Click for next page ( 13

The National Academies | 500 Fifth St. N.W. | Washington, D.C. 20001
Copyright © National Academy of Sciences. All rights reserved.
Terms of Use and Privacy Statement

Below are the first 10 and last 10 pages of uncorrected machine-read text (when available) of this chapter, followed by the top 30 algorithmically extracted key phrases from the chapter as a whole.
Intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text on the opening pages of each chapter. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

Do not use for reproduction, copying, pasting, or reading; exclusively for search engines.

OCR for page 12
12 information from Tasks 1, 2, and 3 to complete the SWOT provide some insight into the propensity of local authorities analyses of both consolidated and non-consolidated credential to adopt new requirements and replace existing systems versus approaches. adopting the mandated requirements as an additional layer of It was necessary to examine the approach for a consolidated security. The results of this effort are indicative of potential credential rather than the result of a consolidated credential success with consolidation of existing security credentials under to understand the issues from a relative perspective. The fea- local and state authorities, as well as for federally managed sibility of a consolidated credential requires change from the security credentials. existing system, not the development of a completely new cre- dentialing system (i.e., an absolute perspective). Therefore, the SWOT analysis evaluated the process of moving to, and Use Cases use of, a fitting consolidated credential. The results of the Phase I, Task 2 effort to understand time The research team evaluated the feasibility of a consoli- and cost information related to the users of security creden- dated credential from two different perspectives (i.e., security tials provided high-level understanding of the system. How- and cost-effectiveness) and from two different outcomes (i.e., ever, it was evident that several in-depth case reviews could consolidated credential and non-consolidated credential). be beneficial to characterizing the system as well. This effort This resulted in four unique SWOT analyses focusing on each followed up on the previous effort to better understand the perspective and assuming each outcome. Therefore, a SWOT burdens of several users, the results of which provide some analysis was done for each of the following conditions: insight into the microeconomic burdens in specific cases. Consolidated credential--security perspective, Consolidated credential--cost-effectiveness perspective, Consolidated Credential Options Non-consolidated credential--security perspective, and and Evaluation Non-consolidated credential--cost-effectiveness perspective. Security credentials are just one part of the HazMat trans- After completing all four SWOT analyses, the research team portation security system. Figure 2-3 provides a high-level provided the results and associated assumptions to members overview of the credentialing process. Threats to the system of the TAG. The TAG was tasked with evaluating the results, arise when individuals with malicious intent are able to create assumptions, and conclusions, and providing feedback. All an unsafe situation. To prevent these threats, the system must comments received from the TAG were discussed with the ensure (to the extent possible) that all personnel entering the commenting TAG member and incorporated into the results. protected area are well-intentioned. This is accomplished by The results and specifics regarding assumptions for each two distinct processes. The vetting process, which takes place SWOT analysis are provided in Chapter 3. during the credential acquisition process, ensures that the appli- cant exhibits no indication of malicious intent and could have real and proper reasons for accessing the areas protected by the Phase II credential. The communication process allows the entry point personnel, with the aid of technology systems, to verify that the The Phase II effort built upon the results of the previous current credential-holder has successfully been vetted. phase by limiting considerations for consolidation to only Both processes must perform appropriately for the HazMat those results that were deemed applicable to consolidation. transportation security system to be effective. If the vetting The results indicated that additional data collection efforts process fails, a valid credential-holder may gain access to were necessary to accomplish the final task of determining and secure areas with intentions of deviant behavior. Conversely, evaluating the options for credential consolidation. These should the communication aspect fail, the person presenting supplementary efforts involved evaluating credential usage at the security credential may fraudulently enter secure areas, ports, and developing use-cases to provide insight into several again with intentions of harm. Therefore, all security creden- applicants' actual experiences (e.g., cost and time) in regard to tial processes should strive to be as thorough as possible in applying for, and receiving, security credentials. vetting the credential-holder, and as accurate as possible when communicating the identity. The effectiveness of security credentials can be evaluated Evaluation of Port Credential Usage through a variety of methods. The appropriateness of each This effort consisted of contacting a sample of ports through- method depends upon the end goals of the credentials' admin- out the United States and determining if they were currently istrators. For example, one could track the number of security using any credentials (i.e., local port identification) in addition breaches related to security credential failures, or the number to the federally mandated TWIC. This effort was designed to of issues associated with the vetting and communication

OCR for page 12
13 Credential Acquisition Process Applicant Submits Required Notify Applicant Applicant Denial Information to Acquire Credential Issuing Agency Accept or Review Deny Applicant Security Threat Assessment Criminal Offenses Applicant Accepted Name Based Check of Relevant Databases Immigration Status Drug Test All Vetting Information Provide Applicant Reviewed at Regular with Credential Frequency Credential Use Process User Requests Access to Facility or Secure Area Access Immediate Allow Access Granted Granted or Verification Verification Rejected Take Appropriate Remote Steps for Rejected Verification Rejection Figure 2-3. Application and use processes for security credentials. processes. However, because the vetting and communication access multiple facilities under various oversight agencies and, processes take place within a larger interconnected system, each thus, are required to utilize multiple credentials to perform method, when taken alone, may not accurately reflect the effec- their job requirements. tiveness of the credential. Within the HazMat transportation A proposed solution for simplifying the complex creden- system there are multiple types of facilities, areas, and border tialing system with regard to HazMat transportation is to crossings requiring security. At each entry gate, the transporta- eliminate or reduce redundancies. Many secure areas within tion worker must prove that he/she holds a valid security cre- the HazMat transportation system rely on the same basic dential. In many cases, the security credential is specific to the strategy of using security credentialing to protect the infra- facility (area or border crossing) and the issuing agency with structure, personnel, and business integrity within system jurisdiction. This specificity has created a complex system of operations. Consolidating some or all of the security creden- many secure facilities and an equivalent number of security tials (or minimizing redundancies) can be beneficial for all credentials. Additionally, many transport workers frequently stakeholders. Consolidation could result in lowered costs

OCR for page 12
14 related to operating a HazMat transportation-related business policy problems include many decision makers, an unlimited and lowered costs associated with securing key areas, facilities, number of alternatives, conflicting utilities (values), unknown and border crossings. Additionally, by increasing efficiency outcomes, and incalculable probabilities. Additionally, ill- related to security credentialing, the costs associated with vet- structured problems present complex choices that make it dif- ting credential applicants and training security personnel can ficult to make a satisfactory recommendation that combines be decreased. the values of all the stakeholders. As a result, the evaluation of The consolidation of security credentials must maintain the alternative consolidated credential options requires the use of highest level of security afforded by the individual credentials methods appropriate for the evaluation of ill-structured policy that were merged. Many of the existing credentials are issued problems.(6) by different agencies and cover different modes of transporta- The team used multiple-perspective analysis to obtain tion. A universally applicable, fundamentally secure creden- increased insight into potential implementation problems and tial requires certain traits that must be agreed upon by each of solutions. Multiple-perspective analysis was designed to be an the issuing agencies as well as the end users. alternative to rational-technical approaches and was designed Therefore, the Phase II effort consisted of developing several specifically for the analysis of ill-structured policy problems. options for consolidation, and evaluating such options based The multiple-perspective analysis method allows researchers on collected data. These options were developed based on the to systematically evaluate problem situations through the use results of elemental analysis, survey data, and use cases. They of organizational, technical, and personal perspectives. The were then evaluated for potential as a successful, broadly appli- major features of each perspective, as defined by Dunn (6), are cable, consolidated credential. The evaluation considered the as follows: basic building blocks (unique elements consistent with candi- date credentials comprising each option) and the unique back- Organizational perspective: Relies on standard operating ground check processes required to accomplish each option. procedures, rules, and institutional routines. Problems and solutions are viewed as part of an orderly progression from one organizational state to another. Policy Implementation Analysis Technical perspective: Requires objective analysis and a Successful policy implementation is, in part, determined scientific-technological worldview. Problems and solutions by the nature of the policy problem. Three types of policy are viewed in terms of optimization models and incorpo- problems exist: well-structured problems, moderately struc- rate ideas drawn from probability theory, benefit-cost tured problems, and ill-structured problems. Ill-structured and decision-making analysis, econometrics, and systems policy problems are those policy problems that typically analysis. include many different decision makers whose utilities (values) Personal perspective: Emphasizes intuition, leadership, and are either unknown or impossible to rank in a consistent self-interest as factors governing policies and their impacts. manner.(6) When evaluating well-structured and moderately Problems and solutions are viewed in terms of individual structured policy problems, preferences that are transitive in perceptions, needs, and values. nature (e.g., Policy A1 is preferable to Policy A2 and Policy A2 is preferable to Policy A3; therefore, Policy A1 is preferable to Through the use of a multiple-perspective analysis, the Policy A3) can be ascertained. However, ill-structured prob- proper balance of each perspective can be preliminarily deter- lems are intransitive in nature and the best or most appropri- mined. This determination will aid in the final development ate solution is often difficult to determine. Ill-structured of options for a consolidated credential.