Getting a Handle on TWIC

Port of Wilmington implements enrollment, management software to access hot list

The Port of Wilmington, which opened in 1923, is the busiest port on the Delaware River and the leading North American importation site for fresh fruit, bananas and juice concentrate. It also was the first seaport to use the TWIC card, beginning with the TWIC Technology Phase pilot program in October 2003. TWIC is designed to add a layer of security at ports by ensuring that workers in secure areas have received a background check and do not pose a national security threat.

As the TWIC program expanded as part of the Department of Homeland Security’s maritime security criteria, so did the need for a software program that could read and record information from both the existing TWIC protype cards used with the port’s physical access control system and the latest TWIC cards.

In addition, it was important to find a solution that would allow port officials to access the Transportation Security Administration’s hot list, a real-time database of unauthorized TWIC users, so port security personnel can quickly identify those with revoked rights.

Recognizing this need, port officials began exploring their options for software that could integrate with their existing Honeywell security management platform, Pro-Watch, and work on mobile card readers to deploy the enrollment process throughout the facility.

Port officials chose PIVCheck Plus software from Codebench, which drives three Datastrip mobile readers and resides on a desktop enrollment workstation in the port’s main office. An additional license for certificate management allows the port to re-validate TWICs each day, once they are enrolled in the Honeywell system.

The Challenge
Before the Port of Wilmington became a pilot site for the TWIC smart-card program, it relied on 125 kHz proximity cards and readers for worker identification. With the advent of the latest TWIC compliance standards, port officials needed a way to register TWIC cards with their existing physical access control system and enter cardholder data into their database that would merge both TWIC and existing ID cards. With this merger, the port would need only one card for the access control system.

It also was important to be able to enroll TWIC cardholders at the various access points to the port, which spans 307 acres. Therefore, the software needed to be compatible with rugged mobile card readers.

Finally, port security wanted the ability to access the TSA hot list and match it against those being enrolled in the port’s database, as well as those using their TWIC cards. This would allow security staff to take the appropriate steps when necessary, such as suspending a card, identifying people who were already enrolled in the port’s database or spotting a potential terrorist.

The Solution
By using software that was deployed on three mobile Datastrip readers as well as a desktop computer system, port officials are able to register TWIC holders throughout the port and transmit that information to the Pro-Watch system.

These cards can then be read at the 32 fixed card readers located at various entrances and access points throughout the port.

TWIC credentials are mandatory for entry to the port by anyone requiring frequent, unescorted access to the facility and to a facility that is designated as a secure and restricted area.

These include longshoremen, truck drivers, surveyors, agents, chandlers, port chaplains and laborers who access secure areas. Tenants who have their offices at the port, such as produce giants Chiquita and Dole, also are required to be enrolled in TWIC.

“On any given day, we can have 2,500 people coming through the port with TWIC cards,” said Jerry Custis, security manager and facility security officer at the port.

About 4,700 people have been enrolled into the port’s system so far, out of the 11,000 people who have sought a TWIC card. This number swells in mid-winter when seasonal workers arrive at the port for the beginning of fruit season.

Patrick Hemphill, former manager of port security and facility security officer at the Port of Wilmington, oversaw the port’s TWIC deployment until his retirement. He said the mobile readers were taken to local union halls to enroll longshoremen before they arrive at the port.

“This saved us a lot of time,” Hemphill said. “We met with union leaders and set aside two, two-hour periods on pay days. The members were made aware of the need to know their PIN, and we were able to enroll the majority of members during those two days without interrupting their work schedule.”

Codebench first came to the attention of the Port of Wilmington’s director of human resources, Sylvia Floyd-Kennard, during an American Association of Port Authorities conference. After seeing a demo by Codebench of its PIVCheck Plus software, and its ability to read TWIC card information, Floyd-Kennard recognized it as a possible solution that could be integrated with the port’s existing access control system.

Eric Schaeffer from Advantech Inc., the port’s system integrator on the TWIC project, said one of the deciding factors in using Codebench was the ability to test the software in-house before making a commitment. He wanted to ensure that Codebench would integrate with the existing Pro-Watch system.

“Some companies have reservations about testing before buying, but they were confident in their product and were comfortable with us testing it,” Schaffer said.

Because this was one of the first implementations of Codebench’s PIVCheck Plus software integrated with the Honeywell Pro-Watch system, Schaeffer said Codebench worked alongside Advantech to make sure everything worked as planned.

The Benefits
For a major facility such as the Port of Wilmington, which handles nearly 400 vessels and 4 million tons of cargo each year, enrolling TWIC holders and verifying their information anywhere using a mobile card reader results in a savings of security personnel time and effort. Security staff can go where the enrollees are, rather than requiring everyone to go to a central location.

The port also is able to leverage its legacy physical access control system while adding the important TWIC component.

The software allows the port to register TWIC information, such as the TWIC FASC-N number and expiration date, into the existing PACS cardholder record. If a new person is added, Pro-Watch automatically creates a new cardholder record using the information from the TWIC, such as first name, last name, FASC-N, expiration date and photo.

Information from the TSA hot list is available with the addition of Codebench’s Certificate Manager software.

Although not currently a requirement for TWIC compliance, port officials said automatically verifying the user against the TSA list will likely be possible soon. Many facilities that need to comply with TWIC are being proactive and checking the TSA hot list regularly.

The PIVCheck Certificate Manager references the TSA list and re-validates the TWIC card status daily or on a userdefined schedule, so security personnel can see what has changed and react to the status of cardholders.

“Honeywell is excited to have collaborated with Codebench to ensure the successful integration of the Port of Wilmington’s TWIC solution with our Pro-Watch security management platform,” said Tony Foglia, global accounts at Honeywell Integrated Security. “We look forward to leveraging our experience with the Port of Wilmington to help other ports and petrochemical customers meet their security needs.”

Upcoming Benefits
In the case of an elevated threat level, Codebench’s software is able to provide the additional authentication that would be required, Advantech’s Schaeffer said. If the threat level at the port is raised under the three-level MARSEC system, the use of fixed readers with a biometric component would likely become a requirement. When a final rule comes out regarding the type of biometric interface required with TWIC, Hemphill said he’s confident Codebench can work with the port on integrating that information as well.

This article originally appeared in the issue of .

Featured

  • Survey: Less Than Half of IT Leaders are Confident in their IoT Security Plans

    Viakoo recently released findings from its 2024 IoT Security Crisis: By the Numbers. The survey uncovers insights from IT and security executives, exposes a dramatic surge in enterprise IoT security risks, and highlights a critical missing piece in the IoT security technology stack. The clarion call is clear: IT leaders urgently need to secure their IoT infrastructure one application at a time in an automated and expeditious fashion. Read Now

  • ASIS International and SIA Release “Complexities in the Global Security Market: 2024 Through 2026”

    ASIS International and the Security Industry Association (SIA) – the leading security associations for the security industry – have released ”Complexities in the Global Security Market: 2024 Through 2026”, a new research report that provides insights into the equipment, technologies, and employment of the global security industry, including regional market breakouts. SIA and ASIS partnered with global analytics and advisory firm Omdia to complete the research. Read Now

  • President Biden Issues Executive Order to Bolster U.S Port Cybersecurity

    On Wednesday, President Biden issued an Executive Order to bolster the security of the nation’s ports, alongside a series of additional actions that will strengthen maritime cybersecurity and more Read Now

  • Report: 15 Percent of All Emails Sent in 2023 Were Malicious

    VIPRE Security Group recently released its report titled “Email Security in 2024: An Expert Look at Email-Based Threats”. The 2024 predictions for email security in this report are based on an analysis of over 7 billion emails processed by VIPRE worldwide during 2023. This equates to almost one email for everyone on the planet. Of those, roughly 1 billion (or 15%) were malicious. Read Now

Featured Cybersecurity

Whitepapers

New Products

  • EasyGate SPT and SPD

    EasyGate SPT SPD

    Security solutions do not have to be ordinary, let alone unattractive. Having renewed their best-selling speed gates, Cominfo has once again demonstrated their Art of Security philosophy in practice — and confirmed their position as an industry-leading manufacturers of premium speed gates and turnstiles. 3

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols. 3

  • Hanwha QNO-7012R

    Hanwha QNO-7012R

    The Q Series cameras are equipped with an Open Platform chipset for easy and seamless integration with third-party systems and solutions, and analog video output (CVBS) support for easy camera positioning during installation. A suite of on-board intelligent video analytics covers tampering, directional/virtual line detection, defocus detection, enter/exit, and motion detection. 3