Credentialing private-sector emergency workers

By Stephanie Kanowitz,
Contributor, Route Fifty

Connecting state and local government leaders

| December 2, 2019

The Corporate Emergency Access System makes it easier to verify that someone claiming to be essential company personnel is in fact essential.

Authentication

Identification cards available to government organizations for free can help public-safety officials know what private-sector workers – such as facilities staff, IT workers or a safety personnel -- are permitted to access affected areas during emergencies.

Recognizing that the personnel who need to get around during emergencies and recovery operations extends beyond those with government or medical badges, the Business Network of Emergency Resources (BNET) developed the Corporate Emergency Access System (CEAS) to make it easier for law enforcement officials to verify that someone claiming to be essential company personnel is in fact essential.

“In some sense, it’s also meant to try to weed out folks that shouldn’t be there,” said Stuart Freiman, project manager at the Rhode Island Emergency Management Agency, which has been using CEAS cards for more than two years.

CEAS uses a standard credential that preauthorizes crucial workers to gain access to restricted areas. Companies handle the vetting process and card issuance using the I-9 employment form, but government entities must adopt the voluntary CEAS program before industry employees can get cards and receive access.

Public-safety officials grant access by either visually examining the card or scanning the PDF417 barcode on it using a mobile app. The app connects to a cloud-based database where BNET stores basic cardholder information -- name, email address and work location -- and returns to officials either a green confirmation or a red rejection.

“We don’t do background checks, we don’t do criminal history checks on people because we find that what we’re doing here is we’re allowing people access back to their business,” BNET Executive Director Peter Picarillo said. “We’re not giving them access to a crime scene. The vetting requirement is less than a high-end criminal background check.”

To prevent duplication and fakes, CEAS cards are outfitted with holograms and microtext -- standard security features in ID cards, Picarillo said.

BNET offers four card types: Standard, which enables access to a specific facility; Multi-Facility, which permits access to multiple worksites within a given jurisdiction; All Area Access, which goes to people affiliated with a defined group of businesses in a specific area; and Flex. The only version with no photo, Flex Cards can be given to workers by the company based on situational discretion.

The cards have two access levels. Level C stands for critical industry and is given to organizations that are part of the Homeland Security Department’s list of critical infrastructure sectors. All others get Level B, which standards for all businesses.

Law enforcement officials accept the cards only when they’re activated, and that happens in one of two ways. One is through an announcement that the cards are valid, or acceptable, and the other is by making them “always on,” or always acceptable and valid.

Rhode Island opted for the latter in its CEAS implementation. “If it needs to be used, then it’s always there. If it doesn’t, then it’s not,” Freiman said. “What would happen is that on our statewide situational reports, during an emergency, there would be notes on the report on various different things and one of them would be … CEAS being in use.”

The state alerted officials to accept the cards when the governor closed roads because of a snowstorm, but Freiman said no one actually flashed a card, to his knowledge.

Weather incidents have led to most of the activations in the 11 Northeastern areas that use CEAS, Picarillo added. For instance, it went into effect in 2016 when New York City Mayor Bill De Blasio issued a travel storm during winter storm Jonas, and Baltimore activated it in 2012 ahead of Hurricane Sandy’s arrival.

A benefit of CEAS, Freiman said, is its interoperability with other participating organizations. Because Massachusetts, which borders Rhode Island to the north, also uses CEAS, public-safety personnel in both states can scan and validate the cards. “Once you’re part of the database, they’re all accessing the same database,” he said.

BNET developed the voluntary program in New York in 1999 as a result of the Joint Loss Reduction Partnership, a study that found that rapid reentry to the workplace and closer collaboration between the private and public sectors were critical following a disaster or emergency.

The first CEAS programs were deployed in Boston and New York City in 2004, and it plans to expand to more responder organizations through the national public-safety broadband network. “Right now, we have an application in to have it put up on FirstNet, so public-safety folks have access to it in a more trusted environment,” Picarillo said.

“The private sector is a critical, critical part of disaster recovery for communities,” Picarillo said. “It’s really important that governments not push the private sector off to the side. They’re essential for providing community lifelines, lifelines that government can’t provide, like food, power, water, health care, medication, fuel, access to money," he said. "The government can feed you with [Meals Ready to Eat] for 72 hours, but at some point, they’re going to [need] the private sector to assist in recovery.”

NEXT STORY: Commerce tightening IT, telecom supply chain security

This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. / Do Not Sell My Personal Information

Accept Cookies