Access Denied

By Aliya Sternstein

July 1, 2013

Eleven years and a half billion dollars after launching a program to secure access to vulnerable maritime facilities in the wake of the Sept. 11, 2001, terrorist attacks, federal officials have yet to significantly improve port security, auditors say.  

The Homeland Security Department is set to roll out the Transportation Worker Identification Credential nationwide at a projected cost of $3 billion, plus $234.2 million for the installation of card scanners. But a federal watchdog report released May 8 advised Congress to revoke a law requiring employees to swipe the cards to enter facilities until the Transportation Security Administration can prove the smartcards and card readers actually work. TSA oversees TWIC security threat assessments.

Acknowledging that the current card reader system is deficient, some lawmakers say they are optimistic that alternative technologies can build on TSA’s legwork and succeed. 

“Repealing the requirement to deploy card readers misses the point,” Rep. John Mica, R-Fla., chairman of the Oversight and Government Reform Subcommittee on Government Operations, told Government Executive in an email. “There is no reason that in the 21st century, with the federal government already utilizing this technology, TSA cannot implement a solution that allows secure access to America’s ports.” At a subcommittee hearing the day after the report came out, Government Accountability Office researchers agreed that other types of passes, like the military’s universal credential, prove the initiative has potential.

The TWIC program requires maritime workers to undergo background checks and carry biometric IDs to enter certain harbor areas without an escort. During a recent $23 million trial, Homeland Security confirmed card readers could verify identities and restrict access. 

But GAO officials say the department’s findings are unsubstantiated. 

At the hearing in May, Rep. Elijah Cummings, D-Md., ranking Democrat on the full oversight committee, expressed his disappointment in the program. “Those TWIC cards are nothing more than very expensive flash passes without sophisticated electronic readers to read them,” he said. “That’s sad.”

In the report, Stephen Lord, GAO director for homeland security and justice issues, said DHS officials lacked data to back the conclusion that the smartcards and scanners provide “a critical layer of port security.” During testing, the ID readers and access control systems were unable to record reasons for errors, DHS and independent evaluators failed to collect comprehensive data on malfunctioning passes, and participants did not document instances of denied access, according to the audit.

“Eleven years after initiation, DHS has not demonstrated how, if at all, TWIC will improve maritime security,” Lord wrote, adding that Congress should consider repealing a law that directs the department to base card reader rules on the trial run and instead require that DHS “complete an assessment that evaluates the effectiveness of using TWIC with readers.” 

The new report follows more than a half dozen negative audits since 2003. “If you look at a poster child for programs that sort of run amok and do not get the job done, the TWIC card—as it’s affectionately known—the Transportation Worker Identification Card, is unfortunately the poster child for not producing what, I think, Congress intended,” Mica said during the hearing. “We spent a half billion dollars on this, and we’ve got a card now that is flawed, and not by my definition, but by GAO’s evaluation.”

The day the report was distributed, Rep. Bennie Thompson, D-Miss., the top Democrat on the Homeland Security Committee, said lawmakers should put off wasting additional funds on an effort that already has cost $544 million.  

“The program continues to suffer from fundamental problems,” Thompson said in an email. “Port workers and industry stakeholders have invested their time, effort and money into this troubled program, holding up their end of
the bargain.”

Thompson added he supports the auditors’ recommendation that TSA re-examine the merits of the biometric passes and scanners “before the American people are expected to invest additional money in this program. We cannot continue to throw good money after bad.”

Agency officials stand by the virtues of the credential but seem open to trying other security approaches.  

“It’s not a silver bullet. It’s part of our layered security,” Steve Sadler, TSA’s assistant administrator for intelligence and analysis, told lawmakers. “And I think it provides value when it’s used properly and installed properly.”

In an April letter responding to a draft GAO report, DHS officials defended the rigor of their assessment and said the department did not have enough funding to perform the type of study GAO expected.  

“There were limited fiscal and workforce resources made available at participating sites,” wrote Jim Crumpacker, director of the department’s GAO-inspector general liaison office. Also, he said, the tests needed to cover a wide range of environmental conditions but avoid interfering with daily operations, which affected
data collection. 

At the House hearing, Lord and subcommittee members from both parties urged Sadler to consider a different arrangement, like the Pentagon’s common access card, which functions as a standard military ID, or a model in which local ports issue credentials.

Sadler replied, “We’ll look at anything to make this pilot better and to make the result better.” 


By Aliya Sternstein

July 1, 2013

http://www.govexec.com/magazine/nextgov/2013/07/access-denied/65819/