TWIC and CFATS

There is an interesting blog post over on the CFATS 2.0 blog about the use of the Transportation Workers Identification Credential (TWIC) to satisfy the personnel surety requirements for high-risk chemical facilities covered by the Chemical Facility Anti-Terrorism Standards (CFATS). There have been a lot of questions about the use of TWIC for this requirement and it has seemed that the DHS-ISCD folks have tried to discourage this use, but Fasteddie565 certainly seems to layout a clear justification for its use.

CFATS Personnel Security Program

Of course, at this point in time there is no DHS-ISCD approved personnel surety program for CFATS. There is a clear requirement for facilities to establish a program to check the identity of personnel with unaccompanied access to critical assets and restricted areas of their high-risk facility, and that requirement specifies a check of the Terrorist Screening Data Base (TSDB). Currently the only program that provides access to that check is the TWIC program.

According to the presentation on the CFATS Personnel Surety Program made at this year’s Chemical Sector Security Summit (see my earlier blog for more information on that presentation), DHS is still moving forward with rolling out their program for submitting personnel information for the TSDB verification. They expect to have it in place for an initial trial run in October. That trial run is expected to be run at Tier 1 facilities with approved Site Security Plans.

Once that program is up and running it will be interesting to see if DHS tries to make facilities that have used the TWIC solution proposed by Fasteddie565 (and many others) re-submit their data in the new program. I’m not sure that the §550 restrictions on specifying particular security measures would allow that. We will have to see what DHS does when they rollout their program.

TWIC Readers

In the meantime, Fasteddie565 makes an interesting point about the TWIC card. He notes that “it also has the electronics to activate access control measures via the use of accepted TWIC readers”. For facilities wanting to electronic access controls for their critical areas (control rooms, ICS server rooms, etc) the ability to use established TWIC readers (though the Coast Guard has yet to complete their review of the TWIC reader trials) for that access control certainly makes a certain amount of sense. This is particularly true for organizations that also operate MTSA facilities that will require the use of such readers when they are finally approved.

Will this make the use of the TWIC economically sensible, even if DHS ends up requiring facilities to submit the personally identifiable information on personnel in the facility personnel surety program? It may, particularly if the facility can convince suppliers to ensure that their delivery drivers to get TWIC cards; the use of TWIC to verify the identity of these drivers may make screening of incoming deliveries that much easier.

In any case, we will see how DHS deals with the TWIC issue. My bet is that they won’t like it, but they will end up accepting it.