National Academies Press: OpenBook
« Previous: Chapter 1 - Background
Page 9
Suggested Citation:"Chapter 2 - Research Approach." National Academies of Sciences, Engineering, and Medicine. 2011. Feasibility of a Consolidated Security Credential for Persons Who Transport Hazardous Materials. Washington, DC: The National Academies Press. doi: 10.17226/14565.
×
Page 9
Page 10
Suggested Citation:"Chapter 2 - Research Approach." National Academies of Sciences, Engineering, and Medicine. 2011. Feasibility of a Consolidated Security Credential for Persons Who Transport Hazardous Materials. Washington, DC: The National Academies Press. doi: 10.17226/14565.
×
Page 10
Page 11
Suggested Citation:"Chapter 2 - Research Approach." National Academies of Sciences, Engineering, and Medicine. 2011. Feasibility of a Consolidated Security Credential for Persons Who Transport Hazardous Materials. Washington, DC: The National Academies Press. doi: 10.17226/14565.
×
Page 11
Page 12
Suggested Citation:"Chapter 2 - Research Approach." National Academies of Sciences, Engineering, and Medicine. 2011. Feasibility of a Consolidated Security Credential for Persons Who Transport Hazardous Materials. Washington, DC: The National Academies Press. doi: 10.17226/14565.
×
Page 12
Page 13
Suggested Citation:"Chapter 2 - Research Approach." National Academies of Sciences, Engineering, and Medicine. 2011. Feasibility of a Consolidated Security Credential for Persons Who Transport Hazardous Materials. Washington, DC: The National Academies Press. doi: 10.17226/14565.
×
Page 13
Page 14
Suggested Citation:"Chapter 2 - Research Approach." National Academies of Sciences, Engineering, and Medicine. 2011. Feasibility of a Consolidated Security Credential for Persons Who Transport Hazardous Materials. Washington, DC: The National Academies Press. doi: 10.17226/14565.
×
Page 14

Below is the uncorrected machine-read text of this chapter, intended to provide our own search engines and external engines with highly rich, chapter-representative searchable text of each book. Because it is UNCORRECTED material, please consider the following text as a useful but insufficient proxy for the authoritative book pages.

9This research was done in a multi-phase approach. The main goal of Phase I was to understand the existing creden- tialing system as it relates to persons who transport hazardous materials, and determine the feasibility of a consolidated cre- dential within that system. This first phase involved the exam- ination of the current credentialing processes at their basic levels to understand each credential’s elements (e.g., security attri- butes, related costs, time to acquire) and associated strengths and weaknesses. This elemental analysis approach provided the data blocks necessary for generating and evaluating consolidated credential options in Phase II. Phase II was dependent on the results of Phase I and the feasibility of consolidating credentials. Phase II consisted of a single task to develop potential options for consolidating cre- dentials for persons who transport hazardous materials, and evaluating the strengths and weaknesses associated with each potential option. Tasks were organized as follows (note, Task 5 was to produce the interim report and is not considered part of the research approach for Phase I): • Task 1 (Phase I) – Identify credentials and credential elements. • Task 2 (Phase I) – Conduct time and cost analysis. • Task 3 (Phase I) – Conduct regulatory analysis. • Task 4 (Phase I) – Determine feasibility of consolidation. • Task 6 (Phase II) – Develop and evaluate options for consolidation. Phase I The research team developed and followed the flow chart shown in Figure 2-1 to complete Phase I tasks. After identify- ing the credentials, the research team analyzed data in three key areas: Elemental Analysis, Time and Cost Analysis, and Regulatory Analysis. Credential Synthesis The research team compiled all security credentialing lit- erature in the Virginia Tech Transportation Institute (VTTI) HazMat library. This effort was supplemented by a national and international review of Internet resources, academic arti- cles, and other public information sources with the objective of determining the underlying credentialing processes and regulatory requirements for each credential. To augment the information, the research team assembled a technical advisory group (TAG). The group was comprised of seven members with varied experience in the different modes of transportation or credentialing. Each TAG member was selected because of a direct role or related experience with credentialing and is listed below with a brief description of their relevance to this effort. • John Smith has applied for, and used, HazMat credentials and is familiar with the application process. • Karen Chappell is responsible for the state issuance and regulation of HazMat credentials. • Lt. Sal Castruita is on the security team of the Virginia Port Authority. • Wiley Mitchell was selected because of his understanding and knowledge of the purpose of the legal aspects of cre- dentialing for the Norfolk Southern Railroad. • Jim Wilding was chief executive officer (CEO) of the Met- ropolitan Washington Airports Authority and is aware of the risks involved and the reasons for credentials that are necessary in order to access commercial airports. • Walter Witschey is the current president of the Virginia Rail Policy Institute and has access to numerous individuals and organizations associated with the freight rail industry. • Dale Bennett is the president of the Virginia Trucking Asso- ciation and has access to carriers and drivers involved in HazMat shipping. A short biography of each member is provided in Appen- dix A. C H A P T E R 2 Research Approach

Elemental Analysis With a completed list of relevant credentials, the research team focused on identifying the elements of each. Elements are individual pieces of information used to acquire a credential, or contained within a credential to communicate the neces- sary information to authenticate the identity of the credential holder. Examples of elements are full name, address, access level, date of birth, photograph, and biometric attributes. To identify the elements, the research team focused on two key sources—the application for, and a representation of, the actual credential. The application for each credential was used to determine the requirements-to-obtain elements for that credential. Many of the credentials’ applications were readily available on the issuing agencies’ Web sites. However, the research team also obtained more obscure applications through companies that have applied for these credentials in the past; in one case, the research team actually completed the online application process. For two of the identified credentials, the Commercial Driver’s License (CDL)-HME and SIDA, the Code of Federal Regulations (CFR) was used to capture the minimum require- ments. These federal minimums were used to provide a com- mon denominator because each credential is handled by multiple issuing agencies (i.e., the states for a CDL-HME, and the airports for a SIDA). To obtain the attribute elements, the research team used a combination of photographs of credentials, actual creden- tials, and written descriptions of credentials to identify each attribute element on each credential. The collected elemental data were placed in matrices to visually represent the data and to track gaps in the data throughout the progression of the research. This added a level of redundancy in the research approach to ensure all available data were captured. 10 Ta sk 1 Ta sk 2 Ta sk 3 Ta sk 4 Figure 2-1. Research approach for Phase I.

Time and Cost Analysis Although time and costs both provide an understanding of the burden to acquire security credentials, it was necessary to perform two separate data collection efforts. First, the research team developed a questionnaire to collect time-related data from actual credential holders. Second, the research team col- lected pricing data from each issuing agency related to each credential. Consolidated Credential Questionnaire Since this was an examination of several security credentials across many transportation modes, a survey was designed that would allow for the analysis of the credentials themselves, as well as the use of the credentials across modes. The resulting survey addressed the following modes: air, highway and tractor- trailer, marine, and rail. Additionally, the following security credentials were explored: • CDL-HME, • TWIC, • FAST, • Florida Uniform Port Access Credential (FUPAC), • Merchant Mariner Credential (MMC), • Merchant Mariner Document (MMD), • Merchant Mariner License (MML), • NEXUS, • Secure Electronic Network for Travelers Rapid Inspection (SENTRI), and • SIDA. The questionnaire was developed to ensure that the broadest range of responses could be accommodated. This approach provided an understanding of the time required to obtain the aforementioned credentials. The questionnaire was created through collaboration with the TAG. During the developmental stage, the VTTI team conferred several times with the TAG to discuss questionnaire design and format. Discussions ranged from general question- naire goals and outlines to specific question methodology. Throughout the process, the team members exchanged ques- tionnaires and ideas in order to determine the best approach for obtaining the desired information. Credential Costs To collect the credential cost data, the research team col- lected the most up-to-date pricing information available using data from the Web sites of the issuing agencies. These data were organized by credential and placed into a matrix similar to those used for the elemental analysis. Many of the identified credentials were federally issued, therefore, a single cost was associated with each. However, the CDL-HME is a state-issued credential and its cost varies by state. These data were publicly available from each state and placed into the matrix along with the federally issued credentials. The SIDA costs are designated by the issuing airport authority and, due to variability, are cap- tured as a mean of several agency-reported costs in the cost results matrix. Regulatory Analysis To fully understand the credentialing process, the team researched the regulatory authorities, programs, and policies, and any applicable exemptions for each credential. This was done by a review of the CFR and the United States Code (U.S.C.), where applicable to each credential. When necessary, local regulations were consulted to understand the authorities for credentials that are not federally issued. After identifying the authorities and programs associated with each credential, the team investigated policy- and program-specific Web sites. Furthermore, where necessary, the research team contacted rep- resentatives of the credential-issuing agencies for clarification or additional information. SWOT Analysis A strengths, weaknesses, opportunities, and threats (SWOT) analysis is designed to aid in the strategy decisions related to change in an organizational effort. This technique was used to analyze the advantages and disadvantages of a consolidated and a non-consolidated security credentialing approach for persons who transport hazardous materials. The advantage to the SWOT analysis is the defined manner in which the data are examined, ensuring analysis from both internal (i.e., pro- cessing of the credential) and external (i.e., use of the creden- tial) points of view (Figure 2-2). The research team used the 11 Figure 2-2. SWOT analysis.

information from Tasks 1, 2, and 3 to complete the SWOT analyses of both consolidated and non-consolidated credential approaches. It was necessary to examine the approach for a consolidated credential rather than the result of a consolidated credential to understand the issues from a relative perspective. The fea- sibility of a consolidated credential requires change from the existing system, not the development of a completely new cre- dentialing system (i.e., an absolute perspective). Therefore, the SWOT analysis evaluated the process of moving to, and use of, a fitting consolidated credential. The research team evaluated the feasibility of a consoli- dated credential from two different perspectives (i.e., security and cost-effectiveness) and from two different outcomes (i.e., consolidated credential and non-consolidated credential). This resulted in four unique SWOT analyses focusing on each perspective and assuming each outcome. Therefore, a SWOT analysis was done for each of the following conditions: • Consolidated credential—security perspective, • Consolidated credential—cost-effectiveness perspective, • Non-consolidated credential—security perspective, and • Non-consolidated credential—cost-effectiveness perspective. After completing all four SWOT analyses, the research team provided the results and associated assumptions to members of the TAG. The TAG was tasked with evaluating the results, assumptions, and conclusions, and providing feedback. All comments received from the TAG were discussed with the commenting TAG member and incorporated into the results. The results and specifics regarding assumptions for each SWOT analysis are provided in Chapter 3. Phase II The Phase II effort built upon the results of the previous phase by limiting considerations for consolidation to only those results that were deemed applicable to consolidation. The results indicated that additional data collection efforts were necessary to accomplish the final task of determining and evaluating the options for credential consolidation. These supplementary efforts involved evaluating credential usage at ports, and developing use-cases to provide insight into several applicants’ actual experiences (e.g., cost and time) in regard to applying for, and receiving, security credentials. Evaluation of Port Credential Usage This effort consisted of contacting a sample of ports through- out the United States and determining if they were currently using any credentials (i.e., local port identification) in addition to the federally mandated TWIC. This effort was designed to provide some insight into the propensity of local authorities to adopt new requirements and replace existing systems versus adopting the mandated requirements as an additional layer of security. The results of this effort are indicative of potential success with consolidation of existing security credentials under local and state authorities, as well as for federally managed security credentials. Use Cases The results of the Phase I, Task 2 effort to understand time and cost information related to the users of security creden- tials provided high-level understanding of the system. How- ever, it was evident that several in-depth case reviews could be beneficial to characterizing the system as well. This effort followed up on the previous effort to better understand the burdens of several users, the results of which provide some insight into the microeconomic burdens in specific cases. Consolidated Credential Options and Evaluation Security credentials are just one part of the HazMat trans- portation security system. Figure 2-3 provides a high-level overview of the credentialing process. Threats to the system arise when individuals with malicious intent are able to create an unsafe situation. To prevent these threats, the system must ensure (to the extent possible) that all personnel entering the protected area are well-intentioned. This is accomplished by two distinct processes. The vetting process, which takes place during the credential acquisition process, ensures that the appli- cant exhibits no indication of malicious intent and could have real and proper reasons for accessing the areas protected by the credential. The communication process allows the entry point personnel, with the aid of technology systems, to verify that the current credential-holder has successfully been vetted. Both processes must perform appropriately for the HazMat transportation security system to be effective. If the vetting process fails, a valid credential-holder may gain access to secure areas with intentions of deviant behavior. Conversely, should the communication aspect fail, the person presenting the security credential may fraudulently enter secure areas, again with intentions of harm. Therefore, all security creden- tial processes should strive to be as thorough as possible in vetting the credential-holder, and as accurate as possible when communicating the identity. The effectiveness of security credentials can be evaluated through a variety of methods. The appropriateness of each method depends upon the end goals of the credentials’ admin- istrators. For example, one could track the number of security breaches related to security credential failures, or the number of issues associated with the vetting and communication 12

processes. However, because the vetting and communication processes take place within a larger interconnected system, each method, when taken alone, may not accurately reflect the effec- tiveness of the credential. Within the HazMat transportation system there are multiple types of facilities, areas, and border crossings requiring security. At each entry gate, the transporta- tion worker must prove that he/she holds a valid security cre- dential. In many cases, the security credential is specific to the facility (area or border crossing) and the issuing agency with jurisdiction. This specificity has created a complex system of many secure facilities and an equivalent number of security credentials. Additionally, many transport workers frequently access multiple facilities under various oversight agencies and, thus, are required to utilize multiple credentials to perform their job requirements. A proposed solution for simplifying the complex creden- tialing system with regard to HazMat transportation is to eliminate or reduce redundancies. Many secure areas within the HazMat transportation system rely on the same basic strategy of using security credentialing to protect the infra- structure, personnel, and business integrity within system operations. Consolidating some or all of the security creden- tials (or minimizing redundancies) can be beneficial for all stakeholders. Consolidation could result in lowered costs 13 Applicant Submits Required Information to Acquire Credential Security Threat Assessment Notify Applicant Provide Applicant with Credential Verification Issuing Agency Review Immigration Status Drug Test User Requests Access to Facility or Secure Area Name Based Check of Relevant Databases Criminal Offenses Accept or Deny Applicant Applicant Denial Applicant Accepted Rejected Take Appropriate Steps for Rejection Immediate Verification All Vetting Information Reviewed at Regular Frequency Granted Remote Verification Access Granted or Rejected Allow Access Credential Acquisition Process Credential Use Process Figure 2-3. Application and use processes for security credentials.

related to operating a HazMat transportation-related business and lowered costs associated with securing key areas, facilities, and border crossings. Additionally, by increasing efficiency related to security credentialing, the costs associated with vet- ting credential applicants and training security personnel can be decreased. The consolidation of security credentials must maintain the highest level of security afforded by the individual credentials that were merged. Many of the existing credentials are issued by different agencies and cover different modes of transporta- tion. A universally applicable, fundamentally secure creden- tial requires certain traits that must be agreed upon by each of the issuing agencies as well as the end users. Therefore, the Phase II effort consisted of developing several options for consolidation, and evaluating such options based on collected data. These options were developed based on the results of elemental analysis, survey data, and use cases. They were then evaluated for potential as a successful, broadly appli- cable, consolidated credential. The evaluation considered the basic building blocks (unique elements consistent with candi- date credentials comprising each option) and the unique back- ground check processes required to accomplish each option. Policy Implementation Analysis Successful policy implementation is, in part, determined by the nature of the policy problem. Three types of policy problems exist: well-structured problems, moderately struc- tured problems, and ill-structured problems. Ill-structured policy problems are those policy problems that typically include many different decision makers whose utilities (values) are either unknown or impossible to rank in a consistent manner.(6) When evaluating well-structured and moderately structured policy problems, preferences that are transitive in nature (e.g., Policy A1 is preferable to Policy A2 and Policy A2 is preferable to Policy A3; therefore, Policy A1 is preferable to Policy A3) can be ascertained. However, ill-structured prob- lems are intransitive in nature and the best or most appropri- ate solution is often difficult to determine. Ill-structured policy problems include many decision makers, an unlimited number of alternatives, conflicting utilities (values), unknown outcomes, and incalculable probabilities. Additionally, ill- structured problems present complex choices that make it dif- ficult to make a satisfactory recommendation that combines the values of all the stakeholders. As a result, the evaluation of alternative consolidated credential options requires the use of methods appropriate for the evaluation of ill-structured policy problems.(6) The team used multiple-perspective analysis to obtain increased insight into potential implementation problems and solutions. Multiple-perspective analysis was designed to be an alternative to rational-technical approaches and was designed specifically for the analysis of ill-structured policy problems. The multiple-perspective analysis method allows researchers to systematically evaluate problem situations through the use of organizational, technical, and personal perspectives. The major features of each perspective, as defined by Dunn (6), are as follows: • Organizational perspective: Relies on standard operating procedures, rules, and institutional routines. Problems and solutions are viewed as part of an orderly progression from one organizational state to another. • Technical perspective: Requires objective analysis and a scientific-technological worldview. Problems and solutions are viewed in terms of optimization models and incorpo- rate ideas drawn from probability theory, benefit-cost and decision-making analysis, econometrics, and systems analysis. • Personal perspective: Emphasizes intuition, leadership, and self-interest as factors governing policies and their impacts. Problems and solutions are viewed in terms of individual perceptions, needs, and values. Through the use of a multiple-perspective analysis, the proper balance of each perspective can be preliminarily deter- mined. This determination will aid in the final development of options for a consolidated credential. 14

Next: Chapter 3 - Findings and Applications »
Feasibility of a Consolidated Security Credential for Persons Who Transport Hazardous Materials Get This Book
×
MyNAP members save 10% online.
Login or Register to save!
Download Free PDF

TRB’s Hazardous Materials Cooperative Research Program (HMCRP) Report 6: Feasibility of a Consolidated Security Credential for Persons Who Transport Hazardous Materials discusses the feasibility of consolidating several existing security credentials, which are necessary under current regulations and policies, into one credential for all transportation modes.

The report evaluates the credentialing system to identify duplicative elements and redundant costs and describes the acquisition process, the application elements, and the physical characteristics for each identified credential. In addition, the report identifies the elements of the vetting processes for each credential. The report includes an examination of four options for consolidation, which provides insight into the basic elements of a universally recognized security credential for HazMat transportation workers.

HMCRP Report 6 also identifies key challenges for consolidation of security credentials, such as impetus and authority, organizational climate, financing, risk, and technological trending.

An alternative method of consolidating background checks is identified as a possible intermediate solution for removing duplicative processes and redundant costs.

A PowerPoint presentation, which summarizes the report process and conclusions, is available for download.

  1. ×

    Welcome to OpenBook!

    You're looking at OpenBook, NAP.edu's online reading room since 1999. Based on feedback from you, our users, we've made some improvements that make it easier than ever to read thousands of publications on our website.

    Do you want to take a quick tour of the OpenBook's features?

    No Thanks Take a Tour »
  2. ×

    Show this book's table of contents, where you can jump to any chapter by name.

    « Back Next »
  3. ×

    ...or use these buttons to go back to the previous chapter or skip to the next one.

    « Back Next »
  4. ×

    Jump up to the previous page or down to the next one. Also, you can type in a page number and press Enter to go directly to that page in the book.

    « Back Next »
  5. ×

    To search the entire text of this book, type in your search term here and press Enter.

    « Back Next »
  6. ×

    Share a link to this book page on your preferred social network or via email.

    « Back Next »
  7. ×

    View our suggested citation for this chapter.

    « Back Next »
  8. ×

    Ready to take your reading offline? Click here to buy this book in print or download it as a free PDF, if available.

    « Back Next »
Stay Connected!