The Transportation Worker Identification Credential program, also known as TWIC, continues to be faced with ongoing difficulties, according to a recent report from the Government Accountability Office (GAO).
TWIC is a biometric-based ID to be used by port workers to ensure that individuals who pose a security threat do not gain access to U.S. ports. Mandated by Congress in the 2002 Maritime Transportation Security Act in the months following 9/11, TWIC was designed to check backgrounds of as many as 725,000 airport workers, truck drivers, merchant seafarers and others needing unescorted access to transportation facilities like ships, ports, and runways.
In a May report, GAO said that its review of a pilot test focused on assessing the technology and operational impact of TWIC with card readers revealed that “the test’s results were incomplete, inaccurate, and unreliable for informing Congress and for developing a regulation (rule) about the readers,” adding that “[c]hallenges related to pilot planning, data collection, and reporting affected the completeness, accuracy, and reliability of the results.”
In its assessment, GAO explained that these issues call into question the TWIC program’s premise and effectiveness in enhancing security. What’s more, it explained that the United States Department of Homeland Security failed to correct TWIC shortfalls identified by GAO in November 2009. One of GAO’s main recommendations was for DHS, the Transportation Security Administration, and the U.S. Coast Guard to develop an evaluation plan to guide the remainder of the pilot and identify how it would compensate for areas where the TWIC reader pilot would not provide the information needed, adding that DHS agreed and took initial steps but did not develop an evaluation plan.
And the GAO report also cited TSA officials as saying challenges like readers being incapable of recording needed data prevented TSA from collecting complete and consistent pilot data, leading to TSA not being able to collect complete or consistent pilot data and subsequently not be able to determine if operational problems at the pilot sites were due to TWIC cards, readers, or users.
This GAO report is the latest in a line of bad news for TWIC.
In late December, the Department of Defense said in a Federal Register notice that it “does not meet DOD security standards and cannot be used as of January 29, 2013.”
But since that time it has run into myriad obstacles, including the cost of obtaining a TWIC card, which is $132.50, as well as the potential for TWIC to increase the costs of doing business for shippers and carriers alike. Another challenge TWIC has experienced over the years is making sure the card conforms to federal guidelines for secure identification cards and the testing of the card to make sure that it works with other Homeland Security Department screening programs.
TSA began issuing TWIC cards in October 2007. The TWIC program is expected to cover approximately 1.2 million port workers who require unescorted access to ports, ships, and offshore platforms that are currently regulated by the Maritime Transportation Act of 2002.
The DOD Federal Register notice said that the DOD PKI (Public Key Infrastructure) office has determined that the TWIC PKI certificate cannot be used to authenticate users for access to DOD systems, adding that the DOD PKI office has not established a “trust” relationship with Homeland Security/TSA.
Effective January 29, 2013, DOD said in the notice that TWIC certificates cannot be accepted by ETA (Electronic Transportation Acquisition) to access the SDCC (Strategic Defense Command Center) applications and USTRANSCOM Defense Personal Property System. And all current TWIC holders accessing an application within ETA will need to purchase and External Certificate Authority prior to January 29, 2013.
This development was unsurprising in the sense that TWIC has been plagued by delays, cost overruns and missteps.
In December 2011, the Department of Homeland Security’s Transportation Security Administration said that the 26,000 issued TWIC cards were missing a digit in its “Federal Agency Smart Credential Number.” TSA already has spent $420 million on TWIC and the government and private sector may spend as much as $3.2 billion on TWIC during the next 10 year. TWIC enrollment costs $132.50 and the cards are good for five years.
In September, Bethann Rooney, member of the American Association of Port Authorities’ (AAPA) Security Committee, chairperson of the AAPA Port Security Caucus, and security manager at the Port Authority of New York & New Jersey, said in testimony on behalf of AAPA before the U.S. House Transportation and Infrastructure Committee’s Subcommittee on Coast Guard and Maritime Transportation that the lack of a final TWIC card reader specification and certification process makes it impossible to identify cards that have been reported as lost, stolen, revoked or suspended, while the lack of an updated threat assessment could compromise the security of port facilities.