Transportation ID program lacks a reliable disaster recovery plan, GAO says

 

Connecting state and local government leaders

An October 2008 power failure at a TSA data processing center that handles Transportation Worker Identificiation credentialing affected PIN availability on approximately 410,000 cards, according to a recent GAO report. Replacing the cards could cost as much as $26 million.

The Homeland Security Department enrolled more 1.1 million workers in the Transportation Worker Identification Credential program by its April 15, 2009, deadline for issuing the biometric ID cards to access secure port facilities. But the lack of a disaster recovery program on the part of the Transportation Security Administration allowed a power outage at a data processing center to interrupt the process and eventually could require the replacement of up to 410,000 of the smart cards.

“If TSA had planned for a potential TWIC system failure, in accordance with federal requirements in contingency planning and internal control standards, it might have averted the system failure that occurred in October 2008,” the Government Accountability Office said in a recent report on TWIC progress.

GAO also identified a number of weaknesses in the pilot program for testing biometric readers that will integrate the credentials into access control systems.

“Since September 2008, TSA has revised its schedule for completing the TWIC reader pilot from October 13, 2009, to a year later, October 4, 2010,” the report stated. “Consequently, TSA’s current schedule indicates that they will not meet the April 2010 deadline for reporting to Congress on the results of the TWIC reader pilot.”

DHS said it has begun eliminating points of failure in its TWIC systems, spending $1.8 million to correct problems, and is constantly updating the schedule of the reader pilot program.

The TWIC program was established in December 2001 to provide secure credentials to workers accessing secure areas of transportation facilities, initially for airports. In November 2002 it was expanded to maritime facilities; TSA and the Coast Guard decided to implement it first in maritime ports and vessels.

Since fiscal 2002, the program has been funded at $287 million, most of that coming in 2008 and 2009. Enrollment began in October 2007, and by April 15 the program had enrolled more than 93 percent of the estimated 1.2 million workers who will use the cards, using 150 fixed enrollment sites and 450 mobile facilities. The system was flexible and adapted to the surge of workers entering the program, but there were local problems. At the April 15 deadline, only 906,956 cards had been activated, leaving 214,505, or 19 percent of enrollees, without activated cards.

The largest single glitch was the Oct. 21, 2008, power failure at the Annapolis Junction, Md., TWIC data processing center.

“The power outage caused a hardware component failure in the TWIC enrollment and activation system for which no replacement component was on hand,” GAO said. “Consequently, data associated with individual TWICs could not be accessed or processed.”

The outage was quickly corrected, but loss of some data meant that personal identification numbers cannot be reset on about 410,000 cards already issued. “Consequently, TSA will have to replace the cards for cardholders who forget their PINs instead of resetting these PINs.” As of Aug. 1, 1,246 cards had been replaced.

Replacing all of those cards could eventually cost as much as $26 million, although, “TSA notes that it is highly unlikely all 410,000 affected transportation workers will forget their PINs and be unable to remember them within 10 attempts, thus requiring their cards to be replaced,” wrote Jerald E. Levine, DHS liaison with GAO.

“The lack of an approved contingency plan has been a longstanding concern as identified by the DHS Office of Inspector General,” GAO said. “If TSA had planned for a potential TWIC system failure in accordance with federal requirements in contingency planning and internal control standards, it might have averted the system failure that occurred in October 2008.”

Levine said work already is underway to correct that problem. “TSA has already taken action to develop and implement an IT contingency and disaster recovery plan for TWIC systems,” he wrote. “TSA has reviewed the system architecture to identify single points of failure and has concluded a $1.8 million effort to implement redundancy and scalability enhancements.”

The next step in implementing TWIC is developing the biometric card readers and creating the rules to integrate reader technology and business rules with TWIC. The Coast Guard issued an Advanced Notice of Proposed Rulemaking in March 2007. A pilot test program is getting under way at the ports of Los Angeles and Long Beach in California, Brownsville in Texas, and the Port Authority of New York and New Jersey; as well as the State Island Ferry, Magnolia Marine Transports in Vicksburg, Miss., and Watermark Cruises, in Annapolis, Md.

The pilot tests are supposed to provide information for development of the final reader rule, to be issue in August 2010, but that schedule has now slipped and pilot testing is not expected to be complete before October 2010.

Weaknesses in the pilot identified by GAO include scheduling problems and a lack of detailed information on how data will be analyzed.

Levine replied that management and scheduling of the pilot is in-hand.

“DHS uses the schedule as a management tool to assess the overall progress of each participant, focusing outreach and coordination efforts on the completion of key tasks when risks to the critical path are identified through constant monitoring,” he wrote. “DHS will continue to update and improve the schedule as new information becomes available during our ongoing, regular dialogue with pilot participants.”

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.