When fully implemented, the TWIC program, now in its pilot phase, will use biometrics to confirm the identities of up to 6 million workers across all transportation industry sectors.

"We determined that significant security vulnerabilities existed relative to the TWIC prototype systems, documentation and program management," Skinner said in the report. "Due to the number and significance of the weaknesses identified, TWIC prototype systems are vulnerable to various internal and external security threats."

The security issues could threaten the confidentiality, integrity and availability of sensitive TWIC data, Skinner said in the report. And until they are corrected, the security flaws jeopardize the certification and accreditation of the identification system prior to its rollout.

Exactly what flaws were identified remains unknown; Skinner redacted all of the specific information about the vulnerabilities from his report. But the report does say that the TWIC system fails to fully comply with requirements of the Federal Information Security Management Act (FISMA).

In addition, Skinner said the DHS needs to update information about how the prototype phase was implemented and tested or spell out what policies need to be in effect prior to its full-fledged implementation. He also said systems contingency plans have not been approved or tested, and system and database administrators have not received specialized security awareness training.