That’s the TWIC

Steps can be taken to ensure airport security magically complies with federal mandates

• By Roger Roehr
• Jul 16, 2007

FACED with the prospect of security threats and ever-changing federal regulations, many airports have been stymied in the quest to enhance the safety of air travel. Fortunately, the evolution of the Transportation Worker Identification Credential program provides a useful guide that airports can confidently follow without fear of technology obsolescence.

TWIC’s objective is to improve security through better identity management; using end-to-end credentialing, identity proofing and identity vetting. Under TWIC, the Transportation Security Administration is issuing a uniform credential to transportation workers to tighten security and eliminate the need for multiple, redundant background checks. TWIC uses an interoperable template, which allows organizations to purchase readers from virtually any vendor, as long as the template generator and matcher conform to TWIC guidelines. In other words, adopters of TWIC will not be locked into a particular product or vendor. If users decide to switch manufacturers, they can purchase readers from a different vendor without having to reissue cards.

Likewise, TSA is planning to certify biometrics for airport use without requiring a specific credential. Airports can be proactive about security and adopt TWIC standards while retaining the interoperability and flexibility of their security systems.

There are a number of factors to consider when dealing with airport security. Some of the following measures are a direct result of mandates, such as TWIC, while others are best practices to ensure the overall safety of passengers and employees of various airports.

Carefully evaluate new processes. Often when looking at new regulations, people tend to focus too much on the technology and too little on the processes required to put technology to its best use. In the case of TWIC, it’s important to bind individuals to their identities. To that end, no one entity should have the ability to issue a credential. This way, there is a high level of trust that the process for producing and receiving the credential is secure.

For example, an employee can be required to present an I-9 document, photograph, employee record and fingerprint, which would all be digitally encrypted by a “trusted agent.” That packet would then go to a central system where background checks are conducted. Once the package is reviewed and the individual is verified, the package is sent to a secure facility where the card is printed and encoded. Once credentials are issued, individuals require three factors to verify their identities: something they have (a photo ID), something they are (a biometric fingerprint) and something they know (a PIN). Following such stringent procedures helps ensure integrity of credential issuance, provisioning and use.
Enable systems to communicate. Integration is a critical factor in airport security. Security teams are vastly more efficient when the security tools at their disposal—from access control systems to video surveillance—are able to communicate with one another.

Establish peer-to-peer relationships. Airports would be well-served to learn from the experiences of their peers. Some smaller airports, such as Little Rock, Ark., National Airport, have been using biometric technology for years. Leveraging the knowledge and experiences from others like this can help avoid costly pitfalls.

Allow for multiple security roles. In an airport environment, system integration can be challenging since different organizations are responsible for different areas. For example, the airport is responsible for securing doorways to airfields, while TSA handles passenger checkpoints. Having role-based security systems in place helps ensure that this clear delineation of duties will not be compromised. For example, security systems can be configured to make sure individuals have access only to information needed to fulfill duties.
Also, it is useful to consider systems that can be configured to adapt instantaneously to different threat levels. This involves automatically locking certain doors or sending an alert to all security personnel to revise screening practices. Taking proactive measures ensures in the event of a potential hazard, the entire facility and security team will be prepared to avert crises.

Proactive security
Surveillance is an important aspect of airline security. However, having personnel simply staring at a group of monitors is not enough. Airlines should employ proactive tools, such as video analytics, that catch and instantly alert security to any suspicious activity.
Choose an experienced partner. Select a reputable integrator well-versed both in airport regulations and enterprise security systems. Airports are much like campuses because the facility involves multiple zones and buildings, as well as various types of personnel. It is imperative to have partners with experience in installing and deploying expansive systems.

TWIC will initially be applied for credentialing and background checks on civilians at seaports. However, these common sense practices will help airports and other organizations navigate as they establish strong technologies and operating procedures to confirm the identity of their workers. The end result will be safer travel and a more secure environment for passengers and employees.