Security Within Reach

Terminals have been ramping up security for more than a decade

Since the aftermath of 9/11, the United States has intensified transportation security efforts across the board. For most of us, stronger security measures have been focused at the nation’s airports, where travelers are subject to more stringent screening protocols. But, other critical points of transportation infrastructure have been impacted by the need for heightened vigilance as well.

The country’s maritime terminals have been ramping up security since 2002, navigating requirements from various authorities and implementing technological advancements to protect the maritime economic infrastructure from terrorism.

America’s ports, waterways and vessels are involved in billions of dollars of commerce on an annual basis. Because of their size, proximity to metropolitan areas, volume and value of cargo, and integral place in the global supply chain, U.S. ports are potentially attractive targets for terrorist activity. While security is of paramount importance, terminal operators must find ways to balance vigilance with commerce to ensure as little interruption as possible.

Progress in Securing Maritime Facilities

This past June, the Government Accountability Office (GAO) issued a new report describing progress made in elevating security in key areas of the country’s maritime terminals since the adoption of the Maritime Transportation Security Act (MTSA) of 2002. The MTSA provides a framework for developing assessments, plans and protocols for protecting ports and waterways. According to the report, the Department of Homeland Security (DHS) and its agencies, particularly the Coast Guard and Customs and Border Protection (CBP), have made significant progress in implementing security measures. However, challenges remain; among them is the implementation of biometric identification programs.

Through a program administered by the Transportation Security Administration (TSA) and the Coast Guard, MTSA-regulated maritime facilities and vessels must require workers to obtain biometric identification cards for unescorted access to secure areas of maritime facilities and U.S.-flagged vessels. Currently, at most maritime terminals, these Transportation Worker Identification Credentials (TWIC) are verified by visual inspection; but, if proposed regulations are approved, those terminals may need to adopt a process that validates credentials electronically.

Potential Pain Points for Terminal Operators

To meet proposed electronic verification rules, terminal operators would need to acquire specially-certified verification readers that are on the TSA’s Qualified Technology List (QTL). In anticipation of legislation that will require a greater use of this technology, some operators have already made an investment in such readers while others are holding off until receiving greater regulatory clarity. Ultimately, though, the switch seems to be inevitable.

Moving away from visual inspection of TWICs to electronic verification raises some concerns among maritime terminals. First, the timing and extent of the implementation of regulations could impact terminal operations. The Coast Guard, which is responsible for enforcement, could impose fines on terminals that are out of compliance. It could also prevent commerce at a facility that has not upgraded its systems to meet new regulations.

In addition, maritime terminals must consider the cost of implementing these new regulations. Depending on the QTL-certified product selected, the price for a system could result in an annual cost of tens of thousands of dollars per system.

Lastly, although it is often assumed that an electronic approach will speed up any processing need, this may not always be the case. Electronic verification may add more time to the screening process, especially under elevated threat conditions that may require multi-factor authentication, thereby slowing through-put into a terminal. Even an additional few seconds per screening can create back-up traffic in some of the nation’s busiest terminals and could adversely impact commercial activity.

Improving Transitions to QTL-certified Tools

While a transition to electronic verification presents certain risks to terminal operators, there are some steps that security officers can take to get ahead of the proposed changes and minimize those risks. TSA updates its QTL on a regular basis, providing terminal and ship operators with a carefully curated selection of vendors and products to consider that meet regulatory requirements. Investing some time in evaluating QTL-certified providers and the solutions they offer can assist security officers in adopting a systems approach to ensuring their infrastructure’s security. Consideration of the hazards and value of handled cargo, in conjunction with the broader security plan requirements of the Coast Guard with QTL-approved solutions, puts security officers in the best position to meet their responsibilities.

A key feature of TWIC readers is that they compare presented credentials to the agency’s daily updated canceled card list for an immediate security flag. In addition, some QTL readers include software that allows maritime operators to customize their security protocols. Certain readers may have the capability to scan a variety of authoritative credentials (Federal “PIV” or Commercial “PIV-I”) beyond TWIC to help facilitate additional terminal-specific access controls for those desiring to enter the facilities. Some readers have the ability create tailored barment lists, allowing guards to conduct automatic and instantaneous comparisons between credentials and an individual’s facility status.

TSA breaks down vendors further according to whether or not readers are fixed or portable. Depending on a maritime terminal’s needs, a portable device may offer greater flexibility in daily operations. Security officers would be able to move around and check credentials, doing spot checks at different locations within a facility rather than just checking credentials at the gate. Such flexibility could help reduce backlogs and keep commerce moving.

The costs for implementing a QTL reader solution will vary depending on the hardware, software and chosen feature set. However, maritime terminals can get help in funding their upgrades through the Federal Emergency Management Agency (FEMA) Port Security Grant Program (PSGP) that offers funding assistance to eligible operations. In fiscal year 2014, $100 million was made available to support maritime transportation infrastructure security activities; 55 percent of monies are allocated to the highest risk port areas in the country; 45 percent is dedicated to the remaining qualifying ports.

While owners and operators of federally-regulated terminals are encouraged to apply for PSGP funding, the process requires dedication. FEMA recommends setting aside 15 business days to complete the five-step process. Some vendors of the QTL are well-versed in the grant application process and can provide some assistance. If funds are awarded, a maritime terminal has 24 months to implement its projects, and recipients must agree to regular financial and programmatic reporting, as well as FEMA oversight.

Supplementing TWIC with even Greater Assurance

Along with investigating a QTL solution, security officers may want to consider a particular vendor’s broader security capabilities. Some vendors have amassed significant experience in providing identity and access management solutions to highly-sensitive government, military and civilian facilities. Consider the track record of these vendors’ installations to get a sense of their identity assurance and electronic verification capabilities.

As security requirements are likely to become more stringent over time, a maritime operation may want to consider additional means to bolster identification solutions, particularly if dealing with commodities considered a higher risk for targeting by terrorists. TWIC offers a certain level of assurance, as individuals must pass an FBI background check. However, criminal records are only evaluated for TWIC eligibility at the time of issuance and reissuance, and not all felony convictions may result in disqualification. Additionally, individuals holding TWICs are responsible for reporting convictions that may adversely affect their eligibility.

For maritime terminal operators who desire a higher level of assurance, it may be worthwhile to consider utilizing a TWIC verification solution that provides a more robust and ongoing vetting program. Some of today’s more advanced systems refresh eligibility on a regular basis and conduct recurring background checks, incorporating the latest records to ensure that port security stays constant even when people change.

Keeping America’s ports, waterways and vessels secure is no small task. To protect their facilities, cargo and commercial viability, operators must adopt robust security management solutions that are equipped to handle the demands of today and the technological advancements and regulatory requirements of tomorrow. By investing time now into researching options and pursuing the available financial assistance, maritime terminals can position themselves to ensure the next level of port security.

This article originally appeared in the October 2014 issue of Security Today.

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

New Products

  • A8V MIND

    A8V MIND

    Hexagon’s Geosystems presents a portable version of its Accur8vision detection system. A rugged all-in-one solution, the A8V MIND (Mobile Intrusion Detection) is designed to provide flexible protection of critical outdoor infrastructure and objects. Hexagon’s Accur8vision is a volumetric detection system that employs LiDAR technology to safeguard entire areas. Whenever it detects movement in a specified zone, it automatically differentiates a threat from a nonthreat, and immediately notifies security staff if necessary. Person detection is carried out within a radius of 80 meters from this device. Connected remotely via a portable computer device, it enables remote surveillance and does not depend on security staff patrolling the area.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.”