Thanks to John C.W. Bennett over at the Maritime Transportation and Security News and Views for pointing out that the GAO had prepared a report to Congress regarding their evaluation of the various delivery options for getting Transportation Workers Identification Credentials (TWIC) into the hands of the registered transportation workers. This report was mandated by §818(b)(1) of the Coast Guard Authorization Act of 2010 in response to concerns about the cost to workers to travel to a limited number of TWIC issuance facilities to pick-up and activate their cards.
This report will have some potential bearing on possible consideration of HR 1143, the TWIC Delivery Act of 2011, which would mandate the establishment of a program for TWIC delivery by U.S. Mail to any applicant that resided more than 100 miles from a transportation security card enrollment center.
Currently a TWIC applicant must go to one of a limited number of enrollment centers to apply for a TWIC because part of the application process is providing fingerprints and a photo that would be electronically imbedded in the card. Once the background check is successfully completed and the individual’s card is produced the individual must come back to an enrollment center to pick-up and activate the card. As part of this process the individual’s finger prints are verified and a pin number is selected allowing the TWIC to be used as part of a two-factor identification process.
If the TWIC was an integral part of an electronic identification verification system, mailing the card to the individual would not be a problem as long as the individual had to go to an approved location to activate the card. Unfortunately, there is not yet a program in place to require the use of an electronic reader with the TWIC due to delays in the testing program for TWIC Readers. The draft rule for this requirement is expected this fall.
Without the use of a TWIC Reader as part of the identification process the TWIC is just another picture ID to be flashed at a guard as part of an entry procedure at a secure MTSA facility. The concern is that the mailing of the TWIC to the authorized user could allow for the interception or diversion of these cards which could then be used to gain unauthorized access to these facilities.
The GAO report is a good summary of the issues of the current debate, but it provides no data useful for resolving the debate. It does not even provide a suggested methodology for evaluating the information provided. So we are left with a political debate about making things easier for workers vs the maintenance of strict security standards.
Once TWIC Readers become part of the identification process, this debate will shift as a mail-delivered would still need to be activated before it could be used to gain access to a secure facility. The debate will then be about the use of alternative activation methods other than going to one of the limited number of enrollment centers.
A further complicating factor in this debate could arise when the folks at ISCD release their personnel surety program for CFATS facilities. Many people have suggested that the use of a TWIC would be a preferable method of allowing access to CFATS facilities. This could greatly increase the number of TWIC applications that are processed, with a large number of these new applicants living far from the current enrollment facilities.
Cyber Espionage Campaign Hits Energy Companies
2 weeks ago