Welcome!

News Feed Item

Recent Trade Press Articles Inaccurately Depict TWIC Program

WASHINGTON, DC -- (Marketwire) -- 01/17/13 -- The International Biometrics & Identification Association (IBIA) strongly disagrees with recent media articles that conclude that the Transportation Worker Identification Credential (TWIC) program "doesn't work" or is "broken."(1) Several recent media articles have cited a public notice by the Department of Defense (DOD) as evidence supporting their conclusion.

According to Tovah LaDier, IBIA's Managing Director, "What appears to have happened is that people who are not familiar with the intricacies of the TWIC program or have not thoroughly investigated the subject matter have taken a simple DOD announcement out of context, thereby undermining a valuable, successful, and important national security program." She further stated, "Several analysts interpret the DOD policy statement to mean that TWIC cards are not secure and have painted TWIC as a 'failed' program. This could not be further from the truth."

As background, the TWIC program is a maritime security program that is jointly managed by the Transportation Security Administration (TSA) and the U.S. Coast Guard. The U.S. Army Military Surface Deployment and Distribution Command (SDDC) issued a notice(2) in the Federal Register (FR) on December 10, 2012 that rescinded a previous policy that permitted commercial users to use their TWIC cards to access a DOD website providing defense logistical transportation applications. The FR notice states that "TWIC does not meet DOD security standards and cannot be used as of January 29, 2013."

The TWIC card is a highly secure and tamper-resistant "smart" card identification credential with sophisticated features such as an integrated circuit chip, digital certificates, and biometric identifiers. The TWIC card was mandated by Congress through the Maritime Transportation Security Act of 2002. Congress always intended for TWIC cards to be used to enhance the security of the nation's maritime infrastructure by confirming the identity of transportation workers seeking unescorted access to secure areas of regulated maritime facilities and vessels. TWIC cards were never intended to be used for on-line access.

It is not clear why DOD allowed access to one of its computer systems using a TWIC card in the first place. However, if the writers of the previously referenced articles had researched the background of the DOD FR notice, they would have learned that the reason behind the DOD policy change was that DOD realized that the TWIC card was not cross-certified with the Federal Public Key Infrastructure (FPKI) as required by DOD policy. The FPKI is administered by an interagency body set up to enforce digital certificate standards for trusted identity authentication across federal agencies and between federal agencies and outside bodies, like universities, state and local governments, and commercial entities. The TWIC card was never intended for use in this type of on-line federated identity authentication infrastructure.

TWIC digital certificates have always been based on TSA's own self-managed Certificate Authority (CA) for issuing and revoking the digital certificates contained on the TWIC card. The TWIC card did not suddenly change or become "weak" in terms of its security. In IBIA's view, DOD simply realized that the TWIC card was not in compliance with its own policy that digital certificates used to access DOD web applications be cross-certified with the FPKI.

DOD recognizes that the TWIC is a secure credential and that the TWIC issuance process, with its rigorous background screening and vetting, is trustworthy for determining eligibility for physical access to DOD military facilities and installations. In its recently updated DOD Directive (DTM 09-12)(3), DOD declares that the TWIC card meets DOD access control standards for non-DOD personnel seeking physical entry to DOD installations and facilities. The Directive states that "The Transportation Worker Identification Credential (TWIC) holders vetting, adjudication, and issuance process is comparable to the NACI and/or National Agency Check with Law and Credit or, when implemented, OPM Tier I standard, and shall be considered identity proofed."

IBIA believes that the TWIC program is an important contributor to the security of the nation. The TSA has conducted a thorough background check and security threat assessment on 2.4 million TWIC card holders. Those individuals who had disqualifying criminal offenses or who represented a threat to our security have been screened out and are no longer welcome in the most sensitive areas of our critical transportation infrastructure. The hard-working people of the TSA and Coast Guard deserve our thanks and appreciation for their efforts in making our nation safer.

ABOUT IBIA. IBIA is a non-profit trade group that advocates and promotes the responsible use of technologies for managing human identity. It fulfills its mission through advocacy, education and outreach. For more, please visit www.ibia.org

(1) For an example article, see http://www.wnd.com/2013/01/420-million-tsa-program-doesnt-work/
(2) See Federal Register Vol. 77, No. 237, Page 73455
(3) Department of Defense Directive-Type Memorandum (DTM) 09-012, "Interim Policy Guidance for DoD Physical Access Control" dated December 8, 2009 and re-issued on September 9, 2012.

Contact:
Tovah LaDier
Tel: (202) 587-4855

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
Have you ever noticed how some IT people seem to lead successful, rewarding, and satisfying lives and careers, while others struggle? IT author and speaker Don Crawley uncovered the five principles that successful IT people use to build satisfying lives and careers and he shares them in this fast-paced, thought-provoking webinar. You'll learn the importance of striking a balance with technical skills and people skills, challenge your pre-existing ideas about IT customer service, and gain new in...
SYS-CON Events announced today that T-Mobile will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. As America's Un-carrier, T-Mobile US, Inc., is redefining the way consumers and businesses buy wireless services through leading product and service innovation. The Company's advanced nationwide 4G LTE network delivers outstanding wireless experiences to 67.4 million customers who are unwilling to compromise on ...
In his session at @ThingsExpo, Eric Lachapelle, CEO of the Professional Evaluation and Certification Board (PECB), will provide an overview of various initiatives to certifiy the security of connected devices and future trends in ensuring public trust of IoT. Eric Lachapelle is the Chief Executive Officer of the Professional Evaluation and Certification Board (PECB), an international certification body. His role is to help companies and individuals to achieve professional, accredited and worldw...
SYS-CON Events announced today that Juniper Networks (NYSE: JNPR), an industry leader in automated, scalable and secure networks, will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Juniper Networks challenges the status quo with products, solutions and services that transform the economics of networking. The company co-innovates with customers and partners to deliver automated, scalable and secure network...
SYS-CON Events announced today that Infranics will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Since 2000, Infranics has developed SysMaster Suite, which is required for the stable and efficient management of ICT infrastructure. The ICT management solution developed and provided by Infranics continues to add intelligence to the ICT infrastructure through the IMC (Infra Management Cycle) based on mathemat...
SYS-CON Events announced today that SD Times | BZ Media has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. BZ Media LLC is a high-tech media company that produces technical conferences and expositions, and publishes a magazine, newsletters and websites in the software development, SharePoint, mobile development and commercial UAV markets.
SYS-CON Events announced today that Cloudistics, an on-premises cloud computing company, has been named “Bronze Sponsor” of SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. Cloudistics delivers a complete public cloud experience with composable on-premises infrastructures to medium and large enterprises. Its software-defined technology natively converges network, storage, compute, virtualization, and management into a ...
Now that the world has connected “things,” we need to build these devices as truly intelligent in order to create instantaneous and precise results. This means you have to do as much of the processing at the point of entry as you can: at the edge. The killer use cases for IoT are becoming manifest through AI engines on edge devices. An autonomous car has this dual edge/cloud analytics model, producing precise, real-time results. In his session at @ThingsExpo, John Crupi, Vice President and Eng...
Historically, some banking activities such as trading have been relying heavily on analytics and cutting edge algorithmic tools. The coming of age of powerful data analytics solutions combined with the development of intelligent algorithms have created new opportunities for financial institutions. In his session at 20th Cloud Expo, Sebastien Meunier, Head of Digital for North America at Chappuis Halder & Co., will discuss how these tools can be leveraged to develop a lasting competitive advanta...
SYS-CON Events announced today that HTBase will exhibit at SYS-CON's 20th International Cloud Expo®, which will take place on June 6-8, 2017, at the Javits Center in New York City, NY. HTBase (Gartner 2016 Cool Vendor) delivers a Composable IT infrastructure solution architected for agility and increased efficiency. It turns compute, storage, and fabric into fluid pools of resources that are easily composed and re-composed to meet each application’s needs. With HTBase, companies can quickly prov...
There are 66 million network cameras capturing terabytes of data. How did factories in Japan improve physical security at the facilities and improve employee productivity? Edge Computing reduces possible kilobytes of data collected per second to only a few kilobytes of data transmitted to the public cloud every day. Data is aggregated and analyzed close to sensors so only intelligent results need to be transmitted to the cloud. Non-essential data is recycled to optimize storage.
"I think that everyone recognizes that for IoT to really realize its full potential and value that it is about creating ecosystems and marketplaces and that no single vendor is able to support what is required," explained Esmeralda Swartz, VP, Marketing Enterprise and Cloud at Ericsson, in this SYS-CON.tv interview at @ThingsExpo, held June 7-9, 2016, at the Javits Center in New York City, NY.
While DevOps most critically and famously fosters collaboration, communication, and integration through cultural change, culture is more of an output than an input. In order to actively drive cultural evolution, organizations must make substantial organizational and process changes, and adopt new technologies, to encourage a DevOps culture. Moderated by Andi Mann, panelists discussed how to balance these three pillars of DevOps, where to focus attention (and resources), where organizations might...
SYS-CON Events announced today that IoT Now has been named “Media Sponsor” of SYS-CON's 20th International Cloud Expo, which will take place on June 6–8, 2017, at the Javits Center in New York City, NY. IoT Now explores the evolving opportunities and challenges facing CSPs, and it passes on some lessons learned from those who have taken the first steps in next-gen IoT services.
In their Live Hack” presentation at 17th Cloud Expo, Stephen Coty and Paul Fletcher, Chief Security Evangelists at Alert Logic, provided the audience with a chance to see a live demonstration of the common tools cyber attackers use to attack cloud and traditional IT systems. This “Live Hack” used open source attack tools that are free and available for download by anybody. Attendees learned where to find and how to operate these tools for the purpose of testing their own IT infrastructure. The...