Meeting Federal Requirements

Virgin Islands Port Authority secures the islands with access control

• By Kim Rahfaldt
• Feb 01, 2016

The U. S. Virgin Islands is a vacation destination for people around the world. Located south of Florida, the islands of St. Croix, St. John and St. Thomas are packed year round with tourists. Tourism is 80 percent of the islands’ gross domestic product and employment. Because the islands are located far from the mainland of the U.S., all goods are shipped via boat or plane, making the Virgin Islands Port Authority (VIPA) an agency that touches all who enter or leave the islands.

SECURITY ON THE HIGH SEAS

VIPA controls two airports and 11 seaport facilities on the three islands, all of which require different federally mandated security requirements to ensure the safety of employees and tourists. To meet the diverse requirements, the Port Authority contacted Transportation Technology Associates (formerly Transportation Security Associates, LLC,) to help them find a security management system. They wanted one that would control access, meet TWIC requirements at the seaport facilities that required it, and would secure the two airports that must meet separate federal aviation regulations. The enterprise system also needed to operate across the three islands.

Transportation Technology Associates Managing Partner, Jeff Brown and his team worked on the project in three phases. First, they conducted a cost analysis for the deployment of the equipment. Next, they completed the design and specification process and assisted the Port throughout the bid process. After reviewing a comparative analysis between their current legacy system and AMAG Technology’s Symmetry Enterprise Security Management system, VIPA selected Symmetry. Now, they needed to find an integrator to design and build the solution.

G4S Secure Integration was chosen to implement a unique and challenging security solution. As VIPA’s systems integration partner, G4S Secure Integration provided the final design and engineering, component and material procurements, installation, testing, turn-up, and warranty for a turn-key TWIC implementation. Lastly, they assisted with the construction and administration of the project and ensured that the contractors built the system to the specifications that were published.

“VIPA did not have any security systems at their maritime facilities,” said Khoa Do, systems engineer II for G4S Secure Integration. “G4S implemented a physical access control system in accordance with FIPS-201 guidelines for personal identity verification (PIV) at VIPA’s 11 maritime facilities.”

MILES APART, SAME SYSTEM

The remote geographic location with each island being separated by miles of ocean posed some challenges for the project, making air, land and sea transportation necessary to complete the job. The G4S Secure Integration solution was installed at every primary commercial point of entry on all three islands. The VIPA engineering department who manages these facilities provided the customer vision and financial resources to the complete the project. Jeff Lawlor, VIPA’s chief project engineer, was instrumental in working closely with the team to ensure the outcome of the project benefited the Virgin Islands as a whole and protected the territory from undocumented entry.

Six port facilities located throughout the three islands were the driving force behind the implementation of this project. Symmetry is used as a maritime access control system integrated with TWIC to verify badging those who need to access multiple marine facilities on the three islands. TWIC is required for those seeking unescorted access to secure areas of port facilities and Coast Guard credentialed vessels. Symmetry supports TWIC access control clearance.

“Individuals who need to access our ports must swipe in to the Symmetry system with the TWIC to show they are authorized to be there,” said Jeff Lawlor, Virgin Islands Port Authority, project manager.

Henry E. Rohlsen Airport on St. Croix and Cyril E. King Airport on St. Thomas are the hubs for the access control system. Each contains a Security Operations Center and Symmetry head-end. While the airports had an older system previously installed, VIPA elected to upgrade both because there was no extra cost to do so. G4S Secure Integration was able to integrate the access control with the airport’s existing readers. It was installed at the two airports and at the six maritime facilities that required TWIC. The other five maritime facilities did not require TWIC and employees only need to show a badge to a security officer to enter.

“It was a sizeable project in that it was diverse and spanned a great distance, yet was interconnected and worked together,” Brown said. “The idea was that all the transactions would be tied back to the airports because that is where their current Security Operations Centers are for the aviation side.” During the night, data is shared bilaterally so if one hub fails, the data is backed-up and available in the future.

MEETING TWIC STANDARDS

Two VIPA cruise port facilities were required to meet TWIC access control standards, as the government considers a cruising terminal critical due to the potential for loss of life. The remaining four ports are cargo facilities, which are critical for importing goods and consumables from the United States, and other locations.

“Meeting the requirements of the Code of Federal Regulations (33 CFR Part 105), specifically TWIC for maritime security for access control, was a major reason VIPA choose the Symmetry system,” Brown said. “The software also helps meet federal aviation requirements under 49 CFR Part 1542, Sub Part C as well.”

The aviation industry has had standards to control access into the Security Identification Display Area (SIDA) for badges to access the secure areas, such as baggage loading areas, taxiways, runways and boarding gates long before the TWIC requirements were implemented.

MANAGING THREAT LEVELS

Using Symmetry Threat Level Manager, VIPA can set up their system to change access card requirements at the touch of a button when the MARSEC (MARtime SECurity) level changes. At MARSEC Level 1, which is normal operating conditions, VIPA uses a biometric and card swipe at an unstaffed gate of the cruise terminal portals. Only the biometric card is required at a staffed gate. At MARSEC Level 2, there is a known threat at the national level and security plan procedures must be followed in accordance to TWIC, which changes the requirements based on each facility’s risk and consequence value. Biometrics must be used in all cases with the access card, plus any other advanced measures the port may have in place.

Threat Level Manager allows the security staff to quickly change security levels with literally one click of the mouse. Threat Level Manager allows VIPA to increase security at all six port facilities and both airports, instantly providing a safe environment for staff and visitors.

Airport employees use a SIDA access card that gives them access to the secure side of an airport that also requires a biometric read to match the card holder. They often must use multiple authentications to gain access to the air side (baggage loading areas, taxiways, runways, boarding gates).

“With the aviation side, you either present a pin, you present a card and a pin, or a card and a fingerprint to obtain access,” Brown said. “A physical biometric is much more efficient than a PIN, and is required in their critical areas.” Of the five facilities that do not have access control, an employee must only show a security officer their card. Portable readers are charged up ready to randomly check employees when necessary. The portable readers are connected to Symmetry to track the transactions.

Symmetry controls gate and turnstile access, and integrates with video at both airports. When an alarm sounds, the video begins recording so officers can view and assess the situation. Graphical maps provide an easy to use view of the facility, increasing response time.

Because activity at the seaports varies, security officers are able to remotely view the port facilities and entry control points via Symmetry in the less populated areas under surveillance. On St. John, the software allows the security staff to speak with those who want access into the cargo area via an AI Phone audio integration. Remote onsite guards can see and speak with the person, and they can grant or deny access on the spot.

“On St. John, we have video, audio and remote control gates monitored remotely. It’s a small island with limited resources. You can only travel to the island by boat, and the volume of traffic is lower as a result. We are able to manage remotely and still provide the security our employees, residents and tourists have come to expect,” Lawlor said.

This article originally appeared in the February 2016 issue of Security Today.