After a number of delays that sowed doubts in some quarters about the long-term viability of the program, the Coast Guard has issued a proposed rule making for the electronic reader component of the Transportation Worker Identification Credential (TWIC) program that creates three risk groups for maritime vessels and ports.
The creation of the risk groups reflects the risk-based approach to security that the Department of Homeland Security (DHS) is increasingly implementing.
Regulated facilities and vessels deemed the highest risk of being involved in a transportation security incident (TSI), Risk Group A, are the only ones which would have the new TWIC reader requirements under the proposed rule. A TSI refers to a security incident that would result in a “significant loss of life, environmental damage, transportation system disruption, or economic disruption in a particular area,” according to the proposed rule.
The other two Risk Groups, B and C, present lower risk and would follow existing regulatory requirements for visual inspections of TWIC cards. In future rulemakings the Coast Guard will consider whether to add or modify reader requirements based on changes to risk.
“Most significant factor is the rule is going to tell the facilities what it is they actually have to do,” John Martin, president of JTAC consulting and an expert in identity management solutions, tells HSR.
Following publication of the 256-page Notice of Proposed Rulemaking on March 22, owners and operators of vessels and port facilities regulated by the Maritime Transportation Security Act will have 60 days to comment. The Coast Guard will use the comments to refine the final rule, which is expected later this year.
Manufacturers of smart card readers have been waiting for years for the final rule, believing that it will help open the market in the U.S. to further sell their products to the owners and operators of these regulated vessels and facilities. Last year DHS published a report with the results of a three-year pilot project that said TWIC readers will work in ports and add another lawyer of security without hindering port operations (HSR, March 14 2012).
That report was a step forward toward opening the market for smart card readers.
Since DHS began issuing TWIC cards to mariners and other individuals more than five years, for the most part the cards have typically been used as flash passes to gain entry to secure areas of vessels and ports although some ports have deployed fixed and handheld readers and the Coast Guard also does spot checks with handheld readers. The cards make it easier for port security personnel who previously had to review other credentials such as driver’s licenses, passports, mariner identity cards or union credentials.
Unlike the processes used for obtaining many other credentials, applicants for TWIC cards are checked against terrorist watchlists and criminal records before they can receive the credential.
In making the case for the use of electronic readers, the Coast Guard says in the proposed rule that “electronic TWIC readers would provide greater security benefits because the TWIC card is designed to contain several enhanced security features that can only be utilized through the use of an electronic TWIC reader. One of these features is the set of two fingerprint templates from two different fingers embedded in each TWIC card.”
The readers will also cross-check with the Transportation Security Administration’s Canceled Card List, which would be updated weekly, guarding against the use of guarded or revoked cards.
In addition to the three risk categories, another new feature of the rulemaking is a proposed requirement for owners and operators that use the TWIC readers to keep records for two years of individuals that are granted unescorted access to secure areas of ports and vessels.
Beyond opening the market further for TWIC readers in maritime ports, the emergence of a final rule later this year may also open the discussion for beginning to apply TWIC cards, and in some cases readers, for other applications.
Now that the TWIC reader rule is going forward, the use of TWIC “is going to expand into other areas,” Donald Bruce, director of Compliance Services for JTAC Consulting, tells HSR. “So this is a huge, huge step forward.”
Those other areas are generally contained within critical infrastructure sectors outlined in the National Infrastructure Protection Plan, Bruce says, such as chemical facilities.
Bruce and Martin say that one significant hurdle going forward to the implementation of the TWIC reader requirements will be the lack of government resources to aid owners and operators in the purchase and installation of the readers and related infrastructure. Port security grant funding for this purpose is dwindling and only about 5 percent of facilities have taken advantage of grant monies previously, Bruce says.
“Most people have lost the opportunity for grant monies,” Bruce says. “They will have to deal with it out of their own funds.”