The U.S. Coast Guard is determining how many facilities handle certain dangerous cargoes and whether, according to a risk analysis, requiring those facilities to biometrically verify the Transportation Worker Identification Credential of every person accessing a secure area of such a facility would be cost-effective. This report answers those questions.
Risk-Informed Analysis of Transportation Worker Identification Credential Reader Requirements
Download
Download eBook for Free
| Format | File Size | Notes |
|---|---|---|
| PDF file | 3.8 MB | Use Adobe Acrobat Reader version 10 or higher for the best experience. |
Purchase
Purchase Print Copy
| Format | List Price | Price | |
|---|---|---|---|
| Add to Cart | Paperback172 pages | $49.95 | $39.96 20% Web Discount |
Research Questions
- How many facilities are subject to the final TWIC reader rule delay?
- Is the final rule cost-effective for those facilities?
A 2016 U.S. Coast Guard (USCG) regulation, "Transportation Worker Identification Credential (TWIC)–Reader Requirements," requires certain maritime facilities determined to be of high risk to use electronic and biometric access control programs in the facilities' secure areas. The final version of this rule, known as the final reader rule, has been delayed (from 2020) until May 8, 2023, for three categories of facilities that handle certain dangerous cargoes (CDCs) in bulk. The USCG asked the Homeland Security Operational Analysis Center to reestimate the population of such regulated facilities that could be subject to the final reader rule delay, develop an objective risk assessment model for these facilities, and conduct a cost–benefit analysis of the regulation.
This report describes the researchers' analytical efforts to address these three research areas. Because there is no database of Maritime Transportation Security Act–regulated facilities that has all the requisite information about CDCs that facilities handle in bulk, the researchers resorted to other data sources, such as the U.S. Environmental Protection Agency's databases, an online survey, and interviews, to estimate the facility population. For the facility risk model, they used the modeling approach for assessing potential consequence included in the risk engine of the Cybersecurity and Infrastructure Security Agency's Chemical Facility Anti-Terrorism Standards (CFATS) program, harmonizing the TWIC and CFATS programs in consequence assessment. Because there was no credible estimate for the probability of a transportation security incident, the researchers used a break-even analysis to assess whether the final reader rule is cost-effective.
Key Findings
- Between 471 and 711 Maritime Transportation Security Act–regulated facilities handle CDCs in bulk and are therefore likely to be subject to the reader rule delay.
- Among the facilities observed to handle CDCs, anhydrous ammonia was the most common CDC, although many facilities handle more than one type of CDC.
- The consequence distribution of facilities that handle CDCs in bulk was highly skewed (i.e., many facilities with relatively low consequences and few facilities with extremely high consequences).
- Observable facility attributes, such as CDC quantity and local population density, can be used to generally identify high-consequence facilities.
- The TWIC reader rule would have to avert a transportation security incident (TSI) approximately every 60 to 90 years, at a minimum, to be cost-effective.
- Although the final reader rule is potentially cost-effective even in its current form, reasons exist to consider a more-targeted approach that excludes low-quantity or low–population density facilities, or both. Under hypothetical regulatory options, a more-targeted approach affecting only higher-consequence facilities would need to avert only one TSI approximately every 200 to 600 years to be cost-effective.
- The decision to use a wide net or a more-targeted approach could depend largely on policymakers' preferences and relative risk tolerance considering trade-offs among several competing factors.
Recommendations
- Once the final reader rule is implemented, perform ongoing monitoring and enforcement to remain current as facilities open or close.
- Develop a centralized reporting system that records, at a minimum, the types and amounts of CDCs being handled at each MTSA-regulated facility.
- Build data infrastructure to implement and maintain the CDC reporting system.
- Institutionalize an objective, transparent risk assessment approach (e.g., CFATS risk engine). Taxonomy Terms
Table of Contents
Chapter One
Introduction
Chapter Two
Risk Analysis for CDCs
Chapter Three
Estimating the Facility Population
Chapter Four
Developing the Facility Risk Model
Chapter Five
A Cost–Benefit Analysis of the Reader Rule Delay
Chapter Six
Conclusions
Appendix A
A Review of TWIC-Relevant Regulations
Appendix B
CDCs Authorized to Be Transported by Vessels in Bulk
Appendix C
Processing of PAD in the ERG
Appendix D
Processing of USCG NRC Incident Data
Appendix E
Processing of EPA RMP Facility Data
Appendix F
The Facility Survey Instrument
Appendix G
Company Interviews
Appendix H
Analysis of the MSRAM Data
Appendix I
Incorporating LandScan USA Population Data into a Simplified Model to Estimate Facility Consequences
Appendix J
Creating a Synthetic Data Set for Analysis of Consequence Distributions
Research conducted by
This research was sponsored by the USCG Office of Standards Evaluation and Development and conducted within the Strategy, Policy and Operations Program of the Homeland Security Operational Analysis Center (HSOAC).
This report is part of the RAND Corporation Research report series. RAND reports present research findings and objective analysis that address the challenges facing the public and private sectors. All RAND reports undergo rigorous peer review to ensure high standards for research quality and objectivity.
The RAND Corporation is a nonprofit institution that helps improve policy and decisionmaking through research and analysis. RAND's publications do not necessarily reflect the opinions of its research clients and sponsors.