TWIC takes a step forward

The long-delayed Transportation Workers Identification Credential program began enrollments this month at one port and will add 11 more ports in November, a Homeland Security Department official testified at a congressional hearing Tuesday. In addition, DHS will test card readers at five other ports, the official said.

Despite those steps TWIC is still failing on several fronts, including underestimating how many workers need the ID cards and dragging its feet on deploying readers for the cards, Rep. Bennie Thompson (D-Miss.), said at a hearing held by the House Homeland Security Committee's subcommittee on border, maritime and global counterterrorism. Thompson chairs the committee.

"The Department began rolling out the TWIC program, which was mandated five years ago, just two weeks ago," Thompson said in a statement. "Already there are glaring problems." At the port of Houston, the department estimated 30,000 workers would need the cards, while actually it is close to 350,000, he said.

"TWIC readers are years away from installation," Thompson added. "Without the readers, a TWIC is merely a flash pass that can be fraudulently duplicated and misused."

Secure identification credentials are a major business opportunity for government contractors in the aftermath of the 2001 terrorist attacks. DHS awarded a $70 million contract to Lockheed Martin Corp. in January to deploy the identification credential for 750,000 transportation workers. With perhaps as many as 10 million scheduled to be eventually enrolled, contractors are watching closely for similar additional opportunities.

The criticism of TWIC came from Republicans as well. Ranking member Rep. Peter King (R-N.Y.) and the GOP staff of the committee issued a report stating that TWIC had met one mandate but had missed two deadlines set in the Security and Accountability For Every Port Act of 2006.

The Transportation Security Administration released its final rule for implementing TWIC on Jan. 1 in accordance with the act; however, TSA did not meet a July 1 deadline for enrolling 10 priority ports in the program and did not meet an April 13 deadline for beginning testing of readers at five ports, the GOP report said.

While DHS "has made significant strides" in implementing the 90 to 100 mandates in the Safe Port Act in the year since its enactment, "we must remember there are still gaps in our port and maritime security systems," the GOP staff report said.

Maurine Fanguy, program director for TWIC at TSA, testified that substantial progress has been made on TWIC in the last six months, including the completing of tests, creating of enrollment sites, establishing reader specifications and enlisting five ports to test the readers.

"The TWIC program is moving towards its objectives while making sound decisions focused on enhancing port security and a reasoned, phased-in program implementation approach," she said.

TWIC has modified its technology to account for recommendations from maritime and industry partners, and has adapted its contracting approach for TWIC to the fact that the program uses evolving information technology standards, Fanguy said. "This requires continual reevaluation of the scope and methods of contracting," she said.

To protect privacy, no paper records will be created at the enrollment stations and all electronic records at the enrollment stations will be deleted after transmission to the TSA, Fanguy said.

The TSA will maintain all the enrollment records, fingerprints and personal information in a database that is protected against unauthorized use by encryption. TSA also will limit access to authorized users and establish segmentation, an approach by which databases are divided into compartments so that if one portion is compromised others are still protected.

The full committee is holding another hearing specifically on TWIC this morning.