The CIP Report

Integrated Risk Communication and Its Vital Role in Building Resilience in Transportation Systems

Print Friendly, PDF & Email
Andrea Stone, InfraGardNCR


Transportation operators and modes must bring together their safety, security, and emergency management functions to enable the use of a common risk management methodology that supports integrated risk communications. User-centric risk communications allow risk managers to communicate in a relevant and timely manner through the most appropriate vehicle to enable action. Risk communications advance awareness and general action by reaching entire communities with the right message at the right time. Taking this community approach contributes to building a reliable, effective, redundant, and resilient transportation system.

The Definition of Risk Communication

The element of risk communication amongst transportation stakeholders, including transportation operators, infrastructure owners, federal, state, and local authorities, and the public, will make or break any effort to build system resilience. Effective communication instills confidence in the system and maximizes response efforts when something goes wrong. Lack of effective risk communication adds to potential risk of harm or severity of an adverse event. As the public is made more and more quickly aware of events such as bombs, active shooter scenarios, extreme weather, and natural disasters by public efforts and social media, effective risk communication becomes ever more vital.

We define risk communication in the transportation context as the process of communicating about potential hazards to people, property, or communities that results in action that reduces risk to life and property. Effective risk communication should be framed as a two-way conversation in which an organization informs affected audiences and communities of risks, while offering them the opportunity to participate in making decisions about how those risks should be managed.

Why Transportation?

Transportation systems are a critical part of our way of life, enabling the movement of people and goods that are critical to our supply chain and economy. Transportation is also of extreme importance when moving people affected by emergencies. The goal of risk communication is to help the transportation system “bounce back” faster while maintaining public confidence. This confidence is especially reinforced when effective, two-way risk communication allows users to “own” part of that recovery.

We Face Significant Challenges

There are complex challenges to overcome before an effective risk communication system can be in place. The first challenge is that safety, security, and emergency management functions traditionally reside in different organizational areas within transportation operators and modes. These functions are usually funded through different vehicles and are perceived to have different missions; therefore, they have little incentive to collaborate. The result is duplication and fragmentation in risk communication with overlapping audiences. From the point of view of the receiver, messages are not always relevant, are not released fast enough, and are repetitious, causing frustration. The organizational silo structure creates a disadvantage for the senders. Often, they do not have access to messages or content from peer organizations, lack data regarding the behavior and response of their target audience, and lack sufficient resources to handle risk communication.

The second challenge involves the tradeoff between efficiency versus safety and security. The public expects efficiency and a high level of service, yet there is little understanding of the complexities involved in providing a safe and secure system. When transportation systems do not meet the public’s expectations, there is less willingness to engage in critical, yet positive communication. This pitfall is difficult to address, as transportation hazards are evolving and often poorly understood, and thus those entities charged with dealing with them constantly struggle with perceived misunderstandings, disagreements, suspicion, and even apathy.

Thirdly, transportation modes are unique, thus hazards bring different and sometimes unique implications for different modes with the added complexity of multimodal dependencies. For example, an attack on access control systems may affect an airport differently than it would a port, and could have a devastating effect at large multimodal terminals, such as Washington Union Station, in regard to passenger access to cabs, Uber, and other ride-sharing services, passenger rail, transit, buses, commuter rail, and restricted areas with access to signal and communication systems. Therefore, it is crucial to consider the uniqueness of each mode of transportation when defining a risk communication strategy.

The fourth challenge, and perhaps most vexing, is the availability of data relevant to a given event and the challenge of making disparate, often antiquated, data systems communicate with each other during a crisis. No risk management framework will be effective without reliable data to estimate the likelihood and impact of an event. Data availability poses a higher risk for events where data is limited. For example, security threats are unpredictable and therefore, there is less data documented vis-à-vis other events such as natural disasters that are recurrent and therefore better understood. There is a dearth of historical data that can be used to model or predict threats to transportation systems.

The fifth challenge is that the target audience and its needs evolve quickly primarily due to evolving technology and access to information. Risk communicators must understand how to craft messages, select communication vehicles, and shape an enticing call to action that speaks to four generations. While we are all familiar with the four different generations and their contrasting characteristics, not every risk communicator understands just how different they really are.

Understanding Safety, Security, and Emergency Management

Traditionally, transportation organizations see safety as an explicit objective in their mission statements. The events that took place on 9/11 brought the security discussion to the table and formalized policies and directives to prepare for, respond to, and recover from natural disasters. While Homeland Security promotes an “all hazards” approach, transportation organizations are still adapting to organizational and policy changes brought about by new and evolving risks.

A key factor in the integration of the three functions is knowledge. Very frequently, the divide between safety and security becomes deeper when leaders do not understand the policies, guidelines, funding, and communities affected by one or the other. Transportation organizations must groom leaders who can expand their knowledge of these complementary disciplines. For example, an excellent resource for safety managers is TSA’s Executive Loan Program,[1] which provides transportation executives with first-hand, real world experience of the Transportation Security Administration’s various counter-terrorism and risk reduction roles and surface security programs and policies. By the same token, many transportation operators have robust safety management systems with employee reporting systems that are based on training and strategic communications aimed at changing employee behavior. These safety management systems can bring lessons learned applicable to security transportation experts.

An Integrated Risk Communication Model

The first element of our risk communication model is organizational support. There must be leadership commitment of transportation organizations at the highest level to support cross functional communication. It is vitally important that safety, security, and emergency management organizations work together to develop an integrated risk communications program. Once senior leadership is on board and management is ready to champion the effort, teams can be formed to determine risk communication needs and objectives, both internally and externally. Once that is accomplished, evaluation of the target audience and crafting of key messages becomes possible.

An important precursor to crafting key messages is the identification of the appropriate target audience. Because the transportation-consuming public is so large, segmenting that audience around communities is crucial. Even once a demographic or population segment is identified, further refinement must take place to relate that segment to a community. Messages should reach those who most need them first or face the largest risk, so the largest subset of the most vulnerable populations should be defined. Communicators must research the barriers that make these populations vulnerable to transportation risks. In defining the target audiences, we suggest that selecting three to five broad population groups that will provide access to the largest number of people can help make the message relevant to the style and needs of the audience.

Risk management efforts usually account for strategic, tactical, and operational actions. In the same manner, risk communication efforts must define and bond federal, state, and local efforts. Once the message is distilled, then appropriate message vehicles can be identified, such as dynamic message sign boards, fliers or posters, email or text messages, and public meetings. The importance of measuring communication efforts cannot be underestimated. Key success factors and clear outcomes must be defined so that communicators can effectively gather feedback on specific risk communication actions from both internal and external stakeholders.

An Example of Integrated Risk Communications

Amtrak is an example of an organization that integrates its emergency management, security, and to some extent, safety risk communications. Although the safety, police, and emergency management are led by different organizations, Amtrak has been formulating and implementing common safety and security objectives and tactics in its 5-year strategic plan.[2] These groups collaborate to integrate both internal activities and messages and external risk communications around safety, security, and emergency management. Amtrak created a Security Awareness Program that concentrates on the development and distribution of print and multimedia tools that educate passengers and employees on how they can play an important role in identifying suspicious activity or behavior.[3] Some of these efforts include two-way communication with passengers, the Amtrak Police Department launched “Txt-a-Tip,” where passengers can report suspected criminal or suspicious activity by sending a text to APD11 from a smartphone or to 27311 from a standard cellphone.[4] This information is shared through different groups as well as the required risk and communication actions required. Amtrak has developed a process to measure communication effectiveness and evaluate the program to ensure that appropriate risk communication is taking place.

Amtrak’s Emergency Management & Corporate Security takes an active role in collaborating with Amtrak’s police and the safety organization while leveraging resources made available through the Department of Homeland Security. For example, the Homeland Security Presidential Directive 7 (HSPD-7) called for the creation of private-sector Information Sharing and Analysis Centers to protect United States critical infrastructures from attack.[5] The Surface Transportation ISAC (ST-ISAC) collects, analyzes, and distributes critical security and threat information and provides a platform for the collection of 24/7 threat warning, incident reporting, and analysis.[6] Amtrak not only partners with the ST-ISAC but also facilitates the integration of messaging and delivery of risk communications.[7]

The Front Line of Resilience

Transportation organizations must bridge the organizational safety and security divide and adopt a common risk management framework. Risk communication begins with understanding specific user and community needs. A risk communication model builds partnerships proactively to enable activation of networks before, during, and after an alert is released. Once operators conquer their internal silos, they can collaborate with other transportation organizations and modes to share lessons learned regarding the behavior and communication style of user groups, segments, and communities. Best practices can then be developed for specific mode communications taking place in both closed systems such as airports, train, commuter, or metro stations and open systems such as highways.

The next line of engagement includes other related sectors such as emergency management, public health, and non-governmental organizations. The end goal is to achieve two-way communication by bundling risk messages into vehicles that allow initiation and completion of risk mitigation actions shared by both transportation organizations and by communities. Organizations that have mature risk communications adopt and enable a “whole community” approach. Transportation organizations can adopt a similar approach and add exponentially to the resilience of transportation systems. The risk communication goal is to achieve two-way dialogue with relevant communities while developing integrated tools for building resilience into transportation systems, contributing to greater system integrity, and building user confidence.

Andrea Stone serves as co-chief of InfraGardNCR Transportation sector. InfraGard’s mission is to improve and extend information sharing between critical infrastructure stakeholders, in both the private and public sectors, with the government, particularly the FBI, to protect those infrastructure assets from physical and/or cyber attacks. She is the CEO of Dynamic Pro Inc., a management-consulting firm offering expertise in business transformation, mission support, and information management.


[1] “TSA Launches Successful Transportation Loaned Executive Program,” Transportation Security Administration, Mar. 16, 2015,

[2] Strategic Plan: FY2014-FY2018, Amtrak, Last accessed July 11, 2017,

[3] “Amtrak Security Measures,” Amtrak, May 5, 2016, pp. 3-4,

[4] J.J. Green, “Amtrak Unveils New Suspicious Activity Text Tip Line,” WTOP, Oct. 15, 2013,

[5] “Homeland Security Presidential Directive 7: Critical Infrastructure Identification, Prioritization, and Protection,” U.S. Department of Homeland Security, Dec. 17, 2003,

[6] Surface Transportation Information Sharing & Analysis Center Website, last visited July 11, 2017,

[7] A video that explains who the emergency management, safety, and security functions are integrated is available at