Who and What is Allowed on Board Anyway?

Knowing who and what comes across your brow or through your gate is a fundamental security procedure.  Coast Guard regulations describe this as “access control”, and all Vessel and Facility Security Plans include this process.

While the concept of access control is simple, some of the terms and techniques can be misunderstood.  This can lead to regulatory problems and poor security practices, potentially letting unauthorized persons or dangerous substances and devices on board.

We’ll begin with credentialing.  We all know that TWIC, the Transportation Worker Identification Credential, is a vital component of any access control program.  Coast Guard regulations are unusually prescriptive as to how your Personnel with Security Duties are supposed to validate a TWIC.  But before we get into that procedure, note that the “C” in TWIC stands for credential, not card.  Why is that?  As I’ve explained at FSO classes, a credential is something you get after some vetting or testing.  Anyone can get a library card (and everyone should), but only people who have passed a federal background check are entitled to a TWIC. 

The rigorous application and vetting process to obtain a TWIC enables you to determine who you allow on board with confidence – but your Personnel with Security Duties must do their part.  Coast Guard regulations specify that your PSD must either use an electronic reader or manually compare the photo with the individual, check the expiration date, and examine the various security features of the TWIC to confirm it is not counterfeit or tampered with.  This credentialing process, if done manually, can be tedious even for alert PSD, but it is vital.   

Before we move on to screening, it is worth pointing out that the list of disqualifying offences for TWIC is not a comprehensive list of every crime from jaywalking on up.  On the contrary, it is a fairly short list of terrorism related and other quite serious crimes.  Holding a TWIC does not entitle you to date my daughters (as if they would listen to me).  My point is that if an individual is using a bogus TWIC because they can’t get their own TWIC you really don’t want them on board – which is why it is so important that your PSD credential and screen properly.

Credentialing helps you keep out dangerous individuals.  Screening is focused on dangerous substances or devices.  The Coast Guard defines screening as the “reasonable examination of persons, cargo, vehicles, or baggage….to ensure that dangerous substances and devices, or other items that pose a real danger of violence or a threat to security are not present.” 

Screening is not searching.  Searching is a term used in the law enforcement community, and refers to a more intrusive process than your PSD have the legal authority to employ.  While less intrusive than a search, proper screening procedures can detect and deter the introduction of weapons and other dangerous devices and substances.  Screening may employ metal detectors, mirrors for checking the undercarriage of vehicles, scanning devices for luggage and packages, and, most importantly, careful observation by your PSD. 

The frequency and exact techniques used for screening will vary with individual FSP/VSPs, and with the MARSEC level, but Coast Guard regulations require some level of screening at all times.  At elevated MARSEC levels, your access program should “increase the frequency and detail of the screening of persons, baggage, and personal effects for dangerous substances and devices” (33 CFR 105.255). 

At all MARSEC levels training is key.  A PSD who has never seen a cargo container up close, or the underside of a truck won’t be effective at detecting tampering, even with all the mirrors, lighting, and cameras money can buy.  

Smart policies in combination with well trained and properly equipped PSD are vital to any access control system.  We’ll talk more about how to improve the efficiency and effectiveness of your credentialing and screening procedures next week.  In the meantime, take the time to actually observe your PSD as they carry out their access control duties.  How confident are you in your first line of defense?