CG Publishes TWIC Reader Delay Final Rule – 10-31-24

Today, the Coast Guard published a final rule in the Federal Register (89 FR 86723-86739) on “TWIC--Reader Requirements; Second Delay of Effective Date”. This rulemaking extends the enforcement date for the TWIC Reader requirements for the three categories of facilities related to Certain Dangerous Cargo listed in 33 CFR §105.253(a) until May 8^th, 2029. The notice of proposed rulemaking was published on December 6^th, 2022. The effective date of this rule is December 2^nd, 2024.

The TWIC Reader rule was controversial from its first proposal. The preamble for this rule provides a lengthy review of the regulatory convolutions that the Coast Guard has gone through on the TWIC Reader requirements. One of the developments that has had the most impact on the two ‘delay rules’ is the Congressional mandate for the Coast Guard to commission an independent study reviewing the security value of the TWIC program. The Homeland Security Operational Analysis Center (HSOAC) delivered that analysis in July, 2022; a copy of that report will be posted in the docket for this rule. The CG continues to review that report.

CG Sends 2nd TWIC Reader Delay Final Rule to OMB

Yesterday, the OMB’s Office of Information and Regulatory Affairs announced that it had received a final rule from the Coast Guard on TWIC--Reader Requirements; Second Delay of Effective Date. The notice of proposed rulemaking for this action was published on December 6^th, 2022.

According to the abstract for this rulemaking in the Spring 2024 Unified Agenda:

“On August 23, 2016, the Coast Guard issued a final rule, requiring owners and operators of certain vessels and facilities regulated by the Coast Guard to conduct electronic inspections of Transportation Worker Identification Credentials (TWICs) as an access control measure (81 FR 57652).  On August 2, 2018, the TWIC Credential Accountability Act of 2018 was enacted.  It prohibited implementation of the 2016 rule until after the Coast Guard submitted a report reviewing the security value of the TWIC program.  On March 9, 2020, the Coast Guard published its first TWIC delay rule (85 FR 13493).  On December 6, 2022, the Coast Guard proposed to further delay portions of the 2016 final rule for three categories of facilities until May 8, 2026, or later depending on the outcome of the Homeland Security Operational Analysis Center (HSOAC) study and consideration of public comments.  On December 23, 2022, Congress enacted the James M. Inhofe National Defense Authorization Act for Fiscal Year 2023, which directs the Secretary not to implement the 2016 final rule for covered facilities before May 8, 2026.  On April 17, 2023, the Coast Guard published a conforming amendment rule that removed from the CFR earlier implementation dates for facilities covered by this legislation (88 FR 23349).  The Coast Guard plans to issue a final rule to respond to comments from the NPRM and address whether the implementation date should be set beyond May 8, 2026.”

CG Publishes 2nd TWIC Reader Delay NPRM

Today the Coast Guard published a notice of proposed rulemaking (NPRM) in the Federal Register (87 FR 74563-74573) for “Transportation Worker Identification Credential (TWIC)--Reader  Requirements; Second Delay of Effective Date”. This rulemaking would extend the enforcement date for the TWIC Reader requirements for facilities the three categories of facilities related to Certain Dangerous Cargo listed in 33 CFR §105.253(a) until 2026 and Coast Guard is considering a further extension until 2029.

The Coast Guard is soliciting comments on the rulemaking. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # USCG-2022-0052). Comments should be submitted by January 5^th, 2023.

Commentary

There will almost certainly be requests for extending this date because of the holidays. But the current TWIC Reader enforcement extension expires on May 23^rd and the Coast Guard will need time to review the comments and ‘formulate’ the final rule, so they will be reluctant to extend the comment date. Having said that, the OMB did approve the publication of this rulemaking (consistent with change) back on October 26^th. It took the Coasties an exceptionally long time to move from that approval to publication of the rule today. Much of that time could have been used to allow for more complete industry commentary.

OMB Approves 2nd TWIC Reader Delay NPRM

Yesterday, the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had approved a Coast Guard notice of proposed rulemaking (NPRM) on “TWIC--Reader Requirements; Second Delay of Effective Date”. This rule would extend the implementation delay of the TWIC reader requirements for facilities handling or receiving vessels carrying Certain Dangerous Cargo that was set in place in the 2020 TWIC reader rulemaking.

There are three categories of facilities related to CDC issues for the purposes of the TWIC reader requirements outlined in 33 CFR 105.253(a). These facilities are currently slated to be required to implement the TWIC reader requirements on May 8^th, 2023. The Coast Guard is still waiting for the congressionally mandated review of those requirements. That study by the Homeland Security Operational Analysis Center (HSOAC), once published, will have to be subject to public review and comments before the TWIC reader requirement can be implemented at these facilities. This new rulemaking would extend the current exemption through 2026 to allow that process to continue.

The Coast Guard will probably publish this rulemaking later this week.

CG Sends 2nd TWIC-Reader Delay NPRM to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs announced that it had received a notice of proposed rulemaking (NPRM) from the Coast Guard on " TWIC--Reader Requirements; Second Delay of Effective Date”. According to the Spring 2022 Unified Agenda entry for this rulemaking:

“On August 23, 2016, the Coast Guard issued a final rule, requiring owners and operators of certain vessels and facilities regulated by the Coast Guard to conduct electronic inspections of Transportation Worker Identification Credentials (TWICs) as an access control measure (81 FR 57651).  On March 9, 2020, Coast Guard published a final rule [link added], delaying the effective date of the 2016 TWIC reader rule for three categories of facilities [link added] (85 FR 13493).  This rulemaking would further delay portions of the August 2016 final rule.  The Coast Guard would delay the effective date for the three categories of facilities [that handle Certain Dangerous Cargo in bulk] by at least an additional 3 years (until May 8, 2026) or later depending on the outcome of the Homeland Security Operational Analysis Center (HSOAC) study and consideration of public comments.  The study is estimated to be completed no earlier than June 2022.”

OMB Denies Request for CG TWIC Risk Assessment ICR

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had rejected the Coast Guard’s new information collection request (ICR) for their “Transportation Worker Identification Credential (TWIC) Card Readers: Updated Risk Analysis”. The reason for the rejection was that the CG improperly submitted the new ICR. According to yesterday’s Notice:

“Terms of Clearance: Improperly submitted. DHS will resubmit with an information collection instrument and either a supporting statement B or an explanation of why such an analysis does not require statistical methods.”

The ICR Notice

According to the 60-day ICR notice published in the Federal Register on August 3^rd, 2020:

“The Coast Guard is conducting a risk analysis to determine which maritime facilities subject to TWIC Reader Rule would most benefit from the electronic TWIC inspection requirements. The purpose of this information collection is to gather the necessary information to conduct that analysis.”

The Coast Guard reported in that Notice that the respondents to the information collection would be “Maritime facility owners, operators and representatives”, and that the total time burden would be 600 hours. No burden costs were mentioned in the Notice.

Receiving no comments on the 60-day ICR notice, the CG published a nearly identical 30-day ICR notice on October 15^th, 2020.

The ICR Submission

On October 29^th the CG submitted a Supporting Statement A [.DOCX download link] providing the required justifications for the ICR. That document, after a discussion of the background of the TWIC Reader Rule and the delays in the implementation of that Rule, describes the purpose of the new information collection (page 2):

“The purpose of this collection of information is to gather the necessary information to conduct the revised risk analysis and population analysis.  Both the HSOAC assessment [link added] and the industry petition [.PDF download link added] stated that the Coast Guard underestimated the number of facilities that handle CDC in bulk and, in particular, the number of facilities transferring CDC via non-maritime means.  In addition, the 2016 TWIC Reader rule also applied to facilities that receive vessels carrying bulk CDC but do not transfer the bulk CDC to or from the vessel during the vessel-to-facility interface.  These facilities were not included in the original risk analysis for the 2016 TWIC Reader rule and, therefore, the Coast Guard does not have an accurate population estimate for these facilities.  The Coast Guard needs an accurate estimate of the number of facilities subject to the TWIC Reader rule to better identify which maritime facilities would benefit the most from the rule.  The information gathered from this collection of information would allow the Coast Guard to fill in gaps in the data and increase the accuracy of estimating the impact of the TWIC Reader rule.  The information necessary for this effort is not currently gathered by Coast Guard inspectors, nor is it included in facility security plans.”

The Supporting Statement goes on to explain:

“Given the nature of our collection of information method—where responses to an interview question may require follow-up and clarifying questions—the use of an online survey mechanism is not feasible.  The Coast Guard will manually collect information through semi-structured interviews.  To minimize the burden on respondents, interviews will be conducted via phone or in person at the respondent’s location.  We will create electronic interview narratives from participants to code and use for our analysis.  We estimate that 75% of the interview will be conducted via phone.”

The Statement also provides a more detailed burden estimate (page 3):

• The estimated annual number of respondents is 300. 

• The estimated annual number of responses is 300. 

• The estimated annual hour burden is 600. 

• The estimated annual cost burden is $39,600. 

No information collection document (survey or list of questions to be asked) was included in the submission to OIRA.

Commentary

The TWIC Reader Rule… the Grateful Dead probably described it best: “what a long, strange trip it's been”. Between the Coast Guard and the TSA there have been so many delays and missteps in the design and implementation of the electronic TWIC readers that this additional hiccup should probably have been expected.

The data collection documents are not (unfortunately) typically made public as part of the ICR notice and comment process, so the Coast Guard may be able to get away with publishing the survey question list and resubmitting this ICR to OIRA without going back through that Federal Register publication exercise. That and adding a brief explanation of why they do not expect to “employ statistical methods” to the data collected will probably allow OIRA to approve this ICR.

Then we can wait for another year or two for the CG to start a new rulemaking clarifying the TWIC Reader Rule. Just keep on truckin….

TWIC Reader Rule Delay Rule Sent to OMB

Yesterday the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received from the Coast Guard their final rule on the delay of the Transportation Workers Identification Credential (TWIC) Reader Rule for the delay of delay the effective date for certain facilities that handle certain dangerous cargoes (CDCs) in bulk or receive vessels carrying CDC in bulk. This rule has nothing to do with the current system wide delay in that rule pending a report to Congress on the effectiveness of the TWIC program.

The NPRM for this rule was published in June of 2018.

Coast Guard Publishes TWIC Reader Delay NPRM

Yesterday the Coast Guard published a notice of proposed rulemaking (NPRM) in the Federal Register (83 FR 29067-29081) proposing to delay for a set of specific facilities and vessels the implementation date of the TWIC Reader Rule. The reason for this rule is an industry petition [.PDF download] that questions the inclusion of these facilities and vessels in Risk Group A. The three-year delay in the implementation date for just these facilities and vessels will allow the Coast Guard to review the Risk Group A assessment standards and initiate a new rulemaking if required.

The Petition

The industry petition stated (pg 2):

“Specifically, the petition requests the Coast Guard to promptly initiate a rulemaking that would amend the final rule to conform its coverage of “facilities that handle Certain Dangerous Cargoes (CDC) [Definition link added] in bulk” to those portions of facilities where the transfer to or from a vessel of CDCs in bulk occurs or is capable of occurring. This revised scope would be consistent with long-standing Coast Guard policy regarding CDC facilities and the requirement of a maritime nexus.”

The concern is that there are some facilities that have handle CDC in bulk (via truck or railroad) but those handling facilities have nothing to do with the maritime activities at the facility. Since the risk that the Coast Guard is responsible for mitigating is the risk of a maritime transportation security incident and these CDC activities have no maritime nexus, the TWIC Reader Rule should not apply to these facilities.

The Response

The Coast Guard is not currently judging the merits of the petition. It does acknowledge, however, that additional study is needed. The Coast Guard needs to determine if a more limited definition of CDC handling facilities needs to be included in the regulations or if specific guidance needs to be established to allow for a consistent waiver process to identify facilities without a maritime nexus for a transportation security incident that could be exempted from the TWIC Reader Rule requirement.

The three-year extension of the TWIC Reader Rule for CDC handling facilities that do not transfer CDC cargos to or from a vessel will allow the Coast Guard to further study the matter and initiate a new rulemaking if required.

The NPRM would modify the sub-paragraphs of 33 CFR 105.253(a) to change the description of the affected parties to the TWIC Reader Rule by adding verbiage to identify the status of a facility with respect to its transfer of CDC to or from a vessel. It would be changed to read:

“(1) Beginning August 23, 2018: Facilities that receive vessels certificated to carry more than 1,000 passengers.

“(2) Beginning August 23, 2018: Facilities that handle Certain Dangerous Cargoes (CDC) in bulk and transfer such cargoes from or to a vessel.

“(3) Beginning August 23, 2021: Facilities that handle CDC in bulk, but do not transfer it from or to a vessel.

“(4) Beginning August 23, 2021: Facilities that receive vessels carrying CDC in bulk but, during the vessel-to-facility interface, do not transfer it from or to the vessel.”

Public Comments

The Coast Guard is soliciting public comments on this proposed rulemaking. Comments may be submitted via the Federal eRulemaking Portal (www.Regulations.gov; Docket # USCG-2017-0711). Because of the short time frame until the TWIC Reader Rule goes into effect on August 23^rd, 2018, comments must be submitted by July 23^rd, 2018.

Commentary

The petition that prompted this NPRM inadvertently raises again the issue of the exemption from the Chemical Facility Anti-Terrorism Standards (CFATS) program for facilities covered by the Maritime Transportation Security Act (MTSA). The crafters of the CFATS authority (both the initial authorization in the 2006 DHS spending bill and the subsequent re-authorization in 2014) recognized that there was no need for the CFATS program to regulate facilities that were already covered under the MTSA.

The Coast Guard has long allowed facilities a certain amount of leeway to define the perimeter of the MTSA covered facility. While the waterfront facing portion of the facility is certainly covered by the MTSA rules, facilities have been encouraged to include the remaining portions of the facility in their security plans as part of an unofficial defense-in-depth approach to preventing attacks on the clearly maritime portion of the facility.

It would appear from this petition and the Coast Guard’s response in the form of this NPRM that there has been an expectation in the industry that the Coast Guard would be more lenient in their security requirements for portions of the facility more removed from the maritime transportation nexus of the facility. Never having worked at an MTSA covered facility I cannot personally testify to the accuracy of this expectation, but it would appear to me to be a reasonable approach by the Coast Guard.

Unfortunately, this would mean that significant portions of many larger MTSA facilities would not be under the same sort of security regime that either the maritime facing portion of the facility or facilities regulated under the CFATS program. This would be especially true for portions of the facility that did not contain CDC but did store, produce, or handle chemicals that are identified as theft/diversion chemicals of interest under the CFATS program.

During the reauthorization of the CFATS program that needs to take place this year, Congress needs to specifically re-look at the blanket exemption MTSA covered facilities are give to the CFATS program. I certainly do not advocate a wholesale voiding of that exception. The Coast Guard is the obvious agency to regulate security at the strictly maritime facing portions of the facility and has a legitimate interest in the security at the remaining portions of connected facilities since that has a direct impact on the security of the waterfront.

What the Congress needs to do is to craft a closer working relationship between the Coast Guard and the CFATS’ Infrastructure Security Compliance Division to ensure that there are adequate security measures at these MTSA facilities for theft/diversion security threat chemicals that are precursors for improvised chemical munitions and/or explosives.

A relatively simple way to do that would be to require MTSA covered facilities to submit Top Screen’s to ISCD to allow ISCD to do a full chemical-terrorist threat assessment for the facility. Then instead of notifying the facility that it was a covered facility under CFATS where it would normally be appropriate to do so, it would notify both the MTSA covered facility and the local Captain of the Port that the facility’s security plan should address the security measures necessary to protect the identified DHS chemicals of interest at the facility. The Coast Guard would then be responsible for regulating the security for those chemicals as part of its oversight of the existing MTSA mandate.

HR 5729 Introduced – TWIC Reader Rule Delay

Earlier this month Rep. Katko (R,NY) introduced HR 5729, the Transportation Worker Identification Credential Accountability Act of 2018. The bill would delay implementation of the TWIC Reader Rule, which is due to become effective on August 23^rd, 2018. The delay would extend until after report to Congress was made that is required by the Transportation Security Card Program Assessment Act (PL 114-278).

Reports to Congress

The earlier act required DHS to commission a study by a “research organization with

significant experience in port or maritime security” {§1(b)(2)} that would include an assessment of the efficacy of the TWIC program. That assessment was to have included a review of {§1(b)(3)}:

• The credentialing process;

• The process for renewing applications; and

• The security value of the program.

The original version of HR 710 included language {§2(f)} that would have delayed implementation of the TWIC Reader Rule until the reports required by the bill had been submitted to Congress. That language was removed in a last minute amendment to the bill when it was passed by the Senate in the closing hour of the 114^th Congress.

Moving Forward

Katko is the Chair of the Transportation and Protective Security Subcommittee of the House Homeland Security Committee, one of the two committees to which this bill was assigned for consideration. He is also a member of the House Transportation and Infrastructure Committee, the other committee to which the bill was assigned. This means that he should have sufficient influence to have the bill considered in at the very least the Homeland Security Committee. And the bill does have bipartisan leadership sponsorship; Rep. McCaul (R,TX), Rep. Jackson-Lee (D,TX) and Rep. Richmond (D,LA).

The main issue here is the short time frame for the passage of this bill for it to be effective. It has been four weeks since this bill was introduced and there has been no committee (or even subcommittee) action on the bill. We have one month left before the currently scheduled summer recess. If action is not taken during that time (and the schedule is already busy with spending bills and nominations) the TWIC Reader Rule is scheduled to go into effect during that recess.

It seems unlikely that this bill would get the abbreviated treatment that HR 710 got in the Senate (no debate and no vote). There was obviously some objection in the Senate to the language requiring the stay of the implementation of the rule that held up consideration of HR 710 until the last minute in that body. That objection is unlikely to have changed.

There is, however, some possibility that the effective deadline for the passage of this bill could slip. DHS has submitted a rulemaking to OMB to delay the implementation of the TWIC Reader Rule. The details of that rule, including the reasons for change and the revised implementation date, are not publicly available. It is unclear whether such a rulemaking could be completed in time to avoid the August implementation date, though it is unlikely that affected industries would object to the delay.

Bills Introduced – 05-09-18

Yesterday with both the House and Senate in session there were 43 bills introduced. Of these, two may be of specific interest to readers of this blog:

HR 5729 To restrict the department in which the Coast Guard is operating from implementing any rule requiring the use of biometric readers for biometric transportation security cards until after submission to Congress of the results of an assessment of the effectiveness of the transportation security card program. Rep. Katko, John [R-NY-24]

HR 5733 To amend the Homeland Security Act of 2002 to provide for the responsibility of the National Cybersecurity and Communications Integration Center to maintain capabilities to identify threats to industrial control systems, and for other purposes. Rep. Bacon, Don [R-NE-2]

The Transportation Workers Identification Credential (TWIC) reader rule was adopted in 2016 with an implementation date of August 23, 2018. With the Coast Guard having submitted a rule to delay the implementation of that rule and now this bill being introduced it would seem that the regulated community seems to be having some problems with the implementation. Katko is the Chair of the Transportation and Protective Security Subcommittee of the House Homeland Security Committee. It will be interesting to see how fast this bill is considered in that Subcommittee. It will have to be quick (next week?) if HR 5729 is to be effective.

I am really looking forward to seeing the text of HR 5733 for two reasons. First I am hoping to see an effective definition of control system that can be used in this and subsequent cybersecurity legislation. Second, since this looks to be an authorization bill, it will be interesting to see if ICS-CERT is specifically mentioned.

CG Sends TWIC Reader Rule Delay to OMB

Earlier this week the OMB’s Office of Information and Regulatory Affairs (OIRA) announced that it had received a proposed rule from the Coast Guard that would delay the implementation of the TWIC Reader Rule. This rulemaking was not included in the Fall 2017 Unified Agenda so there are little or no details publicly available. The final rule for the TWIC Reader was published in 2016. The effective date is August 23, 2018.

While the Trump Administration has established a firm reputation for delaying the implementation of Obama Administration regulations, particularly those finalized in the closing months of that Administration, this action would appear to be something a tad bit different. This rulemaking was years in development and specifically required by law, so it clearly is not an Obama policy legacy.

It will be interesting to see what justification that the Coast Guard is using to delay the implementation of this rule.

HR 710 Reported in Senate

Last year on May 20^th, the Senate Commerce, Science and Transportation Committee held a markup hearing on HR 710, the Essential Transportation Worker Identification Credential Assessment Act, that passed in the House in February. The Committee adopted substitute language and ordered the bill reported. That report was published last week.

Substitute Language

The new language reported in the Senate is a substantial re-write of the details of the bill, though the general import of the bill remains the same. The main report required by the bill was changed from a GAO report to a two phased report conducted by a national laboratory or a university-based center that is part of a DHS center of excellence. And the time limit for the study will change from one-year to complete the study to 60-days to commission the study.

The scope of the study was expanded to include a new phase 1 study that includes {§2(c)(1)}:

• The appropriateness of vetting standards;

• Whether the fee structure adequately reflects the current costs of vetting; and

• Whether there is unnecessary overlap between other transportation security credentials.

The second phase of the new study fairly closely replicates the GAO study outlined in the original bill. One new requirement was added; “a cost-benefit analysis of the TWIC Program, as implemented” {§2(c)(4)}.

Where the original bill restricted moving forward on the TWIC Reader Rule, the new bill prevents any new TWIC rule until the DHS IG approves the Secretary’s corrective action plan based upon the 2-phase study. As with the original bill, the regulatory restriction does not apply the currently stalled rulemaking on the TWIC Reader implementation.

As with the original language, the substitute language specifically does not provide any funding for the required study and reports.

Moving Forward

That it has taken almost exactly a year to get this report printed indicates that there has been some behind the scene negotiations going on to allow this bill to move forward. I expect that those negotiations have been between the Committee and the Senate Homeland Security and Governmental Affairs Committee, the other committee to which this bill was assigned for consideration.

It is likely that this bill will be considered by the Senate before the summer recess. I would expect to see this considered under the unanimous consent provisions of the Senate rules with no debate and no vote. I would not be surprised to see the House accept the Senate amendment to this bill, obviating the need for a conference committee.

Coast Guard Changes NMSAC Meeting

Today the Coast Guard posted a notice in the Federal Register (78 FR 19277-19278) announcing that the two day meeting of the National Maritime Security Advisory Committee (NMSAC) previously scheduled for next week in Washington, DC has now been changed to a half-day electronic meeting on April 2^nd, 2013. The notice cites ‘budgetary constraints’ (read Sequestration) as the reason for the change.

Agenda Change

While not specifically mentioned as a change, the description of the agenda in the current notice is slightly different than the previous agenda. The new agenda deletes the presentation and discussion on Maritime Domain Awareness and Information Sharing and replaces it with a discussion of the recent TWIC Reader NPRM. Since the NPRM was published after the previous notice was published this addition certainly makes sense.

Public Participation

Public participation is still being solicited. There are provisions for a public comment period at the end of the conference and written comments will still be accepted through today (the same cut-off date as was posted in the original notice). People wishing to participate via teleconference  dial 866-810-4853, the pass code to join is 9760138#. The web conference will be via the Homeland Security Information Network (HSIN) at  https://connect.hsin.gov/r11254182 and follow the online instructions to register for this meeting.

Editorial Comment

I understand that the Sequester is forcing the federal government to cut spending and certainly travel related spending for conferences like would seem to be an obvious way of cutting spending without cutting services. Having said that, making a change like this six days before the scheduled meeting is a blatant slap in the face to the non-federal employee participants. Last minute cancelations of travel plans are disruptive, to say the least, and expensive in that many transportation arrangements do not allow for full refunds upon cancellation.

Having said that, I do commend the Coast Guard for carrying on the conference in an electronic format. This is a cost effective way of sharing the information, both for the government and the private sector attendees. Of course they probably would not have been able to set this up on short notice if they hadn’t already planned on providing for the electronic attendance for the meeting.

I am concerned, however, that they are shortening the meeting from 9-hours (over two days) to just 3-hours. I understand that the electronic format provides some time savings as they don’t have to provide for extended breaks to allow personnel to find and use the utilities, but that doesn’t save 6-hours. The only way to remove that much time will be to cut short the discussions of the important topics to be considered at the meeting, and that is not a good thing.

Closer Look at 2012 DHS Rules List

As I mentioned in my earlier blog post the OMB’s Office of Information and Regulatory Affairs (OIRA) recently update their Unified Agenda and the associated agency rule lists. Today I would like to take a closer look at the rulemaking actions on the DHS Rule List that would be of potential interest to readers of this blog.

Classified Information

The one new rulemaking listing in this List deals with the DHS regulation of Classified National Security Information (RIN 1601-AA68). According to the Abstract:

“The Department of Homeland Security (DHS) is revising its procedures for managing classified national security information. DHS is updating its regulations to incorporate new and revised procedures pursuant to Executive Order 13526, ‘Classified National Security Information.’ Further, DHS is delegating to the Chief Security Officer of DHS the responsibility of serving as the ‘Senior Agency Official’ pursuant to Executive Order 13526.”

Apparently the folks at DHS are intending to go directly to issuing a Final Rule in May, 2013 without the intermediate step of issuing a notice of proposed rulemaking. This methodology is allowed if the rule only affects internal actions in the Department and has no significant impact on State, local or tribal governments of private citizens. We will just have to wait and see what the Final Rule actually says.

Maritime Shipping Safety

We have two rulemakings from the Coast Guard dealing with maritime shipping safety that remain on the DHS Rule List. They are:

• Cargo Securing on Vessels Operating in U.S. Waters (RIN 1625-AA25)

• Bulk Packaging To Allow for Transfer of Hazardous Liquid Cargoes (RIN 1625-AB63)

Neither of these has a statutory mandate for date of issue. The Coast Guard intends to issue a supplemental Cargo Securing NPRM in April and a final rule for the Bulk Packaging rule in January.

Maritime Security

There are two Coast Guard rulemakings on the List that deal with MTSA issues. They are:

• TWIC Card Reader Requirements (RIN 1625-AB21)

• Updates to Maritime Security (RIN 1625-AB38)

The Card Reader rule has been long delayed, partly due to problems the TSA had with their field trials of various card readers. The final rule was required to be published in August of 2010 and the Coast Guard is now estimating that the notice of proposed rulemaking will be published in February. As I noted in an earlier blog posting this rule has already been sent to the OMB for review so this date may not be too far out of line, but that still leaves us at least a year before the final rule is published.

According to the Abstract for the Updates to Maritime Security rulemaking this would be the first major update to Subchapter H of 33 CFR since the MTSA regulations were adopted. The Abstract explains that:

“The proposed changes would further the goals of domestic compliance and international cooperation by incorporating requirements from legislation implemented since the original publication of these regulations, such as the SAFE Port Act, and including international standards such as STCW security training. This rulemaking has international interest because of the close relationship between subchapter H and the International Ship and Port Security Code (ISPS).”

The Coast Guard is planning on issuing the NPRM for this rulemaking in April of 2013.

General Aviation Security

TSA is still struggling to overcome resistance to rules governing the security of general aviation aircraft. Their NPRM that was published in 2008 met so much opposition from the public and Congress that TSA will be issuing a ‘supplemental’ NPRM that will almost certainly be a total re-write of their General Aviation Security and Other Aircraft Operator Security rulemaking (RIN 1652-AA53). They expect to issue their supplemental in August of 2013.

Surface Transportation Security Training

A while back TSA rolled three congressionally mandate rulemaking requirements into a single rulemaking, Security Training for Surface Mode Employees (RIN 1652-AA55). The thee mandated publication dates were in 2007 and 2008 and TSA has yet to produce their first public version of the rule that would “propose general requirements for the owner/operators of a freight railroad, public transportation system, passenger railroad, and an over-the-road bus operation determined by TSA to be high-risk to develop and implement a security training program to prepare security-sensitive employees, including frontline employees identified in sections 1402 and 1501 of the Act [the Implementing Recommendations of the 9/11 Commission Act of 2007], for potential security threats and conditions”.

While that certainly seems to be a fairly comprehensive program TSA also intends to extend the “security coordinator and reporting security incident requirements applicable to rail operators under current 49 CFR part 1580” to other portions of the surface transportation industry.

TSA expects to have the NPRM finally go to publication in July of 2013.

Railroad Security Planning

Another long overdue requirement from the Implementing Recommendations of the 9/11 Commission Act of 2007 is the Freight Railroads and Passenger Railroads--Vulnerability Assessment and Security Plan rulemaking (RIN 1652-AA56). According to the Abstract:

“This rulemaking will propose thresholds for which a risk determination can be made to determine whether a freight railroad and passenger railroad should be considered "high risk." The rulemaking will also propose requirements for vulnerability assessments and security plans for owner/operators of those railroads. The proposed requirements include procedures for TSA's review and approval of these assessments and plans, and recordkeeping requirements. The regulation will take into consideration any current security assessment and planning requirements or best practices.”

This rule could easily become the TSA’s version of the CFATS regulations in scope and impact, potentially requiring a significant expansion of the number of Surface Transportation Security Inspectors, something never authorized by Congress; coming up with an effective rule that can overcome that funding obstacle is a real challenge. TSA expects to have the NPRM published by July of 2013.

TSA Security Threat Assessments

The TSA does the security threat assessments for a number of travel related security programs including the Hazardous Materials Endorsement for CDLs and the TWIC as well as future programs such as the CFATS personnel surety program. Each of these programs is currently governed by a slightly different set of rules. With this Standardized Vetting, Adjudication, and Redress Services rulemaking (RIN 1652-AA61) the TSA “intends to propose new regulations to revise and standardize the procedures, adjudication criteria, and fees for most of the security threat assessments (STA) of individuals for which TSA is responsible”. According to the Abstract:

“In accordance with the Implementing Recommendations of the 9/11 Commission Act of 2007 (9/11 Act), the scope of the rulemaking will include transportation workers from all modes of transportation who are required to undergo an STA in other regulatory programs, including certain aviation workers and frontline employees for public transportation agencies and railroads. In addition, TSA will propose fees to cover the cost of the STAs and credentials for some personnel. TSA plans to improve efficiencies in processing STAs and streamline existing regulations by simplifying language and removing redundancies.”

TSA intends to issue their notice of proposed rulemaking for this rule in July of 2013.

Actual Dates for Rulemaking

The dates that I have been reporting for the intended date that DHS components would act on these rulemakings were provided in the DHS Rule List. There is no statutory requirement about the accuracy of these estimates and, even if there were, DHS is more than notorious for missing congressionally mandated deadlines. The only one of the above listed dates that I would have any sort of confidence in is the one for the TWIC Reader Rule and that is because it has already been submitted to OMB for approval, but even that could be delayed for months in the OMB approval process and there is no guarantee that OMB will approve the submitted NPRM.

OMB Receives CG TWIC Reader Rule

On Friday the Office of Management and Budget announced that it had received the Coast Guards notice of proposed rulemaking (NPRM) for the long awaited TWIC Reader Rule. This rule has been held up for a number of reasons including delays in starting and finishing the TSA TWIC Reader pilot program.

As I noted in an earlier blog I would suspect that it will be sometime after the first of the year when OMB approves this NPRM. Because of the slow pace of the rule making process it is likely that the final rule on this will not go into effect until sometime in 2014.

TWIC Reader Rule Update

Laurie Thomas has an interesting post on her Maritime Security/MTSA News blog about a recent meeting of the TWIC Stakeholder Communications Committee. Laurie notes that:

“The NPRM concerning the use of TWIC readers has been developed and is currently going through high-level approval and review.”

The TWIC Reader rule is still going through the DHS approval process and has yet to be sent to the Office of Management and Budget for its review. The OMB approval process can be quite lengthy (most rules, about 75%, take at least 90 days to receive OMB approval).

Midnight Rule Making

There is another factor that could slow the approval process even further; the midnight rule controversy. At the end of a presidential administration there is a tendency to try to complete work on rulemaking processes so that the outgoing administration can put their final stamp on the regulatory process. When there is any controversy surrounding the potential rules the opposition cries foul, maintaining that the new administration should be the one to have approval of the regulatory action as they will be the ones tasked with enforcing the rules.

The Clinton and Bush administrations were both accused of using the midnight rule making process to further their agenda, but both actually put internal rules in place to minimize the amount of rulemaking that was completed in the last months of their administrations. Now the Obama administration may or may not be around for an additional four years (the election is still way to close to call) so it wouldn’t be fair for us to expect a formal announcement of avoiding midnight rule making, but it appears that an unofficial policy may be in place.

OMB Rule Submissions

The table below shows the rules that the Administration has officially submitted to OMB during 2012; all data current as of yesterday according to the Office of Information and Regulatory Affairs (OIRA) web site. The ‘Completed’ columns show the number of rules submitted during that month upon which OMB has completed their action. The ‘Incomplete’ column shows the number of rules submitted during that month that still have actions pending.

	Completed	Incomplete	Submitted
Jan	45	14	59
Feb	38	8	46
Mar	44	12	56
Apr	28	9	37
May	25	19	44
Jun	15	11	26
Jul	17	10	27
Aug	10	17	27
Sep	3	9	12

 

Looking at this data it appears that the Obama Administration has taken unofficial steps to reduce the potential appearance of midnight regulating in the event that the President is not re-elected in November. If he is re-elected I would bet that there is a surge of rules submitted to OMB and a similar increase in the rate of approval of regulations by that agency (for example there are 28 EPA rules currently under review at OMB).

TWIC Reader Rule

Given the above information, I would not be surprised to see the TWIC Reader Rule still pending approval come year end. If Obama is not re-elected in November I would suspect that the rule would not go to the OMB before January 21^st, 2013. If he is re-elected the rule would be expected to go to OMB in November and not be approved until after the first of the year.

TWIC Renewal Exemption

As most people in the business are aware from a number of sources (blog or blog or Congress),  on Friday and over the weekend, the folks at DHS have established a one-time renewal policy to get current TWIC holders a relatively easy extension of their Transportation Workers Identification Credential (TWIC) to hold them over through the publication of a TWIC Reader rule. Yesterday the Transportation Security Administration published an exemption to certain TWIC related rules in the Federal Register (77 FR  36406 -36408). This notice provides the official details about what everyone has been talking about.

The Exemption

The TSA describes the basis for the exemption this way:

“This exemption will contribute to providing safe and efficient transportation while ensuring the efficient use and conservation of the resources of the United States. Due to the fact that [TWIC] readers are not yet required by regulation or in widespread use, we believe the burden associated with the full renewal requirements is not currently justified. The exemption permits eligible individuals to pay lower fees, reduce trips to an enrollment center, and avoid providing new biometric and biographic enrollment information when they request the card.”

Individuals may qualify for this exemption if they are US national (“includes U.S. citizens and noncitizen nationals of the United States”) and hold a valid TWIC that will expire on or before December 31^st, 2014. Qualified individuals have the option of requesting a three-year renewal of their TWIC as long as they currently meet all other requirements for holding a TWIC. Individuals may request a three-year extension by telephone and only make one trip to the enrollment center to activate the new TWIC. The three-year extension will not require a full fee; the requesting individual will only have to pay the typical $60 cost for replacing a lost or damaged card.

The Politics

Two years ago the Coast Guard was supposed to have published a final rule covering the use of TWIC Readers. Because of delays in conducting the required field trials, complications in getting OMB approval, and probably other un-enumerated reasons, the NPRM for this rule is expected sometime later this year and it is unlikely that a final rule will become effective by the time the initial issue of TWICs expires.

Congress has been trying, ineffectively, to get the TWIC Reader rule implemented since without the ability to biometrically verify the identity of the holder the TWIC is just another photo ID. A number of pieces of legislation currently under consideration have provisions that would require the Secretary to come up with some sort of plan to extend the current TWIC registration until the TWIC Reader rule becomes effective. Unfortunately, it is unlikely that any of those bills will actually have a chance to become law before the election this fall.

This is actually a pretty innovative move by TSA. In a relatively simple document this answers most of the concerns being mentioned in Congress about the TWIC. It limits the cost by not performing another STA on existing TWIC holders as would be required for a normal renewal. It only requires single trip to the enrollment center by allowing a telephone call to initiate the renewal process while still requiring a personal appearance to activate the card. The only concern not specifically addressed is setting the expiration of the card to the expiration of legal residency documents for non-citizens.

It will be interesting to see if this exemption provides and political incentive to proceed on any of the pending TWIC related bills.

HR 4251 Reported in House – Port Security

Early this week the House Homeland Security Committee filed their report on HR 4251, the SMART Port Security Act. Since the Committee publishes the full text of amendments they consider we don’t have any surprises in the language of the bill in the report. So that means the only reason to review the Report is to see the explanations that the Committee provides for the provisions of the bill; this helps explain congressional intent.

Maritime Security Redundancies

In my initial blog post on this bill I noted that the provision in §104 for a GAO review of DHS port security program to identify overlapping provisions might identify such an overlap between the MTSA and CFATS programs in port areas. The explanation of this provision (pg 19) does not specifically mention CFATS. That doesn’t mean that the GAO report won’t address the issue.

TWIC Provisions

There are four TWIC provisions in this bill. They are:

Sec 205: Transportation Worker Identification Credential Process Reform;

Sec 206: Expiration of Certain Transportation Worker Identification Credentials;

Sec 207: Securing the Transportation Worker Identification Credential Against Use by Unauthorized Aliens; and

Sec 208: Report on Federal Transportation Security Credentialing Programs.

The Committee takes a very narrow view of the TWIC process, focusing on the ‘burden’ on the workers (and this is a Republican Congress). They note (pg 23):

“The Committee believes that the current requirement to visit a TWIC enrollment center multiple times is an onerous, unnecessary, burden for workers in the maritime industry, such as merchant vessel operators and truck drivers, who rely on obtaining the credential for employment.”

They ignore the security aspects of what is, at base, a security document. A year ago the Government Accounting Office looked at the security implications of mailing the TWIC card instead of having applicants come in and activate the card at a TWIC issuing center. They concluded that this could compromise the integrity of the TWIC system. Security is frequently inconvenient; politicians need to learn this before it is too late.

The provisions of §206 would extend all current TWIC expirations until the final TWIC Reader rule is published. The idea being that the TWIC isn’t really a TWIC until the biometric features available only through TWIC Readers come into full use. Congress tried mandating a date for the publication of the TWIC Reader rule, but DHS has diligently ignored that requirement. Now this section is designed to “provide the Department motivation to issue the rule at the earliest possible date” (pg 23); kind of sad actually.

Section 207 would require proof of US citizenship or legal residency at the time of application or renewal of TWIC. It would also require the expiration of TWICs issued to legal residents to expire no later than the expiration of their residency documents. The Committee is trying to “ensure all TWIC holders are authorized to work and are lawfully present in the U.S.” (pg 23).

The final TWIC section deals with harmonizing the background checks (known as ‘security threat assessments’ or STAs) for are a number of identification documents that issued by DHS. Each document has a slightly different STA requirement set by regulation. TSA has a regulation in the works that is supposed to address this issue (RIN 1652-AA61; Standardized Vetting, Adjudication, and Redress Services), but it has been in the works for a while. The Committee Report notes that:

“The Committee believes the Department should issue the Universal Rule as soon as possible, in order to reduce the unnecessary cost and duplicative regulatory burden on transportation workers.” (pg 24)

Way Forward

This bill was passed with broad bipartisan support in the Homeland Security Committee. This is a bill that has a decent chance of making it to the floor of the House before the Summer Recess, but making it through the Senate is more problematic because of the approaching election. It wouldn’t face any real opposition, but it isn’t ‘important’ enough to make it through the election year wrangling.

Reader Comment – Corrected Information on TWIC Reader Rule

Late yesterday afternoon John C.W. Bennett provided some corrective information to a blog posting that I had made last week. I had noted that the OMB reported having received the TWIC Reader NPRM for review. John informs us that a presenter at yesterday’s National Maritime Security Advisory Committee (NMSAC) reported that the OMB is actually reviewing is “a policy document providing interim guidance for voluntary use of TWIC readers in advance of the Final Rule”.

John also noted that the briefer explained that the interim document “could be on the streets in four months” (Note: John’s blog explains that that includes a 30-day OMB review and a public comment period). That makes more sense in light of the reported November time frame for the NPRM submission listed in the Unified Regulatory Agenda published last month. It’s unfortunate that MTSA facilities will have to rely on this interim guidance for TWIC Reader deployment information, but that would certainly be better than waiting blindly for at least two years for a final rule to become effective.

John also points us at his blog posting providing more details about yesterday’s NMSAC meeting.