As set out here, the TSA port worker security ID card system is not ready for prime time:
The Transportation Security Administration will not begin enrolling port workers in a security program at Delaware’s Port of Wilmington on Monday as planned, according to an official familiar with the program. Delaware was supposed to be the first port to begin enrollment, with others to follow.UPDATE: Head of Homeland Security's recent speech on Port Security here:
“Technical difficulties” have been cited as the reason for the enrollment delay, said Lisa B. Himber, vice president of the Maritime Exchange for the Delaware River and Bay. Himber said she did not know the specific difficulties but that the delay is cause for concern.
“It’s certainly not an auspicious beginning,” Himber said.
The TWIC card will be tamper-proof and all employees with unescorted access to secure port areas will be required to have one. Eventually all transportation workers will be enrolled in the program.
Today, I would like to talk about three areas of port security that are critical areas for our department: first, keeping dangerous cargo out of the country and from entering our ports; second, strengthening the security of the infrastructure of our ports through the use of grant funding, as well as the work of the Coast Guard and Customs and Border Protection; and third, our plans for the Transportation Worker Identification Credential, which is designed to secure us against the possibility of infiltration from within.
Let me begin by discussing some key principles that apply to port security and, in fact, to all homeland security. First, we do not believe in security at any cost. We believe in risk management, which means looking at threats, vulnerabilities and consequences, weighing what are the risks we should be most concerned about, considering the measures we are looking to undertake, in terms of whether they are cost beneficial, and then weighing that in terms of making up a strategic plan.
We also believe in layered security. That's recognition of the fact that there's no magic bullet for security, whether it be our ports or elsewhere. Any single approach can fail. Therefore, the right answer is to build layers of security that build rings of protection. What that does is it counts on redundancy and on randomness as allies in building a total security network.
And this approach recognizes, of course, that ports themselves are part of a large network, a network that extends across the globe and requires us to measure security at every point from the element of manufacture, where you first take that which is going to be shipped and assemble it, all the way through to the ultimate delivery at the destination of the person who is receiving the consignment.
A third element of our strategy is to recognize that every port is different. A cookie-cutter approach to security will not work, and we don't want our security measures to do more harm than good. One of my favorite proposals is that which says we are derelict because we don't physically inspect every single container that comes into the country. How many here want us to do that? I guess I have my answer. We know that to do that would be to destroy the ports. We have to, in fact, use a risk-managed approach and a layered approach and a cost-beneficial approach to triage and select those elements of the container supply chain that we should take a close look at while letting the vast majority of flow go unimpeded.
Another area where we want to use common sense, for example, is the suggestion about doing all of our scanning for radiation overseas. That, again, is a very interesting proposal; it's one that in many places is a very good idea and we are working, as I'll explain shortly, to do that. But again, a cookie-cutter that says we must do it everywhere would fail to take account of our need to accommodate the requirements, legal and regulatory, of our foreign partners, as well as the fact that the footprint and architecture of ports are not identical. Ports with a lot of transshipment are much harder to do scanning in than ports with a large physical footprint where everything comes in through a central portal.
So, using all of these concepts, we have to apply a strategy to the objectives I've outlined to come up with a common-sense way to maximize port security, but always making sure that we are not damaging the system of maritime trade that we're trying to protect.
We need to continue to work together to educate members of our own Congress on the nature and interdependence of the global supply chain, and to make sure that mandates that sound good as sound bites don't get imposed in a way that actually cripples the maritime trade, which is an engine of our very successful economy.
How do we prevent people coming within and posing a threat by masquerading as legitimate employees or service personnel? Well, we're doing that by developing the Transportation Worker Identification Credential, to make sure those who come into our ports are not a security risk, that they are authorized to do the work there, and that they are not using fraudulent or stolen credentials. TWIC will be a tamper-resistant, biometric credential for our nation's transportation workers, including port workers.
We estimate about three-quarters of a million port workers will be issued TWIC cards and that they will be required for all individuals who expect unescorted access to secure areas of MTSA-regulated facilities and vessels. TSA is responsible for conducting the security threat assessment on TWIC applicants, which includes a check against terrorist watch lists, an immigration status check, and an FBI fingerprint-based criminal history records check.
We issued the first set of regulations for TWIC in January, and the rule becomes effective in a matter of days, after which we expect to begin enrolling port workers. TWIC is going to have an immediate security benefit in terms of having a standard secure credential.
In successive months we'll be working on the more complicated issue of access control and use of TWIC readers. Many of you helped in developing the reader standard and will be involved in upcoming pilot tests. We will take what we learn from those tests and incorporate them into a second set of rule makings on access control requirements.
We recognize it's a complicated undertaking- it takes place in a demanding operational environment. But by taking this in stages: background checks first, credentials next, and then access readers third, we've been able to rapidly move forward while ensuring that we are carefully evaluating technology and operational impact at every step of the process.