Facing up to the security challenge: Transportation Worker Identification Credential (TWIC) and Registered Traveler (RT).In the wake of 9/11, the Transportation Security Administration (TSA TSASee tax-sheltered annuity (TSA). ) is moving ahead with TWIC TWIC Transportation Worker Identification Credential (US Transportation Security Administration) TWIC This Week In Chess TWIC This Week in Common (Earlham School of Religion) TWIC Transportation Worker Identity Card and RT programs that will expedite security screening and ensure safe operations. Biometric technology, key to both programs, will impact travelers and transporters as well as industry stakeholders in the months ahead as new phases are implemented. TWIC Transportation Worker Identification Credential The Transportation Worker Identification Credential (or TWIC) program is a Transportation Security Administration and U.S. Coast Guard initiative in the United States. by Steve Parsons Transportation workers in our nation's maritime transportation environments will soon be issued a "biometric transportation security card" as required by the Maritime Transportation Security Act (MTSA MTSA Marine Transportation Security Act (Canada) MTSA Middle Tennessee School of Anesthesia (Madison, TN) MTSA Military Training Specific Allotment MTSA Minnesota Transport Services Association ) 2002 (http://www.uscg.mil/hq/g-m/mp/pdf/MTSA.pdf). TSA and USCG are working hand-in-hand to bring the long-awaited TWIC card to the nation's transportation workers, and according to according to prep. 1. As stated or indicated by; on the authority of: according to historians. 2. In keeping with: according to instructions. 3. DHS DHS Department of Homeland Security (USA) DHS Department of Human Services DHS Department of Health Services DHS Demographic and Health Surveys DHS Dirhams (Morocco national currency) Secretary Michael Chertoff, it will begin this year (http://www.dhs.gov/dhspublic/display?content=5551). The current scope of the proposed rule includes maritime facilities, vessels, and outer continental shelf In the federal United States, the Outer Continental Shelf (OCS) consists of the submerged lands, subsoil, and seabed, lying between the seaward extent of the States' jurisdiction and the seaward extent of Federal jurisdiction. activities; however, the government is soliciting comments from the public on whether or not the TWIC should be expanded to include all modes of transportation as intended. TSA and USCG recently completed a series of four informative public hearings to give voice to those affected by the proposed rule. The transcripts from the four public hearings as well as comments from affected stakeholders can be found on the DOT Docket A written list of judicial proceedings set down for trial in a court. To enter the dates of judicial proceedings scheduled for trial in a book kept by a court. Management System (http://dms.dot.gov/search/document.cfm?documentid=398320&docketid=24191). According to the Notice of Proposed Rulemaking A notice of proposed rulemaking or NPRM is issued by law when a regulatory agency of the United States Federal Government wishes to add, remove, or change a rule (or regulation) as part of the rulemaking process. Outside the USA. (http://a257.g.akamaitech.net/7/257/2422/14mar20010800/edocket.access.gpo.gov/2006/pdf/06-4508.pdf), the TWIC will be issued to more than 750,000 transportation workers. It will be a smart card that is the size of a credit card and will include security features that help make it tamper-resistant and difficult to counterfeit. The card is good for five years and will cost workers or companies between $95 and $149 per card. Those who have recently undergone a security threat assessment by TSA would receive their TWIC at a reduced cost. The replacement cost within the 5-year period is expected to be $36. The Notice of Proposed Rulemaking (NPRM (Notice of Proposed Rule Making) An announcement by an agency of the U.S. government that proposes a change in regulations. It is followed up by a final ruling. ) indicates that "all of the significant components of the TWIC system align with FIPS (Federal Information Processing Standards) A series of publications issed by the U.S. National Institute of Standards and Technology (NIST) that specifies information security guidelines for federal government departments and agencies. 201-1," the implementing standard for Homeland Security Noun 1. Homeland Security - the federal department that administers all matters relating to homeland security Department of Homeland Security executive department - a federal department in the executive branch of the government of the United States Presidential Directive Noun 1. Presidential Directive - a directive issued by the President of the United States; usually addressed to all heads of departments and agencies directive - a pronouncement encouraging or banning some activity; "the boss loves to send us directives" (HSPD-12), Policy for a Common Identification Standard for Federal Employees and Contractors (http://www.whitehouse.gov/news/releases/2004/08/20040827-8.html). TSA's decision to align the TWIC with FIPS 201 is a noteworthy decision, but not a surprise as TSA and its contractors helped write FIPS 201. Although FIPS 201 is targeted for federal employees and contractors, TSA should be commended for its decision to leverage existing investments to support related requirements such as those promulgated prom·ul·gate tr.v. prom·ul·gat·ed, prom·ul·gat·ing, prom·ul·gates 1. To make known (a decree, for example) by public declaration; announce officially. See Synonyms at announce. 2. by HSPD-12. Vessel and facility owner/operators have many new responsibilities under the proposed TWIC rule. Affected facilities must submit a TWIC Addendum to their security plans and be operating in accordance with the TWIC provisions, generally within one year after publication of the final rule. The facilities must have at least one operational TWIC reader--a biometric reader--to enable biometric identity verification Noun 1. identity verification - the automatic identification of living individuals by using their physiological and behavioral characteristics; "negative identification can only be accomplished through biometric identification"; "if a pin or password is lost or . During heightened Maritime Security (MARSEC MARSEC Maritime Security MARSEC Machine Readable Spoken English Corpus ) levels, additional levels of authentication would be required. [ILLUSTRATION OMITTED] Although the Final Rule is not yet published, the TWIC processes can be expected to generally follow those demonstrated during Phase III, Prototype. The first step in the process is expected to be employee certification. EMPLOYEE CERTIFICATION The first step will be a certification by the transportation worker that they have a legitimate need for unescorted access to secure areas. Once the transportation worker certifies their need for unescorted access, the next step is pre-enrollment. PRE-ENROLLMENT Pre-enrollment is intended to begin the full enrollment process--in advance of actually visiting an enrollment facility. Although pre-enrollment is optional, it is highly recommended because it reduces the time required during full-enrollment. Using a computer with Internet access, applicants can pre-enroll on-line. Once the applicant completes the pre-enrollment process, the next step is enrollment--the applicant's first face-to-face interaction. ENROLLMENT The most critical component to any secure identification process is enrollment. TSA or its contractors will serve as Trusted Agents (TAs) during the enrollment process where they will collect biographic and biometric information from applicants. TAs receive special training and undergo background checks before performing their duties. TSA indicates that it intends to use a mix of fixed and mobile enrollment options to reach the intended populations. The mobile enrollment option will be particularly important to enroll hard-to-reach populations and where existing infrastructure (eg, physical space, power, and communications) is not yet available. During enrollment, the applicant will present the required identity documents to the TA who will, in turn, review and check the documents for authenticity, then scan and retain to support re-issuance. The next step is collection of biometric samples (ie, fingerprints) and a digital photograph. Using live-scan biometric readers, the applicant's fingers and thumbs will be scanned and collected. The process is similar to the old "ink and roll" process, but today--it's digital. In the case of amputees, missing digits (ie, finger, thumb), or poor samples, TSA is expected to have alternatives available to support biometric-based identity verification. Once the TA has collected the required information, the applicant's enrollment record is electronically secured and encrypted, then sent to the TSA ID management system (IDMS See CA-IDMS and IDMSX. 1. (language, database) IDMS - A pictorial query language, an extension of Sequel2. ["A Management System for an Integrated Database of Pictures and Alphanumeric Data", G.Y. Tang, Computer Graphics Image Processing 16:270-286 (1981)]. ) for processing. TWIC ID MANAGEMENT SYSTEM The TWIC IDMS is the secure repository for cardholder card·hold·er n. One who holds a card, especially a credit card. card  hold information
and where all identity vetting and screening is initiated. Pertinent
parts of the applicant's enrollment record will be used to conduct
a criminal history records check, a name-based terrorist threat
assessment, and an immigration immigration, entrance of a person (an alien) into a new country for the purpose of establishing permanent residence. Motives for immigration, like those for migration generally, are often economic, although religious or political factors may be very important. check. In addition, the biometric samples
collected during enrollment will be used to conduct a one-to-many (1:N)
search to ensure that the applicant is not already in the TWIC
system--perhaps fraudulently by a different name or alias.
This 1:N search is a critical capability that distinguishes the TWIC Program from other "identity management" programs and is a very strong deterrent to fraudulent or duplicate enrollments. [ILLUSTRATION OMITTED] Once required checks are complete and if the applicant is qualified to receive a TWIC, appropriate parts of the enrollment record are sent to the government's card production facility. CARD PRODUCTION AND PERSONALIZATION The TWIC is produced (ie, personalized) in a central government card production facility. During personalization, the applicant's information is placed onto the TWIC. This information includes biometric templates, minimal biographical information, and a cardholder-unique ID. Unlike the perpetual and troublesome social security number, the cardholder-unique ID will be re-generated upon re-issuance of the TWIC--at least every five years. Once the card is produced, it will be shipped to the appropriate enrollment center. Upon receipt at the enrollment center, the Trusted Agent will acknowledge receipt, thereby electronically notifing the applicant that the card is ready for activation and issuance. ACTIVATION AND ISSUANCE Card activation is anticipated to be the last government-controlled step of the application and issuance process. This step is the second face-to-face transaction between the applicant and the TA. The transportation worker will present his personal ID and conduct a biometric 1:1 match to the card and system to confirm that he is the rightful owner of the card. If the one-to-one match is successful, the TA can then issue the TWIC to the worker. Once the transportation worker has his/her credential, it is an activated TWIC good for access nowhere. This is an important point to make because possession of the TWIC alone does not mean you also have carte blanche CARTE BLANCHE. The signature of an individual or more, on a while. paper, with a sufficient space left above it to write a note or other writing. 2. In the course of business, it not unfrequently occurs that for the sake of convenience, signatures in blank are access to any secure area of a vessel or facility. VESSEL AND FACILITY ACCESS CONTROL Vessel and Facility owner/operators retain the authority to grant or deny access to their facilities. Typically, Facility Security Officers would register the cardholder and valid TWIC in the local access control system. Once access is granted, the authorized individual could use the TWIC for unescorted access to that area. FUTURE OPPORTUNITIES The long-awaited TWIC implementation means new opportunities for the nation's transportation industry. The TWIC promises to provide expanded opportunities to enhance security and commerce, especially for Arms, Ammunition, and Explosives (AA&E). These are just a few possibilities: * Ability to associate (link) vehicle operators/passengers with their conveyance. * Facilitate secure and efficient access into secured or controlled environments (ie, installations, strategic ports, depots, or staging areas). * In-cab integration of the TWIC with other commercial applications to include communications, Global Positioning System Global Positioning System: see navigation satellite. Global Positioning System (GPS) Precise satellite-based navigation and location system originally developed for U.S. military use. , and vehicle itself. * Interoperability and integration with DOD (1) (Dial On Demand) A feature that allows a device to automatically dial a telephone number. For example, an ISDN router with dial on demand will automatically dial up the ISP when it senses IP traffic destined for the Internet. Physical Security programs. * TWIC as company "badge" for both physical and logical (cyber) access control. "As envisioned, the TWIC program represents a significant milestone in the adoption of both smart-cards and biometrics," said Paul Collier, Executive Director of the Biometric Foundation. "The strong chain-of-trust model for card issuance, coupled with the biometric ensures positive identification in visitor control, as well as physical and logical access control applications. In addition, the size and scope of the TWIC program not only makes it the largest civil credential program ever deployed by the federal government, but it will also provide a major portion of the necessary infrastructure to foster widespread adoption of biometrics across the entire transportation sector." Verification and authentication are tomorrow's watchwords as our nation moves to more trustworthy, secure, and reliable forms of personal identification. Whether you are a transportation worker, registered traveler, first responder first responder First response personnel Emergency medicine A person employed in the public sector–EMT, fire fighter, police, volunteer EMS–whose duties include provision of immediate medical care in the event of an emergency; FRs have basic emergency , licensed vehicle operator, or DOD employee, the trust and veracity veracity (v  ras´itē),n of our identity documents and business processes are paramount to protecting individuals and enhancing our nation's security. TWIC moves us in that direction. Steve Parsons is VP, Government Services, Senture, LLC (Logical Link Control) See "LANs" under data link protocol. LLC - Logical Link Control . Before joining Senture, he was the Deputy TWIC Program Manager. He is a career Air Force transporter, former NDTA NDTA National Defense Transportation Association NDTA National Dance Teachers Association NDTA Neuro-Developmental Treatment Association (Laguna Beach, CA) NDTA North Dakota Telephone Association Chapter President in Montgomery, Alabama, and a long-time member of NDTA. Senture is headquartered in London, Kentucky, with offices in Virginia, Tennessee, and Florida. Their services include security, secure credentialing, and IT services to federal, state, and commercial clients. The company offers 24/7/365 multi-lingual contact center, Help Desk, as well as fulfillment, order processing, and warehousing services. Registered Traveler by Colleen Chamberlain BACKGROUND Congress, in the 2001 Aviation and Transportation Security Act The Aviation and Transportation Security Act (ATSA, Pub.L. 107-71 November 19, 2001) was enacted by the 107th United States Congress in the immediate aftermath of the September 11, 2001 attacks. (ATSA ATSA Association for the Treatment of Sexual Abusers ATSA Aircraft Technical Support Association ATSA Aviation and Transportation Security Act of 2001 (USA) ATSA Automated Timber Sale Accounting ATSA American Tactical Shooting Association ), authorized the Registered Traveler (RT) concept as a means to "establish requirements to implement trusted passenger programs and use available technologies to expedite security screening of passengers who participate in such programs." In 2004, the Transportation Security Administration conducted RT pilot programs at five airports: Minneapolis-St. Paul, Los Angeles, Houston Bush, Boston Logan, and Washington Reagan National. The TSA pilots ended in September 2005. A public-private sub-pilot was established at Orlando International Airport “KMCO” redirects here. For other uses, see KMCO (disambiguation). “MCO” redirects here. For other uses, see MCO (disambiguation). Orlando International Airport (IATA: MCO, ICAO: KMCO, FAA LID: MCO)[2] and is still operating today. REGISTERED TRAVELER INTEROPERABILITY CONSORTIUM In June 2005, the Registered Traveler Interoperability Consortium (RTIC RTIC Road Transport Information and Control RTIC Rapid Target in Cockpit RTIC Real Time Into the Cockpit RTIC Real Time Interface Coprocessor RTIC Real Time Information/Intelligence in the Cockpit ) was formed by a group of airports in conjunction with the American Association of Airport Executives (AAAE AAAE American Association of Airport Executives AAAE Association for the Advancement of Arts Education AAAE Asian Association of Agricultural Engineers (Thailand) AAAE Association for Anesthesiologist Assistant Education AAAE Amino Acid-Activating Enzymes ). Today, more than 70 airports belong to the RTIC, a roster of which can be found on www.rtconsortium.org. Recognizing the value of the registered traveler concept, the airports agreed to work together to leverage existing airport resources and the AAAE's Transportation Security Clearinghouse (TSC TSC Thestreet.com (stock symbol) TSC Time Stamp Counter TSC Tuberous Sclerosis Complex TSC Tractor Supply Company TSC Terrorist Screening Center (Department of Homeland Security) ) to facilitate a permanent, interoperable, and vendor-neutral RT program in the United States. A permanent, interoperable RT program depends on the implementation of a technical, operational, and business model capable of supporting the needs of individual airports, while providing the common infrastructure that allows passengers to use this capability at any participating airport. As a result, the main objective of the RTIC is to develop the common set of technical standards and processes necessary for an open, secure, and industry-driven RT program. In developing these standards, the RTIC will focus on six themes: * Improving security; * Expediting passenger processing; * Creating passenger screening consistency; * Reducing the passenger "hassle factor hassle factor Managed care Any time-consuming and/or paperwork-ridden maneuver required of physicians, pharmacologists and other health care professionals before a 3rd ;" * Developing an interoperable system that can be used nationwide; and * Coordinating with TSA and other partners interested in Registered Traveler. In October 2005, the airport members of the RTIC announced the formation of a Service Provider Council. The Service Provider Council was established as a way for service providers to participate in the development of the technical standards and processes required for an interoperable RT program. The Service Provider Council draws on the expertise and experience of more than 60 well known and respected commercial organizations that specialize in, among other things, registered traveler solutions, smartcards, biometrics, identity management, security, and airport management. The Service Provider Council is open to any commercial organization interested in participating. A roster of the Service Provider Council can also be found on www.rtconsortium.org. In January 2006, the RTIC and its Service Provider Council submitted three detailed responses to the TSA's request for information on RT on 1) technical interoperability, 2) common business processes, and 3) financial standards. The RTIC responses outlined a consensus framework for the rapid deployment of a sustainable, biometrically enabled, and interoperable RT program. In addition, the RTIC responses detailed a public-private business model that utilizes a non-proprietary, open-architecture approach and creates a fair and seamless platform for airports, airlines and RT service providers to interface with TSA and each other. In April 2006, to follow up on the consensus response to the TSA RFI (Radio Frequency Interference) High-frequency electromagnetic waves that emanate from electronic devices such as chips. RFI - Radio Frequency Interference , the RTIC and its Service Provider Council began to focus its efforts on defining the technical specification needed for an interoperable RT program. On May 25, 2006, TSA released its Registered Traveler Model. The model is meant to provide stakeholders and interested members of the general public with a basis for discussing and planning for RT. The document is not meant to represent the final product in RT's development, but rather a snapshot of the current concept of the program's structure. The TSA's model incorporated most, if not all, of the RTIC's recommendations from January 2006. In addition, TSA encouraged interested stakeholders to join the RTIC's current effort in drafting open technical standards. NEXT STEPS In April 2006, TSA announced that in the second half of the year it will begin an initial phase of Registered Traveler that will test business and technical interoperability at 10 to 20 interested airports. TSA is currently receiving Statements of Interest (SOI (Silicon On Insulator) A chip architecture that increases transistor switching speed by reducing capacitance (build-up of electrical charges in the transistor's elements), and thus reducing the discharge time. The power requirement is also reduced in some designs. ) from airports and air carriers indicating their desire to participate in the initial phase. In July, the RTIC submitted to TSA for its review the specification for technical interoperability standards. Colleen Chamberlain is Director, Transportation Security Policy with the American Association of Airport Executives (AAAE). The Association represents thousands of airport management personnel at public use airports nationwide and assists executives in fulfilling their responsibilities to the airports and communities they serve. The RTIC was formed by the AAAE in collaboration with a group of airports to establish common business rules and technical standards to create a permanent, interoperable, and vendor-neutral RT Program that will bring passenger screening consistency and improved security procedures to air travelers in the United States. RELATED ARTICLE: BIOMETRIC BYTES The Federation for Identity and Cross Credentialing Systems (FiXS) is a coalition of government contractors, companies, and non-profit organizations that promotes trust through a federated identity infrastructure and the development of a secure, interoperable, electronic means of authenticating an individual. * Biometric identification is not solely based on our physical attributes--facial geometry, fingerprints, or retinal images. Unique behaviors also play a part in distinguishing one person from another. Our signature, our voice (which carries a physical component), our gait, and even our keystroke key·stroke n. A stroke of a key, as on a word processor. key stroke pattern at the computer can measure identity.
* The most widely used physical biometric application is the fingerprint; signature and voice rate high on the behavioral side. * SPOT (Screening of Passengers by Observation Techniques), TSA-tested at select airports in the northeast last year, is based squarely on behaviors. Passengers conducting themselves in an unusual or anxious manner were singled out for face-to-face interviews to determine threat potential. The SPOT system has been particularly successful in targeting fake ID holders, persons entering the country illegally, or persons carrying drugs. * Proponents of phrenology phrenology, study of the shape of the human skull in order to draw conclusions about particular character traits and mental faculties. The theory was developed about 1800 by the German physiologist Franz Joseph Gall and popularized in the United States by Orson , a theory developed around 1800, claimed that character traits and criminality could be judged on the shape of a person's head. Skull or "head bump" reading is now recognized as a pseudoscience pseu·do·sci·ence n. A theory, methodology, or practice that is considered to be without scientific foundation. pseu , but the practice did yield current scientific understanding of localized brain function. * Frontline Biometrics - According to a Government Computer News report (08/16/04), troops in Iraq asked for Biometric ID devices and got them. The request was based on a real need to identify the good guys from the bad who were seeking entry to foreign posts. Fingerprint and iris scanners verify employees and identify prisoners' past crimes and affiliations. Data are shared with other military posts and camps to monitor personnel who have been kicked off military bases elsewhere in the world. The Defense Biometric Identification System (DBIDS DBIDS Defense Biometric Identification System ) is bottom line to the process. It is a centralized, rules-based access verification system that produces identification cards that include personal information, photographs, and 2-print fingerprints, as well as assigning "rules" governing installation access. DBIDS has provided security at access control points in Korea since 2001, in Germany since 2003, and most recently in Kuwait and Qatar in Southwest Asia. DBIDS is also being employed at Fort Hood, Texas and other stateside state·side adj. 1. Of or in the continental United States. 2. Alaska Of or in the 48 contiguous states of the United States. adv. Informal 1. bases. Information flows into a biometrics database maintained by DOD's Biometrics Fusion Center in West Virginia. * R&R Trucking, an NDTA Chairman's Circle Member, is working on a DBIDS pilot program for truckers hauling military cargo on/off military bases. * Benchmarking Partners (Chair of NDTA's Security Best Practices Committee and a catalyst on Internet-based supply chain collaboration systems) will lead a panel at the NDTA Annual Forum in Memphis in September, 2006, on the business case for biometric credentials and ensuring interoperability. This panel will be based on a two-day roundtable Benchmarking held in May, 2006. Participants included General Norton Schwartz and his TRANSCOM TRANSCOM United States Transportation Command TRANSCOM Transportation Operations Coordinating Committee (metro New York, New Jersey, Connecticut) TRANSCOM Transactions on Communications (IEEE) leadership team along with senior leadership from DLA DLA dog leukocyte antigen. , NORTHCOM NORTHCOM United States Northern Command (Homeland Security) , DHS, Wal-Mart, Home Depot, CVS (1) (Concurrent Versions System) A version control system for Unix that was initially developed as a series of shell scripts in the mid-1980s. CVS maintains the changes between one source code version and another and stores all the changes in one file. , and the American Red Cross American Red Cross: see Red Cross. . |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion