Security Within Reach

Terminals have been ramping up security for more than a decade

Since the aftermath of 9/11, the United States has intensified transportation security efforts across the board. For most of us, stronger security measures have been focused at the nation’s airports, where travelers are subject to more stringent screening protocols. But, other critical points of transportation infrastructure have been impacted by the need for heightened vigilance as well.

The country’s maritime terminals have been ramping up security since 2002, navigating requirements from various authorities and implementing technological advancements to protect the maritime economic infrastructure from terrorism.

America’s ports, waterways and vessels are involved in billions of dollars of commerce on an annual basis. Because of their size, proximity to metropolitan areas, volume and value of cargo, and integral place in the global supply chain, U.S. ports are potentially attractive targets for terrorist activity. While security is of paramount importance, terminal operators must find ways to balance vigilance with commerce to ensure as little interruption as possible.

Progress in Securing Maritime Facilities

This past June, the Government Accountability Office (GAO) issued a new report describing progress made in elevating security in key areas of the country’s maritime terminals since the adoption of the Maritime Transportation Security Act (MTSA) of 2002. The MTSA provides a framework for developing assessments, plans and protocols for protecting ports and waterways. According to the report, the Department of Homeland Security (DHS) and its agencies, particularly the Coast Guard and Customs and Border Protection (CBP), have made significant progress in implementing security measures. However, challenges remain; among them is the implementation of biometric identification programs.

Through a program administered by the Transportation Security Administration (TSA) and the Coast Guard, MTSA-regulated maritime facilities and vessels must require workers to obtain biometric identification cards for unescorted access to secure areas of maritime facilities and U.S.-flagged vessels. Currently, at most maritime terminals, these Transportation Worker Identification Credentials (TWIC) are verified by visual inspection; but, if proposed regulations are approved, those terminals may need to adopt a process that validates credentials electronically.

Potential Pain Points for Terminal Operators

To meet proposed electronic verification rules, terminal operators would need to acquire specially-certified verification readers that are on the TSA’s Qualified Technology List (QTL). In anticipation of legislation that will require a greater use of this technology, some operators have already made an investment in such readers while others are holding off until receiving greater regulatory clarity. Ultimately, though, the switch seems to be inevitable.

Moving away from visual inspection of TWICs to electronic verification raises some concerns among maritime terminals. First, the timing and extent of the implementation of regulations could impact terminal operations. The Coast Guard, which is responsible for enforcement, could impose fines on terminals that are out of compliance. It could also prevent commerce at a facility that has not upgraded its systems to meet new regulations.

In addition, maritime terminals must consider the cost of implementing these new regulations. Depending on the QTL-certified product selected, the price for a system could result in an annual cost of tens of thousands of dollars per system.

Lastly, although it is often assumed that an electronic approach will speed up any processing need, this may not always be the case. Electronic verification may add more time to the screening process, especially under elevated threat conditions that may require multi-factor authentication, thereby slowing through-put into a terminal. Even an additional few seconds per screening can create back-up traffic in some of the nation’s busiest terminals and could adversely impact commercial activity.

Improving Transitions to QTL-certified Tools

While a transition to electronic verification presents certain risks to terminal operators, there are some steps that security officers can take to get ahead of the proposed changes and minimize those risks. TSA updates its QTL on a regular basis, providing terminal and ship operators with a carefully curated selection of vendors and products to consider that meet regulatory requirements. Investing some time in evaluating QTL-certified providers and the solutions they offer can assist security officers in adopting a systems approach to ensuring their infrastructure’s security. Consideration of the hazards and value of handled cargo, in conjunction with the broader security plan requirements of the Coast Guard with QTL-approved solutions, puts security officers in the best position to meet their responsibilities.

A key feature of TWIC readers is that they compare presented credentials to the agency’s daily updated canceled card list for an immediate security flag. In addition, some QTL readers include software that allows maritime operators to customize their security protocols. Certain readers may have the capability to scan a variety of authoritative credentials (Federal “PIV” or Commercial “PIV-I”) beyond TWIC to help facilitate additional terminal-specific access controls for those desiring to enter the facilities. Some readers have the ability create tailored barment lists, allowing guards to conduct automatic and instantaneous comparisons between credentials and an individual’s facility status.

TSA breaks down vendors further according to whether or not readers are fixed or portable. Depending on a maritime terminal’s needs, a portable device may offer greater flexibility in daily operations. Security officers would be able to move around and check credentials, doing spot checks at different locations within a facility rather than just checking credentials at the gate. Such flexibility could help reduce backlogs and keep commerce moving.

The costs for implementing a QTL reader solution will vary depending on the hardware, software and chosen feature set. However, maritime terminals can get help in funding their upgrades through the Federal Emergency Management Agency (FEMA) Port Security Grant Program (PSGP) that offers funding assistance to eligible operations. In fiscal year 2014, $100 million was made available to support maritime transportation infrastructure security activities; 55 percent of monies are allocated to the highest risk port areas in the country; 45 percent is dedicated to the remaining qualifying ports.

While owners and operators of federally-regulated terminals are encouraged to apply for PSGP funding, the process requires dedication. FEMA recommends setting aside 15 business days to complete the five-step process. Some vendors of the QTL are well-versed in the grant application process and can provide some assistance. If funds are awarded, a maritime terminal has 24 months to implement its projects, and recipients must agree to regular financial and programmatic reporting, as well as FEMA oversight.

Supplementing TWIC with even Greater Assurance

Along with investigating a QTL solution, security officers may want to consider a particular vendor’s broader security capabilities. Some vendors have amassed significant experience in providing identity and access management solutions to highly-sensitive government, military and civilian facilities. Consider the track record of these vendors’ installations to get a sense of their identity assurance and electronic verification capabilities.

As security requirements are likely to become more stringent over time, a maritime operation may want to consider additional means to bolster identification solutions, particularly if dealing with commodities considered a higher risk for targeting by terrorists. TWIC offers a certain level of assurance, as individuals must pass an FBI background check. However, criminal records are only evaluated for TWIC eligibility at the time of issuance and reissuance, and not all felony convictions may result in disqualification. Additionally, individuals holding TWICs are responsible for reporting convictions that may adversely affect their eligibility.

For maritime terminal operators who desire a higher level of assurance, it may be worthwhile to consider utilizing a TWIC verification solution that provides a more robust and ongoing vetting program. Some of today’s more advanced systems refresh eligibility on a regular basis and conduct recurring background checks, incorporating the latest records to ensure that port security stays constant even when people change.

Keeping America’s ports, waterways and vessels secure is no small task. To protect their facilities, cargo and commercial viability, operators must adopt robust security management solutions that are equipped to handle the demands of today and the technological advancements and regulatory requirements of tomorrow. By investing time now into researching options and pursuing the available financial assistance, maritime terminals can position themselves to ensure the next level of port security.

This article originally appeared in the October 2014 issue of Security Today.


  • The Need for a Comprehensive Strategy Addressing Cybersecurity and Quantum Technology

    The Need for a Comprehensive Strategy Addressing Cybersecurity and Quantum Technology

    Over the past two years, the Biden Administration has taken a series of steps centered on quantum and cybersecurity. Read Now

  • IoT Saves the Day

    IoT Saves the Day

    Today, creating a safe environment across schools, hotels, office buildings, housing complexes and other facilities has become a necessity. There are so many dangers lurking in buildings of all sizes and shapes from fire hazards, vaping issues, chemical/air quality issues, intruders and so much more. Read Now

  • One Pane, Less Pain

    One Pane, Less Pain

    Just because a solution is built on an open-standards platform doesn’t ensure that all the vendors’ systems will work together as promised. Some features may not be supported, or not supported to their fullest potential. Read Now

  • Revamping Wrigley Field

    Revamping Wrigley Field

    When talking about baseball in the United States, it’s hard not to think of the Chicago Cubs and Wrigley Field. With a history spanning more than 100 years, the Chicago Cubs are one of the most recognized teams in professional sports. Read Now

Featured Cybersecurity


New Products

  • Unique Oversized ID Card Printer

    Unique Oversized ID Card Printer

    Idesco Corp. is announcing its card printer – the XCR100 2.0 printer- that allows customers to personalize oversized ID cards on demand. The printer is ideal for assisting healthcare organizations find the right badging solution. As healthcare facilities continue to combat the spread of COVID-19, issuing oversized ID cards has helped identify staff clearly while adding an extra layer of security. The XCR100 2.0 printer is the only dye-sublimation printer on the market that can personalize CR100 cards (3.88" x 2.63"). The cards that are 42% larger than the standard credit card size. The printer can produce up to 180 full cards per hour in color, and up to 1,400 cards per hour in monochrome. An optional flipper is available to print dual-sided badges in one pass. Contactless encoding comes as an option to help healthcare facilities produce secure access badges on demand and the card printer features a 2-year warranty. 3

  • VideoEdge 2U High Capacity Network Video Recorder

    VideoEdge 2U High Capacity Network Video Recorder

    Johnson Controls announces a powerful recording solution to meet demanding requirements with its VideoEdge 2U High Capacity Network Video Recorder. This solution combines the powerful capabilities of victor with the intelligence of VideoEdge NVRs, fueled by Tyco Artificial Intelligence, for video management that provides actionable insights to save time, money and lives. 3

  • PDK IO Access Control Software

    PDK.IO Access Control Software

    ProdataKey now allows for "custom fields" within the interface of its software. Custom fields increase PDK's solutions' overall functionality by allowing administrators to include a wide range of pertinent data associated with each user. 3