Getting a Handle on TWIC
Port of Wilmington implements enrollment, management software to access hot list
- By Geri B. Castaldo
- Sep 01, 2010
The Port of Wilmington, which opened in 1923, is the busiest port on
the Delaware River and the leading North American importation
site for fresh fruit, bananas and juice concentrate. It also was the
first seaport to use the TWIC card, beginning with the TWIC Technology
Phase pilot program in October 2003. TWIC is designed
to add a layer of security at ports by ensuring that workers in secure areas have
received a background check and do not pose a national security threat.
As the TWIC program expanded as part of the Department of Homeland
Security’s maritime security criteria, so did the need for a software program that
could read and record information from both the existing TWIC protype cards
used with the port’s physical access control system and the latest TWIC cards.
In addition, it was important to find a solution that would allow port officials to
access the Transportation Security Administration’s hot list, a real-time database
of unauthorized TWIC users, so port security personnel can quickly identify those
with revoked rights.
Recognizing this need, port officials began exploring their options for software
that could integrate with their existing Honeywell security management platform,
Pro-Watch, and work on mobile card readers to deploy the enrollment process
throughout the facility.
Port officials chose PIVCheck Plus software from Codebench, which drives three
Datastrip mobile readers and resides on a desktop enrollment workstation in the
port’s main office. An additional license for certificate management allows the port
to re-validate TWICs each day, once they are enrolled in the Honeywell system.
The Challenge
Before the Port of Wilmington became a pilot site for the TWIC smart-card program,
it relied on 125 kHz proximity cards and readers for worker identification.
With the advent of the latest TWIC compliance standards, port officials needed a
way to register TWIC cards with their existing physical access control system and
enter cardholder data into their database that would merge both TWIC and existing
ID cards. With this merger, the port would need only one card for the access
control system.
It also was important to be able to enroll TWIC cardholders at the various
access points to the port, which spans 307 acres. Therefore, the software needed
to be compatible with rugged mobile card readers.
Finally, port security wanted the ability to access the TSA hot list and match it against those being enrolled in the
port’s database, as well as those using
their TWIC cards. This would allow
security staff to take the appropriate
steps when necessary, such as suspending
a card, identifying people who were
already enrolled in the port’s database
or spotting a potential terrorist.
The Solution
By using software that was deployed on
three mobile Datastrip readers as well
as a desktop computer system, port officials
are able to register TWIC holders
throughout the port and transmit that
information to the Pro-Watch system.
These cards can then be read at the 32
fixed card readers located at various entrances
and access points throughout
the port.
TWIC credentials are mandatory
for entry to the port by anyone requiring
frequent, unescorted access to the
facility and to a facility that is designated
as a secure and restricted area.
These include longshoremen, truck
drivers, surveyors, agents, chandlers,
port chaplains and laborers who access
secure areas. Tenants who have their offices
at the port, such as produce giants
Chiquita and Dole, also are required to
be enrolled in TWIC.
“On any given day, we can have
2,500 people coming through the port
with TWIC cards,” said Jerry Custis,
security manager and facility security
officer at the port.
About 4,700 people have been enrolled
into the port’s system so far, out
of the 11,000 people who have sought
a TWIC card. This number swells in
mid-winter when seasonal workers arrive
at the port for the beginning of
fruit season.
Patrick Hemphill, former manager
of port security and facility security officer
at the Port of Wilmington, oversaw
the port’s TWIC deployment until
his retirement. He said the mobile readers
were taken to local union halls to
enroll longshoremen before they arrive
at the port.
“This saved us a lot of time,” Hemphill
said. “We met with union leaders
and set aside two, two-hour periods
on pay days. The members were made
aware of the need to know their PIN,
and we were able to enroll the majority
of members during those two days without
interrupting their work schedule.”
Codebench first came to the attention
of the Port of Wilmington’s
director of human resources, Sylvia
Floyd-Kennard, during an American
Association of Port Authorities conference.
After seeing a demo by Codebench
of its PIVCheck Plus software,
and its ability to read TWIC card information,
Floyd-Kennard recognized
it as a possible solution that could be
integrated with the port’s existing access
control system.
Eric Schaeffer from Advantech Inc.,
the port’s system integrator on the
TWIC project, said one of the deciding
factors in using Codebench was the ability
to test the software in-house before
making a commitment. He wanted to
ensure that Codebench would integrate
with the existing Pro-Watch system.
“Some companies have reservations
about testing before buying, but they
were confident in their product and were comfortable with us testing it,”
Schaffer said.
Because this was one of the first
implementations of Codebench’s PIVCheck
Plus software integrated with the
Honeywell Pro-Watch system, Schaeffer
said Codebench worked alongside
Advantech to make sure everything
worked as planned.
The Benefits
For a major facility such as the Port of
Wilmington, which handles nearly 400
vessels and 4 million tons of cargo each
year, enrolling TWIC holders and verifying
their information anywhere using
a mobile card reader results in a savings
of security personnel time and effort.
Security staff can go where the enrollees
are, rather than requiring everyone
to go to a central location.
The port also is able to leverage its
legacy physical access control system
while adding the important TWIC
component.
The software allows the port to register
TWIC information, such as the
TWIC FASC-N number and expiration
date, into the existing PACS cardholder
record. If a new person is added,
Pro-Watch automatically creates a new
cardholder record using the information
from the TWIC, such as first name,
last name, FASC-N, expiration date
and photo.
Information from the TSA hot list
is available with the addition of Codebench’s
Certificate Manager software.
Although not currently a requirement
for TWIC compliance, port officials
said automatically verifying the user
against the TSA list will likely be possible
soon. Many facilities that need to
comply with TWIC are being proactive
and checking the TSA hot list regularly.
The PIVCheck Certificate Manager references
the TSA list and re-validates the
TWIC card status daily or on a userdefined
schedule, so security personnel
can see what has changed and react to
the status of cardholders.
“Honeywell is excited to have collaborated
with Codebench to ensure
the successful integration of the Port
of Wilmington’s TWIC solution with
our Pro-Watch security management
platform,” said Tony Foglia, global accounts
at Honeywell Integrated Security.
“We look forward to leveraging our
experience with the Port of Wilmington
to help other ports and petrochemical
customers meet their security needs.”
Upcoming Benefits
In the case of an elevated threat level,
Codebench’s software is able to provide
the additional authentication that
would be required, Advantech’s Schaeffer
said. If the threat level at the port is
raised under the three-level MARSEC
system, the use of fixed readers with a
biometric component would likely become
a requirement. When a final rule
comes out regarding the type of biometric
interface required with TWIC,
Hemphill said he’s confident Codebench
can work with
the port on integrating
that information as
well.
This article originally appeared in the issue of .