Transportation Worker Identification Credential (TWIC): Reader Requirements
Federal Register: March 27, 2009 (Volume 74, Number 58)
Proposed Rules
Page 13360-13370
From the Federal Register Online via GPO Access [wais.access.gpo.gov]
DOCID:fr27mr09-17
Proposed Rules
Federal Register
This section of the FEDERAL REGISTER contains notices to the public of the proposed issuance of rules and regulations. The purpose of these notices is to give interested persons an opportunity to participate in the rule making prior to the adoption of the final rules.
Page 13360
DEPARTMENT OF HOMELAND SECURITY
Coast Guard 33 CFR Parts 101, 104, 105, and 106
Docket No. USCG-2007-28915
RIN 1625-AB21
Transportation Worker Identification Credential (TWIC)--Reader
Requirements
AGENCY: Coast Guard, DHS.
ACTION: Advanced notice of proposed rulemaking.
SUMMARY: This advanced notice of proposed rulemaking discusses the
United States Coast Guard's preliminary thoughts on potential requirements for owners and operators of certain vessels and facilities regulated by the Coast Guard under 33 CFR chapter I, subchapter H, for use of electronic readers designed to work with Transportation Worker
Identification Credentials (TWIC) as an access control measure. It discusses additional potential requirements associated with TWIC readers, such as recordkeeping requirements for those owners or operators required to use an electronic reader, and amendments to security plans previously approved by the Coast Guard to incorporate
TWIC requirements.
This rulemaking action, once final, would enhance the security of ports and vessels by ensuring that only persons who hold valid TWICs are granted unescorted access to secure areas on vessels and port facilities. It would also complete the implementation of the Maritime
Transportation Security Act of 2002 transportation security card requirement, as well as the requirements of the Security and
Accountability for Every Port Act of 2006, for regulations on electronic readers for use with Transportation Worker Identification
Credentials.
DATES: Comments and related material must reach the Docket Management
Facility on or before May 26, 2009.
ADDRESSES: You may submit comments identified by Coast Guard docket number USCG-2007-28915 to the Docket Management Facility at the U.S.
Department of Transportation. Please note the new address. See 72 FR 28092, May 18, 2007. To avoid duplication, please use only one of the following methods:
(1) Online: http://www.regulations.gov.
(2) Mail: Docket Management Facility (M-30), U.S. Department of
Transportation, West Building Ground Floor, Room W12-140, 1200 New
Jersey Avenue, SE., Washington, DC 20590-0001.
(3) Hand delivery: Same as mail address above, between 9 a.m. and 5 p.m., Monday through Friday, except Federal holidays. The telephone number is 202-366-9329.
(4) Fax: 202-493-2251.
(5) For comments containing confidential information, business information or sensitive security information, please mail appropriately marked comments to LCDR Jonathan Maiorine, Commandant
(CG-544) (RM 5222), U.S. Coast Guard, 2100 2nd Street, SW., Washington,
DC 20593.
FOR FURTHER INFORMATION CONTACT: If you have questions on this advanced notice of proposed rulemaking, call LCDR Jonathan Maiorine, Coast
Guard, telephone 1-877-687-2243.
If you have questions on viewing or submitting material to the docket, call Renee V. Wright, Program Manager, Docket Operations, telephone 202-366-9826.
SUPPLEMENTARY INFORMATION:
Table of Acronyms
AHP Analytical Hierarchy Process
ANPRM Advanced Notice of Proposed Rulemaking
ASPs Alternative Security Programs
TWIC Transportation Worker Identification Credential
CDC Certain Dangerous Cargoes
CI/KR Critical Infrastructure/Key Resource
CRL Certificate Revocation List
DHS Department of Homeland Security
DOT Department of Transportation
EOA Early Operational Assessment
FASC-N Federal Agency Smart Credential--Number
FOIA Freedom of Information Act
FR Final Rule
FSP Facility Security Plan
HSI Homeland Security Institute
ITEP Integrated Test and Evaluation Program
ITT Initial Technical Test
MARSEC Maritime Security
MERPAC Merchant Marine Personnel Advisory Committee
MODU Mobile Offshore Drilling Unit
MSRAM Maritime Security Risk Analysis Model
MTSA Maritime Transportation Security Act
NMSAC National Maritime Security Advisory Committee
NPRM Notice of Proposed Rulemaking
OCS Outer Continental Shelf
OMB Office of Management and Budget
OSVs Offshore Supply Vessels
PACS Personnel Access Control System
PIN Personal Identification Number
PIV Personal Identity Verification
RA Regulatory Analysis
RKB Responder Knowledge Base
SSI Sensitive Security Information
ST&E System Test & Evaluation
TEMP Test and Evaluation Master Plan
TSA Transportation Security Administration
TSAC Towing Safety Advisory Committee
TSI Transportation Security Incident
TWIC Transportation Worker Identification Credential
VSP Vessel Security Plan
Table of Contents
-
Public Participation and Request for Comments
-
Submitting Comments
-
Handling Confidential Information, Proprietary Information, and Sensitive Security Information (SSI) Submitted in Public
Comments
-
Viewing Comments and Documents
-
Privacy Act
-
Public Meeting
-
Future Opportunities for Comment
-
-
Summary of ANPRM
-
Background
-
Statutory History
-
Regulatory History
-
-
Discussion of Process
-
Risk-Based Approach to Reader Requirements
-
Maritime Security Risk Analysis Model (MSRAM) and the
Analytic Hierarchy Process (AHP)
-
Requirement Options Considered
-
Reader Requirements
-
Facility and Vessel Risk Groups
-
Recurring Unescorted Access
-
Additional Topics and Requirements
-
-
Advisory Committee Input
-
Discussion of Pilot Programs
-
Regulatory Analyses
-
Public Participation and Request for Comments
We encourage you to participate in this rulemaking by submitting
Page 13361
comments and related materials. All comments received will be posted, without change, to http://www.regulations.gov and will include any personal information you have provided. We have an agreement with the
Department of Transportation (DOT) to use the Docket Management
Facility.
-
Submitting Comments
If you submit a comment, please include your name and address, identify the docket number for this rulemaking (USCG-2007-28915), indicate the specific section of this document to which each comment applies, and give the reason for each comment. You may submit your comments and material by electronic means, mail, fax, or delivery to the Docket Management Facility at the address under ADDRESSES; but please submit your comments and material by only one means. If you submit them by mail or delivery, submit them in an unbound format, no larger than 8\1/2\ by 11 inches, suitable for copying and electronic filing. If you submit them by mail and would like to know that they reached the Facility, please enclose a stamped, self-addressed postcard or envelope. We will consider all comments and material received during the comment period. We may change the proposed rule in view of them.
-
Handling Confidential Information, Proprietary Information and
Sensitive Security Information (SSI) Submitted in Public Comments
Do not submit comments that include trade secrets, confidential commercial or financial information, or sensitive security information
(SSI) \1\ to the public regulatory docket. Please submit such comments separately from other comments on the rulemaking. Comments containing this type of information should be appropriately marked as containing such information and submitted by mail to the Coast Guard point of contact listed in the FOR FURTHER INFORMATION CONTACT section.
\1\ ``Sensitive Security Information'' or ``SSI'' is information obtained or developed in the conduct of security activities, the disclosure of which would constitute an unwarranted invasion of privacy, reveal trade secrets or privileged or confidential information, or be detrimental to the security of transportation.
The protection of SSI is governed by 49 CFR part 1520.
Upon receipt of such comments, the Coast Guard will not place the comments in the public docket and will handle them in accordance with applicable safeguards and restrictions on access. The Coast Guard will hold them in a separate file to which the public does not have access, and place a note in the public docket that Coast Guard has received such materials from the commenter. If the Coast Guard receives a request to examine or copy this information, we will treat it as any other request under the Freedom of Information Act (FOIA) (5 U.S.C. 552).
-
Viewing Comments and Documents
To view comments, as well as documents mentioned in this preamble as being available in the docket, go to http://dms.dot.gov at any time, enter the docket number for this rulemaking (USCG-2007-28915) in the
Search box, and click ``Go >>.'' If you do not have access to the internet, you may view the docket online by visiting the Docket
Management Facility in Room W12-140 on the ground floor of the
Department of Transportation West Building, 1200 New Jersey Avenue,
SE., Washington, DC 20590, between 9 a.m. and 5 p.m., Monday through
Friday, except Federal holidays.
-
Privacy Act
Anyone can search the electronic form of all comments received into any of our dockets by the name of the individual submitting the comment
(or signing the comment, if submitted on behalf of an association, business, labor union, etc.). You may review a Privacy Act, system of records notice regarding our public dockets in the January 17, 2008 issue of the Federal Register (73 FR 3316).
-
Public Meeting
Because the Coast Guard intends to hold additional public meetings
(see Paragraph F ``Future Opportunities for Comment''), we plan to hold only one public meeting in the Washington, DC area at this time. A notice with the specific date and location of the meeting will be published in the Federal Register as soon as this information is known.
In addition, known interested parties will be contacted via mail, e- mail, or telephone. If you wish to be contacted regarding the public meeting, contact LCDR Jonathan Maiorine, listed under FOR FURTHER
INFORMATION CONTACT.
-
Future Opportunities for Comment
The Coast Guard intends to publish a Notice of Proposed Rulemaking
(NPRM) after reviewing the comments on this Advanced Notice of Proposed
Rulemaking (ANPRM), and after receiving data from the TWIC pilot programs (discussed in Section IV ``Discussion of Pilot Programs''). We intend to have an open comment period with sufficient time to allow interested parties to submit comments following publication of an NPRM.
We also intend to hold several public meetings during that comment period, at various locations across the country.
-
-
Summary of ANPRM
This ANPRM presents preliminary thoughts of the Department of
Homeland Security, through the U.S. Coast Guard and the Transportation
Security Administration, on potential requirements for electronic TWIC readers for certain vessels and facilities that are regulated by the
Coast Guard under 33 CFR chapter I, subchapter H, commonly known as
``MTSA-regulated'' vessels and facilities. The purpose of this ANPRM is to open the public dialogue on implementing TWIC reader requirements using a risk-based decision model, as well as to seek input on other requirements that we are considering proposing at the same time as the reader requirements. We are not proposing any specific changes to the
Code of Federal Regulations at this time. Specific changes would be proposed in an NPRM at a future date.
This ANPRM discusses separating individual MTSA-regulated vessels, facilities, and Outer Continental Shelf (OCS) facilities into one of three risk groups. Each risk group would have its own associated electronic TWIC reader requirements.
We are considering that those vessels and facilities in the lowest risk group continue to use TWICs primarily as a visual identity badge only, at all Maritime Security (MARSEC) Levels, and subject to electronic verification during inspections and spot checks, as currently required in the joint Coast Guard and TSA final rule on TWIC, issued on January 25, 2007. 72 FR 3492.
At MARSEC Level 1, those in the middle risk group would perform an electronic read of the TWIC to verify its authenticity and to verify the validity of the card (i.e., ensure that it has not been revoked).
Owners or operators of these vessels and facilities would match the
TWIC-holder's fingerprint to the biometric template stored within the
TWIC (i.e., perform a biometric match) at MARSEC Level 1 on dates chosen randomly within a frequency of at least once a month. They would perform the biometric match at each entry at the higher MARSEC Levels.
Those vessels and facilities falling into the highest risk group would perform the biometric match and verify the authenticity and validity of the card at each entry at all MARSEC Levels.
These requirements are summarized in a table, found in Section IV.
-
``Reader Requirements'' and are subject to change based on public comment and
Page 13362
additional data collection from the TWIC reader testing pilot program
(``pilot program''), which is currently underway as required by the
Safety and Accountability for Every Port Act of 2006 (SAFE Port Act),
Public Law No. 109-347, 120 Stat. 1884, 1889 (Oct. 13, 2006). For example, we may propose, in an NPRM, to require reader usage at a facility or vessel in Risk Group C, or require more frequent reader usage for those facilities and vessels in Risk Group B. We request comments from the public regarding this process and, in particular, the
Risk Group divisions and application of MARSEC Levels to reader requirement frequency.
We are also considering that each risk group have the option of using recurring unescorted access for up to 14 TWIC holders, per vessel or facility, if that provision is included in their amended security plan and approved by the Coast Guard. In order to take advantage of recurring unescorted access, the owner or operator of the vessel or facility would conduct an initial biometric match of the individual against his/her TWIC, either at hiring or upon the effective date of a final rule, whichever occurs later. This biometric match would include a verification of the authenticity and validity of the TWIC. Once this check is done, the TWIC need only be used as a visual identity badge, at a frequency to be approved by the Coast Guard in the amended security plan, so long as the validity of the TWIC is verified periodically, ranging from monthly to daily, depending upon risk group and MARSEC Level. We are specifically seeking comment in this ANPRM as to whether 14 persons is the appropriate number of persons eligible for recurring unescorted access and whether the public believes this process is appropriate for facilitating industry operations while maintaining an appropriate level of port security.
This ANPRM also discusses recordkeeping requirements for those risk groups required to use readers, and for those owners or operators choosing to use recurring unescorted access. It discusses and seeks comment on a requirement for all owners and operators to amend their security plans to incorporate TWIC requirements.
-
-
Background
-
Statutory History
The principal statutory authority for the TWIC program, the
Maritime Transportation Security Act of 2002 (MTSA), Public Law No. 107-295, 116 Stat. 2064 (Nov. 2, 2002), requires the issuance of biometric transportation security cards to Coast Guard credentialed merchant mariners and other workers requiring unescorted access to secure areas of vessels and port facilities. 46 U.S.C. 70105(a)-(f)
(2002). The SAFE Port Act, Public Law No. 109-347, 120 Stat. 1884 (Oct. 13, 2006) supplemented various MTSA credentialing requirements. These additional provisions included establishing a port implementation deadline; requiring implementation of a pilot program to test TWIC readers; and setting a deadline for promulgation of final regulations requiring the deployment of TWIC readers that are consistent with the findings of the pilot program. 46 U.S.C. 70105(g)-(m) (2006).
-
Regulatory History
On May 22, 2006, the Coast Guard and TSA issued a joint notice of proposed rulemaking (TWIC 1 NPRM) entitled ``Transportation Worker
Identification Credential Implementation in the Maritime Sector;
Hazardous Materials Endorsement for a Commercial Driver's License,'' setting forth proposed requirements and processes required by MTSA. 71
FR 29396. The TWIC 1 NPRM proposed amending Coast Guard regulations on vessel and facility security, found in 33 CFR chapter I, subchapter H, to require the use of the TWIC as an access control measure, as well as amendments to TSA regulations on security threat assessment standards.
The TWIC 1 NPRM also proposed requiring the use of TWIC in a biometric access control system and user fees for TWIC issued under this rule.
The joint final rule (TWIC 1 FR), issued January 25, 2007, under the same title, established the biometric credential requirements, amended knowledge requirements, expanded appeal and waiver provisions, and set the user fee for the TWIC. 72 FR 3492. The TWIC 1 FR did not require card readers. A full discussion of the provisions for the TWIC 1 NPRM and TWIC 1 FR can be found in the preambles of those documents, at the
Federal Register cites provided in this paragraph.
After publication of the TWIC 1 FR, the Coast Guard issued a Notice of Availability and requested comments on draft TWIC biometric reader specifications and draft TWIC contactless smart card applications, which were both developed by the National Maritime Security Advisory
Committee (NMSAC). The Coast Guard and TSA reviewed the comments received and issued a Notice on September 20, 2007, announcing the working technical specification selected for use in the TWIC pilot programs and discussing the comments received in response to the Notice of Availability. 72 FR 53784.
On July 13, 2007, the Coast Guard issued a final rule to delay the compliance date for facility owners and operators wishing to redefine their secure areas, to limit application of the TWIC requirement to those portions of their facility directly connected to maritime transportation. 72 FR 38486. This provision was included in the TWIC 1
FR, and the delay in the compliance date was necessary to allow owners and operators to consider Coast Guard guidance, issued as Navigation and Vessel Inspection Circular 03-07 on July 2, 2007.
On September 28, 2007, the Coast Guard and TSA issued another joint
Final Rule to amend provisions of the TWIC 1 FR. 72 FR 55043. This final rule amended the definition of secure areas to address facilities in the Commonwealth of the Northern Mariana Islands; allowed flexibility for additional non-resident aliens to apply for a TWIC; clarified who may obtain a TWIC at a reduced fee; and amended the replacement fee originally announced in TWIC 1 FR.
On May 7, 2008, the Coast Guard and TSA issued a joint final rule to extend the compliance date set forth in the TWIC 1 FR. 73 FR 25562.
Under the new final compliance date, mariners must obtain a TWIC no later than April 15, 2009. That date also marks the final date by which owners and operators of vessels, facilities, and OCS facilities, who have not otherwise been required to implement access control procedures utilizing TWIC on an earlier date, must implement those procedures.
Owners and operators of vessels, facilities, and OCS facilities should note, however, that in accordance with the TWIC 1 FR the Coast Guard has announced rolling COTP Zone compliance dates in the Federal
Register.
-
-
Discussion of Process
-
Risk-Based Approach to Reader Requirements
This ANPRM discusses three levels of requirements, with vessels and facilities ``assigned'' into a particular level based on risk. We used the Maritime Security Risk Analysis Model (discussed in B. ``Maritime
Security Risk Analysis Model (MSRAM) and the Analytic Hierarchy Process
(AHP)'') and other factors to rank facilities and vessels as lower versus higher risk. We are considering proposing that those facilities and vessels with the higher risk be required to fully utilize the security features and achieve the full risk reduction benefit of the
TWIC, whereas facilities and vessels
Page 13363
at the lower risk level should be required to implement only some of the security features. We have presented the resulting matrix of potential requirements in this document. We are seeking comment not only on these requirements, but also on the risk groups themselves and the method we used to reach those groups, which is discussed in the next section.
-
Maritime Security Risk Analysis Model (MSRAM) and the Analytic
Hierarchy Process (AHP)
Three factors were applied to develop a risk-based ranking of all
MTSA-regulated facilities and vessels by type. These factors were: The maximum consequence resulting from a terrorist attack, the criticality to the nation's health, economy and national security, and the utility of TWIC in reducing risk. These factors were applied in an AHP
(discussed later in this section) to develop an overall ranking of vessel and facility types for which TWIC requirements are assigned.\2\
\2\ The ranking from each factor, as well as the overall rankings, are SSI per 49 CFR 1520.5(b)(5) and (b)(12). In accordance with 49 CFR 1520.9, SSI may only be released to covered persons with a need to know the information.
The first factor applied was the maximum potential consequence resulting from the total destruction of the vessel or facility. We developed this factor by using the Coast Guard's MSRAM application.
MSRAM is a terrorism risk analysis tool used to perform risk assessments on critical infrastructure and key resources in the maritime domain given a range of terrorist attack scenarios. The tool's purpose is to capture and rank the security risk facing different types of potential terrorist targets (e.g., waterfront facilities, vessels, bridges and other infrastructure) spanning all Critical Infrastructure/
Key Resource (CI/KR) sectors in our nation's ports and on our waterways. An initial step in the MSRAM process is to calculate the maximum potential consequence of total loss of a target, factoring in injury and loss of life, economic and environmental impact, symbolic effect, and national security impact. MSRAM then assesses risk for a range of scenarios--each involving a combination of target and method of attack--in terms of threat, vulnerability, and consequence. MSRAM also considers the response capability of the owner/operator, local first responders, and Federal agencies to mitigate the consequences of an attack. The Coast Guard in consultation with representatives from
Area Maritime Security Committees throughout the country has compiled this MSRAM risk information from Coast Guard Sectors and Captains of the Port into a database which provides an overall national view of terrorist risk to maritime assets.
We extracted information specific to MTSA regulated vessels and facilities from this database and used it to address the maximum consequence that would occur if the facility or vessel was completely debilitated by a transportation security incident (TSI) resulting from a terrorist attack. These MSRAM consequence scores were averaged across similar types of MTSA regulated vessels and facilities to develop a standard risk score for each type of vessel and facility.
The second factor scored was the criticality of vessel or facility type. The term ``criticality'' describes the impact of the total loss of a vessel or facility beyond the immediate local consequences and addresses regional or national impacts to human health, the economy and national security.
Finally, we scored the utility of TWIC in reducing vulnerability to terrorist attack for each vessel and facility type.
We used the AHP to combine these three factors and developed an overall risk ranking by vessel and facility type. AHP is a technique for decision making which uses a limited number of variables, each of which has a number of different attributes. This enables the combination of subjective and objective input from a group to produce consistent results.
Applying this technique, each of the three factors was weighted based on their importance to the policy decision process, and an analysis was conducted to check the consistency of the evaluation measures. At the end of this process, vessel and facility types with similar scores were combined into ``risk groups'' to determine TWIC verification and validation requirements.
In determining the cut offs between risk groups, risk rankings were graphed to identify any natural breaks that occurred in the data. For vessels, these breaks generally occurred where there was a change in the hazardous nature of the cargo or where the number of passengers carried aboard a vessel increased. The breaks were similar for facilities where these vessels called. These breaks were used in defining risk groups A, B, and C. These groups are spelled out in E.
``Facility and Vessel Risk Groups.''
We then turned to the Homeland Security Institute (HSI) to provide an independent peer review of our analysis.\3\ Specifically, HSI is evaluating the validity of the risk assessment methodology and its appropriateness for the identified TWIC risk issues, the extent to which the conclusions follow from the analysis, and the overall strengths and weaknesses of the risk analysis. The main objective is to review how the MSRAM methodology has been applied to the development of the proposed TWIC reader requirements; the MSRAM methodology itself is not a part of the peer review. HSI's final report is expected this fall, and will be placed on the docket for this rulemaking, where indicated under ADDRESSES, as appropriate.
\3\ The Homeland Security Institute (HSI) is a Studies and
Analysis Federally Funded Research and Development Center established pursuant to section 312 of the Homeland Security Act of 2002 (6 U.S.C. 192). HSI delivers independent and objective analyses and advises in core areas important to its sponsor in support of policy development, decision-making, analysis of alternative approaches, and evaluation of new ideas on issues of significance.
-
Requirement Options Considered
We considered three separate categories of TWIC verification that could, potentially, be checked at each entry: (1) Identity verification, (2) card authentication, and (3) card validity.
(1) Identity verification ensures that the individual presenting the TWIC is the same person to whom the TWIC was issued. In its most reliable form, this is done by matching the biometric template stored in the TWIC to the TWIC-holder's live sample biometric (e.g., a fingerprint). However it can also be done to a less reliable degree by visually comparing the photo on the TWIC to the TWIC-holder or by requiring the TWIC-holder to place their card into a contact smart card reader and then entering his/her 6-digit Personal Identity Number
(PIN), selected by the TWIC-holder at card issuance.
In some instances, a biometric match will not be possible. A small number of TWICs will be issued that contain either poor quality fingerprint templates, mostly due to badly damaged fingers, or no fingerprint minutiae in the case of amputations. In these cases, the reader will display a prompt indicating that this TWIC holder will require exception handling. We expect that the facility or vessel owner or operator will describe the exception process to be used in these cases in their security plan. The exception processes may include visual inspection of the TWIC including visual comparison of the photo printed on the card to the presented; visual comparison of the digital photo stored on the TWIC to the presenter by using a portable
Page 13364
reader with a contact interface and releasing the photo to the reader screen by entering the six-digit PIN; or an alternative process proposed by the owner or operator and approved by the Coast Guard.
Biometrics, other than the fingerprint templates stored in the
Integrated Circuit Chip of the TWIC, may be used to biometrically verify the identity of individuals being granted unescorted access to secure areas of MTSA regulated facilities and vessels provided that a
``chain-of-trust'' is maintained to link the individual, their TWIC, and the alternative biometric. The process for maintaining these links would need to be described in an FSP or VSP, approved by the Coast
Guard. In addition to linking the alternate biometric to the individual and heir TWIC, the process would need to include ascertaining the validity of the individual's TWIC.
Before obtaining an alternate biometric the TWIC holder must first be linked to their credential by matching the holder's fingerprint to the fingerprint template on the TWIC using a reader capable of reading and matching the TWIC biometric. During this process, the validity of the TWIC would also need to be ascertained. If the fingerprint template match is successful and the TWIC is valid the credential would, in most cases, be registered with the personnel access control system (PACS).
While the TWIC holder is present, the alternate biometric would be captured and linked to the TWIC, thus establishing a ``chain-of-trust'' between the individual, their TWIC, and the alternate biometric.
Variations on the usual process of registering the TWIC and alternate biometrics in a PACS, such as storing the alternate biometric on a separately issued card, or storing the alternate biometric on a local reader, may be proposed as part of the FSP or VSP. However, in all cases the linkage between the individual, the TWIC, and the alternate biometric would need to be proven and approved by the Coast Guard.
(2) Card authentication ensures that the card being used is an authentic TWIC, i.e., not a counterfeit. As designed, the primary method of card authentication involves engaging the TWIC with a reader to perform a CHALLENGE/RESPONSE protocol using the Card Authentication
Certificate and the associated card authentication private key resident on the TWIC.\4\ The card can also be visually inspected for various security features that are embedded into the front and back of the card, although this is a less reliable form of card authentication.
\4\ The TWIC reader will read the Card Authentication
Certificate from the TWIC card and then send a challenge to the card requesting the card authentication key be used to sign a random block of data (created and known to the TWIC reader). The TWIC reader will use the public key embedded in the Card Authentication
Certificate to verify the signature of the random data block is valid. If the signature is valid the TWIC reader will trust the TWIC card submitted and will proceed to pulling the Federal Agency Smart
Credential--Number (FASC-N) and other information from the card for further processing. The Card Authentication Certificate contains the
FASC-N and a certificate expiration date harmonized to the TWIC card expiration date. This minimizes the need for the TWIC reader to pull more information from the card (unless required for additional checking).
(3) Card validity involves the determination that a TWIC is still valid, i.e., that it has not expired; been reported as lost, stolen, or damaged; or been revoked for cause by TSA. A TWIC that is invalid is placed on the ``hotlist,'' which is updated daily.\5\ As designed, checking for card validity is accomplished by comparing the expiration date of the TWIC to the current date and additionally comparing the card's internal Federal Agency Smart Card--Number (FASC-N), retrievable from several locations within the TWIC, to the hotlist FASC-Ns that TSA makes available to owners and operators.
\5\ The hotlist is online at: https://twicprogram.tsa.dhs.gov/
TWICWebApp/SDownloadHotlist.do.
An alternative method for checking card validity is to use a
Certificate Revocation List (CRL). The link to the CRL is embedded in the Issuer Signing Certificate present on every card.\6\ Each entry of the CRL is comprised of the certificate number and its date of revocation. Note there are four certificates for every TWIC Card (Card
Authentication Certificate, Digital Signature Certificate, Key
Management Certificate, and Personal Identity Verification (PIV)
Authentication Certificate). The CRL is updated daily. Both of these processes (hotlist or CRL check) require a card/reader interface. A partial card validity check can be accomplished by reviewing the expiration date on the face of the TWIC, but such a check would not capture information relating to cardholders who TSA determines pose a security threat and/or hold revoked TWICs.
\6\ The CRL is located at http://twic-crl.orc.com/CRLs/
TWICCA1.crl.
We anticipate that the Hotlist match (or the CRL match) can be done in one of two ways: Electronically (either in real time or by downloading the Hotlist into the reader or a separate access control system), or by printing out the Hotlist and manually entering it into a separate access control system.
The TWIC 1 NPRM discussed the potential for a process called
``privilege granting,'' in which an owner or operator could contact TSA and register those persons granted unescorted access privileges at the vessel or facility. Owners or operators would provide TSA with the
FASC-Ns for every person who was being considered for unescorted access privileges. TSA would then contact the owner or operator directly if any of those FASC-Ns were placed on the Hotlist. This option requires access to a TWIC reader in order to discern the FASC-Ns associated with the individuals given unescorted access. This capability was tested during TSA's TWIC prototype but is not part of the current TWIC system.
We would like to hear comments on whether such an option would be preferred, and if so, whether owners and operators would be willing to pay a fee for the option of using privilege granting (instead of downloading the Hotlist at regular intervals). If users would be willing to pay a fee, we also request a range of what would be appropriate (e.g., one time fee to use the system, annual fees, or a combination of both, plus limits on what fees owners and operators would be willing to pay).
-
Reader Requirements
When we considered electronic reader requirements for facilities and vessels, we began with a baseline approach that all three categories of TWIC verification--identity verification, card authentication, and card validity--in its most reliable and complete form should be required of all risk groups.
TWIC provides a universally recognized, tamper-resistant credential backed up by a TSA security threat assessment that, when used as an access control tool, reduces the risk of a transportation security incident at vessels and maritime facilities. TWIC is a dual interface smart card which was developed using national and international standards to ensure security, interoperability and performance. The card has physical and logical security features which, when used properly, can provide a secure method of determining, with a high level of assurance, that the TWIC-holder is the same individual to whom the
TWIC was issued, and that they do not present a security threat.
The benefit of using existing industry recognized standards in developing the TWIC is the flexibility of use the card provides. It can be integrated into existing access control systems by using the TWIC as a secure means of
Page 13365
authenticating an individual when first registering an individual into an existing access control system. Alternatively, either the contact or contactless interface can be used with existing smart card readers to authenticate the individual and the credential when making access control decisions, by securely accessing and using the data stored on the TWIC.
A design principle of the TWIC system is to establish and maintain a chain of trust. A chain of trust is a security architecture that ensures that a uniform level of security and integrity is applied to the components or agents where information is stored or passes through.
TWIC accomplishes this by the use of secure communication between components of the TWIC system, identity verification and authentication issuance requirements, and centralized personalization.
The following tables briefly summarize the requirements the Coast
Guard is considering for each risk group. It indicates what would need to occur, at each MARSEC Level, to complete identity verification, card authentication, and a card validity check.
Table of Potential Reader Requirements
MARSEC Level 1
MARSEC Level 2
MARSEC Level 3
Risk Group A, Bulk CDCs, >1,000
IDENTITY VERIFICATION: IDENTITY VERIFICATION: IDENTITY VERIFICATION: passengers
Biometric match of
Biometric match of
Biometric match of fingerprint to
fingerprint to
fingerprint to template stored in
template stored in
template stored in
TWIC at each entry.
TWIC at each entry.
TWIC at each entry.
CARD AUTHENTICATION:
CARD AUTHENTICATION:
CARD AUTHENTICATION:
Electronic
Electronic
Electronic communication to
communication to
communication to achieve a successful
achieve a successful
achieve a successful
CHALLENGE/RESPONSE
CHALLENGE/RESPONSE
CHALLENGE/RESPONSE result at each entry. result at each entry. result at each entry.
CARD VALIDITY CHECK:
CARD VALIDITY CHECK:
CARD VALIDITY CHECK:
Compare FASC-N against Compare FASC-N against Compare FASC-N against
Hotlist at each entry; Hotlist at each entry; Hotlist at each entry; update Hotlist weekly. update Hotlist daily. update Hotlist daily.
Risk Group B, HAZ MAT, Crude Oil, 500- IDENTITY VERIFICATION: IDENTITY VERIFICATION: IDENTITY VERIFICATION: 1,000 passengers.
Random biometric match Biometric match of
Biometric match of of fingerprint to
fingerprint to
fingerprint to template stored in
template stored in
template stored in
TWIC, at least one day TWIC at each entry.
TWIC at each entry. a month; all other times as visual identity badge.
CARD AUTHENTICATION:
CARD AUTHENTICATION:
CARD AUTHENTICATION:
Electronic
Electronic
Electronic communication to
communication to
communication to achieve a successful
achieve a successful
achieve a successful
CHALLENGE/RESPONSE
CHALLENGE/RESPONSE
CHALLENGE/RESPONSE result at each entry. result at each entry. result at each entry.
CARD VALIDITY CHECK:
CARD VALIDITY CHECK:
CARD VALIDITY CHECK:
Compare FASC-N against Compare FASC-N against Compare FASC-N against
Hotlist at each entry; Hotlist at each entry; Hotlist at each entry; update Hotlist weekly. update Hotlist daily. update Hotlist daily.
Risk Group C, Non-HAZ................ IDENTITY VERIFICATION: IDENTITY VERIFICATION: IDENTITY VERIFICATION:
MAT,
-
