Click here to close now.




















Welcome!

News Feed Item

Recent Trade Press Articles Inaccurately Depict TWIC Program

WASHINGTON, DC -- (Marketwire) -- 01/17/13 -- The International Biometrics & Identification Association (IBIA) strongly disagrees with recent media articles that conclude that the Transportation Worker Identification Credential (TWIC) program "doesn't work" or is "broken."(1) Several recent media articles have cited a public notice by the Department of Defense (DOD) as evidence supporting their conclusion.

According to Tovah LaDier, IBIA's Managing Director, "What appears to have happened is that people who are not familiar with the intricacies of the TWIC program or have not thoroughly investigated the subject matter have taken a simple DOD announcement out of context, thereby undermining a valuable, successful, and important national security program." She further stated, "Several analysts interpret the DOD policy statement to mean that TWIC cards are not secure and have painted TWIC as a 'failed' program. This could not be further from the truth."

As background, the TWIC program is a maritime security program that is jointly managed by the Transportation Security Administration (TSA) and the U.S. Coast Guard. The U.S. Army Military Surface Deployment and Distribution Command (SDDC) issued a notice(2) in the Federal Register (FR) on December 10, 2012 that rescinded a previous policy that permitted commercial users to use their TWIC cards to access a DOD website providing defense logistical transportation applications. The FR notice states that "TWIC does not meet DOD security standards and cannot be used as of January 29, 2013."

The TWIC card is a highly secure and tamper-resistant "smart" card identification credential with sophisticated features such as an integrated circuit chip, digital certificates, and biometric identifiers. The TWIC card was mandated by Congress through the Maritime Transportation Security Act of 2002. Congress always intended for TWIC cards to be used to enhance the security of the nation's maritime infrastructure by confirming the identity of transportation workers seeking unescorted access to secure areas of regulated maritime facilities and vessels. TWIC cards were never intended to be used for on-line access.

It is not clear why DOD allowed access to one of its computer systems using a TWIC card in the first place. However, if the writers of the previously referenced articles had researched the background of the DOD FR notice, they would have learned that the reason behind the DOD policy change was that DOD realized that the TWIC card was not cross-certified with the Federal Public Key Infrastructure (FPKI) as required by DOD policy. The FPKI is administered by an interagency body set up to enforce digital certificate standards for trusted identity authentication across federal agencies and between federal agencies and outside bodies, like universities, state and local governments, and commercial entities. The TWIC card was never intended for use in this type of on-line federated identity authentication infrastructure.

TWIC digital certificates have always been based on TSA's own self-managed Certificate Authority (CA) for issuing and revoking the digital certificates contained on the TWIC card. The TWIC card did not suddenly change or become "weak" in terms of its security. In IBIA's view, DOD simply realized that the TWIC card was not in compliance with its own policy that digital certificates used to access DOD web applications be cross-certified with the FPKI.

DOD recognizes that the TWIC is a secure credential and that the TWIC issuance process, with its rigorous background screening and vetting, is trustworthy for determining eligibility for physical access to DOD military facilities and installations. In its recently updated DOD Directive (DTM 09-12)(3), DOD declares that the TWIC card meets DOD access control standards for non-DOD personnel seeking physical entry to DOD installations and facilities. The Directive states that "The Transportation Worker Identification Credential (TWIC) holders vetting, adjudication, and issuance process is comparable to the NACI and/or National Agency Check with Law and Credit or, when implemented, OPM Tier I standard, and shall be considered identity proofed."

IBIA believes that the TWIC program is an important contributor to the security of the nation. The TSA has conducted a thorough background check and security threat assessment on 2.4 million TWIC card holders. Those individuals who had disqualifying criminal offenses or who represented a threat to our security have been screened out and are no longer welcome in the most sensitive areas of our critical transportation infrastructure. The hard-working people of the TSA and Coast Guard deserve our thanks and appreciation for their efforts in making our nation safer.

ABOUT IBIA. IBIA is a non-profit trade group that advocates and promotes the responsible use of technologies for managing human identity. It fulfills its mission through advocacy, education and outreach. For more, please visit www.ibia.org

(1) For an example article, see http://www.wnd.com/2013/01/420-million-tsa-program-doesnt-work/
(2) See Federal Register Vol. 77, No. 237, Page 73455
(3) Department of Defense Directive-Type Memorandum (DTM) 09-012, "Interim Policy Guidance for DoD Physical Access Control" dated December 8, 2009 and re-issued on September 9, 2012.

Contact:
Tovah LaDier
Tel: (202) 587-4855

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
SYS-CON Events announced today that HPM Networks will exhibit at the 17th International Cloud Expo®, which will take place on November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. For 20 years, HPM Networks has been integrating technology solutions that solve complex business challenges. HPM Networks has designed solutions for both SMB and enterprise customers throughout the San Francisco Bay Area.
For IoT to grow as quickly as analyst firms’ project, a lot is going to fall on developers to quickly bring applications to market. But the lack of a standard development platform threatens to slow growth and make application development more time consuming and costly, much like we’ve seen in the mobile space. In his session at @ThingsExpo, Mike Weiner, Product Manager of the Omega DevCloud with KORE Telematics Inc., discussed the evolving requirements for developers as IoT matures and conducte...
The Software Defined Data Center (SDDC), which enables organizations to seamlessly run in a hybrid cloud model (public + private cloud), is here to stay. IDC estimates that the software-defined networking market will be valued at $3.7 billion by 2016. Security is a key component and benefit of the SDDC, and offers an opportunity to build security 'from the ground up' and weave it into the environment from day one. In his session at 16th Cloud Expo, Reuven Harrison, CTO and Co-Founder of Tufin,...
With SaaS use rampant across organizations, how can IT departments track company data and maintain security? More and more departments are commissioning their own solutions and bypassing IT. A cloud environment is amorphous and powerful, allowing you to set up solutions for all of your user needs: document sharing and collaboration, mobile access, e-mail, even industry-specific applications. In his session at 16th Cloud Expo, Shawn Mills, President and a founder of Green House Data, discussed h...
Mobile, social, Big Data, and cloud have fundamentally changed the way we live. “Anytime, anywhere” access to data and information is no longer a luxury; it’s a requirement, in both our personal and professional lives. For IT organizations, this means pressure has never been greater to deliver meaningful services to the business and customers.
Container technology is sending shock waves through the world of cloud computing. Heralded as the 'next big thing,' containers provide software owners a consistent way to package their software and dependencies while infrastructure operators benefit from a standard way to deploy and run them. Containers present new challenges for tracking usage due to their dynamic nature. They can also be deployed to bare metal, virtual machines and various cloud platforms. How do software owners track the usag...
The Internet of Everything (IoE) brings together people, process, data and things to make networked connections more relevant and valuable than ever before – transforming information into knowledge and knowledge into wisdom. IoE creates new capabilities, richer experiences, and unprecedented opportunities to improve business and government operations, decision making and mission support capabilities.
There are many considerations when moving applications from on-premise to cloud. It is critical to understand the benefits and also challenges of this migration. A successful migration will result in lower Total Cost of Ownership, yet offer the same or higher level of robustness. In his session at 15th Cloud Expo, Michael Meiner, an Engineering Director at Oracle, Corporation, analyzed a range of cloud offerings (IaaS, PaaS, SaaS) and discussed the benefits/challenges of migrating to each offe...
Puppet Labs has announced the next major update to its flagship product: Puppet Enterprise 2015.2. This release includes new features providing DevOps teams with clarity, simplicity and additional management capabilities, including an all-new user interface, an interactive graph for visualizing infrastructure code, a new unified agent and broader infrastructure support.
Chuck Piluso presented a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. Prior to Secure Infrastructure and Services, Mr. Piluso founded North American Telecommunication Corporation, a facilities-based Competitive Local Exchange Carrier licensed by the Public Service Commission in 10 states, serving as the company's chairman and president from 1997 to 2000. Between 1990 and 1997, Mr. Piluso served as chairman & founder of International Te...
One of the hottest areas in cloud right now is DRaaS and related offerings. In his session at 16th Cloud Expo, Dale Levesque, Disaster Recovery Product Manager with Windstream's Cloud and Data Center Marketing team, will discuss the benefits of the cloud model, which far outweigh the traditional approach, and how enterprises need to ensure that their needs are properly being met.
SYS-CON Events announced today that MobiDev, a software development company, will exhibit at the 17th International Cloud Expo®, which will take place November 3–5, 2015, at the Santa Clara Convention Center in Santa Clara, CA. MobiDev is a software development company with representative offices in Atlanta (US), Sheffield (UK) and Würzburg (Germany); and development centers in Ukraine. Since 2009 it has grown from a small group of passionate engineers and business managers to a full-scale mobi...
Learn how to solve the problem of keeping files in sync between multiple Docker containers. In his session at 16th Cloud Expo, Aaron Brongersma, Senior Infrastructure Engineer at Modulus, discussed using rsync, GlusterFS, EBS and Bit Torrent Sync. He broke down the tools that are needed to help create a seamless user experience. In the end, can we have an environment where we can easily move Docker containers, servers, and volumes without impacting our applications? He shared his results so yo...
Palerra, the cloud security automation company, announced enhanced support for Amazon AWS, allowing IT security and DevOps teams to automate activity and configuration monitoring, anomaly detection, and orchestrated remediation, thereby meeting compliance mandates within complex infrastructure deployments. "Monitoring and threat detection for AWS is a non-trivial task. While Amazon's flexible environment facilitates successful DevOps implementations, it adds another layer, which can become a ...
In their session at 17th Cloud Expo, Hal Schwartz, CEO of Secure Infrastructure & Services (SIAS), and Chuck Paolillo, CTO of Secure Infrastructure & Services (SIAS), provide a study of cloud adoption trends and the power and flexibility of IBM Power and Pureflex cloud solutions. In his role as CEO of Secure Infrastructure & Services (SIAS), Hal Schwartz provides leadership and direction for the company.