On the Waterfront – Access Control in the Modern Era

Written by Captain Drew Tucci, USCG (ret.)

In the 1954 film On the Waterfront, Marlon Brando plays a dockworker caught up in the struggle between crooks and the Waterfront Crime Commission.  Brando, an ex-prize fighter, makes good use of his fists against his corrupt opponent.  Ports are still a marvelous, motley collection of dockworkers, seafarers, agencies, and supporting characters, but the nature of the threat has changed since Brando’s day.  Ports now face far more sophisticated adversaries, and a tough guy attitude and set of brass knuckles won’t keep you secure. 

Fortunately MAGNAR enables facility operators to maintain access control and keep dangerous actors away with access control solutions  that are as sophisticated as they are rugged.  The FortifID reader is designed with the business needs of the facility in mind.  It enables your Facility Security Officer (FSO) to manage, measure, and monitor access control operations while keeping business moving.  Most importantly, it enables the facility owner to reassure the employees, contractors, customers, and Coast Guard officials who access the facility that they are being protected with state of the art technology. 

Access control is the foundation of any security program, and TWIC, as part of the Maritime Transportation Security Act (MTSA) requirements, has been a mandatory part of vessel and port security programs plans for many years. 

U.S. Coast Guard regulations specify that persons requiring unescorted access to secure areas hold a valid TWIC.  The Facility operator and the FSO each have responsibilities to implement this requirement.  In most cases, this simply means that an appropriately trained person (such as a security guard) compares the photo on the TWIC to the individual and visually examines the TWIC for its expiration date and certain security features, such as the holographic laminate.  Of course, the individual must also have a valid business reason to enter the secure area.

This visual check is the minimum Coast Guard requirement for most facilities.  In security, as with safety, responsible operators look for ways to go beyond the minimum requirement in ways that reduce the most risk for their business.  I’m convinced that considering today’s threats, all responsible facility operators should be using some degree of electronic TWIC verification.   But before we discuss that, let’s review the actual Coast Guard requirements.

TWIC Final Rule, 33 CFR 101.520/105.253

Currently the Coast Guard requires two types of facilities to use electronic TWIC readers:  large passenger facilities (like cruise ship terminals), and facilities that transfer, handle, or store “Certain Dangerous Cargos” (CDCs).  The Coast Guard defines these facilities as “Risk Group A” and requires them to use electronic TWIC readers as follows:

1. Beginning June 8, 2020: Facilities that receive vessels certificated to carry more than 1,000 passengers.
2. Beginning May 8, 2026: Facilities that handle Certain Dangerous Cargoes (CDC) in bulk and transfer such cargoes from or to a vessel.
3. Beginning May 8, 2026: Facilities that handle CDC in bulk, but do not transfer it from or to a vessel.
4. Beginning May 8, 2026: Facilities that receive vessels carrying CDC in bulk but, during the vessel-to-facility interface, do not transfer it from or to the vessel.

So if you run a large passenger terminal, you should be using an electronic TWIC reader now.  And if you operate a facility that handles, transfers, or stores Certain Dangerous Cargos in virtually any way, you should be making plans to add electronic TWIC readers to your security program very soon.

FortifID Provides Security Value for All Facilities

But what about all the other facilities that are not in “Risk Group A”?  Is there a significant security value in using electronic readers at facilities beyond those Coast Guard requirements? 

Back when the TWIC program started, a visual check of a TWIC seemed to be a reliable way of determining that the TWIC was legitimate.  And many of those first-generation TWIC readers had a reputation for being expensive, clunky, and prone to problems.

Since then, we’ve had both good news and bad news on this matter.  First the bad news. 

High quality counterfeit identification cards, including TWICs are easily obtained from various nefarious sources.  Back when I started my Coast Guard career (in the early 1990s), I was taught how to look for the slightly blurred text or low quality laminate that indicated a bogus ID card.

These days, high quality copiers, 3D printers, and specialized materials are inexpensive and easily available.  Bad actors can make their own TWICs, or, more commonly, purchase a high quality fake for a modest fee off the internet.  It is no longer possible to visually distinguish a fake TWIC from a real one. 

Every day, TWICs are placed on the Canceled Card List (CCL) because they are reported lost or stolen, or the holder has been convicted of a disqualifying offense.  Only an electronic reader, such as FortifID, can determine if a TWIC is on the CCL. 

And it is important to understand who is disqualified from having a TWIC.  Many people believe that the background check excludes anyone with any felony.  This is not true.  In fact, the list of disqualifying offenses is a relatively short list of very serious crimes.  The implication for the rest of us is that anyone who has a fake TWIC because they can’t obtain one legitimately is someone you really don’t want on your facility. 

If you are only using visual checks at your gate, you are accepting a lot of risk.

And now the good news.

FortifID Access Control Solutions from MAGNAR, including both contact and contactless readers, quickly authenticate and validate any TWIC.  They won’t be fooled by any fake, and even better, they check the TWIC against the Canceled Card List, which is something that was never possible via visual checks.  FortifID enables you to “trust but verify”.

FortifID Readers do what machines do best: checking electronic security features and digital data fields such as the expiration date.  Try standing guard duty at an access gate sometime.  You will find that manually checking TWICs is tedious and difficult.  You will also find that carefully scrutinizing TWICs takes your focus away from the person presenting it and makes it hard to be alert for any suspicious activity, safety, or security concerns in the area.  With the FortifID, your security personnel can focus on what humans do best:  observing human behavior for the types of security indicators that can’t be put in a TWIC.

Bad actors look for weak security and easy targets.   An alert guard using a state of the art FortifID Reader puts potential adversaries on notice that your facility takes security seriously. 

And more good news.

FortifID Solutions are easy to use, reliable, and inexpensive.  The contactless version takes only a few seconds to read a TWIC.  The contact version takes only a few seconds more as it verifies the identity of the holder with a biometric scan.  MAGNAR can quickly train your FSO or other individual on how to use the readers and use FortifID Solutions as the foundation of your Physical Access Control program.  MAGNAR offers flexible lease and purchase options, software and hardware updates, and ongoing support.

And yet more good news.

All those digital data fields we talked about?  The FortifID 360 Portal can turn that data into useful information for your FSO and others who manage access control or would like to better understand who is entering what part of a facility at any given time.  With FortifID, the client has access to an information portal with a wealth of useful features.  The FSO can also download and display that information to document compliance for the Coast Guard, internal auditors, or others with a need to know. 

Another useful feature of FortifID is that the FSO can configure the readers to prompt the guard to conduct random additional security screening (such as checking vehicle trunks or personally carried bags) as a percentage of arrivals. 

Randomness is key.  Effective security means being unpredictable to an adversary.  Having guards screen every n^th arrival is an easily observable pattern, and therefore ineffective.  “Guard’s discretion” is problematic and subject to complaints by people unhappy with why they were chosen for extra screening.  FortifID provides an objective solution to this issue.  The FSO can even change the percentage targeted for screening based on the MARSEC Level.

The FSO can also use the FortifID 360 Portal to customize the Readers and Access Control requirements for individual facilities, gates, or guards, and quickly make changes to their defined security posture.  This promotes operational flexibility and provides precise information to the FSO. 

FortifID has other features that keep business moving.  For example, if a TWIC is damaged such that it can’t be read normally, the reader can capture a photo of the front and back, much as in mobile checking.  The FortifID reader can still validate the TWIC and record the event in the FortifID 360 Portal as if it had been read through the standard method. While only “Risk Group A” facilities are required to use electronic readers, all security professionals should recognize that modern threats require modern tools.  Visual checks by your overworked guards are simply not a credible way of conducting access control.  Whether you operate a “Risk Group A” facility that will electronic checks for every arrival, or a facility simply looking for a way to improve your program, FortifID Solutions from MAGNAR provide a security capability that is effective against the threats we can expect today.