Presentations at the recent American Association of Port Authorities (AAPA) Port Operations, Safety and Technology Seminar provided some insight into what was learned during the operational phase of the Transportation Worker Identification Credential (TWIC) Pilot. The Seminar, which obviously covered far more than TWIC specifically and maritime transportation security generally, was held on June 7th in Long Beach, California. I wasn’t there, so the following is based on the PowerPoint® slides that the AAPA has kindly posted on its website.
. The first TWIC-related presentation was by Mr. John Schwartz, the TWIC Program Manager at the Transportation Security Administration (TSA), who was on a panel on “Regulatory Updates Roundtable: Safety and Security.” The Pilot involved 23 volunteer facilities and vessel operations using 156 TWIC readers (100 fixed and 56 portable) and a potential TWIC holder population of about 33,000 (against a total of 1.72 million cards activated). Field testing was completed on May 31st, and TSA’s report to Congress on the Pilot is expected to be delivered “early summer.” Mr. Schwartz’s bottom line was that “[w]hen reader systems are well-planned; properly installed; operated by knowledgeable personnel; and, TWICs are presented by users familiar [with] reader operations, access point throughput is maintained with manageable impact to business operations.” Prior to reaching this conclusion, he identified several Pilot results and challenges:
System design and integration of readers and physical access control systems (PACS) with the organization’s “operational profile” is one key
Standalone fixed systems proved easier to install and operate than ones integrated with other business systems, while handheld readers offered flexibility
Operator and user training was critical to smooth operations
Registering cards in PACS at facilities with many workers or truckers “was time-consuming”
Mr. Schwartz also discussed TWIC card failures, which were first noticed “as cards in service aged.” Use of readers at high-traffic sites during the Pilot “exposed the scope of the problem.” Failures “primarily impact” the ability of cards to be read by contactless readers, but “other failures” involve the chip on the card, delamination of the plastic coating containing the security holographs, and fading. TSA “is developing a plan of action and will follow up with members and stakeholders.” In the meantime, enrollment centers will start providing plastic card holders and “card handling instructions” within 60-days.
Later in the Seminar, there was a panel on “Lessons Learned from TWIC Reader Pilots.” Not all of the panelists accompanied their remarks with PowerPoint® presentations. The two that did were Jill Taylor, Deputy Director of Homeland Security, Port of Los Angeles, and Mike McMullen, Tech Operation Leader, Port of Long Beach. Ms. Taylor’s presentation began with an overview of the three facilities that participated: APL’s container terminal (1.65 million TEUs annually), Nustar Energy’s liquid bulk terminal (600,000 barrel capacity), and the Port’s 18-acre cruise terminal. She categorized her Lessons Learned as Policy, Process, Technology, and Training. Under Policy, specific guidance is needed on handling “TWIC verification scenarios,” as is guidance and “accommodation” for “non-standard entry scenarios,” an example of which is a TWIC holder’s frequent, repetitive entry into the same secure area. Process lessons included: (1) the need for a comprehensive analysis of entry operations, users, and existing infrastructure to determine appropriate TWIC processes and solutions; (2) TWIC program implementation cannot be left solely to the IT department or the FSO, it requires a cross-functional team to deal with the policy, process, people, and technology aspects; (3) mobile readers can provide useful redundancy for fixed readers; (4) TWIC holders’ learning curves have to be considered; and (5) video monitoring of fixed reader points can aid access control. Under technology, there is no “one size fits all” TWIC solution for facilities at seaports. Additionally, “very few robust solutions” integrate fixed and mobile card reading into a single solution platform and using a contact interface may be best for facilities requiring “flexibility or with uncertain concepts of operations.” Lessons Learned under the Training category included: (1) use of different TWIC readers by facilities close to each other can cause confusion on the part of TWIC holders; (2) those verifying TWICs should be trained not only on the technology, but also on the regulations and how to handle exceptions. It’s interesting that there was no mention of TWIC holder training issues here, in light of the recitation of the need for consideration of their learning curve in the Process Lessons Learned.
The Long Beach experience was encapsulated in Mr. McMullen’s presentation. His concerns included: that the Pilot was hardware driven and apparently did not deal with incorporation of TWIC into business processes; high failure rate of cards; PACS reporting capabilities did not dovetail with the test criteria; and registration for access was a problem, particularly at container terminals. He noted that each of the five Pilot participants at his port identified problems with their roll-out plans. Contact and contactless readers had their own unique problems, but results were better with the contact readers. “Better education” on reader use is necessary. His “Recap” of the Long Beach experience in the Pilot noted that the technology was tested, but the Pilot’s “outcome is still cloudy.” Operators need to use a “business practice approach” in deploying readers and determining access and need guidance on handling rejected cards. Better TWIC cards are needed. Finally, he reported a perception the TWIC program “is going away.”
So my takeaway from these presentations is that it’s going to be more complicated to get the TWIC reader program up and running nationwide than many people may assume. It’s going to take a good deal more than simply buying TWIC readers and plopping them at the entry points. It’s noteworthy that all five of Long Beach’s participating facilities experienced problems with their implementation plans. Specifically, all three speakers referenced, in some form, the need for careful analysis to integrate TWIC processes into business operations. Two discussed the critical nature of training, both for those in charge of the readers and the TWIC holders actually using them. (The idea that users are apparently easily confused when confronted by different machines doesn’t auger well for truckers servicing multiple facilities.) The two port representatives stressed the need for knowing what to do when a reader rejects a card. Additionally, Ms. Taylor provided information on transaction times for various readers. When operating in the biometric mode, all evidently significantly exceed the maximum times the National Maritime Security Advisory Committee (NMSAC) initially thought would be acceptable to industry. Even when not comparing biometrics, most still have transaction times exceeding NMSAC’s standard. Finally, for those keeping score on TWIC Program implementation, one of Mr. Schwartz’s “Backup Slides” provides a variety of reasons why TSA was not responsible for the delays in starting and completing the TWIC Pilot.
NOTE: This post may be copied, distributed, and displayed and derivative works may be based on it, provided it is attributed to Maritime Transportation Security News and Views by John C. W. Bennett, http://mpsint.com.