Numerous shortcomings in the Coast Guard’s handling of the Transportation Worker Identification Card (TWIC) program could jeopardize security at many high-risk maritime facilities, according to a new audit by the Department of Homeland Security’s Inspector General.
The report was most critical of the failure of DHS to complete a study of the security value of TWIC that was mandated by Congress in 2014. DHS did finish an effectiveness assessment in January 2016, but the audit notes that it did not substantively address the concerns raised in the report.
Congress then directed DHS to do a new assessment by February 2018, but the agency had problems identifying an office responsible for such an assignment, causing long delays. An office was eventually assigned and the report is now due next April.
As a result, the Coast Guard “does not have a full understanding of the extent to which the TWIC program address security risks in the maritime environment. This will continue to impact the Coast Guard’s ability to properly develop and enforce regulations governing the TWIC program,” the audit said.
Without this information, the Coast Guard did not properly develop regulations to require the use of electronic TWIC readers at high-risk maritime facilities.
The report said the Coast Guard did not clearly define which facilities that handle certain dangerous cargo in bulk are covered by final reader rule. This lead to widespread confusion in the maritime community, a proposed three-year delay in implementation, and an act by Congress that was signed by the president in August delaying implementation of the reader program until a security assessment study of TWIC is completed.
“Without oversight and policy improvements in the TWIC program, high-risk facilities may continue to operate without enhanced security measures, putting these facilities at an increased security risk,” the audit said. “The TSA believes that further delays to implementing TWIC reader requirements present a significant national and transportation security risk.”
The audit also found the Coast Guard’s oversight of the TWIC program to be “fragmented, which led to confusion and inconsistent inspection procedures. This resulted in fewer regulatory confiscations of TWIC cards.”
The IG said the Coast Guard did not consistently use electronic readers when conducting TWIC card verifications during its inspections of regulated facilities. “As a result, the Coast Guard is not making full use of the card’s biometric security features as intended by Congress to ensure only eligible individuals have unescorted access to secure areas of facilities,” the report states.
The Coast Guard is required to do one announced annual compliance exam and at least one unannounced security spot check of each regulated facility every 12 months. In addition, inspectors must conduct random TWIC card verifications for individuals with unescorted access in secure areas. During the inspections, the Coast Guard identified more than 1,000 noncompliant TWIC cards, but could not show how many of these cards were confiscated and returned to TSA, the report said.
The IG recommended that the Coast Guard:
- Complete the required TWIC security assessment (DHS agreed to finish this by April 30, 2019)
- Provide a clear definition of a certain dangerous cargo (CDC) facility (DHS agreed to do this by March 30, 2020)
- Purchase new electronic readers to be used during facility inspections (DHS agreed complete this by March 31, 2019)
- Revise the TWIC Verification and Enforcement Guide to streamline oversight of the TWIC program (the Coast Guard will do this by Sept. 30, 2021, requiring a formal rulemaking process with stakeholder input.)
