The pick for TWIC

April 28, 2010
Patrick Hemphill helped oversee the Port of Wilmington's Transportation Worker Identification Credential implementation

The Port of Wilmington, which opened in 1923, is the busiest port on the Delaware River and the leading North American importation site for fresh fruit, bananas and juice concentrate. It was also the first seaport to use the Transportation Worker Identification Credential (TWIC) card, beginning with the TWIC Technology Phase pilot program in October 2003. TWIC is designed to add a layer of security at ports by ensuring that workers in secure areas have received a background check and do not pose a national security threat.

As the TWIC program expanded as part of the Maritime Security (MARSEC) criteria, so did the need for a software program that could read and record information from both the existing TWIC Protype cards used with the port's physical access control system and the latest TWIC cards. In addition, it was important to find a solution that would enable the port to access the Transportation Security Administration's (TSA) "hot list" - a real-time database of unauthorized TWIC users - so port security personnel can quickly identify those with revoked rights.

Recognizing this need, Port of Wilmington officials began exploring their options for software that could work with their existing Honeywell Pro-Watch security management platform and work on mobile card readers to deploy the enrollment process throughout the facility.

Port officials chose PIVCheck Plus software from Codebench, which drives three Datastrip mobile readers and resides on a desktop enrollment workstation in the port's main office. An additional license for certificate management enables the port to re-validate TWICs each day, once they are enrolled with the Honeywell system.

The Challenge

Before the Port of Wilmington became a pilot site for the TWIC smart card program, it relied on 125kHz proximity cards and readers for worker identification. With the advent of the latest TWIC compliance standards, port officials needed a way to register TWIC cards with their existing Honeywell Pro-Watch physical access control system and enter cardholder data into their database that would merge both TWIC and existing ID cards. With this integration, the port would need only one card for the access control system.

It was also important to be able to enroll TWIC cardholders at the various access points to the port, which spans 307 acres of land. Therefore, the software needed to be usable with rugged mobile card readers, such as Datastrip's DSV2+Turbo.

Finally, Port Security wanted the ability to access the TSA "hot list" and match it against those being enrolled in the Port's database, as well as those using their TWIC cards. This would enable Security to take the appropriate steps when necessary, such as suspending a card, identifying people who were already enrolled in the Port's database and not double-enrolling them, or spotting a potential terrorist.

The Solution

By using Codebench's PIVCheck Plus software, which was deployed on three mobile Datastrip readers as well as a desktop computer system, port officials are able to register TWIC holders throughout the port and transmit that information to the Pro-Watch system. These cards can then be read at the 32 fixed card readers located at various entrances and access points throughout the port.

TWIC credentials are required for entry to the port by anyone requiring frequent, unescorted access to the facility, a facility which is entirely designated as a secure and restricted area. These include longshoremen, truck drivers, surveyors, agents, chandlers, port chaplains and laborers who access secure areas. Tenants who have their offices at the port, such as produce giants Chiquita and Dole, are also required to be enrolled in TWIC.

Patrick Hemphill, recently retired Manager of Port Security and Facility Security Officer at the Port of Wilmington, says the mobile readers have been taken to local union halls to enroll longshoremen before they arrive at the port: "This saved us a lot of time," Hemphill says. "We met with union leaders and set aside two, two-hour periods on pay days. The members were made aware of the need to know their PIN and we were able to enroll the majority of (union) members during those two days without interrupting their work schedule."

Nearly 3,500 people have been enrolled into the port's system so far out of the 11,000 people who have sought a TWIC card for Port of Wilmington. The majority of those requiring a TWIC card will not be at the port until January, which is the beginning of the fruit season, Hemphill says.

Codebench first came to the attention of Port of Wilmington's Director of Human Resources, Sylvia Floyd-Kennard during an American Association of Port Authorities conference. After seeing a demo by Codebench of its PIVCheck Plus software, and its ability to read TWIC card information, Floyd-Kennard recognized it as a possible solution that could be integrated with the port's existing access control system.

Eric Schaeffer from Advantech Inc., the port's systems integrator on the TWIC project, says one of the deciding factors in using Codebench was the ability to test the software in-house before making a commitment. He wanted to ensure that Codebench would integrate with the existing Pro-Watch system. "Some companies have reservations about testing before buying," Schaeffer says, "but (Codebench) was comfortable with us testing it."

Because this was one of the first implementations of Codebench's PIVCheck Plus software integrated with the Honeywell Pro-Watch system, Schaeffer says Codebench worked alongside Advantech to make sure everything worked as planned.

The Benefits

For a major facility such as the Port of Wilmington - which handles nearly 400 vessels and 4 million tons of cargo each year - being able to enroll TWIC holders and verify their information anywhere using a mobile card reader results in a savings of security personnel time and effort. Personnel can go where the enrollees are, rather than requiring everyone to come to a central location.

The port is also able to continue to leverage its legacy physical access control system while adding in the important TWIC component. The PIVCheck Plus software enables the port to register TWIC information - such as the TWIC FASC-N number and expiration date - into the existing PACS cardholder record, explains Codebench CEO Geri Castaldo. If a new person is added, the system automatically creates a brand new cardholder record using the information from the TWIC such as first name, last name, FASC-N, expiration date and photo, Castaldo adds.

Checking against the TSA "hot list" is a key benefit with the addition of Codebench's Certificate Manager software. Although not currently a requirement for TWIC compliance, port officials say that automatically verifying the user against the TSA list will likely be one soon, and many facilities that need to comply with TWIC are being proactive and checking the TSA hot list today. The PIVCheck Certificate Manager goes out to the TSA list, explains Castaldo, and re-validates the TWIC card status daily or on a user-defined schedule, so security personnel can see what has changed and react to the status of cardholders.

"Honeywell is excited to have collaborated with Codebench to ensure the successful integration of the Port of Wilmington's TWIC solution with our Pro-Watch security management platform," says Jeremy Howard, Global Accounts, Critical Infrastructure Protection, Honeywell Integrated Security.

In the case of an elevated threat level, Codebench's software is able to provide the additional authentication piece that would be required, explains Advantech's Schaeffer. If the threat level at the port is raised under the three-level MARSEC system, the use of fixed readers with a biometric component would likely become a requirement.