Transportation Worker Identification Credential: Leveraging New Technologies to Integrate Access Control Readers with High Security Standards AC02

Transcription

1 Transportation Worker Identification Credential: Leveraging New Technologies to Integrate Access Control Readers with High Security Standards AC02 IDTP, 3M Cogent, TRL Systems, LVS Consulting K054 Walter Hamilton, Christopher Crump, Gary Chavarria, T.J. Hicks April 11th 2013 Credit(s) earned on completion of this course will be reported to AIA CES for AIA members. Certificates of Completion for both AIA members and non-aia members are available upon request. This course is registered with AIA CES for continuing professional education. As such, it does not include content that may be deemed or construed to be an approval or endorsement by the AIA of any material of construction or any method or manner of handling, using, distributing, or dealing in any material or product. Questions related to specific materials, methods, and services will be addressed at the conclusion of this presentation. 1

2 Course Description The Transportation Worker Identification Credential (TWIC) is a vital security measure that will ensure individuals who pose a threat do not gain unescorted access to secure areas of the nation's maritime transportation system. There are different ways of reading the TWIC card ranging from solutions that meet basic Government requirements, like "flash-pass" and biometric access control readers, to solutions that integrate different pieces in one solution and exceed Government requirements. This session provides Security Management professionals and system integrators with an understanding of the available technologies and explores, in case study format, the successful access control solution developed for the Port of Long Beach Learning Objectives 1. Leverage ways of increasing security and efficient entry into secure areas 2. Identify the different technologies available to read TWIC cards 3. Identify ways of integrating security components into an access control reader 2

3 Agenda Introductions TWIC Program Background TWIC Reader Case Study SSA Marine/LVS Consulting User Experience TRL Systems, Inc. Integrated BeastBox Solution 3M Cogent TWIC Reader Product Questions/Discussion TWIC Program Overview Establishes a secure biometrically-enabled smart card credential for those U.S. civilian maritime workers that require unescorted access to restricted areas of regulated maritime facilities and vessels Authorized by Congress in the Maritime Transportation Security Act of 2002 Jointly administered by the Transportation Security Administration (TSA) and the U.S. Coast Guard Fee-funded program 3

4 Division of Responsibilities Transportation Security Administration TWIC enrollment and issuance Background screening and adjudication Credential life cycle management U.S. Coast Guard Regulations and access control policy Compliance and enforcement Program Statistics Item Number (as of March 2013) Enrollments 2.4M Cards Activated 2.2M Total Applicants Denied* (2%) 48,700 Number of Enrollment Centers** 134 * Denied appeals; denied waivers; cases closed due to applicant s failure to provide sufficient documents; or, failure to respond. **Number of Enrollment Centers will expand to over 200 in 2014 under the Universal Enrollment Services Contract. 4

5 TWIC Card Dual interface smart card aligned with FIPS 201 standard Designed for reader validation of card and biometric verification of card holder Data Stored on TWIC Card Name Expiration Date Digital photo of face Cryptographic keys and certificates Two fingerprint templates Encrypted Diversified key for decryption (stored on card) 5

6 TWIC Readers TWIC Reader pilot program completed in 2011 Required by Congress in SAFE Port Act of 2006 Evaluated technical performance and operational and business impact Coast Guard recently issued proposed rules governing use of TWIC readers Public comments due by May 21, 2013 Will be a risk-based approach TWIC Reader Case Study Introduction SSA Marine is one of the largest maritime operators at the Port of Long Beach, CA Challenge for TWIC reader Meet security requirements Maintain fast access to facility/throughput speed Withstand harsh outdoor conditions 6

7 Lessons Learned from TWIC Pilot at The Port of Long Beach TWIC Card Internal Antenna Failure in estimated 50% to 60% of Credentials Initial TWIC Readers were Proximity Type Technology Need for a Database to Enroll Transient Traffic for Access to Terminal PACS were unable to Translate Access Denied from TWIC Readers Operational Considerations not Part of Implementation Plan Conceptual Approach to TWIC Conundrum TWIC Card Internal Antenna Failure in estimated 50% to 60% of Credentials Must Utilize Chip Initial TWIC Readers were Proximity Type Technology Insert Reader Required Need for a Database to Enroll Transient Traffic for Access to Terminal Must Perform Without Need for Database PACS were unable to Translate Access Denied from TWIC Readers PACS Manufacturer Must Communicate with Reader Operational Considerations not Part of Implementation Plan Must Consider all Aspects of Operation in Design and Implementation 7

8 SSA Marine and LVS Consulting presented Conceptual Design to TRL Systems. The TWIC BeastBox System was conceptualized from 5 different pre-twic prototypes including the TSA TWIC Card Reader Prototype Tests. The BeastBox design factors in both the mandated policies of the Federal Government and the Strategies of the Terminal Operator. Our Solution Performed a TWIC Mode #1 in 2 seconds on average TWIC requirement 4 seconds Prior device average speed 7-10 seconds Perform TWIC MODE #3 (Contact + Bio) in 3.5 seconds on average, TWIC MODE #3 (Contactless+Bio) in 2.7 seconds on average TWIC requirement 3 seconds for Contactless there is not defined requirement for Contact. Off-line support for CCL checks Off-line support for Card Authentication Certificate validation Saved the Port 6 hours per day at their busiest entrance 8

9 Metrics With 4500 gate moves per day the TWIC BeastBox system is built and configured from end to end with Through-Put-Speed in mind Single Mode Fiber Optics is a Key Metric for our TWIC BeastBox Systems The Network allows us the conduit needed as part of our contingency plan to view the inside of the TWIC Card Readers, which lets us know whether the Card Reader System is working Currently we have 23 Readers operating in the Card Reader Mode Configuration on 3 of the 9 Terminals that will be using the TWIC BeastBox Systems by July We ve had over 1 million TWIC Card Transactions since May 2012 and have accumulated over 25k authenticated TWIC Card Holders in the Database with expectations of another 40k by mid summer 2013 System Metrics The TWIC BeastBox System has exceeded all expectations and is unprecedented in the Maritime Industry Pier C/J stats from May 3 rd March 11 th 2013 Total enrolled users: 24,244 Total Transactions :584,949 Verification failures: 137,377 (Unreadable TWIC cards or cards inserted incorrectly) Canceled Cards captured: 2,414 Highest level of failures due to User error: 8-10% 9

10 Company Overview TRL Systems, Inc. is an innovative industry leader specializing in protecting people, assets & facilities. Security Strategic Planning IT Integration Mass Notification Nurse Call Integration Fire and Life Safety 24/7 Service Mission Statement Core Values TWIC Pilot Deployment TWIC and Lenel Integrated Systems completed 3 successful pilot projects TWIC Pilot first of its kind on West Coast Approved by: Coast Guard, Homeland Security, and TSA 10

11 Beast Box Integration Evolved out of the need for a very rugged integrated TWIC card reading system Custom solution drove the process Stainless Steel/Modular Design Enclosure design solution 14 Gauge Stainless Steel Screw Type Lock Clear Lexan view area Thermal management Beast Box Integration Complete integration with multiple security servers SSA Terminal Security Compliance POLB/Port of Seattle/ Port of Oakland Clean Truck 11

12 Reader Decision What we were looking for Solid compact design USB smart card reader flexibility Fast card reading capability Quick response to changes/improvements Win/Win for all Chosen Solution Balance the need to meet Government compliance and the needs of the port operators. Custom Wiegand Events Over 100+ Events can be defined with a unique Wiegand Output Allows support with Legacy systems to track events at the edge readers Supports secure external USB hardware Device Mode Changes driven by Lenel Panel On device CCL verification Certificate validation Link card holder names to access events Card reading is faster and more secure than a Flash Pass 12

13 Government support TWIC ICE listed (QTL) FIPS 201 / PIV Biometric Authentication Reader on the GSA APL Reader supports all Government credentials and use cases PIV, PIV-I, CAC, TWIC, FRAC SP , ICAM Configurable settings for real-time or background credential validation CCL, CRL validation on device or server Government features Verification modes PIV TWIC CAC PIV-I Each Verification mode can have different credential modes based on the card type CHUID Biometric PKI MARSEC Level Each Verification mode has an associated Wiegand Output 13

14 Questions? This concludes The American Institute of Architects Continuing Education Systems Course LVS Consulting, Inc. T.J. Hicks (949) Gary Chavarria (909) Christopher Crump (626) Walter Hamilton (727)