May 4, 2009 -- The Transportation Worker Identification Credential (TWIC) program hit a milestone last month on April 15th as ports across the nation required workers to present a TWIC card before gaining unescorted access. The process wasn't perfectly smooth. Some port workers did not receive their cards in time, and still others had not yet applied for their cards. With an extension for many ports until May 13th for full worker compliance, the program, however, is off to at least some sort of a start in terms of enforcement.
But having cards out in the hands of port workers wasn't the full goal of the TWIC program. It also seeks to use functions like biometrics, digitally encrypted certificates, background checks, PIN readers and more to create a highly effective program to ensure security at U.S. ports by verifying and authenticating workers.
SecurityInfoWatch.com caught up with one of our regular sources on topics of the TWIC program, Rob Zivney, to discuss the technological status of this program. Zivney is a member of the Security Industry Association and vice president of marketing at Hirsch Electronics, one of the companies seeking to provide technology solutions to TWIC. In his capacity with both SIA and Hirsch, Zivney has served as an industry liaison with government on the TWIC initiative via groups like the NMSAC (National Maritime Security Advisory Committee), the body which developed the industry recommendation for a reader specification.
The first thing that Zivney points out is that, initially, this high-tech card currently is going to be used as a visual "flash pass". In the flash pass usage, the TWIC card is being presented to a guard as a simple ID badge, and not generally being read electronically to take advantage of the technology features in the card. There are, of course, some implementations of handheld TWIC card readers in the field by the U.S. Coast Guard -- which allows the card to be used as more than a flash pass -- but the reading of the cards by a PACS (physical access control system) reader is not yet a standard practice.
"TWIC can claim some success from this deadline," said Zivney. "The U.S. Coast Guard is doing the primary enforcement -- rather than the ports themselves -- until this interim period is done. One of the real advantages of the TWIC program has already been realized and that is the vetting process."
"No one will receive a TWIC without successfully passing the background checks and vetting process. Further, the TSA hot list is updated daily to ensure that the subscribers are able to keep their local handheld readers and PACS databases current so only valid TWICs are able to be granted access."
One of the challenges in getting the cards issued and used to their full capacity, said Zivney, is that there are so many different stakeholders in the process.
"It's based on FIPS 201 standards to a great extent, but in TWIC we have the TSA issuing the cards and we have the Coast Guard doing the actual enforcement. We have port operators who will be using cards with the card readers, and then you have longshoremen and port workers and truckers who have to buy the cards. They couldn't really force everybody to do this, as was done with the federal FIPS 201 PIV cards."
The use of biometrics to individually verify and authenticate card holders has been one of the hallmarks of the TWIC initiative, said Zivney, but it's also been one of the biggest hurdles the program has encountered. In fact, the application of biometrics, is one of the main reasons for the pilot project phase of the TWIC initiative.
"They wanted to go with biometrics, but biometrics has not been historically very effective outdoors."
Innovative enclosures can help ports get around the problem of reading biometrics in a difficult outdoor environment, but the program also has had to face the issue of managing the biometric templates and ensuring privacy. The issue of biometrics also is tied up in the concerns about throughput -- i.e., not slowing down commercial operations at the ports. As Zivney explains it, the solution for using biometrics isn't particularly simple.