules—e.g., the DHS Chemical Facility Anti-Terrorism Standards (CFATS) regulation  and the Coast Guard's Maritime Transportation Security Act (MTSA)  regulations. This section describes the interrelationships of this rule with the CFATS and MTSA regulations.
Pursuant to § 550 of the Department of Homeland Security Appropriations Act of 2007 (2007 DHS Appropriations Act) (Pub. L. 109-295), which provides DHS with the authority to regulate the security of certain high-risk chemical facilities in the United States, DHS issued an interim final rule on Chemical Facility Anti-Terrorism Standards. See 72 FR 17688 (April 9, 2007). The CFATS rule establishes risk-based performance standards for the security of our Nation's high-risk chemical facilities. It requires facilities that possess specified chemicals at or above specified amounts to provide information to DHS. From this information, DHS will initially determine which facilities are high-risk and preliminarily place high-risk chemical facilities  in risk-based tiers. Such facilities must then prepare Security Vulnerability Assessments, which identify facility security vulnerabilities, and develop and implement Site Security Plans, which include measures that satisfy the DHS-identified risk-based performance standards. The CFATS rule contains associated provisions addressing inspections and audits, recordkeeping, and protection of information that constitutes Chemical-terrorism Vulnerability Information (CVI).
In the CFATS interim final rule (IFR), DHS recognized that with respect to chemical security, certain aspects of § 550 and TSA's authorities are concurrent and overlapping. In the preamble to the CFATS IFR, DHS stated that it does not presently plan to screen railroad facilities for inclusion in the § 550 program (although DHS reserves the right to reevaluate their possible coverage at a future date). See 72 FR 17698-17699. Nevertheless, it is possible that some chemical facilities will be subject to both CFATS and this TSA final rule. Specifically, it is possible that some facilities, which are rail hazardous materials shippers or receivers as defined in this final rule, may be subject to the CFATS screening requirements and may become covered facilities (i.e., high-risk facilities) under the CFATS rule. In such situations, the facilities will have to comply with the requirements of both regulatory programs (including requirements to provide information under both programs). TSA and DHS, however, will work closely together to ensure that the efforts directed at these facilities are coordinated and consistent.
MTSA requires the Secretary of Homeland Security to issue regulations to strengthen the security of American ports and waterways and the ships that use them. This authority, in addition to other grants of authority, serves as the basis for a comprehensive maritime security regime. Under these authorities, the Coast Guard issued regulations to ensure the security of vessels, facilities, and other elements of the maritime transportation system. Part 105 of Title 33 of the Code of Federal Regulations imposed requirements on a range of maritime facilities, including hazardous material and petroleum facilities and those fleeting facilities that receive barges carrying, in bulk, cargoes regulated by Subchapters D and O of Chapter I, Title 46, Code of Federal Regulations or Certain Dangerous Cargoes.
Pursuant to these maritime security regulations, the Coast Guard requires these facilities to perform security assessments and then, based on these assessments, develop security plans, and implement security measures and procedures in order to reduce the risk of, and to mitigate the results of, any security incident that threatens the facility, its personnel, the public, the environment, and the economy.
A few commenters requested that TSA not apply certain provisions of this final rule to facilities that comply with 33 CFR part 105 of the MTSA regulations. Specifically, commenters requested that TSA exempt these facilities from the Rail Transportation Security rule's requirements for appointing RSCs, for reporting of significant security concerns, and for chain of custody and controls. TSA addresses those specific comments in Section V of this preamble. Generally, however, TSA has decided not to exempt MTSA-regulated facilities from these requirements.
Regulating rail security at maritime facilities is a complex issue, and TSA recognizes that certain aspects of the Coast Guard's maritime security regulations and TSA's authorities are concurrent and overlapping. In some respects, compliance with the Coast Guard regulations and with these regulations can be achieved through the same operational practices. For example, the Facility Security Officer (FSO) can serve as the RSC. Also, the rail secure area required by this rule can be the same area as the restricted area designated in the facility security assessment required by 33 CFR 105.305, so long as the regulated party employs physical security measures to ensure that no unauthorized person gains access to the area. However, to the extent that the two sets of requirements are different to account for mode-specific differences in the security issues being addressed by the Coast Guard and TSA, the facility would have to satisfy both sets of regulatory requirements. TSA and the Coast Guard will work closely together to make sure that the requirements of the two programs are complementary, not inconsistent, with each other.
III. Rail Security-Sensitive Material Back to Top
As discussed in section I.C.3 of this preamble, § 1501(13) of the 9/11 Commission Act defines the term “security-sensitive material” to mean “a material, or a group or class of material, in a particular amount and form that the Secretary [of Homeland Security], in consultation with the Secretary of Transportation, determines, through a rulemaking with the opportunity for public comment, poses a significant risk to national security while being transported in commerce due to the potential use of the material in an act of terrorism.” In making such a determination, the Secretary of Homeland Security is directed to consider at least the following: (1) Class 7 radioactive materials; (2) Division 1.1, 1.2, and 1.3 explosives; (3) materials poisonous or toxic by inhalation, including Division 2.3 gases and Division 6.1 materials; and (4) a select agent or toxin regulated by the Centers for Disease Control and Prevention (CDC) under 42 CFR part 73.
As discussed in section IV.B of this preamble, DHS and DOT assessed the security vulnerabilities associated with the transportation of different types and classes of hazardous materials before proposing to apply enhanced security requirements for the categories and quantities of explosive, PIH, and radioactive materials specified in proposed § 1580.100(b). TSA sought comment on whether to apply the requirements in this final rule to fewer or additional hazardous materials or to extend the requirements to include tank cars containing residue. TSA also sought comment on whether there are other hazardous materials that could cause significant loss of life, transportation system disruption, or economic disruption and whether TSA should apply the requirements in this final rule to those other materials.
TSA did not propose to include select agents or toxins regulated by the CDC under 42 CFR part 73, because railroads transport few, if any, shipments of these types of materials. Generally, shipments of infectious substances, including select agents and toxins, must be transported quickly from point of origin to destination to prevent degradation of samples that can occur over time and to ensure swift diagnosis and treatment of infectious diseases. For these reasons, highway (for short distances) and air (for longer distances) are the preferred modes of transportation for these materials.
TSA provided notice and invited public comment in the NPRM on the list of materials that the Secretary of Homeland Security is required to consider under § 1501(13) of the 9/11 Commission Act when defining “security-sensitive material.” The hazardous materials set forth in § 1580.100(b) of this final rule constitute the Secretary of Homeland Security's list of “security-sensitive materials” for purposes of rail transportation. See§ 1551 of the 9/11 Commission Act. Accordingly, the Secretary of Homeland Security, in consultation with the Secretary of Transportation, has satisfied the requirements of § 1551 with respect to the rail mode of transportation and has determined that “rail security-sensitive materials” are: (1) More than 2,268 kg (5,000 lbs) in a single carload of a Division 1.1, 1.2, or 1.3 explosive; (2) a tank car containing a material poisonous by inhalation, as defined in 49 CFR 171.8, including anhydrous ammonia but excluding residue quantities of these materials; and (3) a highway route-controlled quantity of a Class 7 (radioactive) material, as defined in 49 CFR 173.403.
The list of “rail security-sensitive materials” represents the materials that TSA has determined are appropriate at this time for purposes of this final rule and the PHMSA interim final rule. DHS, in consultation with DOT, will continue to evaluate the transportation security risks posed by all types of hazardous materials and may regulate the transportation by rail of other materials at a later time. TSA notes that although PHMSA must require railroad carriers transporting the categories and quantities of materials identified on the DHS list of “rail security-sensitive materials” to comply with the routing requirements in the PHMSA interim final rule, DOT is not precluded by § 1551 of the 9/11 Commission Act from regulating the railroad routing of additional materials or quantities of materials, such as rail cars transporting residue amounts of hazardous materials.
IV. Public Comments on the NPRM and TSA Responses on Regulatory Provisions Back to Top
To gain additional commenter input on the proposed rail security requirements, TSA held a public meeting on February 2, 2007 in Arlington, Virginia. Sixty-one persons attended the meeting. The oral presentations given by stakeholders mirrored their written comments. Transcripts from the public meeting are available for review in the public docket for this rulemaking. The public comment period for the NPRM closed on February 20, 2007. TSA received approximately 73 public comments on the NPRM. Comments were submitted by trade associations, individual companies, labor unions, States and localities, and private individuals.
Below is a summary of the public comments and TSA's responses, organized as follows: Section A describes the overall organization of this section of the preamble, and Section B includes comments and responses related to the specification of hazardous materials. Sections C, D, and E include comments and responses on issues that apply to passenger rail (including rail transit), freight rail, and hazardous materials facilities that ship or receive materials by rail. These issues relate to the appointment of an RSC, TSA's inspection authority, and the requirement to report suspicious incidents or activities. Section F includes comments and responses on SSI issues. Sections G and H include comments and responses on issues that relate to freight railroad carriers and hazardous materials facilities that ship or receive materials by rail. Section I includes comments and responses on whistleblower protection. Section J includes comments and responses on preemption. Section K includes comments and responses on the regulatory impact assessment. Section L concerns comments that are beyond the scope of this rulemaking.
B. Specification of Hazardous Materials
As explained in the NPRM, TSA, PHMSA, and FRA have assessed the security vulnerabilities associated with the transportation of different types and classes of hazardous materials. TSA applied enhanced security requirements for certain categories and quantities of hazardous materials (i.e., as specified in proposed § 1580.100(b)) based upon specific railroad transportation scenarios depicting how individuals could deliberately use hazardous materials to cause significant casualties and property damage. 71 FR at 76861. The materials specified in the NPRM present a significant rail transportation security risk and an attractive target for terrorists because of the potential for these materials to be used as weapons of mass effect. The proposed rule excluded tank cars containing only residue quantities of the hazardous material, because TSA concluded that, from a security perspective, the consequences of the release of a residue quantity of a PIH material would be significantly less than the consequences involving a loaded tank car. 71 FR at 76861. TSA sought comment on whether to apply the requirements in the final rule to fewer or additional hazardous materials or to extend the requirements to include tank cars containing residue quantities. TSA also sought comment on whether there are other hazardous materials that could cause significant loss of life, transportation system disruption, or economic disruption and whether TSA should apply the requirements in the final rule to those other materials.
Comments: An association commented that this final rule should not apply to Division 1.3 explosives, which consist of materials such as fireworks, smokeless powder, and rocket motors. The commenter noted that while TSA characterizes Division 1.3 explosives as commodities presenting “a fire hazard and either a minor blast hazard or a minor projection hazard or both, but not a mass explosion hazard” (71 FR at 76861), many commodities present a fire hazard that are not included in the commodities identified by TSA as warranting special security protection.
TSA Response: TSA is retaining Division 1.3 explosives in § 1580.100(b) of the final rule, because these explosive materials in the quantities covered in this rule present a significant security risk in transportation. Although a Division 1.3 explosive presents a minor blast and/or projection hazard, this material is extremely flammable and could be used as a weapon of mass effect. If compromised in transit by detonation or as a secondary explosion to an IED, Division 1.3 explosives could result in substantial damage to people, public and private property, and rail infrastructure.
Comments: A labor union recommended that TSA reduce the 5,000 pound applicability trigger for explosives in § 1580.100(b) to 100 pounds.
TSA Response: TSA has not adopted this recommendation. A low threshold quantity of 100 pounds of explosives, even if compromised or detonated in transit, is unlikely to have the potential to turn the rail shipment into a weapon of mass effect.
Comments: Several commenters expressed some concern that the TSA and PHMSA rail security NPRMs are not consistent in terms of their application to shipments of PIH materials. The PHMSA NPRM applies to bulk quantities of PIH materials. A “bulk quantity” as used in the HMR means a quantity that exceeds 450 L (119 gallons) for liquids, a net mass greater than 400 kg (882 pounds) for solids, or a water capacity greater than 454 kg (1,000 pounds) as a receptacle for gas. See 49 CFR 171.8. Thus, the provisions of the PHMSA NPRM would apply to PIH shipments transported in tank cars, including residue amounts exceeding 119 gallons, and portable tanks and other bulk containers. In contrast, the TSA NPRM would apply to tank cars containing PIH materials but exclude residues. Commenters suggested that the two rules should be applied consistently. They recommended that both final rules adopt the TSA tank-car threshold and exclude residue shipments, because they represent a low security threat.
TSA Response: We believe that there are important distinctions between the quantities of concern from a security perspective and the quantities of concern from a safety perspective. These distinctions account for the differences between the two rules. The amount of residue remaining in a tank car varies, but in most instances, tank car residues will total approximately 1-2 percent of the original amount of material in the tank, or 1,800-3,600 pounds. There are legitimate safety concerns relating to residue quantities even though the target attractiveness from a security standpoint is diminished. PHMSA explains those safety concerns in its rule. With respect to security, the potential consequences of the release of a residue quantity of al PIH material would be significantly less than the consequences of an incident involving a loaded tank car. Therefore, in this final rule, TSA is requiring enhanced security measures for the classes and quantities of PIH materials as proposed in the NPRM (i.e., not tank cars containing residual PIH materials). TSA has determined that residue quantities of PIH materials in bulk packaging shipments do not carry sufficient amounts of security-sensitive materials to warrant the enhanced security measures required by this rulemaking.
Comments: Some commenters were confused as to whether TSA intended anhydrous ammonia to be included as a PIH material for which enhanced security measures are required.
TSA Response: The answer is yes. To ensure that this confusion does not persist, we are specifically adding anhydrous ammonia as an example in § 1580.100(b) of a material covered by the security requirements in this final rule. Commenters are correct that, under the HMR, anhydrous ammonia is classed as a Division 2.2 compressed gas for domestic transportation. However, anhydrous ammonia meets the definition of a material that is poisonous by inhalation under 49 CFR 171.8 of the HMR. That definition includes any material identified as an inhalation hazard by a special provision in column 7 of the 49 CFR 172.10 Hazardous Materials Table. The entry for anhydrous ammonia in the Hazardous Materials Table includes Special Provision 13, which requires the words “Inhalation Hazard” to be entered on shipping papers and marked on packages.
Comments: Some commenters believed that the hazardous materials listed in 49 CFR 1580.100(b) should include other flammable gases and liquids, since those materials could be weaponized, as well as include other materials that could cause serious damage if released into rivers and lakes. One commenter recommended that TSA extend the applicability of this final rule to cover commodities that convert to poisonous gases when they come into contact with water, fire, or acids; this commenter referenced a train derailment that occurred near Superior, Wisconsin on June 30, 1992 in which 73 persons were injured when the contents of one rail car reacted with water and formed a vast vapor cloud.
TSA Response: While TSA agrees that other types of hazardous materials pose certain security risks in rail transportation, the risks are not as great as those posed by the explosive, radioactive, and PIH materials specified in this final rule, and at this time we are not persuaded that they warrant the additional precautions required by this final rule. TSA, in consultation with PHMSA and FRA, will continue to evaluate the rail transportation security risks posed by all types of hazardous materials and the effectiveness of existing Federal regulations in addressing those risks and will consider specific requirements as necessary.
Comments: One commenter requested that TSA revise the applicability language in 49 CFR 1580.100(b)(3) by replacing the threshold limit of “a highway route-controlled quantity of a Class 7 (radioactive) material” with the NRC's published list of Import and Export Threshold Limits for Category 1 and 2 Radioactive Materials. See Appendix P to 20 CFR part 110.
TSA Response: TSA has retained the threshold limits for radioactive materials as proposed in the NPRM. From a security perspective, it appears that the consequences from a release of a radioactive material subject to the lower threshold limits set forth by the NRC would be significantly less than the consequences of an incident using a highway route-controlled quantity of a Class 7 radioactive material.
C. Rail Security Coordinators
Section 1580.101 of the NPRM proposed that freight railroad carriers, rail hazardous materials shippers, and rail hazardous materials receivers within a High Threat Urban Area (HTUA) appoint an RSC, designated at the corporate level, to serve as the primary contact for intelligence information and security-related activities and communications with TSA, and coordinate security practices and procedures with law enforcement and emergency response agencies. Section 1580.201 of the NPRM proposed that passenger railroad carriers and rail transit systems appoint RSCs who would perform the same functions. TSA received numerous comments on the RSC provisions of the NPRM. TSA summarizes those comments and its responses below.
1. The RSC Role Must Be Performed by a Designated Individual
Comments: Several commenters, representing railroad carriers and explosives manufacturers, remarked that many companies already have emergency response and communications systems in place, with some of them following PHMSA's emergency response information requirements.  Some of these commenters urged TSA to allow the use of an emergency contact center number or a 24-hour corporate security number, instead of appointing an RSC.  The commenters stressed that an emergency call center could connect the TSA caller to the appropriate security or response personnel as needed. Further, other commenters thought that having TSA maintain telephone lists of specific individuals named as RSCs does not appear to add value to the regulation.
TSA Response: TSA believes that there is great security value in requiring the appointment of RSCs and in requiring regulated entities to provide contact information for these individuals. The RSC or alternate must serve as the security liaison between the regulated party and TSA. The RSC or alternate provides a primary single point of contact at the corporate level for receiving communications and inquiries from TSA concerning threat information or security procedures and coordinating responses with appropriate law enforcement and emergency response agencies. If TSA needs to convey extremely time-sensitive security information to a regulated party, particularly in situations requiring frequent information updates, it is important for the sake of continuity that TSA be able to interact with a specific individual. The RSC must be in a position to understand security problems, raise issues with corporate leadership, and recognize when emergency response action is appropriate.
TSA has decided not to allow the use of emergency call centers or 24-hour generic contact numbers to substitute for the requirement to designate named individuals to serve as RSCs and alternate RSCs. However, using call centers, in conjunction with appointed RSCs, may be an appropriate way to satisfy the requirements of 49 CFR 1580.101(e)(2) and 1580.201(e)(2). To meet these requirements, the call center or emergency hotline would need to be staffed 24-hours a day, 7 days a week, and must be able to immediately locate and communicate with the RSC.
2. Scope of Section 1580.101
Comments: Several commenters suggested that certain operations do not need RSCs or that individuals performing similar functions for other purposes, such as individuals responsible for security under DHS's CFATS rule, should be able to serve as RSCs.
Some commenters argued that proposed § 1580.101 should not apply to marine terminals because those facilities are regulated under the Coast Guard security requirements. They believed that TSA should exclude “on-dock” rail facilities from the requirement.
Several trade associations stated that § 1580.101 should not apply to a rail hazardous material shipper or receiver that only ships or receives the specified hazardous materials on an occasional basis. One of these commenters noted that many of its members are relatively small operations that may ship or receive tank cars of anhydrous ammonia only once or twice a year. Another association recommended exempting entities that ship or receive less than three rail cars per month.
Two trade associations objected to requiring occasional rail hazardous materials shippers or receivers to have an RSC available 24-hours a day, 7 days a week, 365 days a year, even if the facility has no rail cars in its custody or in transit. Similarly, several commenters argued that TSA should not require the RSC to be available 24-hours a day, 7 days a week for short line railroads that only operate 40 hours per week or for railroads that do not transport hazardous materials.
TSA Response: TSA requires a point of contact for all carriers, regardless of whether they transport hazardous materials, because security concerns may arise that are unrelated to hazardous materials. TSA must be able to communicate as soon as possible with the RSC for all affected freight railroad carriers and rail hazardous materials facilities if TSA needs to convey extremely time-sensitive threat information or security procedures or seek information relating to threats or potential threats.
TSA has also carefully considered the comments concerning freight railroad carriers who rarely transport, and shippers and receivers who rarely ship or receive, rail cars containing the categories and quantities of hazardous materials covered by part 1580. However, TSA has decided not to exempt these entities from the RSC requirements. With respect to infrequent shipments of hazardous materials, the consequences can be significant even if a railroad carrier only transports a single carload or a rail hazardous materials facility only ships or receives a single carload. The January 6, 2005 rail accident in Graniteville, South Carolina resulted in the puncture of a single tank car of chlorine, but the consequences of that accident were substantial.
In the case of rail hazardous materials facilities that are also subject to the maritime security regime required by MTSA, the individual who serves as the FSO may also fulfill the duties of the RSC, provided that the person understands the responsibilities of an RSC as provided in 49 CFR 1580.101. See 33 CFR parts 101-106. However, compliance with MTSA does not itself satisfy the TSA requirement
3. Scope of Section 1580.201
Comments: Some commenters representing passenger railroads suggested that proposed § 1580.201 should not apply to tourist, scenic, historic, and excursion railroad operations. One commenter recommended that TSA exempt the systems unless they operate in an HTUA, while another commenter believed that the requirements would pose an undue burden.
TSA Response: TSA is promulgating the final RSC requirement as proposed. TSA only requires a tourist, scenic, historic, or excursion passenger rail operation, whether on or off the general railroad system of transportation, to designate and use an RSC if TSA informs it in writing that it must do so because of a general or specific threat concerning that operation. An exemption is not appropriate because many tourist, scenic, historic, and excursion operations, though not necessarily operating in areas of high risk, do carry large numbers of people and may become potential terrorist targets.
If the need arises, TSA will inform the carrier of the need for an RSC. In determining whether one or more of these passenger railroad carriers must designate and use an RSC, TSA will consider all available information, including location, populations served, and any intelligence, law enforcement, and reported suspicious activity.
4. Responsibilities of the RSC
Comments: A few commenters asked whether a corporate RSC could serve multiple regulated facilities or operations and whether the individual serving as the RSC may perform other functions. One State agency commenter recommended that the primary and alternate RSCs appointed by passenger railroad operators or mass transit operators should be identified within the existing State Safety Oversight Agency (OA), formed under 49 CFR part 659.
TSA Response: A single RSC or alternate may have responsibility for multiple covered rail facilities that are owned and operated by one corporation, provided that the individual has the information necessary to perform the RSC's duties.
This final rule allows different people to be on call at different times throughout the day, provided that at least one RSC or alternate is available to TSA on a 24-hour, 7 days a week basis. This final rule allows a passenger rail operator to select a qualified individual who also performs job duties for the OA to serve as the RSC.
5. Rail Security Coordinators Identified Previously
Comments: One mass transit agency asked whether a list of security coordinators previously sent to TSA to comply with the rail SDs would satisfy § 1580.201's requirement to appoint an RSC. 
TSA Response: Yes, passenger railroad carriers and rail transit systems that have already provided the required information on their primary and alternate RSCs to TSA have complied with the requirements of § 1580.201. They do not have to take further action unless any of the contact information changes. However, all covered parties, including those passenger railroad carriers and rail transit systems that have already provided the required information, must report all changes to the names, titles, telephone numbers, and e-mail addresses of the RSCs and alternate RSCs to TSA within seven calendar days.
6. Rail Security Coordinator Coordination With State and Local Governments
Comments: Several commenters representing State and local agencies stated that contact information for RSCs should be made available to local governments where hazardous material rail cars may be staged. Another commenter requested that TSA make RSC information available to local emergency planning committees and/or the sheriff's department at all locations where the railroad maintains a switching yard where rail cars containing hazardous materials subject to this final rule may be staged for more than four hours.
TSA Response: When it is necessary and appropriate, TSA will make RSC information available to State and local government agencies for official business purposes, including emergency responders.
7. Rail Security Coordinator Training
In the NPRM, TSA noted that the RSC proposal was crafted as a performance standard, and TSA anticipated that each of the regulated parties would provide its RSC with the information necessary to perform his or her job duties. 71 FR at 76863. However, TSA sought comment on whether to add a training requirement for RSCs in the final rule or via another rulemaking, and requested information on potential training methods.
Comments: TSA received comments both supporting and opposing the inclusion of training standards. Commenters supporting training requirements recommended TSA include standards that were consistent with those that the Coast Guard requires for FSOs under 33 CFR 105.205. Other commenters believed training programs were necessary to ensure a common knowledge base across the industry. For example, The Tri-State Oversight Committee for Maryland, Virginia, and the District of Columbia encouraged TSA to create a national level training program for RSCs and suggested that TSA establish a single training academy where RSCs could network and share best practices, similar to the Federal Transit Administration's (FTA's) workshops for State Safety Oversight personnel. Other commenters stated that training was unnecessary, because railroad personnel already perform similar functions and have been trained to perform them.
TSA Response: TSA has determined not to provide RSC training at this time or to provide specific training standards. To comply with the RSC requirement, the regulated party must ensure that individuals performing RSC duties are available to TSA on a 24-hours a day basis, capable of serving as the primary point of contact with TSA on security matters, and able to coordinate security practices and procedures with appropriate law enforcement and emergency response agencies. To meet the performance standard established for RSCs, TSA expects entities subject to this requirement to provide any necessary training, which may be specific to each entity.
D. Inspection Authority
TSA received numerous comments on many aspects of the inspection provisions of the NPRM. TSA considered all the comments and has decided to make only one minor change to the inspection provisions. Specifically, TSA has added a new paragraph (d) to 49 CFR 1580.5 to state that upon request, TSA inspectors and DHS officials working with TSA will present their credentials for examination, but with the proviso that the credentials may not be photocopied or otherwise reproduced (so as to mitigate the possibility that an inspector's credentials will be duplicated for fraudulent purposes). TSA added this paragraph in response to commenter requests for an authentication process to verify the identity of an individual purporting to represent TSA.
1. Unannounced Inspections
Comments: Section 1580.5(c) of the NPRM codified TSA's authority to “enter, without advance notice * * * any area or within any conveyance * * * in order to inspect or test compliance, or perform other such duties as TSA may direct.” Many commenters objected to this provision, raising the following comments and concerns:
- Unannounced inspections will disrupt ongoing business activities.
- TSA should pre-arrange inspections when practical.
- Employees of railroads and facilities who find TSA inspectors on their premises might view them as a threat and respond by calling law enforcement or security guards.
- The presence of TSA inspectors on rail lines and in operating facilities would be dangerous to TSA employees, rail system or facility employees, and customers. Inspectors should be escorted, qualified, and/or trained to ensure safety. Some commenters recommended specific types of safety training.
- Railroad operators and facility owner/operators may incur liability if TSA inspectors or others are injured.
- TSA inspectors should be required to obtain facility identification media and/or TSA should provide a mechanism through which they can verify the identity of TSA inspectors.
- The rule language is inconsistent with Security Directive RAILPAX-04-01.
- TSA should limit the scope of potential unannounced visits to hazardous materials shipper, railroad carrier, and hazardous materials receiver locations where rail cars containing PIH, explosive, and radioactive materials. are handled
a. Need to Conduct Unannounced Inspections
TSA has retained the language that it used in the NPRM with respect to conducting inspections within any area or conveyance of a regulated party without providing advance notice. TSA anticipates that in most cases it will notify railroad carriers, rail transit systems, and rail hazardous materials facilities of scheduled inspections. This notice gives the parties to be inspected the opportunity to gather evidence of compliance and to arrange to have the appropriate personnel available to assist TSA. However, inspections related to a particular incident, and inspections that are made without notice, are necessary. Some inspections can only be effective if they are unannounced, so as to determine whether the regulated party is in compliance when it is unaware that TSA may be inspecting. TSA must have the flexibility to respond to information, operations, and specific circumstances whenever they exist or develop. TSA must be able to assess the security of covered parties during all times of the day or night and under all operational situations. Consequently, TSA may have to conduct inspections in the evenings, at night, on weekends, or on holidays. Security concerns are different at different times of the day and on different days of the week, and terrorists may seek to take advantage of vulnerabilities whenever they occur. TSA must be able to assess potential threats and an entity's security measures at any time.
The nature of any given TSA inspection will depend on the specific circumstances surrounding a particular railroad carrier, rail transit system, or rail hazardous materials shipper or receiver's operations at a given point in time and will be considered in conjunction with available threat information. While TSA may choose to notify regulated entities, local emergency responders, or other agencies on a case-by-case basis, TSA is not including a mandatory requirement to notify the regulated party.
We note, too, that many of the locations that TSA may inspect do not have access controls, such as fences or gates. Indeed, in some locations, the general public has easy access to the property. Unannounced TSA inspections of these areas will not require access to controlled areas. Further, TSA's inspection may test the regulated party's ability to detect and respond to the presence of unauthorized individuals.
b. Contacts with Law Enforcement Officials
In response to the commenters who believe that unannounced TSA inspections would create new safety and security risks for TSA inspectors and to other individuals on rail property, TSA recognizes that the presence of a seemingly unauthorized individual on the property of a railroad carrier, rail transit system, or rail hazardous materials facility may result in law enforcement officials being contacted. In the case of announced or planned inspections, TSA has trained its inspectors to identify themselves when they reach the facility to be inspected in order to avoid unnecessary notification of local law enforcement officials. In the case of unannounced inspections where the inspector has not notified any representative of the inspected facility, TSA has trained its inspectors to provide identification upon demand to a representative of the facility.
In response to commenter concerns about their liability in connection with TSA personnel who may be injured on rail property while performing unannounced inspections, we note that we have trained our inspectors on specific safety and security protocols to follow while inspecting the equipment and facilities of a regulated party. In the event that a TSA inspector is either injured or alleged to have caused an injury while on a regulated party's property, we will address the situation in accordance with applicable laws and regulations. By way of example, as a general rule, a TSA employee who sustains injuries while performing official duties is compensated by the Federal Employees Compensation Act (FECA), 5 U.S.C. 8101-8193.  Persons who believe they have a tort claim against the United States may pursue their rights under the Federal Torts Claim Act (FTCA).  See 26 U.S.C. 2671-2680.
d. Relationship to Inspection Authority Pursuant to Security Directives
The American Public Transportation Association (APTA) commented that conducting unannounced inspections is inconsistent with the requirement in SD RAILPAX-04-01 that TSA coordinate inspections with the rail property's designated security coordinator. In response, TSA acknowledges that it is expanding the requirements in the rail SDs. In most cases, TSA inspectors will notify the rail property in advance to schedule an inspection and, to the extent practicable, work in close partnership during the visit with the RSC designated under § 1580.201 or other appropriate official(s) designated by the railroad carrier or rail transit system. However, TSA must be able to make unannounced inspections to check for compliance. To the extent there is ambiguity as to whether TSA inspections, evaluations, and tests to ensure compliance with the rail SDs can only be performed if they are announced and coordinated in advance with the regulated party, TSA notes that the inspection authority set forth in 49 CFR 1580.5 supersedes the provisions in TSA's rail SDs that compliance visits will be coordinated with the Security Coordinator.
e. Training of TSA Inspectors
TSA appreciates that inspectors must be properly trained to avoid danger to themselves, to workers on the inspected property, to travelers, and to the inspected property. TSA intends to use only properly trained personnel to conduct inspections. TSA puts its inspectors through a rigorous training program, incorporating classroom and field training, so that inspectors are knowledgeable on all aspects related to this regulatory program as well as on safety issues. TSA inspectors receive training on specific safety procedures to use while inspecting the equipment and facilities of freight and passenger railroad carriers, transit system owners and operators, and rail hazardous materials facilities, including the Transportation Safety Institute's Transportation of Hazardous Materials course covering 49 CFR parts 100-185. Many of TSA's inspectors have backgrounds in law enforcement and physical security and are subject matter experts in the field of railroad transportation, including the transportation of hazardous materials. In addition, all DHS officials conducting inspections with TSA will receive training, including training on applicable FRA requirements and the safety procedures to follow while aboard a conveyance or inside a terminal or facility. If a rail hazardous materials facility requests that an inspector receive facility-specific safety briefings or training, TSA will work with the facility to accommodate those requests, provided that the timing is acceptable and that additional safety training is reasonable given the nature of the expected inspection.
2. Use of Identification Media and Verification of Identity of TSA Inspectors
Comments: Section 1580.5(c) provides that TSA is authorized to “enter, without advance notice * * * any area or within any conveyance without access media or identification media * * * in order to inspect or test compliance, or perform other such duties as TSA may direct.” Many commenters expressed concerns and comments about verifying the identity and credentials of inspectors. For example, APTA expressed the view that allowing TSA personnel to conduct inspections without identification media issued by the rail property would create unnecessary delays and disruption until their identities can be properly verified. APTA recommended that TSA inspectors use local identification media in addition to their TSA credentials to reduce the possibility that an individual posing as a TSA inspector could gain access to a property and compromise security.
Several commenters asked TSA to include a clearly stated authentication process, including a 24/7 telephone number, in the text of this final rule. Other commenters recommended that TSA officials be required to present government credentials and other identification (including photo identification) before being allowed on site, be badged at the facility to be inspected, or be escorted by a company representative.
One commenter stated that TSA inspections at NRC-licensed facilities without presentation of access or identification media issued or approved by the NRC licensees would place the licensees in direct violation of NRC regulations and security orders concerning access authorization.
TSA Response: TSA inspectors will carry Federal government credentials identifying themselves as having official authority to inspect. In addition, any railroad carrier, rail transit system, or rail hazardous materials facility wishing to authenticate the identity of an individual purporting to represent TSA may contact the Freedom Center at 703-563-3240 or 1-877-456-8722. In addition, TSA has provided some additional regulatory text on the issue of inspector credentials. Upon the request of an entity being inspected by TSA (and, as applicable, DHS officials working with TSA) the TSA or DHS official will present their credentials for examination, provided that the credentials may not be photocopied or otherwise reproduced. See 49 CFR 1580.5(d).
TSA notes that Homeland Security Presidential Directive 12 (HSPD-12) requires Federal agencies to improve secure identification processes for Federal employees and contractors.  The U.S. Department of Commerce has published guidance on the standards and methods by which Agencies could reach compliance with HSPD-12. 
As the capability becomes available and implementation of HSPD-12 continues, all Federal employees will have Federally-issued HSPD-12 compliant cards. TSA will establish procedures for regulated parties that elect to electronically validate Federal officials' credentials using FIPS 201 real-time credential authentication capability. In compliance with § 1512 of the 9/11 Commission Act, TSA is developing requirements for security programs in the rail sector. As TSA develops these requirements, TSA will consider procedures and protocols pertaining to verification of Federal HSPD-12 cards.
TSA has decided that it will not require an official of the inspected entity to accompany a TSA inspector during inspections. Although, in many cases, such an escort may very well be helpful, in other cases, it may hinder an inspection's timing or scope. TSA's inspectors often will request an escort, but they must be able to perform unescorted inspections at times to check compliance. With the exception of NRC-licensed facilities (as discussed below), TSA also is not requiring that inspectors receive identification media from the facility to be inspected. These media will not be necessary once the inspectors show their TSA or DHS credentials.
In the case of inspections conducted at NRC-licensed facilities, TSA inspectors who have not been granted unescorted access to the facility in accordance with NRC regulations will perform their unannounced inspections while escorted by an NRC or licensee employee who has been granted unescorted access. NRC inspectors inspecting for compliance with NRC requirements will notify TSA about any rail security concerns. As noted earlier, TSA intends that the specifics of these arrangements be outlined in an agreement between TSA and the NRC.
3. Warrantless Inspections
a. Legal Authority To Conduct Warrantless Inspections
Comments: One commenter questioned the legal grounds for the seizure of copies of documents without a warrant.
TSA Response: TSA is mandated by ATSA to develop policies, strategies, and plans for dealing with threats to all modes of transportation,  including rail, and has authority to conduct inspections to ensure compliance with those policies and plans.  The inspection authority provision in § 1580.5 of this final rule requires that freight and passenger railroad carriers, rail transit systems, and rail hazardous materials facilities allow TSA officials and DHS officials working with TSA to enter and be present within any area or within any conveyance to conduct inspections, tests, or to perform such other duties at any time or place to carry out TSA's statutory duties.
These inspections may be conducted without a warrant. By publication of this final regulation, owners and operators of rail operations and hazardous materials facilities are on notice as to the statutory and regulatory authority for the inspections. The regulation also identifies that TSA and other authorized DHS officials are the persons authorized to conduct the inspections. In addition, TSA has explained that the inspections may occur at any time, but will occur in a reasonable manner. Finally, the regulation identifies the locations subject to inspection and delineates the scope of the inspection, in that the inspection will encompass the property, facilities, equipment, operations, conveyances, and records that are necessary to carry out TSA's security-related responsibilities.
The entities covered by this final rule are part of a closely regulated industry due to existing oversight and the heightened government interests in regulating these businesses. Most rail carriers and facilities identified in the regulation are already subject to regulation from other Federal entities such as DOT and EPA. There is also no doubt that TSA has a substantial interest in regulating the railroad carriers, rail transit systems, and rail hazardous materials facilities covered by this final rule. The preamble to the NPRM set forth several examples of the devastating consequences of an attack on rail transportation and clearly explained TSA's interest in regulating rail transportation to protect persons and property. 71 FR at 76854. The NPRM also described what measures must be taken by rail interests to detect and deter these threats.
The warrantless administrative inspections contemplated by the rule are also necessary to further the regulatory scheme. TSA's rail inspection program is directed at a mobile industry that transports persons and potentially dangerous materials, and if inspection is to be effective and serve as a credible deterrent, unannounced inspections are essential.
b. Criminal Evidence Found During an Inspection
Comments: A State DOT stated that TSA may not use its regulatory oversight powers as a means to gather and seize criminal evidence against a rail carrier without a search warrant. The commenter said while there are allowable exceptions to warrant searches (such as the exigent circumstances surrounding the hot pursuit of a criminal suspect), none of those circumstances would typically exist during an oversight inspection.
TSA Response: TSA is aware of the legal requirements for conducting a criminal investigation, including requirements for obtaining a search warrant in certain circumstances. Transportation Security Inspectors (Surface) are not criminal investigators, and they will be trained accordingly. As appropriate, the inspectors will refer matters to the appropriate law enforcement authorities.
4. Enforcement Guidance for Inspectors
Comments: One chemical manufacturer stated that TSA must ensure the fairness of guidance documents that TSA may issue to inspectors, that TSA must issue any guidance in accordance with Executive Order (E.O.) 13422, amending E.O. 12866, which addresses Regulatory Planning and Review and the Office of Management Budget's (OMB's) Bulletin for Agency Good Guidance Practices, and that TSA should give the regulated community the opportunity to submit comments regarding any draft guidance.
TSA Response: TSA will evaluate any guidance materials issued to our inspectors to determine the appropriate procedure for issuing them.
5. Review Process for Enforcement Decisions
Comments: National Railroad Passenger Corporation (Amtrak) asked if there would be a review process if the rail carrier does not agree with the decision of the rail inspector.
TSA Response: If any covered party disagrees with a rail inspector's decision with respect to compliance or possible corrective action, the party may request that the decision be reviewed at a higher level at TSA. The regulated entity may request that the issue be resolved by TSA management. Management will raise unresolved issues to TSA's Office of Chief Counsel and senior management for final resolution.
6. Use of Third-Party Contractors for Inspections
Comments: One commenter raised a number of questions about the use of contractors or officials of other agencies to conduct inspections under this rule.
TSA Response: TSA does not intend to employ contractors to carry out TSA's inspection responsibilities. DHS officials may inspect rail operations and rail hazardous materials facilities in coordination with TSA. 
7. Other Comments on TSA Inspection Authority
Comments: A passenger railroad operator asked if TSA would provide any guidelines to rail inspectors regarding their actions while on a conveyance. For example, the commenter asked if the inspectors would occupy revenue seats of rail cars and transit vehicles and if they would be able to use their credentials to travel to and from their residence or place of work.
TSA Response: As stated above in the discussion of inspector training, TSA intends to use only properly trained personnel to conduct inspections. TSA inspectors will display credentials upon request and occupy revenue seats on passenger railroad cars and rail transit system conveyances only while performing official duties. If a TSA inspector is commuting to or from his or her residence or place of work, he or she will pay the same full fare as a member of the traveling public. Also, an on-duty TSA inspector may travel as a paying passenger when conducting unannounced inspections to evaluate the regulated party's security measures.
Comments: Proposed 49 CFR 1580.5(b)(7) states that TSA's inspection authority includes the right to “carry out such other duties, and exercise such other powers, relating to transportation security as the Assistant Secretary of Homeland Security for the TSA considers appropriate, to the extent authorized by law.” One chemical manufacturer commented that this proposed language is vague and undefined, and subjects the regulated community to unknown inspection criteria.
TSA Response: TSA has retained the language that it used in the NPRM. TSA has the primary Federal role in enhancing security for all modes of transportation. Under ATSA, TSA's authority with respect to transportation security is comprehensive and supported with specific powers related to the development and enforcement of security-related regulations, SDs, security plans, and other requirements, including ensuring the adequacy of security measures for the transportation of cargo  and overseeing the implementation of and ensuring the adequacy of security measures at transportation facilities.  In addition to its other responsibilities under ATSA, TSA is charged with carrying out other appropriate duties relating to transportation security.  The regulatory language in 49 CFR 1580.5(b)(7) notifies the regulated community of TSA's broad statutory authority to inspect and codifies the scope of TSA's existing inspection program as it relates to rail security.
As explained in the NPRM, TSA is authorized to conduct general security assessments in addition to inspecting for compliance with specific regulations. TSA has specific powers to assess threats to transportation security; monitor the state of awareness and readiness throughout the rail sector; determine the adequacy of an owner or operator's transportation-related security measures; and identify security gaps.
Comments: Two associations expressed concern that the proposed rule extends beyond just the rail operations and shipping and receiving areas of a regulated facility and, therefore, exceeds TSA's authority. These commenters requested that TSA revise the inspection provision in the rule to limit its scope to those operations directly related to or impacting a facility's rail operations.
TSA Response: TSA's authority to inspect under this rule does not extend to areas of the facility that are unrelated to transportation security, which may include (for example) areas dedicated exclusively to manufacturing or engineering. However, TSA notes that its inspection authority is broad. TSA has the discretion to inspect those areas of a rail hazardous materials shipper or receiver facility that are related to the security of the transportation system, such as the rail secure area and control rooms or offices where security activities are initiated or monitored. Under the authority of ATSA, TSA is directed to ensure the adequacy of security measures for the transportation of cargo,  which includes ensuring the adequacy of security measures at the transportation-related areas of rail hazardous materials shipper and receiver facilities. The rail cars offered, prepared, loaded, received, or unloaded from or at these facilities may travel anywhere in the general railroad system of transportation, including in and near high population areas, critical infrastructure, and other vital areas. Sometimes loaded rail cars will remain for some time at the shipper's facility awaiting pickup from the freight railroad carrier. Whether being loaded at facilities or awaiting pickup at facilities, these rail cars could endanger surrounding areas. Accordingly, TSA's broad authority under ATSA includes authority to inspect those areas of the facilities used for transportation security activities.
E. Reporting Significant Security Concerns
1. General Comments
a. Value of Proposed Requirement To Report Significant Security Concerns
TSA received a number of comments supporting the proposed requirement to report significant security concerns. Two chemical companies and a major trade association supported the reporting of significant security concerns to TSA as proposed in § 1580.105. Other commenters expressed concerns about the requirements.
Comments: The Chairman and four members of the U.S. House Committee on Homeland Security expressed the view that the proposed reporting requirements would not improve rail security. They commented that the reporting requirements would not make the industry proactive in deterring terrorists and that, instead of collecting data for study after incidents have occurred, TSA should provide the industry with mandatory, standardized security practices and mandated training programs.
TSA Response: TSA believes that the requirements to report significant security concerns have great value in the overall approach to enhancing rail security. That approach includes other mandatory requirements, such as the chain of custody measures, location and shipping information, and the designation of RSCs, that will enhance security. TSA agrees with the House Committee members that it is important to focus on deterring activities that might compromise transportation security. TSA believes that reports of significant security concerns from rail transit operations, freight and passenger railroad carriers, and rail hazardous materials shippers and receivers enhance security, because they help TSA to evaluate if there are geographic or other patterns to the activities that are reported. If so, TSA may be able to interrupt similar events at other locations. In addition, TSA can determine if it should intensify inspections that focus on particular areas or activities.
b. Scope of the Reporting Requirements
Comments: The National Industrial Transportation League questioned the extent to which the reporting requirements would apply to a rail hazardous material shipper or receiver with a very large facility. The League asked if TSA intends to require a regulated entity to report any of the enumerated incidents anywhere in its facility, even if the incident has no relationship to or impact on the facility's rail operations.
TSA Response: TSA does not expect shipping or receiving facilities in an HTUA to report incidents that bear no relationship to areas of the facility that are related to the designated rail secure area, rail shipments, or receipt of the hazardous materials covered by this regulation. However, TSA expects that facility owners will report suspicious incidents outside the scope of this rule to other Federal, State, or local authorities, as appropriate or required by those other authorities.
2. Time and Method of Reporting
a. When must reports be made?
Comments: TSA received many comments about the proposed requirement to report significant security concerns “immediately,” particularly in the context of 911 notifications. Commenters asked TSA to define “immediately.” Several commenters requested that TSA clarify that the new reporting requirement does not take precedence over “first calls” to local authorities (that is, 911) for events requiring police, fire, or emergency medical support. A chemical company said that, for practical purposes, “immediate” notification of TSA would follow notification of local first responders via 911. A trade association said that the rule should emphasize that local authorities are to be notified simultaneously because local authorities near the plant site are in the best position to act quickly to mitigate and reduce the consequences of a real threat.
Similarly, one transit authority said that the requirement for “immediate” reporting would burden the RSC and other supervisory security personnel during the resolution of incidents. At such a crucial time, the RSC and other security personnel should focus on safe and secure resolution of the incident. A transit authority suggested that TSA change the reporting timeframe from “immediately” to monthly or bi-weekly reporting.
Two State DOTs said that the proposed rule fails to establish a timeframe for reporting potential threats and significant security concerns or specifically identify the role of the State oversight agency in the reporting process.
Several commenters offered suggested definitions of the term “immediately.” A trade association requested that TSA allow enough time to determine whether a notification is warranted. The association pointed out that the current DOT/PHMSA regulation (49 CFR 171.15) defines immediate notice to mean as soon as practical, but no later than 12 hours, and suggested that TSA incorporate similar language into the final rule. Another trade association noted that PHMSA's incident reporting requirements use the phrase “at the earliest practicable moment” to describe “immediate” and recommended that TSA use the same terminology. See 49 CFR 171.15 (which requires notice “as soon as practical but no later than 12 hours after the occurrence of [the] incident.”).
TSA Response: TSA plays a crucial role in coordinating the Federal response to threats to transportation security. The immediate reporting of a potential threat, a security incident, or a significant security concern is integral to TSA's ability to carry out this function successfully. Prompt notification enables TSA to help coordinate the Federal response, including actions to be taken at the State and local levels, and provides TSA with the situational awareness needed to make the appropriate assessments on the National and local levels.
TSA recognizes that, in some cases, notifying the local first responders to address a threat or consequences in the immediate aftermath of an incident takes precedence over notifying TSA because of the need to protect lives or property. In these cases, regulated entities should notify TSA simultaneously or as soon as possible after notifying 911 or other first responders.
TSA decided not to provide a definition of “immediately” in this final rule. TSA considered the DOT/PHMSA definition but decided that allowing up to twelve hours to report an incident may not allow sufficient time for TSA or other agencies to take necessary action to address a security concern. As noted above, TSA recognizes that, in some cases, reporting to TSA may take place after the reporting entity alerts law enforcement and first responders to ensure public safety and mitigate damage to property.
b. Content and Method of Reporting
Comments: Many commenters asked questions with respect to what information they should include in the reports and how and to whom they should report the information. A technology vendor said that its “off-the-shelf” product could be configured with sensors to detect and report tampering with rail cars and assist in reporting significant safety concerns.
TSA Response: With respect to content, the reports should include all the information required in § 1580.105(d) and § 1580.203(d). Passenger railroad carriers and rail transit systems should refer to § 1580.203, and freight railroad carriers and facilities that ship or receive hazardous materials covered by the rule should refer to § 1580.105. With respect to the method of identifying the information to report, the rule does not require the use of specific products or methodologies. To help identify significant security concerns in a manner that meets this rule's performance standards, the covered entities may elect to use any variety of technological products.
3. Coordination With Other Reporting Requirements
Comments: TSA received numerous comments about the interrelationship between the reporting requirements of this rule and the reporting that occurs in response to other regulatory programs or other procedures. Commenters urged TSA to increase coordination and eliminate unnecessary duplication. For example, one trade association said that certain facilities are currently reporting significant security concerns to the FBI, local authorities, and the Coast Guard. The association said that TSA should use these existing reports to gather information rather than to create an additional reporting requirement. The association suggested that if TSA maintains this reporting requirement in the final rule, it should only apply to the certain hazardous materials determined to pose a higher security risk (such as PIH, explosives, and radioactive materials).
Several commenters wrote about the relationship between the proposed reporting requirement and FTA's reporting requirement in 49 CFR 659.33, asking TSA to clarify the role of State oversight agencies in the reporting process. Some State DOTs said that the proposed reporting would partially duplicate the reporting requirements of the State oversight program, which would force rail systems to develop multiple sets of procedures and processes.
Commenters suggested the following options for coordinating or merging the proposed reporting requirement with similar existing requirements:
- Create a centralized or “one stop” reporting process for stakeholders.
- Avoid any “excessive” duplication between the safety oversight and rail security programs.
- Minimize redundant reporting and ensure there is coordination of FRA, NTSB, and TSA reporting requirements.
- Make the proposed reporting requirement parallel to the existing requirements (or vice versa).
- Allow the reporting to other jurisdictional law enforcement agencies to meet the requirement of reporting to TSA.
- Allow reporting to the State oversight agency to fulfill TSA's requirement.
- Make the proposed reporting requirement more consistent with posting to the public transportation portion of the Homeland Security Information Network (HSIN).
- Modify the reporting requirements for the National Transit Database to support TSA's needs.
- Require that covered entities send reports to the National Response Center as the primary and sole reporting center for the purposes of this section and develop a mechanism for TSA to receive reports of significant security concerns from the National Response Center.
- Include language in the final rule to help regulated entities prioritize all of the notifications that they are required to make.
TSA Response: TSA needs information immediately on potential threats, suspicious activities, and security incidents for the purposes of comprehensive intelligence analysis, threat assessment, and allocation of security resources. Covered entities must report security concerns to the Freedom Center. The Freedom Center maintains communications networks with other Federal operations centers, such as DOT's Crisis Management Center, to convey reported security concerns to interested entities throughout the Federal government.
The reports submitted to State oversight agencies under 49 CFR 659.33 will not satisfy the requirements of this rule. Reports to the oversight agencies meet a more general need for situational awareness, particularly pertaining to safety conditions. The required reporting under this final rule and the reporting under 49 CFR 659.33 do not overlap extensively. Where they do overlap, TSA would expect that passenger railroad carriers and rail transit systems would follow procedures for reporting to TSA as well as to the State agencies.
TSA recognizes that entities regulated by both the Coast Guard and TSA may be required to report the same security concern to the National Response Center and the Freedom Center. However, in this final rule, TSA is requiring reporting to the Freedom Center for all rail-related security issues to facilitate the continued development of a centralized surface transportation security operations center and the development of rail specific intelligence. Moreover, obtaining reports indirectly from the National Response Center, the States, or other third parties might delay a needed response or may not contain adequate information for TSA's purposes.
4. Reportable Events
Comments: Many commenters said that TSA's definition of reportable events is too broad and should be more narrowly focused. Several comments from transit authorities said that the proposed reporting requirements would impose a substantial burden on transit systems and even on TSA itself and that the scope of the requirement should be narrowed. They also asserted that the proposed requirements would result in an overload of information that would divert attention from truly significant threats and dilute the effectiveness of the reporting system. Other commenters asked for a more specific description of “suspicious” activities or a list of examples that would, or would not, be considered “suspicious.” A commenter identified “youth vandalism” as an incident that should not be reportable.
Several commenters offered specific suggestions for which activities or incidents should be considered reportable. Some commenters suggested that the requirement focus on activities that pose a security threat to rail cars carrying covered hazardous materials or the materials covered by this regulation.
An industry association noted that the events that must be reported to DOT are very specific (such as a person being killed or requiring hospitalization) and suggested that TSA's reportable events be more specific and similar to DOT's. One commenter suggested that TSA only require reporting of certain specific crimes. Another commenter made specific suggestions regarding the categories of events that should be reported to TSA.
TSA Response: TSA is aware that the proposed reporting requirements are broad and, in some respects—such as the requirement to report “suspicious” activities—are not as specific as the regulated community would like. However, TSA has not changed the reporting requirements in this final rule for the reasons described below.
The reporting requirements are intended to mitigate the risk to rail transportation systems. These requirements will provide information to the appropriate authorities, allowing their timely intervention to an attack or its preparation. Detecting activities that may compromise transportation security entails piecing together seemingly unrelated incidents or observations and conducting analysis in context with information from other sources. However, as the threat environment is dynamic and indicators of incident planning and preparation can change, TSA cannot provide a threshold for reportable events or a specific definition.
TSA has decided not to accept commenters' suggestions to limit the scope of the reporting requirement. Limiting the scope to the DOT reporting requirements, which are intended to identify safety concerns, would reduce the data that TSA could use for trend analysis to anticipate and prevent an attack. Limiting incident reporting to only PIH materials, explosives in Classes 1.1, 1.2, and 1.3, or highway route-controlled quantities of radioactive materials would also limit TSA's domain awareness.
Comments: A State DOT expressed the concern that transit agencies may respond to the proposed requirement by understating or omitting the annual crime statistics they provide to the State DOT to avoid the proposed reporting requirement. Two State DOTs asked what would happen to a rail transit agency that failed to notice or report a potential threat.
TSA Response: TSA does not believe that transit agencies or others within the scope of TSA's reporting requirements would fail to report crimes in order to avoid the reporting requirements of this final rule. If a covered entity failed to report a potential threat in accordance with this rule, TSA would consider taking enforcement action. TSA would exercise enforcement discretion and would consider factors such as the type of threat and its significance, the procedures the covered party had in place to identify and report such threats, and other factors as appropriate.
Comments: Several commenters requested that TSA develop training programs to assist employees in recognizing events that could raise security concerns and should be reported. One State DOT commented that, for the reporting system to work successfully there needs to be a comprehensive and ongoing training program for employees of passenger railroad carriers and rail transit systems. The agency requested that TSA provide a rail-specific training package for reporting potential threats and significant rail security concerns. Similarly, a labor union asserted that front-line workers will be in the best position to identify many of the potential threats or significant security concerns listed in the proposed rule. The union said that reporting will simply not be as robust or as complete as envisioned by TSA without mandatory security training for rail employees.
A chemical company noted that the proposed rule makes several references to IEDs. The company said that if these devices are a realistic threat to U.S. facilities, then the regulated community could benefit from specialized training, provided by TSA or other government agencies, on recognizing IEDs.
Some commenters requested that TSA provide training to RSCs on what constitutes a reportable event for purposes of reporting significant security concerns.
TSA Response: TSA recognizes that well-trained employees will enhance security. In the passenger rail/rail transit context, TSA has undertaken an effort to elevate the level of training generally, bring greater consistency, and assist transit agencies in arranging and implementing training programs by developing and disseminating a voluntary Mass Transit Security Training Program; this training program is available on TSA's Web site.  The program identifies specific types of training at basic and follow-on levels for particular categories of transit employees. Basic categories for front-line employees include security awareness, behavior recognition, and immediate emergency response. The training program presents the information in a readily understandable matrix, and provides effective guidance to passenger rail and transit agency officials on how to build and implement training programs for employees working in their systems. The Transit Security Grant Program, administered by DHS and TSA to advance security enhancement efforts in passenger rail and mass transit systems, affords the agencies the option of this pre-packaged training program with grant funding. Agencies taking advantage of this program have their grant applications expedited for review and approval. This initiative aims to expand significantly the volume and quality of training for passenger rail and mass transit employees. Information on this initiative is available on TSA's Web site. 
At this time, the rule does not mandate specific training for the reporting of significant security concerns. It specifies the type of incidents that covered entities must report. TSA will work with covered parties to comply with this final rule. In addition, TSA notes that current DOT regulations will aid in providing an adequate basis to identify suspicious incidents. Current DOT regulations require employers to provide security awareness training for most hazardous materials employees. See 49 CFR 172.704. The security awareness training must provide employees with an awareness of security risks associated with hazardous materials transportation and methods to enhance transportation security. This training must also include a component on how to recognize and respond to possible security threats. TSA recognizes that not all reporting will be accomplished by hazardous materials employees, however, TSA also recognizes that almost all employers provide their operational employees with some security awareness training. This training will enhance the quality of the information that covered entities report to TSA and will improve reporting levels. Additionally, TSA is developing a CD that will instruct workers on the appearance of an IED and how to locate an IED on a rail car. The CD will also include a training module on security awareness. TSA will provide the CD to covered parties prior to the effective date of this final rule via a mass mailing and will also post a request form on TSA's Web site.
We note that some commenters made reference to TSA providing training for RSCs. This final rule (49 CFR 1580.105 and 1580.203) does not assign the reporting task to the RSC, and TSA does not expect all reports of significant security concerns to come from the RSC. Reports may be made by individuals who are not employed at the corporate level of the regulated party.
6. Sharing of Information Received
Comments: A commenter asked whether TSA intends to share incident and trend analysis with anyone. Several governmental authorities requested that TSA transmit reports of significant security concerns to states and localities, including first responders, in a timely manner.
TSA Response: TSA may share reports of security concerns with Federal, State, or local law enforcement or other officials, for further analysis or for action consistent with those agencies' authorities.
7. Other Comments on Reporting Significant Security Concerns
Comments: One commenter asked how TSA will respond to and investigate reportable events.
TSA Response: If a determination is made that a reported event warrants a response or further investigation, TSA will work with the RSC, the local Transportation Security Inspectors (Surface), and other Federal, State, and local authorities, if warranted, to take appropriate action.
Comment: A commenter asked whether the information reported would receive SSI protection.
TSA Response: Under 49 CFR 1520.5(b)(7) (threat information), reports of significant security concerns would be considered SSI once TSA receives them.
F. Sensitive Security Information
1. Extent of Protection of Information as SSI
Comments: Several commenters suggested that the final rule should extend SSI protection to information that covered entities must submit to TSA under this rule, including location and shipping information for certain rail cars submitted in accordance with § 1580.103 and reports of significant security concerns submitted in accordance with § 1580.105 or § 1580.203.
TSA Response: The location and shipping information, which carriers are required to maintain and submit, would not be considered SSI. However, once DHS or DOT receives the location and shipping information from the railroad carrier and includes it as part of a broader analysis of the location of rail cars subject to the location reporting requirement, the compilation, not the raw data, will constitute SSI under revised § 1520.5(b)(12). Such compilations require greater protection than the information maintained by the railroad carrier for its business purposes, because the release of a compilation of location and shipping information to the public would increase the risk that the compiled information could be used to identify vulnerabilities or to plan an attack on critical rail assets. In the NPRM, TSA proposed to revise § 1520.5(b)(12), relating to information concerning infrastructure assets, to include rail transportation systems. TSA has included this provision in the final rule. Consistent with the provision, TSA considers lists of critical infrastructure assets prepared by DHS or DOT, including lists of rail cars containing covered materials, to be SSI.
With respect to reports of significant security concerns submitted under § 1580.105 or § 1580.203, such reports would constitute SSI under existing § 1520.5(b)(7) (threat information) once the Federal government receives them.
2. Access to Sensitive Security Information for State Oversight Agency or Designated Local or Tribal Officials
Comments: Many commenters expressed concern with the proposed amendment to 49 CFR part 1520 to protect information related to rail transit systems and to require rail transit systems to restrict the distribution, disclosure, and availability of SSI. Some said that the proposed rule needs to ensure that State oversight agencies responsible for establishing standards for rail safety and security programs for a State's rail fixed-guideway systems under 49 CFR part 659 will have access to SSI. Some were concerned about limitations on the availability of information, because they felt that State and local law enforcement and emergency response personnel need SSI for emergency planning. One commenter requested that TSA specify the rights of State and local governments to access SSI.
TSA Response: TSA agrees that State, local, and tribal governments, including State oversight agencies, should have access to SSI generated under this regulation for which they have a need to know. SSI may not be publicly disclosed pursuant to any State, local, or tribal law. This is consistent with DHS policy and will allow States, localities, and tribal employees, contractors, and grantees to have access to SSI if the information is needed for the performance of official duties on behalf of or in defense of the interests of Federal, State, local, or tribal government, or for performance of the contract or grant. Accordingly, TSA is adding State, local, and tribal agencies, which would include State oversight agencies, to the list of persons with a “need to know” under § 1520.11. This amendment does not authorize a State, local, or tribal agency to access SSI as a general matter. The agency must have a “need to know” specific pieces of SSI. SSI may not be publicly disclosed pursuant to any State, local, or tribal law.
3. Security Clearance
Comments: One commenter noted that most program administrators at the State oversight agencies do not have official “security clearance” authorizations and may therefore not have access to information needed to carry out security-related responsibilities.
TSA Response: TSA has revised § 1520.11 to allow access to SSI by State oversight agency employees with a need to know without requiring them to have security clearances. Under the SSI regulation, the Federal government does not ordinarily clear covered persons for receipt of classified national security information in order to receive access to SSI. TSA notes that security clearances would be required for access to information that is classified pursuant to Executive Order (E.O.) 13292 of March 25, 2003 (68 FR 15315. March 28, 2003); however, SSI does not fall within the scope of the E.O.
4. Inspection Information
Comments: One commenter requested that TSA protect information gathered by TSA inspectors as SSI.
TSA Response: This final rule will protect pertinent inspection-related security information as SSI under § 1520.5(b)(6), as amended by this rulemaking.
5. Simplified Marking
Comments: Another commenter suggested that TSA simplify the SSI marking requirements, so that documents need not be marked on every page.
TSA Response: This issue is beyond the scope of the Rail Transportation Security NPRM. TSA will consider revising the marking requirements of the SSI regulation in a future rulemaking.
6. Broadening the Scope of Sensitive Security Information
Comments: Many commenters supported the provisions protecting the disclosure of SSI in rail transportation. Others opposed expanding the scope of SSI, concerned that use of an SSI designation could withhold too much information from the public. They expressed concern that the proposed rule contained no restrictions on who may declare information SSI, or what information may be included in reports automatically accepted as SSI, and that there were no time limits on how long information protected as SSI remains SSI. These commenters believed that TSA should amend the SSI regulation to make it clear that records relating to the general safety of the rail and transit networks, as well as the terminals and other facilities, and records of their maintenance are not SSI. Other commenters suggested that TSA balance any need to protect route information against the need to disclose to States, cities, counties, Congress, and the public general information about the quantities and types of materials that are being shipped through an area. Other commenters urged that the definition of SSI be as narrow as possible.
TSA Response: TSA is fully committed to disclosing information to the public where appropriate unless such disclosure is prohibited from disclosure under law or would compromise transportation security. TSA does not intend to protect information as SSI that would not be detrimental to transportation security if publicly disclosed. SSI should not be released to individuals who do not have a need to know. Records relating to the general safety of railroad and transit systems, as well as related yards, terminals and other facilities, and records of their maintenance, are not SSI unless they overlap with or are inextricably commingled with security information that falls within the specific categories of SSI information in the SSI regulation. This consists of information that terrorists or others could use to the detriment of transportation or national security. Section 1520.15(b) allows for the public release of all information that is not SSI within records that contain both SSI and non-SSI information.
The SSI regulation defines what is considered SSI and imposes certain SSI handling requirements on a “covered person” with a need to know; only “covered persons” must mark information as SSI under the regulation.
7. Protection of SSI in Civil Litigation
Comments: Several commenters suggested that the SSI provisions should include the protections afforded CVI under DHS's CFATS rule, in light of recent Congressional requirements on the disclosure or sharing of SSI in civil litigation and the protection for SSI that is over three years old.
TSA Response: Last year, DHS issued the CFATS interim final rule on chemical facility security. Pursuant to its statutory mandate, the CFATS rule includes provisions for protecting CVI. Most rail SSI would not also qualify as CVI. Without statutory direction to do so, TSA is not authorized to expand the SSI regulation to include the protections afforded CVI.
The commenter is correct that Congress recently enacted legislation regarding SSI in civil litigation, but the new statute is narrow in scope. Section 525(d) of the 2007 DHS Appropriations Act grants civil litigants or their counsel who do not have a need to know under 49 CFR part 1520 access to specific SSI in Federal civil district court proceedings if certain requirements are met. This provision requires the controlled sharing in civil litigation in Federal district courts of relevant SSI for which a litigant demonstrates a substantial need after successful completion of a security threat assessment, and under a protective order entered by the court that protects the SSI from unauthorized or unnecessary disclosure and specifies the terms and conditions of access.
8. Coordination With Other Information Protection Programs
Comments: Several commenters were concerned that the recent DHS rule governing CVI means that regulated entities may soon manage three categories of protected homeland security information: SSI, Protected Critical Infrastructure Information (PCII) in 6 CFR part 29, and CVI in 6 CFR part 27. Each has unique elements and regulatory requirements. Commenters suggested that TSA consider adopting regulations that would harmonize and clarify information protection procedures for government and the private sector.
Similarly, the NRC has pointed out that some information that would be SSI under this rule would also fall within the scope of their Safeguards Information (SGI) program under § 147 of the Atomic Energy Act of 1954, as amended. SGI must be protected in accordance with the requirements in 10 CFR part 73.
TSA Response: The requirements of each of these information-management programs are specific to each respective program and relate to particular statutory and regulatory provisions. It is beyond the scope of this rulemaking and of TSA's authorities to amend the regulations governing Federal programs other than SSI or to make changes to the SSI regulation that exceed the scope of the Rail Transportation Security NPRM. With respect to information that is both SSI and CVI, PCII, or SGI, such information must be marked and protected in accordance with all applicable regulations. TSA will work closely with DHS and other government agencies to make sure that the requirements of the CVI, PCII, SGI, and SSI programs are complementary, not inconsistent, with each other.
9. Protection for Personal Information
Comments: One commenter recommended that TSA extend SSI protection to the personal information of rail transportation workers and employees of rail hazardous materials shippers and receivers, including RSCs appointed pursuant to this rule.
TSA Response: TSA will not normally share the personal information of RSCs provided to TSA under this rule with organizations external to DHS. However, if appropriate, TSA may share the information with other Federal, State, local, or tribal government agencies, including DOT, in accordance with applicable requirements, such as the Privacy Act and the Freedom of Information Act. To the extent that TSA shares the information with non-Federal entities, such as State, local, or tribal agencies, TSA expects that information will be safeguarded in accordance with procedures designed to protect such information. Accordingly, TSA has decided that it is not necessary to expand the protections afforded to personal information by further amending the SSI regulation at this time. TSA notes that lists of individuals with unescorted access to rail secure areas, if maintained, will be considered SSI under § 1520.5(b)(11)(i)(A). This final rule adopts the proposed amendment of that provision to include lists of individuals with unescorted access to rail secure areas.
10. Expansion of Sensitive Security Information to Other Modes of Transportation Besides Rail
Comments: One commenter believed that the paragraphs in § 1520.5(b) should include motor carriers, motor carrier freight terminals, and motor carrier infrastructure assets.
TSA Response: The changes to the SSI regulation in this final rule are focused on rail transportation rather than on other modes of transportation. Any changes concerning other modes of transportation would be outside the scope of this rulemaking. In the future, TSA may consider changes in the SSI regulation relating to motor carriers.
G. Chain of Custody and Control
Comments: A municipality supported the chain of custody provision and recommended that TSA extend it to the carriage of all hazardous materials. Another commenter suggested that the rule is vague and does not address certain kinds of terrorist attacks (such as placing an explosive device under rail tracks or under elevated rail in a major city) and does not mandate any protective distances.
TSA Response: TSA is not expanding the proposed list of hazardous materials to which the requirements of part 1580 apply. While we recognize that all substances defined by DOT as “hazardous materials” are “capable of posing an unreasonable risk to health, safety, and property when transported in commerce” (see 49 CFR 171.8), not all hazardous materials are subject to the same potential for terrorists to exploit them to cause significant loss of life, transportation system disruption, or economic disruption. At this time, TSA has decided not to expand the list of materials to which this rule applies.
Comments: A commenter asked why TSA did not propose to apply the chain of custody requirements to transfers occurring between train crews employed by the same carrier.
TSA Response: TSA applied a risk-based approach in crafting the requirements of this final rule, and the greatest risk to rail cars today is when they are standing still unattended in an HTUA or prior to entering an HTUA. While TSA acknowledges that there is a security vulnerability any time a railroad carrier leaves rail cars (and sometimes entire trains) unattended, cars and trains are much more frequently left unattended when awaiting interchange to another carrier or at the point of initial shipment and delivery. TSA may consider applying the chain of custody requirements to intra-carrier transfers in a later rulemaking.
Comments: Two commenters opposed the exclusion of facilities owned or operated by the Federal government from the definitions for receivers and shippers, due to possible dangers of explosives and nuclear materials.
TSA Response: Although facilities owned or operated by the Federal government, such as any facility owned or operated by the Department of Defense (DOD) or the Department of Energy, are not subject to the requirements of this final rule, these facilities are the responsibility of other Federal agencies. In general, a Federal agency that ships or receives the materials described in § 1580.100 would be a secure facility operating under policies or regulations that provide a level of security comparable to the requirements of this final rule. For example, DOD shipments of explosives are frequently contracted as “rail surveillance” shipments, meaning that railroad police or their agents attend, inspect, and monitor these shipments while they are in transportation. Similarly, Federal agents track and monitor shipments of high-level nuclear materials while in transportation.
Comments: If operations of two or more companies are co-located, would only companies that ship designated materials be subject to § 1580.107?
TSA Response: If a company is co-located at the same facility as shippers or receivers covered by the chain of custody requirements but does not engage in the transportation by rail of the materials described in § 1580.100, that company does not have to comply with the chain of custody and control procedures in § 1580.107.
2. Attendance Requirement
Comments: Several commenters raised questions about compliance with the attendance requirement. Some commenters asked for clarification on the number of rail cars that one individual can attend. One commenter asked if a representative of the first railroad carrier must fully observe the transfer of physical custody of the rail car before turning it over to the second carrier, or if unmanned secure enclosures may be used.
TSA Response: Although the preamble to the NPRM stated that “not left unattended” meant that the employee or authorized representative must have “an unobstructed view of the rail car prior to the delivering carrier leaving the interchange point” (71 FR at 76873), TSA has reconsidered this interpretation. For purposes of paragraphs (c) and (d) of 49 CFR 1580.107, the requirement “to ensure that the rail car is not left unattended at any time during the physical transfer of custody” means that the regulated party has an employee or authorized representative physically located on site, in reasonable proximity to the rail car, who can reasonably detect unauthorized access or unlawful activity near the rail car and is capable of promptly responding to such unauthorized access or unlawful activity (such as by immediately contacting law enforcement or other authorities to investigate), and immediately responds to unauthorized access or activity at or near the rail car either personally or by contacting law enforcement or other authorities. See 49 CFR 1580.107(k)(1).
In the case of rail cars that have been decoupled from locomotive power and are therefore not in a train, reasonable proximity is best understood to mean that an employee or designee of the responsible party has either the rail car or the area surrounding the rail car, including paths of access to the rail car, within his or her field of vision. For rail cars that are in a train, the concept of reasonable proximity means that the train crewmembers are located on or near the train; although the train crewmembers may be located at the front of the train and physically unable to visually observe every rail car, the security risk is mitigated by the fact that the train is subject to unpredictable movement at any time. Determining what is a reasonable proximity is not calculated by measuring a precise distance or designating a particular location, but rather by achieving a reasonable expectation that any unlawful interference with the rail car will be promptly detected. As long as the individual performing the monitoring, whether on the ground or located in an on-site control room watching via a surveillance system, can satisfy this performance standard, there is no limit on the number of cars that he or she can attend. Accordingly, TSA does not expect the first railroad carrier to assign someone to literally observe each car 100 percent of the time during the physical transfer of custody.
TSA also does not want an employee or authorized representative of the regulated party to place his or her safety or life in jeopardy. TSA recognizes that a reasonable response to unauthorized access or unlawful activity may be to immediately contact law enforcement rather than approach an individual directly.
Comments: A municipality commented that TSA should provide clarification on whether rail switching yards must be converted into secure areas. As an example, it referenced a yard where trains are broken up into cars or blocks of cars and built into new trains.
TSA Response: Although the commenter uses the words “secure areas” in the context of asking whether rail yards fall under the “secure location” requirement in the definition of “rail secure area,” the commenter's question appears to concern the carrier to carrier transfer requirements in 49 CFR 1580.107(c) and (d).  Under 49 CFR 1580.107, TSA requires attendance of the rail car during carrier to carrier physical transfers of custody. The attendance requirement only applies in a rail switching yard when one carrier interchanges a covered rail car with another carrier in such a yard. TSA anticipates this happening most often when cars enter and leave the yard, not while they are within the yard being switched. Movements within a yard (including many classification yards) that are transfers solely between the same railroad carrier are not covered by 49 CFR 1580.107.
Comments: An association representing short line and regional railroads commented that TSA should provide clarification on when the transfer is complete under the chain of custody and control requirements and recommended that TSA consider the transfer complete once the rail car is uncoupled from the delivering railroad carrier.
TSA Response: TSA agrees that the transfer is complete when the car is uncoupled from the train, and all documentation requirements are met either in writing or electronically.
Comments: Some commenters suggested that TSA amend paragraph (f)(1) of 49 CFR 1580.107 to prohibit unattended pick up and delivery rather than using the term “positive control.”
TSA Response: The language in this final rule remains unchanged from the NPRM. However, TSA has added a new paragraph (k)(2) to 49 CFR 1580.107 to explain the term “maintains positive control.”
By requiring that either the rail hazardous materials receiver in an HTUA or railroad carrier “maintains positive control” of the rail car during the physical transfer of custody of the rail car, TSA intends that the receiver communicate with the railroad carrier and work in close cooperation to ensure the security of the rail car during the transfer process. Since “attending the car” is only one component of the overall process of “controlling the car” during the transfer, the regulatory text requires one or both parties to be responsible for positive control.
Comments: A railroad carrier commenter indicated that a rail car is attended if a train crewmember is present. Several rail labor unions urged TSA to specify that a railroad carrier may not assign a train crewmember for purposes of compliance with the attendance requirements because of the high risk of injury or death in the event of a terrorist incident. One commenter stressed that train conductors already have numerous safety and other responsibilities, and are not trained as security personnel. Another commenter noted that 49 CFR 1580.107 does not have a training requirement, and requested that TSA add a provision to specifically address the skill set and qualifications necessary for conducting inspections required under 49 CFR 1580.107(a)(1), (b), (c), and (d).
TSA Response: As noted in the NPRM (71 FR at 76873), TSA intends that railroad carriers have maximum flexibility in adopting and implementing procedures to meet the car attendance performance standard. Accordingly, a railroad carrier's option to use any category of individuals, including train crewmembers, to carry out the job function of attending rail cars remains unchanged from the proposed rule. In crafting its procedures, TSA expects a railroad carrier to consider personal safety and security issues and competing job responsibilities of the potential individuals who will serve as attendants, as well as compliance with all other applicable laws, regulations, and contracts.
TSA is not prescribing a specific training requirement for attendant functions in this final rule, nor is it establishing minimum qualification standards for the employees who must attend the rail cars. However, in order to comply, the railroad carrier must ensure that persons who carry out this rule know what they must do. TSA will soon issue a DVD training video to freight railroad carriers and rail hazardous materials facilities on identifying IEDs and signs of rail car tampering and on security awareness.
TSA is mindful of employee concerns about personal safety. We do not expect that railroad employees will necessarily confront suspicious persons directly. For instance, an employee may summon law enforcement personnel to confront a suspicious individual or respond to a report of a possible IED.
Comments: Some commenters were concerned that the chain of custody provisions would be burdensome on small hazardous materials shippers and receivers in high threat urban areas that did not operate 24 hours a day, 7 days a week. Consequently, these facilities might not have staff to comply with the chain of custody provisions of this final rule when a carrier arrived to transfer a rail car.
TSA Response: TSA recognizes that a rail hazardous materials receiver located in an HTUA that is not open for business 24-hours a day, seven days a week, may incur some additional cost to meet the requirements in this final rule. TSA has accounted for this cost in the Regulatory Impact Assessment (RIA). Some regulated parties may satisfy the attendance requirement by employing someone only as long as necessary to transfer the car from the delivering railroad carrier, to document the transfer of custody, and to ensure that it is moved into a rail secure area. Once the rail car is placed in a rail secure area at the receiving facility, the rail car no longer needs to be attended.
3. Electronic Monitoring of Rail Cars
Comments: One group of commenters asked how technology can be used to comply with 49 CFR 1580.107. Several comments supported the use of technology to satisfy the chain of custody and control requirements, noting that electronic devices may offer better security benefits through their enhanced methods to track and control products while in transit. A trade association representing chlor-alkali producers worldwide (as well as packagers, distributors, users, and suppliers) asked TSA to clarify that “positive control” can be achieved through electronic communication.
TSA Response: TSA supports the use of technology to the extent that covered entities can use it to achieve the security standards of 49 CFR 1580.107. TSA recognizes that as existing and future technologies become commercially available, they could provide equal, or possibly superior, monitoring capability of rail cars. As noted, the attendance standard is that of a regulated party's reasonable expectation that it has the ability to detect unlawful interference with the rail car and properly respond to a security situation. See 49 CFR 1580.107(k)(1). As part of “maintaining positive control” of the rail car, attendance must occur until the receiving party has accepted physical custody. In this final rule, covered entities may use visual monitoring technology to comply with the attendance and transfer of physical custody requirements, but only if the person attending the car(s) or train is physically present on-site at the facility where the attendance is required. 
The technology selected may include, but is not limited to, intelligent video, passive intrusion detection, perimeter alarms, or advanced video surveillance systems.  Whatever system or method is selected, the regulated party is responsible for ensuring that the process employed provides an operationally effective means to meet the regulatory requirement. Automatic Equipment Identification (AEI) readers cannot be used to meet the provisions of 49 CFR 1580.107, because they cannot be used to monitor or control access to a car.
4. Rail Hazardous Materials Receivers
Comments: Some commenters requested that TSA assist facilities in determining whether they are within an HTUA and therefore subject to certain chain of custody and control provisions.
TSA Response: Before the effective date of this final rule, TSA will provide on its website maps of each of the 46 HTUAs that TSA will use to inspect for compliance with the applicable sections of this regulation. It is important to note that TSA will provide these maps for general guidance purposes only. TSA encourages any regulated party with questions concerning the applicability of this final rule to its operations to contact TSA directly.
Comments: A trade association commented that TSA should grant an exception to the chain of custody and control provisions for receivers located in an HTUA that receive less than one tank car per month.
TSA Response: This final rule does not contain an automatic exemption from the chain of custody requirements for rail hazardous materials receivers located within an HTUA, regardless of whether they receive very few cars in a given timeframe. The security risk posed by receipt of shipments of Division 1.1, 1.2, and 1.3 explosives, non-residue quantities of PIH materials, and highway route controlled quantities of radioactive materials is significant even if a rail hazardous materials facility only receives a single carload each month. While it is true that the security risks for the rail transportation system as a whole increases as the total number of shipments increase, it is also true that there is a risk associated with each carload received. An exemption from 49 CFR 1580.107 for the specified hazardous materials in amounts below a given threshold is not warranted given the security risks posed by these materials. However, any receiver located in an HTUA may request an exemption  from some or all of the chain of custody requirements of this final rule if it believes, based upon the operational characteristics and geographical location of its facility, that the potential security risk of its facility is insufficient to warrant application of the chain of custody requirements in 49 CFR 1580.107.
Comments: One commenter asked TSA to clarify that receivers located outside an HTUA are not required to satisfy the chain of custody and control provisions, including attending the physical hand-off from a railroad carrier.
TSA Response: Rail hazardous materials receivers not located within an HTUA are not subject to any of the requirements in this final rule.
Comments: A municipality stated that it is opposed to allowing shippers to request an exemption under 49 CFR 1580.107(j) if they determine that a terrorist attack is unlikely at the area where they forward or receive hazardous materials. The commenter stated that such requests for exemption are likely to be based on cost considerations, and not necessarily on objective and knowing assessments that an area is less vulnerable to terrorist activity. In addition, once these locations become and remain unguarded, they are likely to attract persons who could take advantage of the fact that the area is unsecured.
TSA Response: In the case of shippers of the covered hazardous materials, TSA agrees with the commenter. As the first link in the supply chain, and the first opportunity for unlawful interference with a rail car, shippers are not allowed to request an exemption from this regulation. However, under 49 CFR 1580.107(j), a rail hazardous materials receiver located within an HTUA can receive an exemption from the chain of custody and control requirements if it shows TSA that the potential risk from its activities is insufficient to warrant compliance. TSA will only grant such an exemption if, after analyzing the factors relevant to the potential security risk, it concludes that doing so is in the public interest and consistent with transportation security. The factors include: (1) The quantities and types of all hazardous materials that the rail hazardous materials receiver typically receives or unloads; (2) the receiver's geographical location in relationship to populated areas, which includes both daytime office building populations and populations in residential neighborhoods; (3) the receiver facility's immediate proximity to sensitive populated areas, such as other businesses (including other hazardous materials facilities), residential homes and apartment buildings, elementary schools, and hospitals; (4) any information regarding threats to the facility; and (5) any other circumstances relevant to that receiver's activities that would demonstrate that these activities present a low security risk.
5. Document Requirement
Comments: Several commenters requested that TSA clarify whether electronic data interchange (EDI) may be used to satisfy the documentation requirements of this final rule. One trade association asked whether an AEI system with readers at agreed interchange points would satisfy the documentation requirements. An association representing Class I railroads requested clarification on whether notification on a “switch list” (date and time of delivery), which is then entered into the carrier's electronic database, meets the documentation requirement. 
TSA Response: The requirement to document the transfer of custody ensures that all parties involved in the transfer know who is responsible at any given time; this allows TSA to verify that freight railroad carriers and rail hazardous materials facilities are not engaged in practices that leave certain hazardous materials rail cars unattended, and therefore vulnerable to someone attaching an IED or otherwise sabotaging the car. The documentation requirement also assists in locating rail cars, especially after delivery to the receiving facility in an HTUA. This final rule does not specify that a carrier or facility must use a particular document to meet this requirement, but does prescribe certain mandatory information that carriers and facilities must include. In this regard, TSA recognizes the unique operating practices and considerations of each regulated party, and anticipates that each party will meet the performance standard by adapting existing documents and/or technology. Regardless of which method the regulated party uses to comply, TSA requires that the documentation must contain information that uniquely identifies that the rail car was attended during the transfer of custody. This information must include the car's initial (reporting mark) and number, identifying data that allows TSA to determine who in fact attended the rail car (such as the names or uniquely identifying employee numbers of the train crewmembers or rail hazardous materials facility employees), location of the transfer (such as the milepost number, name of the rail yard, or siding designation), and the date and time when the transfer was completed. See new 49 CFR 1580.107(k)(3).
EDI and switch lists may be used to satisfy the requirement and serve as a technical representation of a business conversation between two regulated parties if they are adapted to sufficiently document the transfer of physical custody from one regulated party to the other and allow TSA to determine who participated in the transfer and when and where the transfer took place. TSA is retaining in the final rule the language from the proposed rule requiring that both participants in the transfer create documentation. Passive AEI readers do not meet the documentation requirements of this final rule because while the passage of a rail car past an AEI reader would establish the car's geographical location at the time of the reading, it would not generate the required documentation.
6. Other Issues Concerning Chain of Custody and Control
Comments: Several members of Congress questioned the effectiveness of the proposed rule given the fact that so few TSA inspectors are available.
TSA Response: TSA has deployed the 100 inspectors provided for by Congress in the Department of Homeland Security Appropriations Act for fiscal year 2005 (Pub. L. 108-90). Assigned to 19 field offices throughout the United States, the inspectors cover the key rail and mass transit facilities in their regions. The program has focused on nationwide outreach and liaison activities with the rail industry and initiatives aimed at enhancing security in rail and mass transit systems. Inspections for compliance with this regulation, such as the chain of custody and control provision targeting of high risk interchanges, will focus our inspection priorities. Other provisions in this final rule, such as the appointment of a RSC and the requirement to provide certain location and shipping information, may be primarily monitored by headquarters staff. TSA is confident that this rule will be effectively implemented.
Comments: One municipality believed that re-routing of hazardous materials was a better strategy.
TSA Response: TSA's NPRM did not address this issue. DOT/PHMSA has addressed routing issues in its rule. As noted earlier in this preamble, DOT/PHMSA published an interim final rule in the Federal Register on April 16, 2008. The PHMSA rule revises the current requirements in the HMR applicable to the safe and secure transportation of hazardous materials transported in commerce by rail. In pertinent part, PHMSA is requiring freight railroad carriers to compile annual data on certain shipments of explosive, toxic inhalation, and radioactive materials, use the data to analyze safety and security risks along rail transportation routes where those materials are transported, assess alternative routing options, and make routing decisions based on those assessments.
Comments: Two commenters recommended that TSA adopt the DOT definition of offeror instead of “shipper” and that all requirements placed on the shipper should be assigned to the “offeror.” 
One of the commenters stated that the definition in the proposed rule of “rail hazardous materials shipper” is more restrictive than the DOT definition of “person who offers” or “offeror” in 49 CFR 171.8. The commenter noted that the proposed rule appears to assume that all hazardous materials shipment origination activities occur at the physical facility where a covered hazardous material shipment originates, and indicated that this is not necessarily the case. The commenter recommended that TSA revise the proposed rule to distinguish between requirements applicable to the originating facility and requirements applicable to the person or organization performing the functions of “offeror,” as described in 49 CFR 171.8.
Another commenter stated that since rail hazardous materials shippers and receivers are fixed-site facilities, not persons, they cannot be tasked to perform “offeror” functions. The commenter also recommended that TSA adjust the definition of “receiver” to make it consistent with 49 CFR 171.8.
TSA Response: TSA is revising the definitions of “rail hazardous materials shipper” and “rail hazardous materials receiver” in 49 CFR 1580.3 to clarify that this rule applies to the operator of the fixed-site facility. TSA is retaining the term “rail hazardous materials shipper” to establish that responsibility for compliance with the requirements in parts 1520 and 1580 rests with the operator of the fixed-site facility that has a physical connection to the general railroad system of transportation and offers, prepares, or loads any of the covered hazardous materials for transportation by rail. Although the facility operator may elect to assign responsibility for performing pre-transportation functions to an agent or contractor, the facility operator remains responsible under the rule for compliance with all applicable provisions of this final rule. In the event of noncompliance, TSA may hold the shipper/facility's operator responsible for the violation and subject to enforcement action. Further, TSA notes that a fixed-site facility operator is a “person” for purposes of being able to ship/offer or receive hazardous materials covered by the rule. See 49 CFR 1580.3.
TSA is also retaining the term “rail hazardous materials receiver” in this final rule rather than using the DOT term “consignee.”  A fixed-site receiving facility is not merely a delivery location, but also the legal entity responsible for compliance with this final rule in its role as a receiver or unloader of the covered hazardous materials. While DOT regulations no longer apply after the delivering railroad carrier departs a rail hazardous materials receiver facility (see 49 CFR 171.1(c)(3) and 171.8), TSA's final rule extends beyond that time and covers the transportation-related areas of these facilities that receive or unload covered rail cars.
Comments: A chemical manufacturer observed that TSA's definition of “offeror” includes the words “Any person who * * * [t]enders or makes the hazardous material available * * *” (49 CFR 1580.3). That manufacturer noted that the term “tenders” has a precise legal meaning, often used in satisfaction of a debt or obligation. The commenter recommended that TSA revise the definition of “offeror” by replacing the word “tenders” with “provides.”
TSA Response: For the sake of consistency with DOT's HMR, TSA based its definition of “offers” or “offeror” (49 CFR 1580.3) on the DOT definition of “person who offers” or “offeror” (49 CFR 171.8). In pertinent part, DOT defines a “person who offers or offeror” as “any person who * * * [t]enders or makes the hazardous material available * * *” In the context of TSA's definition of “offers” or “offeror,” the legal meaning of “tenders” is clear.
Comments: A chemical manufacturer commented that TSA should align the applicability of its rail transportation security rule with DHS's CFATS regulation and clearly define jurisdictions and authority so that entities covered by both regulations have a clear understanding of their obligations under the law.
TSA Response: It is not practicable for TSA to align the applicability section of the two rulemakings. Section 1580.107 of the freight rail provisions of TSA's regulation focuses on the pickup, delivery, and interchange of rail cars containing certain hazardous materials, whereas DHS's CFATS rule establishes requirements for the security of entire high-risk chemical facilities. Given the disparity in focus and the differences in addressing risk between the transportation and chemical sectors, it is neither practicable nor necessary to completely align the applicability sections of the two rules. Due to the nature of the supply chain, there is some inherent overlap between transportation and chemical facilities. This is reflected in the TSA regulation. In order to secure the transportation system, in § 1580.107 we are regulating facilities that are connected to the general railroad system of transportation and ship, or receive in an HTUA, one or more of the specified categories and quantities of the hazardous materials listed in § 1580.100(b). However, we believe that the responsibilities of those facilities that are potentially subject, to some degree, to both this rule and to CFATS are sufficiently clear and that those responsibilities will not conflict with each other. 
Comments: A commenter expressed concern that the attendance requirements of 49 CFR 1580.107 might lead to non-compliance with the hours of service laws,  cause worker fatigue issues, and have an impact on transit times and delivery schedules.
TSA Response: TSA recognizes that the attendance requirement may require certain operational changes by the freight railroad carriers required “to ensure that the rail car is not left unattended during the physical transfer of custody.” This final rule allows freight railroad carriers the maximum degree of flexibility to adopt and implement procedures to meet the car attendance performance standard. In this regard, 49 CFR 1580.107 does not specify a maximum number of rail cars that a carrier employee or authorized representative may attend, nor does it require the attendant to be within a certain designated distance from the rail car. TSA expects the affected freight railroad carriers to adopt and carry out implementing procedures that meet the performance standard of this rule without compromising railroad safety or violating any other Federal requirements.
Comments: Several commenters asked whether the chain of custody provisions apply to imports and exports from Mexico and Canada.
TSA Response: The chain of custody requirements do not apply at any shipper facilities located outside the United States, but begin at the first carrier interchange point inside the United States that triggers the provisions of § 1580.107, and apply to all subsequent covered carrier interchanges. The requirements also apply to a rail hazardous materials receiver located in an HTUA, regardless of whether the rail car originated at a domestic or foreign location. Accordingly, for shipments originating in Canada or Mexico, there will be no evidence of a secure shipment from the initial rail hazardous materials shipper, and for shipments destined for Canada or Mexico, there is no requirement for a secure hand off to the receiver.
Comments: One commenter requested clarification of responsibilities where a passenger railroad has contractual agreements regarding the use of their respective rail tracks for the transportation of hazardous materials by private freight railroad carriers.
TSA Response: The requirements in § 1580.107 do not apply to passenger railroad carriers that lease or have contractual agreements regarding the use of their track by freight railroad carriers to haul hazardous materials. Only the railroad carrier transporting the covered hazardous materials, not the owner of the track, is covered by § 1580.107.
Comments: The Small Railroad Business Owners of America commented on the potential danger of grouping hazardous materials rail cars together in secure areas rather then leaving them individually on tracks in various rail yards. The commenter stated that the best solution is to employ security systems that are monitored, such as television cameras and employees who work in the area who are told to immediately report any unauthorized persons.
TSA Response: TSA recognizes that rail hazardous materials facilities may have to comply with 49 CFR 1580.107 by storing covered rail cars in close proximity to each other. However, this final rule does not outline any specific requirements for the storage of covered cars, other than that the cars must be kept in a rail secure area with physical security measures while awaiting pickup at a rail hazardous material shipper by a railroad carrier or awaiting unloading at a rail hazardous materials receiver in an HTUA. The rule also does not specify the size of the secure area; a facility may establish multiple secure areas. TSA believes that placing covered cars only in secure areas with physical security measures in place provides an added security benefit, since it is easier for the facility to monitor the cars in concentrated locations rather than stored individually on multiple tracks.
H. Location and Shipping Information for Certain Rail Cars
Comments: An association suggested that TSA exempt Class III railroads from providing routing information for cars on other carriers' portions of a rail car trip (i.e., the time that the rail car spends in transportation being hauled by another railroad carrier). The commenter stated that the shipping documents that small railroad carriers receive from connecting carriers typically do not indicate the routing that the larger railroads will use. They asserted that, in practice, this information is available from Class I railroad carriers who have multiple routing options and will know which route other carriers will use to the final delivery destination point.
TSA Response: When TSA needs to know the location of a specific rail car, the agency may query a number of carriers about the routing and shipping information; however, TSA recognizes that the entity in possession of the rail car generally has the best available information. In the context of TSA requesting the information, since this final rule only requires railroad carriers to report information for cars under their physical custody and control, TSA will not ask a carrier to submit information that is beyond its range of knowledge and that would require it to make inquiries of other carriers. See 49 CFR 1580.103(b).
Concerning routing information, TSA understands the differing capabilities between Class I railroads and short line and regional railroads, and has taken this into consideration in this final rule by allowing freight railroads, other than Class I carriers, more time to provide the required information. See 49 CFR 1580.103(e). TSA understands that routes sometimes change and expects that all regulated parties will provide the best available current routing information. TSA anticipates that in cases of heightened threat or during a security incident, all regulated parties would go beyond the minimum regulatory requirements and provide TSA with as much information as possible, including available information on rail cars that a railroad carrier had on its system before transferring it to another carrier or to a rail hazardous materials receiver.
Comments: One association commented that the only location and shipping information that rail hazardous materials shippers and receivers should have to provide to TSA, when requested, is the fact that the facility is in possession of the car.
TSA Response: This final rule provides that all covered freight railroad carriers and rail hazardous materials facilities must develop procedures to determine the location and shipping information specified by 49 CFR 1580.103 for rail cars under their physical custody and control containing the specified hazardous materials. A rail hazardous materials facility meets the requirements of 49 CFR 1580.103 if it informs TSA that it currently has a specific car(s) in its possession, identifies which rail cars contain a specified hazardous material, and provides TSA with the name and address of the facility where the car(s) or train is located. TSA is aware that some rail shipper and receiver facilities are very large, but there may be times when it is imperative that DHS know an exact car location inside a facility. In these cases, DHS and TSA will work with the affected facility to locate the precise position of the car to ensure appropriate intervention.
Comments: One commenter recommended that TSA extend applicability of the car location and shipping information reporting requirement to covered entities handling all DOT-classified hazardous materials.
TSA Response: As discussed in Section V.G.1 of this preamble, TSA is not revising the list of hazardous materials to which the requirements of 49 CFR 1580.103 apply. While TSA acknowledges that all hazardous materials present certain security risks in transportation, we selected the explosive, PIH, and radioactive materials as an initial step, because of the significant risk posed by these materials. In the case of an emergency involving explosives, PIH, or radioactive materials, such as a specific threat against a particular train or a general threat involving the metropolitan area through which the train is operating, it may be critical for TSA to have location and shipping information rapidly to address threats to persons and property.
2. Timeframe for Reporting Information
Comments: Many commenters supported the requirement to provide location and shipping information to TSA upon request within one hour, as proposed in the NPRM. TSA also requested comment on whether TSA could and should shorten the response time to five minutes for providing information on a specific car and 30 minutes for providing information on more than one car under the regulated party's physical custody and control.
Several commenters opposed shortening the response time. These commenters varied in their reasons for opposing the change, including arguments that it would pose an unreasonable cost, was too difficult, or was impossible to implement with current technology. A few commenters supported the shortened five minute/30 minute reporting timeframe. One commenter suggested that commercial off-the-shelf technology existed that could meet TSA's proposed requirement. Two others suggested that the threat was severe enough that TSA must be able to obtain location and shipping information on cars carrying security-sensitive materials in the shortest possible timeframe, regardless of whether the private sector funds the technology or the government establishes a national system.
TSA Response: TSA requires all Class I freight railroad carriers subject to 49 CFR 1580.103 to provide the location and shipping information to TSA within five minutes if the request concerns only one rail car and within thirty minutes if the request concerns two or more rail cars. See 49 CFR 1580.103(d). All other regulated parties subject to 49 CFR 1580.103 must provide the information to TSA within thirty minutes, regardless of how many rail cars the request concerns. See 49 CFR 1580.103(e). TSA has concluded that regulated parties can comply with these timeframes. The technological capability to locate the rail cars currently exists. While compliance with this final rule may require procedural changes to the carrier or facility's operations, it will not entail significant or costly technological changes.
Freight railroad carriers, both small and large, maintain systems to track and locate rail cars for both operational and revenue accounting purposes. Depending on the size and operational needs of the railroad, the sophistication of these systems will vary, but all perform the same basic functions. Railroad carriers trace the location of rail cars from the time that they are accepted for transportation at the point of origin until they are placed at the receiver's designated location. While in transit between the points of origin and destination, the progress of a rail car is tracked using a variety of methods including AEI, global positioning systems (GPSs), train dispatching systems, and train crew reporting. Railroad carriers then use computer-based systems to capture data on the location and progress of their rail cars. Carriers can use these types of systems to meet the reporting requirements of 49 CFR 1580.103.
TSA notes that railroad carriers transporting rail cars containing explosives, radioactive, or PIH materials have programs or procedures in place to quickly locate a single tank car on their property if they are provided with the car's reporting marks (initial number). For purposes of complying with 49 CFR 1580.103, TSA anticipates that the vast majority of railroad carriers will determine the number and types of rail cars on their property containing PIH or other specified materials by utilizing car trace and yard management software that sorts car contents according to Standard Commodity Codes (STCC). In addition, TSA recognizes that railroad carriers can, and tend to, send car location messages to a central databank (Railinc  ), which allows the shipper, carrier(s), and receiver of the rail car to track the approximate location and trip progress of a particular rail car.
In 2006, TSA conducted audits of freight railroad carriers and their employees to determine the level of implementation of certain voluntary guidance.  One of these standards concerned the ability of railroad carrier employees to locate cars containing PIH materials in a specific yard. TSA determined that all of the Class I railroads and over 80 percent of the Short Line and Terminal railroads had systems in place to locate cars containing PIH or other specified materials. In this regard, the majority of the railroad carriers have developed car tracing programs that allow them to identify those trains operating on their systems that have PIH or other specified material cars in the train.
As part of the process of analyzing the security threat to the freight railroad system, TSA has reviewed the ability of Class I, II, and III railroad carriers to respond to car location and shipping information requests. In all instances, when asked about rail cars containing the covered materials that were under their physical custody and control, Class I carriers were able to respond in five minutes or less when the request concerned one rail car and in 30 minutes or less when the request involved multiple rail cars. The Class I carriers used their existing programs and/or procedures to locate a single rail car on their property once TSA provided the car's reporting mark and serial number (car initial and number). These carriers also used car tracing programs to identify those trains operating on their systems that had hazardous material cars in the train.
In the case of Class II and III carriers, TSA is aware of at least one program that the industry developed for the purpose of locating hazardous materials rail cars being hauled on Short Line and Terminal railroads. TSA and FRA have funded a program known as FreightScope.  The Federal government in conjunction with the American Short Line Regional Railroad Association (ASLRRA), has tested the functional capability of this program. Representatives of the ASLRRA, acting as agents for their member railroads, maintained a means of accessing the information in the FreightScope program, as well as a means of transmitting the information to the Federal government upon request. In the tests performed, the ASLRRA representatives were able to provide the requested car location and reporting information in approximately 20 minutes. In one instance, the ASLRRA representative provided a verbal accounting of the information in less than five minutes.
Larger and medium size rail hazardous materials shippers and rail hazardous materials receivers of rail cars covered by this regulation have existing systems in place to record cars that enter or leave their facilities by rail. Railroad carriers notify shippers prior to dropping off residue cars and picking up loaded cars, and notify receivers when delivering a loaded car or picking up a residue car. Shippers are aware of the location and status of rail cars covered by this final rule as the cars pass through the facility, both while going through the loading process and while in temporary storage waiting to be shipped. Shippers also follow very specific company and DOT-required procedures for pre- and post-load inspections and necessary rail car maintenance and repair. While there is a constant movement of rail cars into, through, and out of a facility between these processes, plant personnel monitor the tank cars at each stage of the process, including loading and unloading operations and railroad carrier drop offs and pickups. Large and medium size receivers in HTUAs also follow very specific procedures and processes from the time a covered rail car enters the facility until the covered hazardous material is unloaded, including inspections prior to unloading. In addition, they perform pre-release checks before the residue cars are picked up by the railroad carrier.
Smaller rail hazardous materials shippers and smaller rail hazardous materials receivers in an HTUA have smaller inventories of rail cars and consequently a smaller turnover of cars. TSA anticipates that the facilities will comply with this final rule by maintaining a written list of rail cars with the relevant information, and perform a visual check for the requested cars. The location and shipping information requirement will not result in operational changes to the systems at these smaller facilities.
As noted in the preamble to the NPRM, TSA sought comment on an alternative to the proposed one-hour reporting timeframe, because in an emergency, “information concerning the location of certain hazardous materials * * * [is] critical to decisions concerning possible rerouting, stopping, or otherwise protecting shipments and populations to address specific security threats or incidents.” 71 FR at 65864 and 76871. TSA specifically asked for comment on how a shorter timeframe could be accomplished and at what financial cost. Based upon comments received and our understanding of the technological capabilities of freight railroad carriers and rail hazardous materials facilities, in this final rule, TSA has revised the timeframe for a regulated party to report location and shipping information. Each Class I railroad carrier must provide the requested information to TSA no later than five minutes after receiving the request if the request involves only one rail car and no later than 30 minutes if the request concerns two or more rail cars. All freight railroad carriers not otherwise identified as Class I carriers by the STB are permitted up to 30 minutes to provide the requested information, regardless of the number of rail cars involved. All rail hazardous materials shippers and all rail hazardous materials receivers in an HTUA are permitted up to 30 minutes to provide the requested information, regardless of the number of rail cars involved.
TSA has also added a new paragraph (g) to 49 CFR 1580.103, requiring each regulated party to provide a telephone number for TSA to use when requesting location and shipping information. In contrast to the RSC provision, which requires the regulated party to designate a named individual as TSA's contact person because of the potential need to convey extremely time-sensitive threat information or security procedures at any time of the day or night, paragraph (f) merely requires that the designated telephone number be monitored at all times by a live person. As long as the individual who answers TSA's telephone call can provide accurate information within the specified timeframe, paragraph (f) permits the regulated party to use a designated third party or agent to meet this performance standard, rather than exclusively a company employee. Since this provision allows the regulated party flexibility to determine how best to meet the reporting requirement, smaller railroad carriers and rail hazardous materials facilities that do not operate around the clock or maintain 24/7 operations centers can comply with minimal operational changes.
TSA is also deleting the words “in writing” from paragraph (f)(6) in this final rule (which was designated as paragraph (e)(6) in the NPRM), to allow regulated entities, on a case-by-case basis, to request an alternate reporting format and for TSA to immediately approve that request by telephone, without the need for a written response. TSA anticipates that a railroad carrier or rail hazardous materials facility may use this provision when they receive a request for information on only one rail car and can provide the answer easily by telephone. However, TSA does not anticipate approving the use of verbal communication if the requested information concerns numerous rail cars located at many different locations.
3. Technology for Reporting Information
Comments: Several commenters stressed that TSA should allow them to use existing resources to comply with the location and shipping information requirement. A commenter indicated that existing AEI readers and supporting two-way communications systems are fully capable of producing the location and shipping information requested by TSA. The commenter stated that GPS by itself does not add substantial benefits and has significant limitations, such as requiring a direct line of sight to the satellite and an independent power source, which will need replacement. Additionally, the frequency of transmission causes immediacy of location reports to vary.
TSA Response: TSA believes that the technology currently employed by freight railroad carriers and rail hazardous materials facilities is sufficient to comply with 49 CFR 1580.103. This final rule establishes a performance standard that requires the regulated entities to be able to provide the requested information in the timeframe specified, without mandating a particular technology or system protocol for obtaining it. Accordingly, while certain larger freight railroad carriers will meet the requirement by using AEI tags, smaller carriers that rarely haul rail cars containing the specified hazardous materials may elect to obtain the requested location and shipping information merely by calling the train crew on a two-way radio or cellular telephone. Depending on the number of rail cars present that contain one or more of the listed hazardous materials, rail hazardous materials facilities may choose to employ a sophisticated computer program (as appropriate) or simply assign an employee to physically count the rail cars containing the product and gather the requested information for each rail car. If the carrier, shipper, or receiver provides the location and shipping information to TSA within the specified timeframe and does so using one of the approved methods, the carrier or facility would be in full compliance with this final rule.
Comments: A few commenters supported enhancing the current AEI system with GPS-based tracking and monitoring systems. These commenters noted that GPS-based technologies can provide timely and accurate tracking information. They suggested that the current AEI-based system cannot meet the requirements of this rulemaking or provide the efficiency benefits. One commenter noted that in addition to location data, GPS-based systems can provide security information such as a notification if certain equipment becomes compromised in transit.
Other commenters opposed the use of a GPS-based system and supported the continued use of the current AEI system to meet the proposed requirements.
TSA Response: TSA appreciates the comments on AEI systems and GPS technology. TSA is not mandating any specific technology to meet the requirements of this final rule at this time. In order to better understand the security costs, benefits, and drawbacks of GPS, TSA has commissioned a comparative study between GPS and the current AEI-based system. Additionally, the study will provide the Federal government with an assessment of the AEI system and additional technologies that could be used to enhance the current system's fidelity.
4. TSA's Use of the Information
Comments: Several members of Congress requested information on how TSA intends to use the information gathered pursuant to the location and shipping information provisions of the regulation.
TSA Response: TSA intends to use the information obtained under § 1580.103 to prevent or mitigate a terrorist attack. TSA anticipates requesting information in cases of heightened threat or prior to or during an attack. In cases where TSA/DHS has threat information about a specific rail car, commodity, or area, or other relevant fact relating to the transportation of covered materials being shipped by rail, it is imperative that TSA be able to focus upon the affected entity or population as quickly as possible. Currently, the Federal government does not have in place a permanent system to locate rail cars or target hazardous materials in transportation and must partner with the private sector. By finalizing this provision of the rule and including a new requirement that each covered party must supply TSA with a 24-hour contact telephone number, TSA/DHS has a new tool to enable the Federal government to focus on potential or actual targets and take appropriate action when time is of the essence.
I. Whistleblower Protection for Employees
Comments: Two labor unions requested that the rule include whistleblower protection for employees of covered entities who report significant security concerns. The commenters indicated that absent such whistleblower protection, rail employees will remain subject to discipline and dismissal for reporting security concerns. One commenter provided regulatory language that would establish an appropriate level of whistleblower protection for employees who report security lapses to the relevant Federal entities. A third labor union asserted that the final rule must include mechanisms to ensure that employees are permitted to participate fully in reporting security concerns without harassment by employers. The union said that TSA inspectors and other agency officials should have the ability to talk directly with front-line workers about security concerns and any employer harassment they face. In addition, the union urged TSA to adopt regulations specifically prohibiting any type of employee harassment or intimidation with fines and penalties sufficient to discourage this conduct.
TSA Response: The topic of whistleblower protection is outside the scope of the NPRM, and therefore TSA has not addressed it in this final rule. TSA notes, however, that two provisions of the 9/11 Commission Act provide protections from retaliation for public transportation employees and railroad employees who, in good faith, provide information, or otherwise directly assist an investigation, about conduct that the employees reasonably believe is a violation of a Federal law, rule, or regulation related to railroad safety or security or gross fraud, waste, or abuse of Federal grants or other public funds.  See§§ 1413 (Public Transportation Employee Protections) and 1521 (Railroad Employee Protections) of the 9/11 Commission Act; see also 49 U.S.C. 20109. Each provision includes protections for employees who refuse to violate or help in the violation of any Federal law, rule, or regulation relating to safety or security; file a complaint, or directly cause to be brought a proceeding related to the enforcement of certain laws and regulations; or furnish information to DOT, DHS, NTSB, or any Federal, State, or local regulatory or law enforcement agency as to the facts relating to any accident or incident resulting in injury or death to an individual or damage to property occurring in connection with (as applicable) public transportation or railroad transportation. The whistleblower protections are enforced through the filing of a complaint with the Department of Labor. See§ 1413(c) of the 9/11 Commission Act and 49 U.S.C. 20109(c) (as amended by § 1521 of the 9/11 Commission Act).
Comments: Section 1580.109 of the NPRM proposed to preempt any State laws, rules, regulations, orders or common law requirements covering the same subject matter as § 1580.107. TSA sought comment on the scope of the subject matter that the final rule should or should not preempt under 49 U.S.C. 20106. Commenters were sharply divided on the issue of the proposed rule's preemptive effect, with industry commenters in favor of preemption and State and local governments opposed.
Several chemical manufacturers expressed support for the proposed rule's preemption provision, because it would implement national uniformity and increase the effectiveness of compliance efforts. Several trade associations urged TSA to expand to provisions beyond those for chain of custody and control requirements.
One commenter asserted that TSA's statement in the preamble of the NPRM that it “does not intend to preempt inspection activities conducted in furtherance of State and local laws or preempt requirements to appoint an RSC, or report significant security concerns” (71 FR 76875) is inconsistent with the language in 49 U.S.C. 20106. In this regard, the commenter stated that § 20106 provides that the States cannot regulate a subject when DOT or DHS has regulated that subject. The commenter asserted, therefore, that TSA lacks discretion to allow States to enforce their own requirements relating to RSCs or the reporting of security concerns. Further, the commenter stated that State requirements could result in railroads being subjected to differing requirements for security coordinators and a duty to report different types of occurrences in every State, leading to compliance difficulties without enhancing security.
Other industry representatives also emphasized the importance of uniform national standards and supported broad preemption.
State commenters raised objections to preemption and urged TSA to explain its plans for coordination and information sharing with States. A State requested assurance that a State's right to inspect and regulate will not be abrogated. A municipality, citing 49 U.S.C. 20106, urged TSA to include language in the final rule text recognizing the right of a political subdivision to enact more stringent law when “necessary to eliminate or reduce an essentially local safety or security hazard” if it “is not incompatible” with a Federal regulation and “does not unreasonably burden interstate commerce.”
Another State objected to TSA's proposed “subject matter” preemption of chain of custody and control requirements, stating that it would prevent a necessary partnership among Federal, State, local, and tribal governments. The commenter preferred use of the “substantially the same” form of Federal preemption language contained in the Federal hazardous materials transportation laws, which would preserve State laws that do not act as an “obstacle” to compliance or accomplishment of the Federal requirements. See 49 U.S.C. 5125. Another commenter urged TSA to adopt a “conflict” preemption standard in lieu of its proposed “field” or “subject matter” standard.
An individual commenter opposed preemption of State and local requirements, and gave the example of cities that want to place restrictions on where rail cars storing Toxic Inhalation Hazard (TIH) materials can be located. The commenter supported State and local efforts to mandate what the commenter characterized as the most basic terrorism prevention measures: Routing and storing the most dangerous cargoes away from vulnerable target areas. Other commenters objected to preemption, because they believed that Federal regulations alone cannot effectively ensure that the public is protected from dangers associated with the shipment of potentially hazardous materials via rail.
TSA Response: TSA has fully considered the sharply divided comments on the issue of this final rule's preemptive effect. TSA has decided to retain the same language it proposed in the NPRM. In addition, after further consideration of the governing statutory provision, TSA has added a sentence to § 1580.109 that tracks the language of that governing statutory provision—i.e., 49 U.S.C. 20106. The new sentence conveys Congress' intent as to the standard for preemption in the area of rail security (and safety).
While in the past TSA's regulations have not included regulatory text about preemptive effect, the absence of such text does not necessarily indicate that TSA's regulations do not have preemptive effect. TSA has included such a provision here to make clear its finding about one aspect of this rulemaking.
Congress has clearly legislated the standard for preemption in rail security (and safety) legislation. 49 U.S.C. 20106 provides that all regulations prescribed by the Secretary of Homeland Security relating to railroad security preempt any State law, regulation, or order covering the same subject matter, except a provision that: (1) is necessary to eliminate or reduce an essentially local security hazard, (2) is not incompatible with a Federal law, regulation, or order, and (3) does not unreasonably burden interstate commerce. Unless a state law, regulation, or order meets all three of these conditions, § 20106 expresses Congress's intent that it will be preempted. With the exception of a provision directed at an essentially local security hazard that is not inconsistent with a Federal law, regulation, or order, and that does not unreasonably burden interstate commerce, § 20106 will preempt any State or local law or regulatory agency rule covering the same subject matter as § 1580.107. 
In the context of railroad safety, the Supreme Court has consistently interpreted § 20106 to confer on the Secretary of Transportation the power to issue regulations that would preempt not only State statutes, but common law as well. See CSX Transp. v. Easterwood, 507 U.S. 658, 664 (1993) (“[L]egal duties imposed on railroads by the common law fall within the scope of [the] broad phrases” of § 20106). See also Norfolk Southern Ry. Co. v. Shanklin, 529 U.S. 344 (2000). The Court has further held that Federal regulations under the Federal railroad safety laws will preempt common law where the regulations “substantially subsume” the subject matter of the relevant State law. Easterwood, 507 U.S. at 664.
As provided in the regulatory text at § 1580.109, the preemptive effect of this rule extends to the rule's provisions regarding chain of custody and control, both within and outside of HTUAs, of rail cars containing hazardous materials. TSA finds that, consistent with § 20106, these provisions preempt State, local, and tribal requirements covering the same subject matter, including any such requirements prescribing or restricting security measures during the physical transfer of custody and control of rail cars containing the categories and quantities of hazardous materials set forth in § 1580.100(b), as well as any requirements that might attempt to impose a duty on freight railroad carriers or rail hazardous materials shippers, or rail hazardous materials receivers pertaining to the physical transfer of custody and control chain of rail cars containing hazardous materials that is not specifically set forth in § 1580.107. For example, TSA's rule would preempt any State law or common law theory of liability that would require a freight railroad carrier to hire armed security guards to attend the rail car during the physical transfer of custody; a rail hazardous materials shipper or receiver to use specifically-designated physical security measures to ensure that no unauthorized person gains access to the rail secure area; or additional physical inspections of the rail car by the carrier or facility than that specified in § 1580.107.
It would be impractical and burdensome to the secure chain of physical custody and control process to require regulated parties to develop multiple sets of procedures to comply with varying State and local requirements. TSA is aware that, if this final rule did not preempt State or local regulations regarding the chain of custody requirements in § 1580.107, a freight railroad carrier or rail hazardous materials facility may need to comply with different requirements in different jurisdictions. Clearly, § 20106 was intended to prevent this outcome. Any other result would require a substantial resource commitment, because it would require carriers and facilities to instruct individuals who carry out chain of custody requirements to do so according to a multitude of different operating rules and practices. This, in turn, could raise significant safety and security concerns. This also might require carriers to vary the size and training qualifications of the train crew based upon the varying laws in each jurisdiction. Because rail transportation of hazardous materials frequently involves transportation across jurisdictions and because of the resources necessary to comply with potentially varying chain of custody requirements, TSA believes that subjecting carriers to additional State regulations in this area would likely place an unreasonable burden on interstate commerce. TSA seeks to avoid this result. For these reasons, the chain of custody and control security measures must be subject to uniform national standards.
Whether the other provisions of this final rule preempt any such State, local, or tribal law, or types of laws, depends on an analysis of the specific State, local, or tribal law, or types of law, in the context of 49 U.S.C. 20106. At this time, TSA makes no finding as to whether those other provisions of this final rule preempt State, local, or tribal law.
Finally, TSA is not including language delegating inspection authority to the States, as requested by the New Jersey Office of Homeland Security Preparedness. TSA does note, however, that if, in the course of performing an inspection, TSA identifies evidence of noncompliance with a State requirement, TSA will (as appropriate) provide the information to the appropriate State agency for action. In this regard, TSA would not directly enforce State security rules and would initiate a Federal inspection only when a security nexus exists. If TSA were to reconsider its position in the future, it would do so through the issuance of notice to the public.
K. Comments on the Regulatory Impact Assessment
To evaluate the impact of the proposed rule, TSA prepared a Regulatory Impact Assessment (RIA) and posted it to the public docket in December of 2006. We received a number of public comments that addressed many aspects of the assessment. The majority of commenters discussed what they perceive to be deficiencies or inaccuracies in our assessment. Several commenters, including individuals, businesses, and trade associations, questioned some of the analytical assumptions used to estimate the costs of the NPRM. Others pointed out instances where they believe that we failed to account for a compliance cost. TSA considered all comments on the original RIA and has summarized and responded to them below.
1. Whether the Benefits of the Rule Justify the Costs
Comments: Although we received multiple comments that supported the security objectives of the proposed rule, one commenter, a large Class I railroad, stated that the costs of the proposed regulatory action far outweigh the benefits. In its comprehensive public comments, the railroad implied that the costs of the proposed rule—both direct and indirect—could not be justified by the increase in security afforded by the regulation, and that the rule would only negligibly reduce risk in the rail transportation mode. The commenter asserted that it is impossible to completely secure the U.S. rail network. The commenter also asserted that the rule fails to strike the proper balance between compliance costs (both direct and indirect) and the probability of the occurrence of a transportation security incident in the rail mode.
The same commenter stated that the rule would not substantially increase the level of security in the rail transportation mode. The railroad noted that the U.S. rail network is an inherently open system, making it difficult to secure. Further, the railroad stated that while the proposed rule attempts to address the risk posed by hazardous materials, the very nature of the U.S. rail network would prevent a shipment of hazardous materials from ever being fully secured. It observed that the rail system will always be susceptible to attack and other incidents.
The commenter stated that the proposed rule would inflict significant direct and indirect costs on the rail transportation mode. In particular, the railroad singled out the chain of custody and control requirements as being potentially costly for freight railroad operators. The railroad noted that the requirement would force companies to make investments in security in lieu of investments aimed at increasing rail system capacity, an acute need in light of the continuing growth in freight rail shipments. The railroad implied that the rule, by curtailing the expansion of the rail network and slowing the movement of freight, would exact large costs on railroads, shippers, and ultimately the U.S. economy.
The commenter stated that TSA did not adequately estimate the costs in the RIA and that TSA did not satisfactorily weigh them against the benefits of the proposed regulation. The commenter also criticized TSA for failing to calculate the probability of the occurrence of a transportation security incident in the rail transportation mode, a step it believes is necessary in justifying the costs of the proposed rule. In the commenter's view, the agency examined the potential consequences of a security incident, without acknowledging the low probability of such an event. Consequently, the railroad did not agree with TSA's assessment that the costs of the proposed rule—and in particular that the financial impact of the chain of custody and control requirement—could be justified by security improvements.
TSA Response: TSA recognizes that the rule will have an economic impact on railroads, and we appreciate that the compliance costs of the regulation represent an investment in security for many in the industry. As part of the economic analysis required by E.O. 12866, we have made every attempt to include all known and quantifiable costs in the RIA.
The agency disagrees, however, with the assertion that the rule will impose costs on industry disproportionate to its benefits. Although the agency concurs with the portrayal of the U.S. rail system as an open, difficult-to-secure network, TSA believes that the provisions of the rule, including those not addressed by the comment, will improve security in the rail mode.
First, this final rule will protect the dissemination of sensitive rail security information by designating it as SSI. This provision of this final rule will impose no costs on covered individuals and businesses but will provide an additional measure of protection against possible threats. Information that could potentially be detrimental to security if publicly disclosed will be less likely to be distributed and misused under the SSI designation.
Second, this final rule will codify the authority of TSA, or DHS officials working with TSA, to enter and inspect covered entities at any time, including inspecting and testing property, facilities, equipment, and operations, and viewing, inspecting, and copying records. These inspections will assist TSA in carrying out its statutory authority, which includes the assessment of threats to transportation; enforcement of security-related regulations and requirements; inspection, maintenance, and testing of security facilities, equipment, and systems; and ensuring the adequacy of security measures for the transportation of freight and cargo. See 49 U.S.C. 114.
Third, this final rule will require freight and passenger railroad carriers, rail transit systems, and rail hazardous materials facilities to designate and use RSCs. This provision will prove beneficial, because it will result in more efficient communication between TSA and companies operating in the rail mode, particularly in the event of an emergency.
Fourth, this final rule will require freight and passenger railroad carriers, rail transit systems, and rail hazardous materials facilities to immediately report potential threats and significant security concerns to TSA. This requirement will help TSA “connect the dots,” pulling together seemingly disconnected or disparate reports of suspicious or unusual activities. These reports may provide the insight necessary to prevent a transportation security incident, if they can be analyzed quickly in the context of broader information derived from the intelligence community.
Fifth, this rulemaking will require freight railroad carriers transporting certain categories and quantities of hazardous materials, and rail hazardous materials fac