Transportation Credential, a Dangerous & Expensive Security Experiment

By MarEx 2011-05-11 09:08:47


The U.S. Government Accountability Office (GAO) released a scathing report today that exposes serious security weaknesses and years-long delays in a program to fully implement a Transportation Worker Identification Credential (TWIC).  TWIC is intended to protect the nation’s port and maritime transportation systems.

U.S. Rep. John L. Mica (R-FL), the Chairman of the U.S. House Committee on Transportation and Infrastructure, testified at a Senate Commerce, Science, and Transportation Committee hearing today during which the GAO report was released.  Chairman Mica, one of the requestors of today’s GAO report, said, “TWIC is turning into a dangerous and expensive experiment in security.”

The TWIC for maritime industry workers was mandated in the Maritime Transportation Security Act of 2002 (MTSA).  After many delays, the Transportation Security Administration (TSA) finally began issuing TWICs in 2007, but the agency still has not approved a technology to read the biometrically enabled credentials.

“Nearly half-a-billion dollars has been spent since TSA was directed to issue biometric security cards to transportation workers,” said Mica, who was chairman of the House Aviation Subcommittee in 2001 when the 9/11 terrorists attacks occurred, and is one of the authors of the legislation that created the TSA.  “Yet today, ten years later and with no approved biometric reader, TWICs are at best no more useful than library cards,” Mica said.

According to the released report, GAO was able to obtain authentic TWICs using fraudulent identification documentation and gain access to ports using counterfeit TWICs.  GAO also found that, among other things, TSA is unable to confirm that TWIC holders maintain their eligibility throughout the life of their TWIC.

Mica continued, “Even more troubling, GAO found that in some cases a TWIC can be fraudulently obtained, becoming a permanent biometric key that unlocks our nation’s ports and facilities for any individual with the intent and desire to do us harm.”

According to TSA, $420 million in funding has been provided for the TWIC Program, 1.86 million people have enrolled, and 1.72 million cards have been activated.  In 2007, the Department of Homeland Security (DHS) estimated that the combined cost to the federal government and the private sector may reach $3.2 billion over a ten-year period – not taking into account the full cost of implementing and operating readers.

Despite these significant costs, GAO reports that the TWIC program was poorly tested and evaluated before deployment began.  According to the GAO, “DHS has not assessed the effectiveness of TWIC at enhancing security or reducing risk for MTSA-regulated facilities and vessels.  Further, DHS has not demonstrated that TWIC, as currently implemented and planned with card readers, is more effective than prior approaches used to limit access to ports and facilities, such as using facility-specific identity credentials with business cases.”

In fact, the only port that GAO investigators were not able to gain access to using fraudulent means was the port that still required port-specific identification for admittance to secure areas.

“The root of this problem is evidenced in many other TSA programs as well,” Mica said.  “This agency still does not conduct risk assessments and cost-benefit analyses of its security programs.”

Last year, GAO found that TSA’s Screening People by Observation Techniques Program (SPOT) for aviation security will require $1.2 billion over the next five years, but TSA has yet to validate the underlying methodology of the program or to conduct a cost-benefit analysis.

GAO also reported in 2010 that TSA has not conducted comprehensive risk assessments across the surface transportation sector.  This lack of analysis results in ill-informed resource allocations and calls into question whether the highest risk targets are being secured.

“TSA is not the only agency that has struggled to develop a biometric credential for transportation workers,” Mica said.  “The Federal Aviation Administration has yet to produce a pilot’s license that includes biometric identifiers, or even photos of the pilots holding the licenses.  The only pilots currently pictured on FAA licenses are Wilbur and Orville Wright.”

Mica stated that biometric capabilities, properly implemented, are essential for improved transportation security.  However, biometrically enabled credentials will be expensive failures without effective program management.