Comments to the House Homeland Security Committee H.R Essential TWIC Assessment Act November 7, 2013

Similar documents
June 13, Sincerely, Tovah LaDier Managing Director I NTERNATIONAL B IOMETRICS & I DENTIFICATION A SSOCIATION

Transportation Worker Identification Credential (TWIC) Program Overview. July 2007

AMERICAN ASSOCIATION OF PORT AUTHORITIES Duke Street Alexandria, VA Phone: (703) Fax: (703)

Transportation Worker Identification Credential (TWIC) SUMMARY: The Coast Guard is issuing a final rule to

TWIC Program FAQs. 1. Does a security plan need to provide a list of employees who have a TWIC?

Marine Transportation Security Act

Transportation Worker Identification Credentials

The Security War. AAPA Security Meeting Jul 18, Jay Grant, Director Port Security Council

AMERICAN ASSOCIATION OF PORT AUTHORITIES Duke Street Alexandria, VA Phone: (703) Fax: (703)

COMDTPUB P16XXX.X NVIC 07-XX

Transportation Worker Identification Credential (TWIC) Program Update

DoD IG Report to Congress on Section 357 of the National Defense Authorization Act for Fiscal Year 2008

December 21, 2004 NATIONAL SECURITY PRESIDENTIAL DIRECTIVE NSPD-41 HOMELAND SECURITY PRESIDENTIAL DIRECTIVE HSPD-13

DEPUTY SECRETARY OF DEFENSE 1010 DEFENSE PENTAGON WASHINGTON, D.C

PERSONNEL SECURITY CLEARANCES

PART A. In order to achieve its objectives, this Code embodies a number of functional requirements. These include, but are not limited to:

Subj: GUIDANCE FOR THE IMPLEMENTATION OF THE TRANSPORTATION WORKER IDENTIFICATION CREDENTIAL (TWIC) PROGRAM IN THE MARITIME SECTOR

U.S. Coast Guard Washington DC

AAPA EXECUTIVE MANAGEMENT SEMINAR. Port Security: A-Z. Napa, California May 8, 2008

USAccess Program Overview & Process Walk -Though

DEPARTMENT OF HOMELAND SECURITY REORGANIZATION PLAN November 25, 2002

July 22, Congressional Committees

The 911 Implementation Act runs 280 pages over nine titles. Following is an outline that explains the most important provisions of each title.

-3- Barrier to Entry/Burden on Mariners

New Maritime Developments Update

49 USC NB: This unofficial compilation of the U.S. Code is current as of Jan. 4, 2012 (see

Department of Homeland Security Office of Inspector General

National Maritime Security Advisory Committee; SUMMARY: The National Maritime Security Advisory Committee

AGENCY: Transportation Security Administration (TSA), Department of Homeland

EXECUTIVE ORDER 12333: UNITED STATES INTELLIGENCE ACTIVITIES

TRAINING AND CONTROL MEASURES FOR DOCKWORKERS, SECURITY GUARDS AND PRIVATE GUARDS

Department of Defense INSTRUCTION

Anchorage Grounds; Galveston Harbor, Bolivar Roads Channel, Galveston, Texas

ADDITIONAL AMENDMENTS RELATING TO TOTAL FORCE MANAGEMENT (SEC. 933)

COMDTPUB P NVIC August 25, 2014

SUBJECT: Directive-Type Memorandum (DTM) Law Enforcement Reporting of Suspicious Activity

TWIC Pilot Test Update Port of Long Beach/Los Angeles

u.s. Department o~. COMDTPUB P NVIC FEBRUARY 2005 NAVIGATION AND VESSEL INSPECTION CIRCULAR NO

Civic Center Building Grant Audit Table of Contents

Checklist of requirements for licensing under Section 31 of the Trade Regulation Code (GewO)

PIPELINE SECURITY INFORMATION CIRCULAR

TITLE II--TRANSPORTATION OF ESPECIALLY HAZARDOUS CARGO

Combating Terrorism at Ports

Notification of the Imposition of Conditions of Entry for. Certain Vessels Arriving to the United States from the Republic

Washington State Patrol

U.S. DEPARTMENT OF HOMELAND SECURITY

Defense Biometric Identification System (DBIDS) Overview

Homeland Security. u.s. Department of Homeland Security Washington, DC April I, 2010

Merchant Marine Personnel Advisory Committee. ACTION: Notice of Federal Advisory Committee Meeting.

6 USC 542. NB: This unofficial compilation of the U.S. Code is current as of Jan. 4, 2012 (see

Federal Funding for Homeland Security. B Border and transportation security Encompasses airline

The American Merchant Marine The Missing Link in Cargo Security

ELEMENTS OF REQUEST FOR MARITIME SECURITY TRAINING COURSE APPROVAL

Processing of Merchant Mariner Credentials for those. Mariners not Requiring a Transportation Worker

a GAO GAO TRANSPORTATION RESEARCH Actions Needed to Improve Coordination and Evaluation of Research

Office of Inspector General

ASX CLEAR (FUTURES) OPERATING RULES Guidance Note 9

ONE ID Alternative Registry Standard. Version: 1.0 Document ID: 1807 Owner: Senior Director, Integrated Solutions & Services

RISK MANAGEMENT BULLETIN

Northern California Area Maritime Security Committee

System of Records Notice (SORN) Checklist

Safeguards and Nuclear Security: Synergies, bridges and differences. Anita Nilsson, Jean-Maurice Crete, Miroslav Gregoric

Strategies For Implementing HSPD - 24

SUBJECT: Directive-Type Memorandum (DTM) , Interim Policy Guidance for DoD Physical Access Control

DOD INVENTORY OF CONTRACTED SERVICES. Actions Needed to Help Ensure Inventory Data Are Complete and Accurate

49 USC NB: This unofficial compilation of the U.S. Code is current as of Jan. 4, 2012 (see

109TH CONGRESS 2d Session " SENATE SAFE PORT ACT. Mr. King of New York, from the committee of conference, submitted the following CONFERENCE REPORT

Navy Biometrics at Sea A Maritime Approach to Detection and Deterrence

Congress required the Secretary of DOT to prescribe regulations to establish a program requiring the certification of railroad train conductors.

PRIVACY INCIDENT RESPONSE, NOTIFICATION, AND REPORTING PROCEDURES FOR PERSONALLY IDENTIFIABLE INFORMATION (PII)

Office of Inspector General

ASX CLEAR OPERATING RULES Guidance Note 9

Employee Statement and Security Guard Application FEE $36

Applicant Information Please type or print. (Read instructions on pages 6-8 before completing this form) 2. Job Title: City: State: ZIP:

Statement of Guidance: Outsourcing Regulated Entities

DALTON PUBLIC SCHOOLS REQUEST FOR PROPOSAL. RFP FY18 Drivers Education RFP

Area Maritime Security Committees

Applicant Information Please type or print. City: State: ZIP:

GAO DOD HEALTH CARE. Actions Needed to Help Ensure Full Compliance and Complete Documentation for Physician Credentialing and Privileging

July 30, July 31, 2012

Security Zones; 2012 RNC Bridge Security Zones, Captain of the Port St. Petersburg Zone, Tampa, FL

PRIVACY IMPACT ASSESSMENT (PIA) For the. RAPIDGate Information System (RAPIDGATE) Department of the Navy - United States Marine Corps (USMC)

Birth Registrar Certification.

Department of Homeland Security Office of Inspector General

Department of Defense DIRECTIVE

Department of Defense DIRECTIVE

Special Report - Senate FY 2013 Department of Homeland Security Appropriations and California Implications - June 2012

Department of Homeland Security Office of Inspector General

May 12, 2016 MEMORANDUM. Certain provisions of FSMA are already in effect, namely: Mandatory recall authority (FSMA 206).

Name: Today s Date: Mailing Address: City, State, Zip Code. address: Alternative Contact Info: In case of accident notify: Relationship:

Applicant Information Please type or print. (Read instructions on pages 6-8 before completing this form) 2. Job Title: City: State: ZIP:

Marine Protection Rules Part 130B Oil Transfer Site Marine Oil Spill Contingency Plans

Domestic Nuclear Detection Office (DNDO)

SBE 23 ILLINOIS ADMINISTRATIVE CODE

United States Coast Guard U.S. Department of Homeland Security

Safety and Security Zones; New York Marine Inspection and Captain of the Port

Coast Guard Deployable Operations Group

DEPARTMENT OF THE NAVY COMMANDER NAVY RESERVE FORCE 1915 FORRESTAL DRIVE NORFOLK, VIRGINIA

EPIC seeks documents concerning the Nationwide Automatic Identification System ("NAIS").

Notice of Rulemaking Hearing Tennessee Department of Health Division of Emergency Medical Services

Transcription:

Comments to the House Homeland Security Committee H.R. 3202 - Essential TWIC Assessment Act November 7, 2013 The International Biometrics & Identification Association (IBIA) welcomes the opportunity to provide comments on H.R. 3202, the Essential Transportation Worker Identification Credential Assessment Act, as offered by Ms. Jackson Lee of Texas before the U.S. House of Representatives Committee on Homeland Security in an Amendment in the Nature of a Substitute. IBIA is a non-profit trade association that promotes the effective and appropriate use of technology to determine identity and enhance security, privacy, productivity, and convenience for individuals, organizations, and governments. IBIA appreciates the Committee s desire to address questions raised by the Government Accountability Office (GAO) in its report dated May, 2013 about the security benefits of the Transportation Worker Identification Credential (TWIC) program. We understand that this bill is primarily intended to provide an independent and objective assessment of the extent to which the TWIC program, as implemented, improves maritime security. As characterized in the GAO report, the Department of Homeland Security (DHS) takes the position that the lack of a common credential could leave facilities open to a security breach with falsified credentials. On the other hand, GAO states that this assumption has not been validated and DHS has not demonstrated how, if at all, TWIC will improve maritime security. Like the Committee, IBIA is frustrated that the TWIC program has been so long to be fully implemented. IBIA also supports the Committee s efforts to undertake an independent and objective assessment. However, as discussed in detail below, IBIA is greatly concerned that, any assessment undertaken pursuant to H.R. 3202 as drafted, would be inherently biased against TWIC. The following are specific comments related to items included in sub-sections of the bill under Section 2(b) that describe the contents of a comprehensive assessment: Section 2(b)(1) - an evaluation of the extent to which the program, as implemented, addresses known or likely security risks in the maritime environment Comments: IBIA does not believe that it is possible to evaluate the security effectiveness of the TWIC program as it is currently implemented. The key security element of the TWIC program the use of biometric readers to validate the card and verify the card holder s I NTERNATIONAL B IOMETRICS & I DENTIFICATION A SSOCIATION 919 18 TH S TREET, NW S UITE 901 W ASHINGTON, DC 20006 USA T EL 202.587.4855 F AX 202.587.4888 WWW. IBIA. ORG

identity is not currently required by regulation. Therefore, the program s security benefits cannot be uniformly assessed. To illustrate, at the highest risk maritime facilities and vessels, there is currently no adequate method of protecting against a security breach resulting from the unauthorized use of stolen, lost, borrowed or forged TWIC cards. While the TWIC card contains certain physical security features that can be visually verified to provide some protection against forgeries, it is possible for a determined individual with criminal or terrorist intent to obtain a high-quality forgery of a TWIC card that would pass visual inspection. Also, there is no way for security personnel to visually detect if the TWIC card has been revoked by TSA as a result of the card being reported lost or stolen or if the card holder has been designated by TSA as ineligible to continue holding a TWIC card. Further, visually comparing the photo on the card to the person presenting the card, as a means of confirming identity, is subject to human error and/or human fatigue. For these reasons, the U.S. government has determined that visual inspection of government-issued credentials offer little or confidence in the identity of the holder 1. As currently implemented, the TWIC program with no mandatory use of electronic readers at high-risk facilities and vessels is vulnerable to security threats resulting from the unauthorized use of stolen, lost, borrowed or forged TWIC cards. Recommendations: Change the language to read as follows: An evaluation of the extent to which the program addresses known or likely security risks in the maritime environment based on the deployment of electronic readers. Section 2(b)(2) - an evaluation of the extent to which internal control deficiencies identified by the Comptroller General have been addressed Comments: IBIA has no objection or suggested changes to the above provision. Section 2(b)(3) - a cost-benefit analysis of the program, as implemented, and consideration of the use of alternate biometric technologies that provide the same or greater security effectiveness, including 1 See Section 6.3.1 Table 6-2 Physical Access Federal Information Processing Standard 201-2 (FIPS 201-2) - Personal Identity Verification of Federal Employees and Contractors which states that the visual (VIS) authentication mechanism provides an assurance level of little or no confidence. See http://nvlpubs.nist.gov/nistpubs/fips/nist.fips.201-2.pdf. C OMMENTS T O THE H OUSE H OMELAND S ECURITY C OMMITTEE H.R. 3202 P AGE 2 OF 5

(A) technologies and programs, including the biometric entry and exit system required by section 7208 of the Intelligence Reform and Terrorism Prevention Act of 2004 (Public Law 108-458; 8 U.S.C. 1365b); (B) technologies and programs in use at United States port facilities and vessels, particularly for purposes of access control to critical infrastructure; (C) international technologies and programs that are in use, including for purposes of access control to critical infrastructure; and (D) new and emerging technologies. Comments: There are two unrelated topics in Section 2(b)(3) which are addressed separately. This comment relates to the cost-benefit analysis. IBIA believes that it is not possible to conduct a meaningful cost-benefit analysis for the TWIC program as implemented. Since TWIC is currently implemented without readers, the security benefits cannot be assessed. Rather than a ranking of cost benefits against other credentialing programs and approaches, a more useful approach could be a comparison of the benefits of TWIC, as it was intended to be implemented, with other existing credentialing programs. IBIA believes that the TWIC program, when properly implemented with electronic readers, can provide the security benefits the program is designed to provide and would welcome a constructive evaluation of alternative credentialing approaches. Recommendation: As drafted, IBIA cannot support the provision in Section 2(b)(3) because electronic readers the key security element of TWIC have not been implemented and the results would inherently be biased against the TWIC program. However, if the language is modified to require a cost/benefit assessment of the TWIC program as it was intended to be implemented with electronic readers, IBIA could support the Committee s assessment. Comments: Regarding the second part of Section 2(b)(3), as written, it can be interpreted to mean that there would be an evaluation of the security effectiveness of one biometric technology vs. another (e.g., fingerprint compared with iris recognition). If this interpretation is correct, IBIA does not believe that it is necessary to evaluate alternate biometric technologies. This is because the TWIC program already provides the flexibility for maritime operators to implement alternative biometric technologies in conjunction with the TWIC card as long as a chain of trust is maintained through appropriate one-time registration into the maritime operator s access control system using the federal standard fingerprint biometrics. For example, The Georgia Ports Authority uses hand-vein recognition biometric readers for access to their facilities and this use of alternate biometric technology is consistent with the C OMMENTS T O THE H OUSE H OMELAND S ECURITY C OMMITTEE H.R. 3202 P AGE 3 OF 5

Coast Guard s proposed regulations for TWIC readers. Based on the above, IBIA does not believe that an evaluation of alternative biometric technologies is needed. Recommendations: IBIA recommends in Section 2(b)(3), delete the following: and consideration of the use of alternate biometric technologies that provide the same or greater security effectiveness, including (A) technologies and programs, including the biometric entry and exit system required by section 7208 of the Intelligence Reform and Terrorism Prevention Act of 2004 (Public Law 108-458; 8 U.S.C. 1365b); (B) technologies and programs in use at United States port facilities and vessels, particularly for purposes of access control to critical infrastructure; (C) international technologies and programs that are in use, including for purposes of access control to critical infrastructure; and (D) new and emerging technologies. The following are specific comments related to items included in Section 2(e) of the bill related to the Reader Rule: Section 2(e) - TRANSPORTATION SECURITY CARD READER RULE. The Secretary of Homeland Security may not issue a final rule requiring the use of transportation security card readers until (1) the Comptroller General informs the Committees on Homeland Security of the House of Representatives and Commerce, Science and Transportation that the submission under subsection (a) is responsive to the recommendations of the Comptroller General; and (2) the Secretary issues an updated list of transportation security card readers that are compatible with active transportation security cards. Comments: At the highest-risk maritime facilities and vessels, the implementation of electronic card readers is essential to addressing an existing vulnerability related to a security breach resulting from the unauthorized use of stolen, lost, borrowed or forged TWIC cards. The security industry has long recognized that, for high-risk facilities, it is best security practice to control access with electronic readers that can quickly, consistently and efficiently validate card authenticity, check expiration dates, check for card revocation and confirm card holder identity. Delaying implementation of the TWIC reader rule would only perpetuate this security vulnerability. For this reason, IBIA believes that the proposed assessment should not further delay the deployment of electronic TWIC card readers at the highest risk maritime facilities and vessels. Recommendations: Delete Section 2(e) in its entirety. C OMMENTS T O THE H OUSE H OMELAND S ECURITY C OMMITTEE H.R. 3202 P AGE 4 OF 5

Further, IBIA hopes that the Committee supports our efforts to encourage the Coast Guard to expand the requirement for mandatory use of TWIC readers to include a larger number of general cargo container terminals and petroleum facilities than currently identified in its TWIC Reader Requirements Notice of Proposed Rulemaking (NPRM). In our formal comments on the NPRM, IBIA noted that the Coast Guard s economic analysis has several issues that overstate the cost of TWIC reader deployment or understate its economic benefits. For example, we believe that the Maritime Security Risk Assessment Model (MSRAM) used by the Coast Guard is severely flawed since it did not consider the secondary economic cost impact that would result from the extended disruption of a large container terminal or petroleum facility as a result of a terrorist security incident. The result is the NPRM limits the mandatory use of readers to only 5% of TWIC holders. IBIA hopes that Congress will also address this issue. IBIA looks forward to working with Congress to ensure an effective and fully implemented TWIC program that enhances security and reduces security risks for maritime facilities and vessels regulated pursuant to section 102 of Public Law 107-295, as originally envisioned by Congress. C OMMENTS T O THE H OUSE H OMELAND S ECURITY C OMMITTEE H.R. 3202 P AGE 5 OF 5

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback