On Friday the Coast Guard published a notice of proposed rulemaking in the Federal Register (78 FR 17781-17833) regarding the requirements for the use of a TWIC Reader at MTSA covered vessels and facilities. Public comments on the NPRM are being solicited.
The Coast Guard is taking a risk-based approach to targeting the required deployment of TWIC Readers. Coast Guard and TSA experts conducted a risk-based analysis of MTSA-regulated vessels and facilities to assess the risk of a transportation security incident (TSI). That analysis assessed three factors:
• Maximum consequences to that vessel or facility resulting from a terrorist attack;
• Criticality to the nation's health, economy, and national security; and
• Utility of the TWIC in reducing risk.
Based upon this risk analysis the Coast Guard developed three risk groups (Risk Group A, Risk Group B, and Risk Group C) that it would use to manage the requirements for deployment of TWIC Readers. In this NPRM the Coast Guard is only considering mandating TWIC Reader deployment to vessels and facilities falling under the criteria for Risk Group A. Future rulemakings may be used to expand that requirement.
Risk Group A
The Coast Guard has developed fairly simple operational definitions of what vessels and facilities fall into Risk Group A. For vessels this definition is based upon the hazardous nature of the cargo carried or the number of passengers carried. Similarly, for facilities the definition revolves around the nature of the hazardous materials (Certain Dangerous Cargo- CDC – 33 CFR 160.204) handled or the number of passengers accessing the facility.
• Vessels that carry CDC in bulk;
• Vessels certificated to carry more than 1,000 passengers; or
• Vessels towing one of the above.
• Facilities that handle CDC in bulk;
• Facilities that receive vessels certificated to carry more than 1,000 passengers; or
• Barge fleeting facilities that receive barges carrying CDC in bulk.
Use of TWIC Reader
Risk Group A vessels and facilities would be required to use TSA approved TWIC Readers to verify identity and to authenticate and validate the TWIC. For vessels this would be required upon boarding the vessel. For facilities it would be required before being granted unescorted access to secure areas.
Identity would be verified by comparing the individual’s fingerprint against one of the two fingerprint exemplars encoded in the TWIC. For facilities that are using a Physical Access Control System (PACS) that utilizes an alternative biometric identification (retina scan, for instance) “the TWIC would need to be read and the stored biometric identifier matched against the TWIC-holder's fingerprint at least once, when the individual's information is entered into the PACS” (78 FR 17792).
Card validation would be done by the TWIC Reader comparing the TWIC data against the Canceled Card List (CCL), thus requiring the TWIC Reader to periodically download the CCL. While at MARSEC level 1, this would need to be accomplished on a weekly basis. At MARSEC levels 2 and 3 daily updates would be required.
The Coast Guard is planning on holding at least one public meeting on this NPRM, but a date and location have yet to be determined. An announcement of the meeting will be published in the Federal Register.
The Coast Guard is soliciting public comments on the NPRM. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # USCG-2007-28915). Comments should be submitted by May 21st, 2013.