Assessing Threats to Tunnel Security and Their Remedies: A TSI Virtual Roundtable

Assessing Threats to Tunnel Security and Their Remedies: A TSI Virtual Roundtable

Around the globe, transportation tunnels play a vital role in keeping rail and vehicular traffic moving efficiently and safely. This is why threats to tunnels are of vast concern to the world economy, and why finding effective ways to mitigate these threats are a top priority for security experts. Simon Brimble and Ian Chaney are two such experts.

Simon Brimble is Arup’s associate director of resilience, security and risk. Arup ( is a consulting firm serving clients who operate tunnels, and designers/contractors who are bidding to build a tunnel. In each case, the company identifies potential threats to tunnel security using a threat and risk assessment process. With this data in hand, Arup then develops a security strategy, including physical, electronic and operational requirements to mitigate the identified threats, which are implemented through the design process.

Ian Chaney

Ian Chaney is WSP’s national business line director of geotechnical and tunneling. WSP ( provides design and engineering services to clients globally for all forms of infrastructure, including tunnels. The company develops des–igns for roadway and transportation tunnel systems that enhance users’ safety and provide protection against potential terrorism, fire and other in-tunnel incidents. WSP also provides integrated electrical and SCADA designs to allow operators flexibility and visibility into their tunnel operations.

TSI brought both of these experts together for a virtual roundtable on this topic. Here is what they told us:

TSI: What are the major threats confronting tunnel security, and how serious are they?

Chaney: Terrorism, fire and flooding, along with cybersecurity breaches of tunnel traffic and control systems, are the major threats facing tunnel security today.

The primary threat that the industry is worried about is that of an explosive, whether it is someone taking an explosive onto a subway train or into a tunnel through a car.

Fires in tunnels are common, including car fires. In all cases, the main concern is getting passengers safely out of the tunnel. This is why all modern tunnels typically have dedicated egress pathways. If there is a major event within a tunnel, the passengers can exit their cars, get into an emergency pathway that is pressurized so it won’t have smoke or heat that escapes into it, allowing people to escape.

Flooding is typically from tidal events. If you have tunnels in coastal areas and tidal surge pushes water over the design flood elevation, that water just escapes into the tunnel. There was a major tunnel flood during Hurricane Sandy in New York, there was also one in Virginia in the early-2000s, both caused by tidal surge.

Those are the primary physical threats. Obviously, the cyber security threat is always there as well, where hackers can essentially hijack the traffic control systems within the tunnel.

TSI: Are theft and public safety also tunnel security issues?

Simon Brimble

Brimble: Yes. Bear in mind that tunnel types can range from a short 200m road tunnel through to a significant underground river crossing ­— and they can be used by pedestrians, vehicles or trains. They can also be used to provide utility/infrastructure links between two points, which are largely empty for most of the time.

When it comes to security issues, a tunnel serving utilities where powerlines are delivered underground is most likely to suffer from criminal attacks — either theft of the copper wiring which delivers power or from a malicious organization looking to disrupt power supply to a community.

For a railway tunnel, with the potential for children playing near live rail or its use as a potential evacuation route from a train, security must focus on safety. A transport tunnel is harder to regulate due to the variety of vehicles that may use it; a tunnel transporting passenger vehicles will have a very different demographic from an underground tunnel which the public use to cross a road, and the related risks will be similarly varied. Potential security risks can range from damage from terrorist attacks through to environmental protestors blocking access or thoroughfare.

TSI: So how can tunnel designers and operators mitigate these threats, both through new tunnel design and the rehabilitation of existing tunnels??

Brimble: It all starts with planning before anything happens. To really mitigate risk, the development of security plans against real operations is key.

At Arup, we look at the control room operations as well as the teams that run them. We consider the design of the room and the different tasks required to be undertaken by the operators to maintain safety and security during ongoing and security event. We also provide technical plans that can ensure the room and staff are not overloaded under different operating scenarios. We achieve this by bringing together a multi-disciplinary team which can bring different perspectives ­— from ergonomics and human factors to spatial design — into one cohesive response.

With transport and rail tunnels it is very difficult to predict the potential attack mechanisms so a security plan would comprise of careful thinking around the risk of these threats occurring and mapping the potential operational disruption. At times, these types of identified threats are simply not mitigatable and instead, the risk would be entered into the risk register for the operational team to manage as part of their day-to-day security process.


TSI: Now let’s look at the tunnel threats you have outlined, in terms of what can be done to deal with them. When it comes to terrorist bombs, for instance, can tunnels be hardened to survive such blasts?

Chaney: Yes. Tunnels nowadays can be designed to withstand a blast.
We look at tunnels that transport vehicles, that can be threatened by a car or truck filled with explosives, and we design their connections and segments accordingly. For subway tunnels, we look at a backpack bomb being brought in and what it could do to a tunnel, and we design against it.

TSI: What about fire?

Chaney: The most common way to protect tunnels against fire is by using modern forced ventilation, various fire-proofing products and sprinkler systems. If it is a tunnel that has enough space inside it, we construct these structures inside and then mask them with an interior liner on the tunnel.

Beyond that, the tunnel structure is typically protected with sprinkler systems and fire protection board that goes over the concrete. We don’t want the concrete to get to a temperature that will cause spalling or structural issues. So, we install fire protection board to help with that.

TSI: And flooding?

Chaney: When it comes to flooding, the best way to protect against it is to prevent it from happening in the first place. To do this, we raise the portals and provide walls around the tunnel’s other openings to keep water out even in extreme circumstances. So, if the flood elevation for a hundred-year storm is the existing ground elevation plus 10 feet, we make sure that the grading and the walls around the tunnel are built to, say, elevation plus 13 feet. In this way, no storm or surge that we’ve ever seen before can flood a tunnel.

Beyond that, what we can also do is to provide floodgates at the tunnel entrances and exits. So, if those elevations that I mentioned end up being overwhelmed, the tunnel operator can close the gates prior to a flood occurring. Everything outside the tunnel may be flooded, but the tunnel itself will still stay dry until the floodwaters recede.

TSI: What about deterring theft?

Brimble: To mitigate criminal activity, we would look at how to protect access points into the tunnels. This entails developing a strategy that hardens publicly accessible points, in conjunction with a known response time from capable guardians such as the police or security team, that can work to stop the act taking place.

Using a “deter, detect, delay and detain” approach is key. For example, a physical perimeter barrier such as a fence will deter some people. Electronic detection systems can show when a criminal act is happening or about to happen. And hardened access points can delay the success of the act by the perpetrators until a response can be mobilized by either the police or other organization.

Such an “onion skin” approach, where the protected item (e.g., power cables) has many layers of mitigation around it, is the basis of the tunnel’s security resilience. All these mechanisms must be matched to the day-to-day operations of a tunnel so that processes required to uphold the security are not dropped or reduced once in operation.

TSI: And then there’s cyber threats, including the risk of hackers taking over a tunnel’s IT systems and creating traffic chaos or worse. How do you deal with this?

Brimble: Both existing and new tunnel control facilities need to be assessed against current cyber threat and new systems need to be mitigated for against new threats.

Thankfully, more and more organizations are considering getting ahead of a threat rather than simply mitigating. Information or data gleaned from channels such as social media and other online sources can be used to establish any upcoming threats, which can then be specifically planned around or blocked by a security team.

Although cybersecurity is a key area in boosting resilience, doing so in older systems is a challenge. The onus on operators and maintainers to ensure systems are kept up to date is a continuous challenge, particularly where system OEMs did not consider cyber security at earlier stages of design.

TSI: What threats have yet to be fully addressed in tunnel security, and what is being done to address them?

Brimble: Drone attacks are an underestimated area, largely because it is difficult to predict and mitigate against.

With innovation and developments in related areas, tunnels with new functions and user demographics will bring new challenges in security — for example, freight tunnels are likely to be used by unmanned and remotely driven vehicles soon, which will highlight new and very different risks.

TSI: All told, is it realistically possible to fully protect tunnels from attacks, or is it a case of doing the best that can be done?

Chaney: As tunnels typically allow for public use, they cannot be completely protected against attacks. However, mitigation measures can be imparted such that security threats will not render a tunnel facility useless after an attack, but rather allow it to return to full service after a short amount of time and allow it to retain some amount of limited service during and after a security event.

Brimble: I don’t believe it is possible to fully protect a tunnel from attacks. This is why at Arup we adopt a risk-based approach that allows us to identify all of them and then implement a management plan which covers all bases as much as possible. Some risks are simply not mitigatable; for example, protest groups are dynamic and unpredictable, while terrorist threat defence requires the intelligence community to constantly share data that is up to date and timely. These are very complex environments.

As well, even the best of security plans are not infallible. If a strategy relies on electronic or physical systems that are then not reflected in the operational plan or simply not implemented by the daily security team, that is a shortcoming which will directly impact the security of the tunnel.

TSI: All this being said, are tunnels more secure than people commonly imagine them to be?

Chaney: I think tunnels are extremely secure.
For instance, a lot of people are afraid of getting trapped in a tunnel or having a tunnel flood quickly from waters above it. Those are Hollywood-type scenarios. A lot of tunnels have egress passageways that are dedicated to get people out of a tunnel in the emergency, and the probability of having a tunnel flood while someone is in it is almost basically none.