Smart Card Alliance Comments to U.S. Coast Guard on Proposed TWIC Reader Rulemaking: Limiting the Use of TWIC Smart Cards and Readers Will Put our Maritime Infrastructure at Risk
Princeton Junction, N.J., June 26, 2013–Limiting the use of Transportation Worker Identification Credential (TWIC) smart cards and readers will create significant security vulnerabilities in our maritime infrastructure, the Smart Card Alliance Access Control Council said in comments submitted this week to the U.S. Coast Guard.
The Smart Card Alliance’s comments referred to the Coast Guard’s “Transportation Worker Identification Credential (TWIC) Reader Requirements Notice of Proposed Rulemaking (NPRM).” The rulemaking proposes limiting the use of tamper-resistant, biometrically-enabled TWIC smart cards and readers, and proposes relying on visual inspection of TWIC cards as the primary security protocol for 95 percent of the maritime user population.
Today, over 2.4 million cleared maritime workers have a TWIC card, which was issued in response to the Maritime Transportation Security Act of 2002 (MTSA). When used in conjunction with an electronic reader, the TWIC smart card can establish: that it is a valid card issued by TSA and not a forgery; that the card has not expired; that the card has not been revoked by TSA for cause; and that the person presenting the card is the same person to whom the card was issued.
“The use of TWIC cards in conjunction with TWIC readers can prevent potential terrorists or other adversaries from obtaining unescorted access to secure areas of maritime facilities and vessels,” said Randy Vanderhoof, executive director of the Smart Card Alliance. “We do not believe that visual inspection meets the security objectives intended by Congress in the MTSA and think that a reliance on visual inspection will make it relatively easy to breach the perimeter of a facility or vessel by presenting a fake, stolen or borrowed TWIC card. Therefore, we strongly recommend that the Coast Guard expand the scope of the proposed regulation.”
The Smart Card Alliance Access Control Council made the following recommendations to the U.S. Coast Guard in its comments:
- Expand the scope of the proposed regulation to make the use of TWIC card readers mandatory for a majority of the facilities and vessels currently identified in Risk Group B.
- Require transaction logs when visual inspection is used and when any non-automated exception situation is encountered (such as escorted visitors, recurring unescorted access).
- Conduct a new reader cost analysis using more current information that is representative of today’s TWIC reader products.
- Require maritime operators to download the latest version of the CCL every 12 hours regardless of MARSEC (maritime security) level.
- Correct the statement on Page 17787 of the NPRM: “TWIC readers will not help identify valid cards that were obtained via fraudulent means, e.g., through unreported theft or the use of fraudulent IDs.” TWIC readers can identify cards that were obtained through unreported theft of the TWIC card by performing biometric verification of the cardholder.
- Require the use of readers at large general cargo container terminals in both Risk Groups A and B or re-classify them into Risk Group A.
- Require vessels at sea to update the CCL under certain circumstances for security.
Read the full comments by visiting: /publications-comments-on-twic-reader-requirements.
About the Access Control Council
The Smart Card Alliance Access Control Council is focused on accelerating the widespread acceptance, use, and application of smart card technology for physical and logical access control. The group brings together leading users and technologists from both the public and private sectors in an open forum to work on activities that are important to the access control community and that will help expand smart card technology adoption in this important market.
About the Smart Card Alliance
The Smart Card Alliance is a not-for-profit, multi-industry association working to stimulate the understanding, adoption, use and widespread application of smart card technology.
Through specific projects such as education programs, market research, advocacy, industry relations and open forums, the Alliance keeps its members connected to industry leaders and innovative thought. The Alliance is the single industry voice for smart cards, leading industry discussion on the impact and value of smart cards in the U.S. and Latin America. For more information please visit http://www.securetechalliance.org.