Welcome!

News Feed Item

Recent Trade Press Articles Inaccurately Depict TWIC Program

WASHINGTON, DC -- (Marketwire) -- 01/17/13 -- The International Biometrics & Identification Association (IBIA) strongly disagrees with recent media articles that conclude that the Transportation Worker Identification Credential (TWIC) program "doesn't work" or is "broken."(1) Several recent media articles have cited a public notice by the Department of Defense (DOD) as evidence supporting their conclusion.

According to Tovah LaDier, IBIA's Managing Director, "What appears to have happened is that people who are not familiar with the intricacies of the TWIC program or have not thoroughly investigated the subject matter have taken a simple DOD announcement out of context, thereby undermining a valuable, successful, and important national security program." She further stated, "Several analysts interpret the DOD policy statement to mean that TWIC cards are not secure and have painted TWIC as a 'failed' program. This could not be further from the truth."

As background, the TWIC program is a maritime security program that is jointly managed by the Transportation Security Administration (TSA) and the U.S. Coast Guard. The U.S. Army Military Surface Deployment and Distribution Command (SDDC) issued a notice(2) in the Federal Register (FR) on December 10, 2012 that rescinded a previous policy that permitted commercial users to use their TWIC cards to access a DOD website providing defense logistical transportation applications. The FR notice states that "TWIC does not meet DOD security standards and cannot be used as of January 29, 2013."

The TWIC card is a highly secure and tamper-resistant "smart" card identification credential with sophisticated features such as an integrated circuit chip, digital certificates, and biometric identifiers. The TWIC card was mandated by Congress through the Maritime Transportation Security Act of 2002. Congress always intended for TWIC cards to be used to enhance the security of the nation's maritime infrastructure by confirming the identity of transportation workers seeking unescorted access to secure areas of regulated maritime facilities and vessels. TWIC cards were never intended to be used for on-line access.

It is not clear why DOD allowed access to one of its computer systems using a TWIC card in the first place. However, if the writers of the previously referenced articles had researched the background of the DOD FR notice, they would have learned that the reason behind the DOD policy change was that DOD realized that the TWIC card was not cross-certified with the Federal Public Key Infrastructure (FPKI) as required by DOD policy. The FPKI is administered by an interagency body set up to enforce digital certificate standards for trusted identity authentication across federal agencies and between federal agencies and outside bodies, like universities, state and local governments, and commercial entities. The TWIC card was never intended for use in this type of on-line federated identity authentication infrastructure.

TWIC digital certificates have always been based on TSA's own self-managed Certificate Authority (CA) for issuing and revoking the digital certificates contained on the TWIC card. The TWIC card did not suddenly change or become "weak" in terms of its security. In IBIA's view, DOD simply realized that the TWIC card was not in compliance with its own policy that digital certificates used to access DOD web applications be cross-certified with the FPKI.

DOD recognizes that the TWIC is a secure credential and that the TWIC issuance process, with its rigorous background screening and vetting, is trustworthy for determining eligibility for physical access to DOD military facilities and installations. In its recently updated DOD Directive (DTM 09-12)(3), DOD declares that the TWIC card meets DOD access control standards for non-DOD personnel seeking physical entry to DOD installations and facilities. The Directive states that "The Transportation Worker Identification Credential (TWIC) holders vetting, adjudication, and issuance process is comparable to the NACI and/or National Agency Check with Law and Credit or, when implemented, OPM Tier I standard, and shall be considered identity proofed."

IBIA believes that the TWIC program is an important contributor to the security of the nation. The TSA has conducted a thorough background check and security threat assessment on 2.4 million TWIC card holders. Those individuals who had disqualifying criminal offenses or who represented a threat to our security have been screened out and are no longer welcome in the most sensitive areas of our critical transportation infrastructure. The hard-working people of the TSA and Coast Guard deserve our thanks and appreciation for their efforts in making our nation safer.

ABOUT IBIA. IBIA is a non-profit trade group that advocates and promotes the responsible use of technologies for managing human identity. It fulfills its mission through advocacy, education and outreach. For more, please visit www.ibia.org

(1) For an example article, see http://www.wnd.com/2013/01/420-million-tsa-program-doesnt-work/
(2) See Federal Register Vol. 77, No. 237, Page 73455
(3) Department of Defense Directive-Type Memorandum (DTM) 09-012, "Interim Policy Guidance for DoD Physical Access Control" dated December 8, 2009 and re-issued on September 9, 2012.

Contact:
Tovah LaDier
Tel: (202) 587-4855

More Stories By Marketwired .

Copyright © 2009 Marketwired. All rights reserved. All the news releases provided by Marketwired are copyrighted. Any forms of copying other than an individual user's personal reference without express written permission is prohibited. Further distribution of these materials is strictly forbidden, including but not limited to, posting, emailing, faxing, archiving in a public database, redistributing via a computer network or in a printed form.

Latest Stories
What happens when the different parts of a vehicle become smarter than the vehicle itself? As we move toward the era of smart everything, hundreds of entities in a vehicle that communicate with each other, the vehicle and external systems create a need for identity orchestration so that all entities work as a conglomerate. Much like an orchestra without a conductor, without the ability to secure, control, and connect the link between a vehicle’s head unit, devices, and systems and to manage the ...
An IoT product’s log files speak volumes about what’s happening with your products in the field, pinpointing current and potential issues, and enabling you to predict failures and save millions of dollars in inventory. But until recently, no one knew how to listen. In his session at @ThingsExpo, Dan Gettens, Chief Research Officer at OnProcess, discussed recent research by Massachusetts Institute of Technology and OnProcess Technology, where MIT created a new, breakthrough analytics model for ...
IoT is rapidly changing the way enterprises are using data to improve business decision-making. In order to derive business value, organizations must unlock insights from the data gathered and then act on these. In their session at @ThingsExpo, Eric Hoffman, Vice President at EastBanc Technologies, and Peter Shashkin, Head of Development Department at EastBanc Technologies, discussed how one organization leveraged IoT, cloud technology and data analysis to improve customer experiences and effici...
Everyone knows that truly innovative companies learn as they go along, pushing boundaries in response to market changes and demands. What's more of a mystery is how to balance innovation on a fresh platform built from scratch with the legacy tech stack, product suite and customers that continue to serve as the business' foundation. In his General Session at 19th Cloud Expo, Michael Chambliss, Head of Engineering at ReadyTalk, discussed why and how ReadyTalk diverted from healthy revenue and mor...
The 20th International Cloud Expo has announced that its Call for Papers is open. Cloud Expo, to be held June 6-8, 2017, at the Javits Center in New York City, brings together Cloud Computing, Big Data, Internet of Things, DevOps, Containers, Microservices and WebRTC to one location. With cloud computing driving a higher percentage of enterprise IT budgets every year, it becomes increasingly important to plant your flag in this fast-expanding business opportunity. Submit your speaking proposal ...
In this strange new world where more and more power is drawn from business technology, companies are effectively straddling two paths on the road to innovation and transformation into digital enterprises. The first path is the heritage trail – with “legacy” technology forming the background. Here, extant technologies are transformed by core IT teams to provide more API-driven approaches. Legacy systems can restrict companies that are transitioning into digital enterprises. To truly become a lead...
You have great SaaS business app ideas. You want to turn your idea quickly into a functional and engaging proof of concept. You need to be able to modify it to meet customers' needs, and you need to deliver a complete and secure SaaS application. How could you achieve all the above and yet avoid unforeseen IT requirements that add unnecessary cost and complexity? You also want your app to be responsive in any device at any time. In his session at 19th Cloud Expo, Mark Allen, General Manager of...
The Internet of Things (IoT) promises to simplify and streamline our lives by automating routine tasks that distract us from our goals. This promise is based on the ubiquitous deployment of smart, connected devices that link everything from industrial control systems to automobiles to refrigerators. Unfortunately, comparatively few of the devices currently deployed have been developed with an eye toward security, and as the DDoS attacks of late October 2016 have demonstrated, this oversight can ...
"MathFreeOn.com is a line coding platform for engineers and scientists. When they want to solve an engineering problem and they have to use software - they have to pay a lot of money for licenses - but with MathFreeOn you don't have to pay a lot of money. Just go to our site and write the code and you can check the result right away," explained Simon Lee, CMO of MathFreeOn, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Cla...
In his session at 19th Cloud Expo, Claude Remillard, Principal Program Manager in Developer Division at Microsoft, contrasted how his team used config as code and immutable patterns for continuous delivery of microservices and apps to the cloud. He showed how the immutable patterns helps developers do away with most of the complexity of config as code-enabling scenarios such as rollback, zero downtime upgrades with far greater simplicity. He also demoed building immutable pipelines in the cloud ...
As data explodes in quantity, importance and from new sources, the need for managing and protecting data residing across physical, virtual, and cloud environments grow with it. Managing data includes protecting it, indexing and classifying it for true, long-term management, compliance and E-Discovery. Commvault can ensure this with a single pane of glass solution – whether in a private cloud, a Service Provider delivered public cloud or a hybrid cloud environment – across the heterogeneous enter...
Bert Loomis was a visionary. This general session will highlight how Bert Loomis and people like him inspire us to build great things with small inventions. In their general session at 19th Cloud Expo, Harold Hannon, Architect at IBM Bluemix, and Michael O'Neill, Strategic Business Development at Nvidia, discussed the accelerating pace of AI development and how IBM Cloud and NVIDIA are partnering to bring AI capabilities to "every day," on-demand. They also reviewed two "free infrastructure" pr...
In his session at Cloud Expo, Robert Cohen, an economist and senior fellow at the Economic Strategy Institute, provideed economic scenarios that describe how the rapid adoption of software-defined everything including cloud services, SDDC and open networking will change GDP, industry growth, productivity and jobs. This session also included a drill down for several industries such as finance, social media, cloud service providers and pharmaceuticals.
"Dice has been around for the last 20 years. We have been helping tech professionals find new jobs and career opportunities," explained Manish Dixit, VP of Product and Engineering at Dice, in this SYS-CON.tv interview at 19th Cloud Expo, held November 1-3, 2016, at the Santa Clara Convention Center in Santa Clara, CA.
Extracting business value from Internet of Things (IoT) data doesn’t happen overnight. There are several requirements that must be satisfied, including IoT device enablement, data analysis, real-time detection of complex events and automated orchestration of actions. Unfortunately, too many companies fall short in achieving their business goals by implementing incomplete solutions or not focusing on tangible use cases. In his general session at @ThingsExpo, Dave McCarthy, Director of Products...