Here are some thoughts I would like to share in the wake of the spreading rumors that the Office of Management and Budget has killed the update of Subchapter H, commonly called MTSA 2.

The U. S. Coast Guard does not promulgate regulations just to give headquarters personnel something to occupy their time.  This update to vital maritime security regulations fulfilled several important roles, including incorporating best practices and lessons learned since 2004, clarifying sections in the regulations that over the years have proved to need that clarification, and giving more guidance on resource-intensive activities such as screening and training.

Some of these roles that would have been filled by the new regulations will have to be filled by some other method. I submit that that Coast Guard will probably use the medium of Policy Advisory Council documents, or PAC’s. 

Persons who generally rejoice when any new proposed regulations die need to take a closer look at this situation. The MTSA Policy Advisory Council is made up of senior Coast Guard officials.  My default position is to assume that all PAC’s are well-researched and have the support of field personnel; at least that was my position until PAC 02-11 came out.  This PAC showed us that flawed documents can be issued by this group.

Another concern is the fact that there is no mechanism in place for input or appeal of a PAC, outside of the appeal mechanism contained in 33 CFR 101.420.  Input/comment by affected stakeholders is an important part of the regulatory process, it’s built into the process. PAC’s are fiats. The names of the “senior Coast Guard officials” who make up this Council are not even readily available, and that makes me nervous.

On May 22, 2012, the Senate Committee on Appropriations issued Report Number 112-169.  This is the report accompanying Senate Bill 3216, the FY2013 appropriations bill for the Department of Homeland Security.  Among many other provisions, the Report states on p.16:

PORT SECURITY TRAINING PROGRAM
The Committee is concerned that the Department has not yet implemented section 821 of the Coast Guard Authorization Act of 2010 (Public Law 111–281) to enhance and upgrade Federal waterfront facility security officer [FSO] training and lead to the Federal certification of FSOs. Implementation will help harmonize security training at marine terminals. The Committee directs DHS and the Coast Guard to move forward with all deliberate speed to issue these new national training requirements.

Resolution of Lost/Stolen/Damaged Card Fee Issue

The process and fee for a card that has been lost/stolen and is not paid for within 24 hours of the time the report is made is now posted on the TSA TWIC FAQ website. This information was originally posted in February 2012 and has recently been bolded and underlined. (See below.) Some of us who are familiar with the TWIC program were fairly certain that we had not seen this information on the website. There are still several places in which it is stated that the fee for lost/stolen cards is $60.
The feel will be $60 unless a TWIC holder finds himself in the predicament in which he must make the report of the missing card and cannot at that time pay for the replacement card and won't be able to pay for the replacement card within 24 hours. An example of this would be if you are in a foreign country and your wallet is stolen. Off go all your cards: credit, driver's license, TWIC. You're on the other side of the world from an enrollment center. You can't walk into one within 24 hours with a money order for $60 to pay for a replacement card. If you are a conscientious individual and report the TWIC immediately and then pay for it a week later when you get back to the U. S., you will be charged the full $129.75 and undergo the full enrollment process. If you wait til you get home and you can visit the enrollment center with the money order, or wait til you get your replacement credit cards to make the report over the phone, credit card in hand to pay for the replacement card, the fee will be $60.
Remember, we are talking here about a person who has purchased their own TWIC, like an independent trucker. If I work for a company that bought my TWIC, I can get credit card info over the phone to use to pay for the replacement card. Basically this policy applies to someone who finds himself with a lost/stolen/damaged TWIC and either does not want or is unable to have access to a credit card or physical access to an enrollment center within 24 hours of making the report to TSA about the lost/stolen/damaged card. I'm not sure this is a large universe of people.
There are several issues that arose from my continued ranting about this lost/stolen/damaged fee. First of all, I want to report that I received excellent and prompt response from both TSA and the Coast Guard to my questions. Second, I think we all need to be concerned about accuracy of details on the TSA TWIC website. It would help if TSA dates all changes and notifies the community about updates to the website. It would also be helpful if TSA would maintain a best practice/lessons learned page. (I maintain a TWIC Best Practices Community on the restricted side of Homeport but it is underutilized, to put it kindly.)



Replacement Card Process

• How can I request a replacement card?
• We can process lost/stolen or damaged cards with a Visa® or Master Card® credit card over the phone via the TWIC Help Desk at 1-866-DHS-TWIC ( 1-866-347-8942 ). Lost/stolen/damaged replacement cards are $60.00. If you report your card lost/stolen or damaged to the Help Desk, they will initiate the replacement and email you a payment receipt with the payment confirmation number immediately upon confirmation. If you do not have access to email, it is recommended that you still go to your nearest enrollment center to report your card lost/stolen and purchase your replacement TWIC in order to secure your receipt. Whether you visit an enrollment center or contact the TWIC Help Desk, please ensure that you are given a receipt for payment (in person or via email) as well as a ticket number, which is a record of your transaction.
  Note: An individual requesting a replacement card must request the replacement during the initial call to report the card lost or stolen OR must request the replacement card in-person at any enrollment center the same day. An individual who requests a replacement card at any time after the initial report of a lost/stolen card must repeat the enrollment process and pay $129.75 for the new card.

Major Change in Policy, Lost/Stolen/Damaged TWIC's

Yesterday I contacted the TSA TWIC HelpDesk and asked the responding person directly what the fee was if a person reported a lost/stolen/damaged TWIC. I was informed that the fee was $60 if the person reported within 24 hours, $129.75 if the person reported after 24 hours. I was further advised that TSA is in the process of upgrading its website to reflect this change.

Possible Major Change in Policy, Lost/Stolen/Inoperable TWIC's

We were advised by security personnel in the New Orleans area that persons who reported lost/ stolen/inoperable TWICs and who waited more than 24 hours to make the report were charged the full $129.75 enrollment fee, not the $60.00 as posted on the TSA TWIC website. This report was given to us by a very reputable source. We are attempting to get a written confirmation on this via the Helpdesk but as many readers will be able to confirm, the Helpdesk is largely inoperable itself as the new contract process gears up.

HME/TWIC Comparable Security Threat Assessments

Recently posted on the TSA TWIC FAQ site (02/27/12):

HME/TWIC COMPARABLE SECURITY THREAT ASSESSMENTS

• Are the background checks for an HME the same as the background checks conducted for individuals applying for a TWIC STA?
• Yes. They have the same eligibility requirements, share a consistent waiver and appeal process, and leverage the same fingerprint-based criminal history records check. As a result, the HME and TWIC STAs have been deemed comparable.

• Do applicants with HMEs have to repeat the STA if they are applying for TWICs?
• No. Applicants who apply for a TWIC do not have to pay the full price for the TWIC STA if they apply successful clearance results from their most recent HME STA, and as a result, the fee for the TWIC is reduced by $27.25. All TWIC applicants must pay the fees that cover the other components of the TWIC program, including enrollment and card issuance. Applicants are always offered the option to apply for a full-fee TWIC STA if they determine it is more cost- and time-effective to do so.

• Do applicants with TWICs have to repeat the STA if they are applying for HME STAs?

• Effective Monday, February 27, 2012, applicants who apply for an HME STA do not have to pay the full price for an HME STA if they apply successful clearance results from their most recent TWIC STA and they obtain an HME in a State that can offer comparability. Applicants must fill out the HME STA application online or over the phone (depending on existing application procedures within the State in which the individual is applying) and confirm the TWIC STA is valid and there is at least one year remaining prior to the TWIC expiration date. Applicants are always offered the option to apply for a full-fee HME STA if they determine it is more cost- and time-effective to do so.

• If applicants already have TWICs and qualify for comparable HME STAs, what is the application fee?
• Overall, the application fee is reduced by $22.25. The programmatic portion of the threat assessment fee is reduced by $5, because this is the historical cost of the portion of the threat assessment that is satisfied by previously conducted TSA vetting services. In addition, the $17.25 FBI fee is not required because the applicant is not submitting fingerprints for a criminal check.
• For individuals licensed in the 38 States and the District of Columbia that use the TSA-contracted agent for this program, the HME STA application fee is $89.25 (this fee covers the TSA threat assessment only and your State may charge additional fees for the HME application process, including testing and license issuance). If applicants already have TWICs and qualify for comparable HME STAs, the application fee is reduced by $22.25 to $67.00.
• As of February 27, 2012, the only States offering comparability to their drivers are part of the group of States serviced by the TSA-contracted agent. As States not serviced by the TSA-contracted agent begin to offer comparability at a future date, the HME STA fee will be reduced by $22.25 (not including any additional fees charged by those States for the HME application process).
• All HME STA applicants must pay the fees that cover the other components of the HME Threat Assessment Program (HTAP), including application fees and any other fees charged by their respective States for license testing and issuance.
• Note: Individuals should consider the expiration date of their current TWIC in order to determine if it is more cost- and time-effective to apply for a full or a comparable/reduced fee HME STA.

• Since HME requirements are specific to the individual States, are all 50 States and the District of Columbia offering individuals who hold TWICs a reduced fee when applying for an HME STA? No. Due to specific State statutes, license cycles, and system limitations, not all States will be able to offer a reduced fee for the HME STA to their HME applicants as of February 27, 2012. Applicants in a State that can offer comparability will be provided notice during the application process, and the application itself will offer individuals the option to pay a reduced fee by electing to use a comparable TWIC STA. As of February 27, 2012, the following 12 jurisdictions (including the District of Columbia) can support comparability:

1. Arizona	7. Nebraska
2. California	8. North Carolina
3. Delaware	9. Oregon
4. District of Columbia	10. South Dakota
5. Hawaii	11. Utah
6. Missouri	12. West Virginia

• If TWIC holders choose to use comparable HME STAs, when will their HMEs expire?
• The HME will be issued with the same expiration date as the individual’s TWIC. Therefore, individuals should consider the expiration date of their current TWIC to determine if it is cost- and time-effective to apply for a comparable HME STA.

• How do TWIC holders who are applying for HME STAs know if the State where they are applying for the HME STA offers comparability?

• Please see the listing of States above. Applicants can ask States about comparability during their application process, or they can contact the HazPrints help desk at (877) 429-7746 (7AM-9PM Eastern, Monday - Friday). Effective February 27, 2012, the online application (available at http://hazprints.tsa.dhs.gov) for the HME STA will also identify whether particular States offer comparability once applicants specify the State in which they are licensed.

TWIC Reader Pilot Program Final Report from DHS

On February 27, 2012, DHS issued the SAFEPort Act Final Report on the TWIC Reader Pilot Program. Below are selected quotes from the summary of findings of the report. The purpose of this report is to convey the findings of the Reader Pilot as per the SAFE Port Act.

“The TWIC Reader Pilot was conducted through the combined efforts of a number of DHS offices and components. The Transportation Security Administration (TSA) conducted the pilot and was responsible for overall execution of the TWIC Pilot Test and Evaluation Master Plan (TEMP) developed by the DHS Science & Technology (S&T) Directorate. The DHS Screening Coordination Office (SCO) provided policy guidance regarding the use of biometric credentials. The Federal Emergency Management Administration (FEMA) awarded and administered the Port Security Grants that provided funding to ports and individual facility operators to procure and install the readers and reader infrastructure used in the Reader Pilot….The U.S. Coast Guard (USCG), which is the agency responsible for promulgating the future regulation specifying the use of TWIC readers, participated in all aspects of the Reader Pilot. The USCG will consider the results of the pilot in preparing a Notice of Proposed Rulemaking and subsequent Final TWIC Reader Rule.

To provide independent verification of test procedures and data gathering, DHS S&T arranged for the U.S. Navy Space and Naval Warfare Systems Center Atlantic in Charleston, SC to serve as the Independent Test Agent (ITA) for the Reader Pilot....”

"Key Findings

Despite a number of challenges, the TWIC Reader Pilot obtained sufficient data to evaluate reader performance and assess the impact of using readers at ports and maritime facilities. The lessons learned during the Reader Pilot will provide valuable information regarding readers and access control systems to maritime users.

It was determined that TWIC reader systems function properly when they are designed, installed, and operated in a manner consistent with the characteristics and business needs of the facility or vessel operation.

It also found that reader systems can make access decisions efficiently and effectively.

A number of operational and technological difficulties were documented that affected overall success at many pilot locations….(including) challenges such as complex complexity of biometric credential and reader technology, equipment performance and reliability, operator and user training, card stock durability, and the reluctance of some workers and facilities to use the readers..."

"Business Impact, Throughput without Biometric Identity Verification - …despite having slower throughput times, contact readers proved to have fewer incomplete reader transactions than contactless readers as long as they were protected from debris and moisture and not subjected to excessive wear from use in high-volume situations.

Business Impact, Throughput with Biometric Identity Verification-…the extent of the delay for processing an individual at an access point was sometimes compounded by user unfamiliarity with the TWIC authentication process. It is important to note that when a user is properly trained and acclimated to interface with the card reader, transaction times decrease considerably. TSA plans to issue future documentation of lessons learned to address these and other findings. “

“Training -In general, training requirements were underestimated by the pilot participants. Workers who reported to the same facility daily learned to use the readers quickly. However, when workers were required to access multiple facilities, individuals had to become familiar with site-specific business processes and requirements. Acclimation was further compounded by various reader ergonomics found at different port access points. Readers placed at heights ordistances awkward for drivers to reach slowed access and, in some cases, created a danger to drivers trying to reach misplaced readers. There was also difficulty reading messages on the screens of readers not shielded from direct sunlight, which prevented users from determining the cause of access denial.

In addition to proper training for worker populations, facilities and security personnel required training on how to use the TWIC system. Successful reader and access control system operations require an understanding of the reader and system operation appropriate to the role of the user. Some access control system operators and their security personnel were unfamiliar with the messaging provided by their readers and access control systems, resulting in incorrect assumptions as to the cause of an incomplete read of a card or access denial. In some cases, workers were told there was a problem with their TWIC card when it was actually functioning properly. In addition, many of these access denial problems were traced to individuals not being registered in the access control system.

This unfamiliarity with reader technology also extended to portable TWIC readers. Without sufficient training, security personnel encountered problems operating portable readers-shifting from one reader mode to another or rebooting readers if they "freeze" or "lock up". At facilities where workers are required to enter and exit secure areas multiple times over short periods, biometric identity verification upon every entry is difficult to maintain, especially using portable readers. In some cases portable readers malfunctioned when used carelessly in wet conditions not aligned with vendor guidance.”

“Technology

Reader Performance- The Reader Pilot provided one of the first opportunities to gain knowledge regarding the performance of cards and readers in an actual long-term application. Reader performance in this pilot varied widely. Some readers performed well throughout the TWIC Reader Pilot; some readers were not as mature technologically; others required adjustments; and in one case, the readers initially installed at a facility repeatedly failed and were replaced by readers from another vendor.

Card Stock Durability and Electronic Maturity - TWIC card stock is the same as that used for Personal Identity Verification (PIV) cards issued to all federal employees and contractors as well as members of the military. However, through the Reader Pilot, TSA discovered that an unexpectedly high number of TWIC cards had malfunctioned electronically and could not be read with readers.4 Most TWIC cards that failed could not transmit information to a contactless reader despite the fact that the integrated circuit chip (ICC) could be read by a contact reader.”

More to come…Thanks to my friend Don Bruce for sending this report to me. The Houston-Galveston AMSC Facility Security Working Group (http://www.fswg.org) is the best place to go for the best and latest on TWIC.