DHS OIG TWIC Assessment

Last week Laurie Thomas published a lengthy blog post about a DHS Inspector General report on the Transportation Workers Identification Credential (TWIC) program. This report was required by the 114^th Congress’ HR 710 (PL 114-278). Laurie’s blog does a good job of looking at the report, but I would also recommend reading the report after reading her post. Doing so would provide background on her somewhat understated concerns.

Background

HR 710 went through a rather convoluted legislative process (see my posts here, here and here) culminating in a rare final approval during a pro-forma session in House at the end of the 114^th Congress.

Last session, Congress took official umbrage with DHS over the failure to comply with the requirements of HR 710 and passed HR 5729, the Transportation Worker Identification Credential Accountability Act of 2018. This IG report does not fulfill the preconditions in that bill that would allow the Coast Guard to implement the TWIC Reader Rule. Those preconditions are the submission of the Rand Report that the OIG briefly discusses in the first two full paragraphs on page 3 {expected(?) April 27^th, 2019} and the subsequent plan from DHS to implement the report recommendations within 60 days of the publication of the report.

I expect that we will see early hearings in the House on this IG report in both the Homeland Security and Transportation committees on this IG report. I would be surprised if either committee waits until the Rand Report comes out; too many problems identified here.

CFATS and TWIC

I do not see any immediate implications for the use of TWICs as part of the personnel surety program (PSP) in the Chemical Facility Anti-Terrorism Standards (CFATS) program. Too many companies have made the management decision that the TWIC is an easier way to vet against the Terrorist Screening Database (TSDB) than submitting employee information via the new CSAT tool.

Having said that, I think that the Infrastructure Security Compliance Division is going to have a harder time getting approval to start the Tier 3 and Tier 4 implementation of the PSP as a result of this report. More people will be arguing with the OMB’s Office of Information and Regulatory Affairs (OIRA) that the expansion of the PSP should be held in abeyance until the Rand Report and the DHS response are published.

There is going to be a counter argument from some at ISCD that this would be a better reason to scrap the use of the TWIC in the CFATS PSP will still not fly. There is too much support in Congress for the TWIC alternative, even with the problems in the TWIC program identified in this report. Only a truly awful Rand Report will erode that political support.

Problems with the IG Report

Laurie’s discussion at the end of her blog post discusses some of the shortcomings with TWIC program that were addressed in the report. That discussion should be read very carefully.

Unfortunately, Laurie does not address the shortcomings in the methodology that the IG employed in their investigation/audit. The IG gave TSA credit for completing requirements just by examining documents such as contracts and procedure manuals. The report specifically states that they did not question people that actually implemented those documents or followed those procedures.

The fact that the IG found so many shortcomings in just the high-level administration of the program leads me to believe that there are even more problems with the actual implementation of the program where decisions are made in assessing the validity of documentation or the vetting of personnel. Hopefully, these types of problems will be looked at more closely by the Rand people.