Meeting Federal Requirements
Virgin Islands Port Authority secures the islands with access control
- By Kim Rahfaldt
- Feb 01, 2016
The U. S. Virgin Islands is a vacation destination for people around
the world. Located south of Florida, the islands of St. Croix, St.
John and St. Thomas are packed year round with tourists. Tourism
is 80 percent of the islands’ gross domestic product and employment.
Because the islands are located far from the mainland of the U.S.,
all goods are shipped via boat or plane, making the Virgin Islands Port Authority
(VIPA) an agency that touches all who enter or leave the islands.
SECURITY ON THE HIGH SEAS
VIPA controls two airports and 11 seaport facilities on the three islands, all of
which require different federally mandated security requirements to ensure the
safety of employees and tourists. To meet the diverse requirements, the Port
Authority contacted Transportation Technology Associates (formerly Transportation
Security Associates, LLC,) to help them find a security management system.
They wanted one that would control access, meet TWIC requirements at the seaport facilities that required it, and would secure the two airports that must meet
separate federal aviation regulations. The enterprise system also needed to operate
across the three islands.
Transportation Technology Associates Managing Partner, Jeff Brown and his
team worked on the project in three phases. First, they conducted a cost analysis
for the deployment of the equipment. Next, they completed the design and specification
process and assisted the Port throughout the bid process. After reviewing
a comparative analysis between their current legacy system and AMAG Technology’s
Symmetry Enterprise Security Management system, VIPA selected Symmetry.
Now, they needed to find an integrator to design and build the solution.
G4S Secure Integration was chosen to implement a unique and challenging
security solution. As VIPA’s systems integration partner, G4S Secure Integration
provided the final design and engineering, component and material procurements,
installation, testing, turn-up, and warranty for a turn-key TWIC implementation.
Lastly, they assisted with the construction and administration of the
project and ensured that the contractors built the system to the specifications
that were published.
“VIPA did not have any security systems at their maritime facilities,” said Khoa
Do, systems engineer II for G4S Secure Integration. “G4S implemented a physical
access control system in accordance with FIPS-201 guidelines for personal identity
verification (PIV) at VIPA’s 11 maritime facilities.”
MILES APART, SAME SYSTEM
The remote geographic location with each island being separated by miles of ocean
posed some challenges for the project, making air, land and sea transportation
necessary to complete the job. The G4S Secure Integration solution was installed
at every primary commercial point of entry on all three islands. The VIPA engineering
department who manages these facilities provided the customer vision and
financial resources to the complete the project. Jeff Lawlor, VIPA’s chief project
engineer, was instrumental in working closely with the team to ensure the outcome
of the project benefited the Virgin Islands as a whole and protected the territory
from undocumented entry.
Six port facilities located throughout the three islands were the driving force
behind the implementation of this project. Symmetry is used as a maritime access
control system integrated with TWIC to verify badging those who need to access
multiple marine facilities on the three islands. TWIC is required for those seeking
unescorted access to secure areas of port facilities and Coast Guard credentialed
vessels. Symmetry supports TWIC access control clearance.
“Individuals who need to access our ports must swipe in to the Symmetry system
with the TWIC to show they are authorized to be there,” said Jeff Lawlor,
Virgin Islands Port Authority, project manager.
Henry E. Rohlsen Airport on St. Croix and Cyril E. King Airport on St. Thomas
are the hubs for the access control system. Each contains a Security Operations
Center and Symmetry head-end. While the airports had an older system previously
installed, VIPA elected to upgrade both because there was no extra cost to do so.
G4S Secure Integration was able to integrate the access control with the airport’s
existing readers. It was installed at the two airports and at the six maritime facilities
that required TWIC. The other five maritime facilities did not require TWIC
and employees only need to show a badge to a security officer to enter.
“It was a sizeable project in that it was diverse and spanned a great distance, yet
was interconnected and worked together,” Brown said. “The idea was that all the
transactions would be tied back to the airports because that is where their current Security Operations Centers are for the aviation side.”
During the night, data is shared bilaterally so if one hub fails, the data is
backed-up and available in the future.
MEETING TWIC STANDARDS
Two VIPA cruise port facilities were required to meet TWIC access control standards,
as the government considers a cruising terminal critical due to the potential
for loss of life. The remaining four ports are cargo facilities, which are critical for
importing goods and consumables from the United States, and other locations.
“Meeting the requirements of the Code of Federal Regulations (33 CFR Part
105), specifically TWIC for maritime security for access control, was a major reason
VIPA choose the Symmetry system,” Brown said. “The software also helps
meet federal aviation requirements under 49 CFR Part 1542, Sub Part C as well.”
The aviation industry has had standards to control access into the Security
Identification Display Area (SIDA) for badges to access the secure areas, such
as baggage loading areas, taxiways, runways and boarding gates long before the
TWIC requirements were implemented.
MANAGING THREAT LEVELS
Using Symmetry Threat Level Manager, VIPA can set up their system to change
access card requirements at the touch of a button when the MARSEC (MARtime
SECurity) level changes. At MARSEC Level 1, which is normal operating conditions,
VIPA uses a biometric and card swipe at an unstaffed gate of the cruise terminal
portals. Only the biometric card is required at a staffed gate. At MARSEC
Level 2, there is a known threat at the national level and security plan procedures
must be followed in accordance to TWIC, which changes the requirements based
on each facility’s risk and consequence value. Biometrics must be used in all cases
with the access card, plus any other advanced measures the port may have in place.
Threat Level Manager allows the security staff to quickly change security levels
with literally one click of the mouse. Threat Level Manager allows VIPA to increase
security at all six port facilities and both airports, instantly providing a safe
environment for staff and visitors.
Airport employees use a SIDA access card that gives them access to the secure
side of an airport that also requires a biometric read to match the card holder.
They often must use multiple authentications to gain access to the air side (baggage
loading areas, taxiways, runways, boarding gates).
“With the aviation side, you either present a pin, you present a card and a pin,
or a card and a fingerprint to obtain access,” Brown said. “A physical biometric is
much more efficient than a PIN, and is required in their critical areas.”
Of the five facilities that do not have access control, an employee must only
show a security officer their card. Portable readers are charged up ready to randomly
check employees when necessary. The portable readers are connected to
Symmetry to track the transactions.
Symmetry controls gate and turnstile access, and integrates with video at both
airports. When an alarm sounds, the video begins recording so officers can view
and assess the situation. Graphical maps provide an easy to use view of the facility,
increasing response time.
Because activity at the seaports varies, security officers are able to remotely
view the port facilities and entry control points via Symmetry in the less populated
areas under surveillance. On St. John, the software allows the security staff
to speak with those who want access into the cargo area via an AI Phone audio
integration. Remote onsite guards can see and speak with the person, and they can
grant or deny access on the spot.
“On St. John, we have video, audio and remote control gates monitored remotely.
It’s a small island with limited resources. You can only
travel to the island by boat, and the volume of traffic is lower as
a result. We are able to manage remotely and still provide the
security our employees, residents and tourists have come to expect,”
This article originally appeared in the February 2016 issue of Security Today.