TWIC FINAL RULE ENFORCEMENT DELAY CONFUSION? HERE ARE YOUR ANSWERS…
- Posted by Ivan Ramirez
TWIC FINAL RULE ENFORCEMENT DELAY CONFUSION?
HERE ARE YOUR ANSWERS…
Per the H.R. 5729 law passed by Congress in July 2018, the Coast Guard is required to submit a report summarizing the DHS led security assessment study on TWIC readers. The study is currently being conducted and not expected to be completed until sometime late Spring of 2019. For at least 60 days after the report is submitted to Congress, TWIC Reader requirements are delayed for all Certain Dangerous Cargo (CDC) facilities to include facilities handling CDC but do NOT transfer them to or from vessels and receive vessels certified to carry 1000 or more passengers. Below explains where and how the confusion came about.
On August 23, 2016 the Coast Guard published a final rule in the Federal Register named “Transportation Worker Identification Credential (TWIC) Reader Requirements,” which was to be implemented on August 23, 2018. As we got closer to the effective date of this regulation, rumors started circulating that the Coast Guard would delay implementation.
In June 2018, the Coast Guard published a Notice of Proposed Rulemaking that delayed for three years the implementation of TWIC readers for facilities that handle CDCs in a non-maritime nexus, meaning they do not receive or transfer them to or from vessels. In July 2018, a court order delayed the enforcement of TWIC readers for all facilities handling CDC either by maritime means or by land.
Shortly after the court ruling, Congress passed a law, the aforementioned H.R. 5729, prohibiting the Coast Guard from implementing and enforcing the TWIC Reader requirements on any CDC facility and cruise ship terminals for at least 60 days after the Coast Guard provides Congress with a TWIC Reader security and feasibility study. This study is currently underway. The study is expected to be completed by late Spring of 2019. DHS and the Coast Guard will then review and assess the study before submitting their final report to Congress. This review process may take several weeks or months.
What does this mean for your facility and your business?
The regulatory delay is so the Coast Guard can reconsider the effectiveness and scope of the TWIC Final Rule and to re-evaluate which facilities would be subject to the electronic TWIC inspection requirements. The TWIC program’s purpose is clear - to keep persons who may be a security risk away from secure areas of vessels and waterfront facilities.
Key take-away points:
Expect the Coast Guard to significantly increase the number of TWIC verifications (with their own electronic readers) during their routine and/or unannounced inspections;
Certain vessel and facility operators will be required to use readers in the future;
TWIC is here to stay…so facility and vessel operators who voluntarily use their TWIC readers will be one step ahead; and
Seebald & Associates International is ready to assist you in getting ahead of the game by reducing your exposure to compliance risk, whether for the TWIC Final Rule or any regulatory concern you may have.
We’re proud of our reputation in helping you keep your facility and our nation’s ports secure.
Maritime Ports Are Under Cyber-Attack - Two Ports Attacked In Same Week.
- Posted by Cliff Neve
Ports are under Cyber-Attack - Prepare now!
Ports are constantly being probed by nefarious actors, and two ports last month confirmed that they had been hacked.
The Port of San Diego CEO, Randa Coniglio, released the following statement on September 26th:
“The Port of San Diego has experienced a serious cybersecurity incident that has disrupted the agency's information technology systems. The Port first received reports of the disruption on Tuesday, September 25, 2018. The Port has mobilized a team of industry experts and local, regional, state and federal partners to minimize impacts and restore system functionality, with priority placed on public safety-related systems.”
The Port of Barcelona, Spain, was hacked the same week. As alarmingly, victims often do not find that they have been hacked until months later, if ever, because they lack the insight into their networks and information systems.
Prevention is the key, a Seebald & Associates Partner, MAD Security, offers a very affordable Cyber Security 360 Health Check that includes: an external network vulnerability assessment/scan and an assessment of defense strategy and technology. The deliverable includes a roadmap for meeting gaps in your cyber defenses, an overall rating, ratings in dozens of subcategories, and specific recommendations for how to resolve gaps.
More information can be found here: http://www.madsecurity.com/360_deg_health_check/
Office of Inspector General TWIC Program Review Report
- Posted by Capt Andrew Tucci
The latest chapters in the TWIC saga relates mostly to the biometric issue, although they touch on other topics. First, on August 2, 2018, Transportation Worker Identification Credential Accountability Act of 2018, delayed implementation of a pending Coast Guard regulation (the “reader rule”) which would have required certain higher risk vessels and facilities to use biometrics beginning 23 August of this year. Even more recently, a report on the TWIC program by the Department of Homeland Security’s Officer of Inspector General (OIG) identified a number of challenges and made recommendations to the Coast Guard on the TWIC program, and in how it oversees the security of waterfront facilities. The Coast Guard and the Department of Homeland Security agreed with the OIG’s recommendations.
So what does all this mean for vessel and facility operators?
First, the recent TWIC Accountability Act of 2018 delays implementation of any electronic reader requirement by three years. Of course, Congress could always revise that legislation, and might do so if and when the Coast Guard and DHS complete a previously required report on the TWIC program. But for now, vessels and facilities are not required to use electronic readers.
- The OIG report recommends that the Coast Guard more clearly define the facilities that have certain dangerous cargo (CDC) in bulk and which must use electronic TWIC readers as an access control measure. One issue, yet to be resolved, relates to the presence of bulk CDC on a facility, even if it isn’t transferred to or from a vessel.
Seebald Analysis: At a minimum, facilities that store or handle CDC in bulk, even if they don’t transfer it to or from a vessel, must consider that fact when conducting their required security assessments.
- The OIG report recommends that the Coast Guard improve (i.e. increase) its use of electronic readers to verify TWICs during Coast Guard inspections at regulated facilities.
Seebald Analysis: Expect the Coast Guard to significantly increase the number of electronic TWIC verifications they conduct during routine and unannounced inspections. If they find fraudulent or canceled cards, those workers will not be allowed unescorted access to secure areas. It could also result in fines or penalties.
- The OIG report recommends that the Coast Guard “revise and strengthen” its guidance to its facility inspectors concerning TWIC and related facility security requirements.
Seebald Analysis: Expect greater consistency and attention to detail by the Coast Guard during routine and unannounced facility inspections.
Finally, it is worth noting that a common theme in 10 years of TWIC reports, guidance, laws, and regulations has been that the program is fundamental to maritime security, and that the biometric aspect of the TWIC is a key feature, even as the Coast Guard and industry struggle to quantify and leverage its full benefits. TWIC is certainly here to stay. Coast Guard inspectors will be using their own electronic readers to verify them during inspections, and certain vessel and facility operators will be required to use readers in the future. In the meantime, facility and vessel operators who voluntarily use TWIC readers can keep one step ahead of the Coast Guard – and more importantly, potential threats.
Secure Areas and Secure/Restricted Areas – what’s the big deal?
- Posted by John Bingaman
First - the definitions we covered in week one of this Blog series explain the differences between these two areas. In week two, we reviewed Coast Guard guidance regarding these areas.
Second - TWIC requirements address the different areas when an individual who has not applied for a TWIC requires access. Non-TWIC individuals are required to be escorted by a TWIC holder trained in escorting responsibilities. In a Secure Area, a TWIC Escort is permitted to escort up to ten Non-TWIC individuals visually or by monitoring. In a Secure/Restricted Area, the TWIC Escort may escort up to five Non-TWIC individuals side-by-side.
Third – as an FSO, you are also required to implement the provision in your facility’s FSP. Ensure your facility diagrams are properly labeled, the correct verbiage is being used and that it is up-to-date with the physical infrastructure in use.
Stay secure, others are relying on you!
Cruise Terminal Screening Program
- Posted by Edward Seebald
For all Cruise terminal owners and operators, this blog highlights the regulations on what is required for the Cruise Terminal Screening Program (TSP) and what important dates you need to know. The Coast Guard issued a final rule eliminating outdated regulations that imposed unnecessary screening requirements on cruise ships and cruise ship terminals. This final rule replaces these outdated regulations with simpler, consolidated regulations that provide efficient and clear requirements for the screening of baggage, personal items, and person on a cruise ship. This final rule enhances the security of cruise ship terminals and allows terminal operators to use effective screening mechanisms with minimal impact to business operations.
No later than October 15, 2018, cruise ship terminal owners or operators must submit, for each terminal, a TSP that conforms with the new requirements in 33 CFR 105.505-550, as noted below, as an amendment to their existing Facility Security Plan to the cognizant COTP for review and approval.
No later than April 18, 2019, each cruise ship terminal owner or operator must operate in compliance with an approved TSP and Subpart E – Facility Security: Cruise Ship Terminals.
33 CFR 105.505 through 105.550 highlights the different sections of what is required for the Terminal Screening Program. The following sections provide details on:
- 105.510 - Screening responsibilities of the owner or operator
- 105.515 - Prohibited Items List (PIL) requirements
- 105.525 - Terminal screening operations
- 105.530 - Qualifications of screeners
- 105.535 - Training requirements of screeners
- 105.540 - Screener participation in drills and exercises
- 105.545 - Screening equipment
- 105.550 - Alternative screening
For platinum members to review the regulations, click on the following link: Cruise Terminal Screening Program
Then click on “FSO Training” tab then “Course Materials” tab and then on the right click on “FSO Course Materials” and you will find it near the bottom.