Supply chain security culture: measure development and validation, 2009 (CORE1200)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: Supply chain security culture (SCSC) is as an overall organizational philosophy embracing norms and values that keep employees vigilant when performing supply chain security practices. The article presents a scale that makes possible to gauge supply chain security culture and its correlation to organization’s ability to respond to unexpected disruptions. Employees are asked to assess two topics: security strategy of the company and impacts of significant supply chain breech to business operations. According the study improved supply chain security culture makes company more resilient against major disruptions. This research helps executives to justify their expenditures on security efforts. The reviewed document can be purchased here: http://dx.doi.org.

[s2If is_user_logged_in()]

Full review: Researchers have stressed the importance of having an organizational culture that highlights proactivity and vigilance toward supply chain security breaches. In security-focused supply chain management environment workers are empowered to detected and handle supply chain security threats without seeking formal permission from supervisors and managers. Company security strategy gives specific attention how SCS concepts are embedded into firm processes and procedures. Alignment with organizational culture and business or corporate-level strategies is believed to result in enhanced organizational performance. In addition, organization culture encompasses supply chain continuity management. The paper presents a scale for measuring supply chain security culture defined as the overall organizational philosophy that creates supply chain security as a priority among its employees through embracing and projecting norms and values to support secure activities and to be vigilant with security efforts.

The study makes possible to assess how implemented FP7-CORE security technologies, tools and practices influence on supply chain resilience based on the perception of company managers and employees. The article gives also guidelines how to develop survey forms and protocols in order to assess the influence of implemented security measures on other KPIs such as supply chain visibility and reliability. The survey tools based on perceived operational and organizational changes complete toolbox to measure impacts of introduced security interventions.

Reference: Zachary Williams, Nicole Ponder, Chad W. Autry, “Supply chain security culture: measure development and validation”, The International Journal of Logistics Management, Vol. 20 Iss: 2, pp.243 – 260

 

CORE1200

[/s2If]

The first Annual SYNCHRO-NET meeting

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

The SYNCHRO-NET project had its first annual project meeting in Barcelona in early June. I had a pleasure to take part in the three-day event and enjoy the welcoming atmosphere and sunny weather of the Catalonian capital.

For those who are not yet familiar with the project, SYNCHRO-NET is a three-and-half-year demonstration project on advanced logistics optimization. The project seeks to advance and promote new concepts of synchro-modality and slow steaming for more cost-efficient, less congested and greener intermodal supply chains. The project includes three demonstrations that test slow-steaming and synchro-modal solutions in real international logistics networks. The first demonstrator involves shipping of goods from the Far-East to the ports of Valencia, Algeciras and Barcelona, and subsequent movement by rail inland and final short truck movement. The second demonstrator focuses on regional logistics movements through the Port of Cork. The third demonstrator will address multimodal container movements in major European routes. The project is funded by the European Commission under the Horizon 2020 Programme.

During the two first days of the meeting, the Partner Forum discussed the SYNCHRO-NET work ahead: standardization, development of a tool for logistics optimization, real-world demonstrations, and exploitation and dissemination of the project’s results. The discussion produced some interesting findings and conclusions. The Partner Forum observed that, given the large number and variety of factors, the optimization of shipping and logistics in terms of cost (including CAPEX, crew cost, fuel), duration, environmental impact, reliability and various types of risks is nothing but an easy task. For example, weather, tide and state of the sea affect maritime logistics, its speed, reliability and cost-efficiency. There was also a great deal of discussion about the dimensions of risk in the meeting. The International Organization of Standardization (ISO) defines risk as the “effect of uncertainty on objectives.” In this light, the concept of risk in the SYNCHRO-NET context covers at least damage to cargo, lead time variability, variability of cost, and possibility of theft and piracy. The Forum concluded that cost-efficiency and quality of international logistics depend largely on real-time awareness and visibility over logistics operations: “the sooner you know, the lower the cost will be to solve the problem.”

The three days of SYNCHRO-NET meetings culminated in the International Logistics and Material Handling (SIL) conference, the primary annual industry fair and networking event for logistics professionals in Spain. In the conference, Mr. Santiago Blasco (DHL) introduced SYNCHRO-NET at the “Consumer & Goods” working session for a large audience. Later that day, a group of leading logistics experts from Spain and the rest of Europe debated on pressing topics at three SYNCHRO-NET roundtables. The roundtable sessions focused on the general theme “How to build win-win solutions synchro-modal logistics stakeholders.” Here are brief summaries of the roundtable sessions:

  • “Smart Steaming – how to build a win-win solution for all stakeholders.” The members of the roundtable raised concerns about organizational, technical and business challenges of future slow steaming. There are obvious draw-back in slow steaming such as longer lead times and lower capacity utilization. However, the panel concluded that smart rather than slow steaming is here to stay: “While maintaining high service level, we can make logistics more cost-efficient.”
  • ”Effective management of synchro-modal logistics.” The panelists of the second session argued that the concept of synchro-modality is not yet very established in the logistics sector. Even so, the panel agreed that synchro-modality builds on real-time optimization, risk analysis and advanced, ITC-enabled logistics planning. Synchro-modality requires visibility over the supply chain, so that logistics planers react to contingencies and can make effective decisions in real time. The panel concluded that collaboration across supply chain operators – especially among shippers, carriers, freight forwarders – is the key to synchronized international logistics.
  • “Synchro-modal IT tools: innovation and value added to the logistics industry.” The third panel focused on the rather technical topic of leveraging cloud-based IT architecture for advanced logistics planning. The panelists saw a great potential in modern ICT solutions to enable synchro-modality, smart steaming and other ways for optimizing international freight transport. There still remain challenges for bridging a broad array of different computer systems for higher degree of logistics interconnectedness and interoperability.

The SYNCHRO-NET project has had a strong start, and the project progresses on the right track and at the full speed after one year of work. There is still much hard work to do over the next six months, for CBRA and other partners. In autumn, CBRA researchers will be focusing on reviewing policies, legislations, and standards that have an effect on synchro-modality and slow steaming. The CBRA team will also continue promoting the SYNCHRO-NET project and its findings at various events and publications. Stay with SYNCHRO-NET and visit the project website www.synchro-net.org.

CBRA Blog by Dr. Toni Männistö

blogsynchronet

Figure 1 Santiago Bosco presenting SYNCHRO-NET at the the International Logistics and Material Handling (SIL) conference

Interview with Ms. Sarma on the US CSP-program

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , /by

28.6.2016: Today’s CBRA Interview with Ms. Dace Sarma from CRDF Global focuses on the U.S. Department of State’s Chemical Security Program

 

Hi Dace, and thanks for joining CBRA Interview. Can you please tell first a bit of your background and what you do today?

I work at CRDF Global, an independent nonprofit organization that promotes international scientific and technical collaboration through grants, technical resources, training and services. At CRDF Global, I work in partnership with the U.S. Department of State’s Chemical Security Program, CSP in short, on programming collaborating with government, security, academic, and industrial communities around the world to strengthen their ability to thwart chemical attacks. Prior to working with CSP, I supported and implemented the Department of State’s Office of Weapons of Mass Destruction and Terrorism, WMDT in short, projects within the scope of CRDF Global support for the WMDT.

 

Thanks for sharing that. Can you explain more about CRDF Global and the Chemical Security Program, CSP, by the US State Department?

CSP works with a number of implementing partners, including CRDF Global, to promote chemical security through sponsorship of projects designed to identify and address chemical security vulnerabilities and prevent chemical attacks.

CSP collaborates with diverse stakeholders, including partner governments, subject matter experts, and international organizations, to enhance chemical security through capacity building workshops, and trainings.

 

I had the pleasure to join twice the CRDF Global workshops in 2015: first to Hurghada, Egypt, in March 2015, and second to Istanbul, Turkey, in December 2015. The former workshop was targeted for the Egyptian government and chemical industry, and the latter one for the Iraqi government and chemical industry. Extremely interesting 3-4 days in both workshops, with great audiences and co-speakers / co-facilitators. In both workshops I gave presentations e.g. on FP7-project CORE / dangerous goods tracking, and on Dow Chemical supply chain security – thanks again to Ms. Antonella Di Fazio of Telespazio and Dr. Toni Mannisto of CBRA for co-producing these presentations. What is the current status of CSP regarding these countries today, if I may ask?

Thank you again for your participation in these workshops, Juha. We all appreciated you sharing your experience in chemical supply chain and transportation security.

We have continued work with our partners in Egypt on chemical supply chain security. CRDF Global, the Federation of Egyptian Industries’ Environmental Compliance Office (FEI-ECO) and the Federation of Egyptian Industries’ Chamber of Chemical Industries (CCI) held an event in December, also sponsored by CSP, which convened 170 government, industry and academia representatives from Egypt’s chemical sector to highlight Egypt’s achievements in securing the chemical supply chain and identify further steps required to secure their chemicals in transit.  FEI-ECO and CCI are also working to provide technical guidance and support for Egyptian chemical companies to adopt Responsible Care®, an international voluntary chemical management initiative developed by the chemical industry to help chemical companies operate safely, securely and profitably.

In Iraq, CRDF Global and CSP have continued to work closely with a variety of partners from across the chemical and security communities. Most recently in April, with sponsorship from CSP, CRDF Global implemented the 1st National Chemical and Biological Security Coordination Conference in Baghdad. The conference convened Iraqi government, security, industrial, and academic sectors to discuss national efforts, interagency coordination, and best practices to counter chemical and biological proliferation in Iraq.

 

Any plans in 2016 to organize similar workshops in the MENA region?

We will continue to work with our international partners, including in the MENA region, in 2016. As the world becomes more connected, we will continue to focus on securing the chemical supply chain.  Many of our partners have also identified chemical ground transportation security as an area of particular interest.  We look forward to working with technical experts like CBRA and leaders from chemical communities worldwide to enhance global chemical security.

 

Thanks a lot Dace for this interview – and hope to meet you soon again, at one the upcoming missions / workshops! Juha

Revisiting the Yemen bomb plot of 2010

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

blog_070316This CBRA blog revisits the Yemen bomb plot from 2010, the most decisive turning point in modern air cargo security. More than five years after the events, this blog discusses the plot’s implications to the contemporary air cargo security and outlines CBRA’s recommendations for future security work. Parts of this blog text have already been published in the doctoral thesis of CBRA researcher Toni Männistö.

Two explosive devices aboard passenger planes: The series of events, that we call the Yemen bomb plot, took place on 29 October in 2010. On that day, al-Qaeda terrorists almost destroyed two passenger airplanes with a pair of express courier parcels, each enclosing plastic explosives hidden inside a printer toner cartridge. The explosive parcels where sent to Chicago from the capital of Yemen, Sana’a, via two different express courier operators.

Both parcel bombs were eventually intercepted and defused, without fatalities or injuries. But before the interception, the bombs had already travelled onboard multiple air freighters and passenger planes. Many people flew that day with a fully functional explosive device under their seat! Though the parcels were addressed to Chicago, officials think that terrorists wanted to detonate the bombs mid-air, just before landing using cell phone timer alarms.

A Lockerbie-style mayhem was slightly avoided, largely thanks to a timely piece of intelligence. The bomb plot started to uncover when a suspected double agent tipped Saudi-Arabian intelligence that al-Qaeda terrorists had shipped two parcel bombs from Yemen to the US via the express courier service. The Saudi intelligence forwarded the tracking numbers of the suspected explosive devices to their US and German colleagues and told them to look for printer toner cartridges.

The first parcel was intercepted in Dubai, and the second one at the East Midlands airport, nearly 200 km to the northwest from London. In the UK, a bomb squad did not first recognize anything suspicious when they screened the suspected parcel. “It looked like a printer cartridge – there were no wires or anything,” one of CBRA’s contacts at World Customs Organization (WCO) recounts. “But of course, what the cartridge did contain was explosive that current technologies couldn’t detect.” Later laboratory tests revealed that each parcel contained 300 to 400 grams of PETN, military grade plastic explosive, wirings, and a detonator hidden inside a printer’s toner cartridge. The bombs were so meticulously concealed that they had not only passed the standard air cargo and safety screening but also the special screening of the bomb squad.

Aftermaths: The Yemen incident was rude reminder of the vulnerability of the air cargo logistics to terrorism. Sure, the day was saved by old-school, field intelligence work and prompt government response. But before interception, the first parcel travelled aboard three different flights: Sana’a – Dubai, Dubai – Cologne, and Cologne – East Midlands Airport. The second explosive parcel flew first from Sana’a to Doha and then to Dubai where it was intercepted.

In the immediate aftermaths of the events, aviation security authorities in the US and many European countries stopped accepting freight shipments from Yemen. Germany also cancelled all passenger flights from Yemen for more than two weeks. “As often happens in these situations,” the WCO’s air cargo specialist remarks, “the first reaction was stopping anything coming from this part of the world – any plane for any reason.” The new security rules changed the air cargo operations virtually overnight, seriously disrupting the air cargo and mail service. Delays were widespread and lengthy, but the worst aspect of the disruption was that no one knew when the new apparently transient security regime was to be revoked.

Eventually, once the precautionary stoppage was ended, new unprecedentedly stringent security requirements entered into force, disrupting the air cargo and mail service further. The US Transportation Security Administration, TSA, introduced the most stringent rules: any mail originating or transiting through Somalia or Yemen was banned, as well as printers or printer toner cartridges from high-risk locations. Moreover, parcels originating from any business partners had to be screened up to high-risk screening standards, piece by piece, if such shipment did not accompany a tendering statement, a document assuring that cargo comes from a known and trusted shipper. The new regime disrupted seriously international air cargo logistics, causing air cargo shippers worldwide to accumulate huge backlogs of US-bound shipments. Annoyed and surprised about the turn of events, the air cargo industry reacted to the US rules with a barrage of criticism, calling the measures superfluous and impractical. Over the following weeks, the reactive security rules were gradually relaxed to enable clearing of the backlog of US-bound air cargo.

In the long term, the Yemen events put air cargo security into a spotlight, securing political commitment and spurring further reforms for years to come. The International Civil Aviation Organization, ICAO, for example, included advanced security, concepts such as the “secure supply chain” principle, the concept of high-risk cargo and mail, and the consignment security declaration, CSD, into the new edition of the Annex 17 of the Chicago Convention. Also the European Union expanded the EU air cargo regime to cover airlines operating into the EU aviation security area – EU-28 plus Switzerland, Norway and Iceland – from third country airports. The amendment also specified criteria for identifying and screening high-risk cargo and mail, known as HRCM.

CBRA considerations for future air cargo security: The modern air cargo security has taken major leaps since the Yemen incident, but the work towards higher air cargo security still continues. The CBRA research team considers that, like in any other area of supply chains, it is crucial both to facilitate cross-border logistics and to ensure adequate security. This classic dilemma of striking the balance between trade facilitation and supply chain security is not easy to solve, but we believe that there are some promising ways to promote logistics-friendly air cargo security.

Governments should normally consult the air cargo industry before introducing new security rules. New security rules should avoid reducing speed, on-time reliability, or cost-efficiency of the air cargo service. There are often ways to integrate new security requirements seamlessly into the sequence of day-to-day logistics activities, but this requires close government-business coordination.

One promising way forward is to improve capabilities of pre-loading risk assessment, so that the riskiest air cargo shipments can be identified early on and subjected to a more stringent screening. Many projects on this matter are under way, most notably the Air Cargo Advance Screening (ACAS) in the US and Pre-loading Consignment Information for Secure Entry
 (PRECISE) in the European Union. The CBRA team applauds these efforts of advancing risk assessment and reminds of the importance of proactive updating of risk-scoring algorithms.

EU’s decision of forcing flights from third countries into EU to comply with EU’s air cargo security regime makes also good sense. It is reasonable to secure air cargo up to an adequate standard sooner rather than later, preferably before the first flight. More global capacity building – especially training and funds for modern screening equipment – are needed in developing countries. Also, auditing activities in third countries would benefit from further resources.

Harmonization and mutual recognition is another key theme for years to come. In the EU, civil aviation and customs authorities might find some synergies if they harmonized their respective Known Consignor (KC) and Authorized Economic Operator (AEO) programs. Air cargo companies would also benefit if types and performance requirements of screening methods would be uniform across the members of the European Union.

Bibliography:

BBC, Q&A: Air freight bomb plot, 2 November 2010

European Commission, Regulation 173/2012, amending 185/2010

International Civil Aviation Organization, Chicago convention, Annex 17, 9th edition

Koolloos M.F.J., Männistö T., van der Jagt O.C., Jezierska M.M., Hintsa J., Kähäri P. and Tsikolenko V. (2015), Security Screening for the Air Express Cargo Industry, Final Report, Brussels, Belgium.

Männistö, T., 2015. Mitigating Crime and Security Risks in the International Logistics Network: the Case of Swiss Post. Doctoral thesis, École Polytechnique Fédérale de Lausanne (EPFL).

CBRA Blog by Dr. Toni Männistö

C-TPAT Program Benefits Reference Guide, 2014 (CORE1032)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This guidebook outlines the key elements and benefits of the Customs-Trade Partnership Against Terrorism (C-TPAT) program that is designed to secure global supply chains and to improve United States border security. Document is available at: https://www.cbp.gov/sites/default/files/documents/C-TPAT%20Program%20Benefits%20Guide.pdf (link tested on 3 March 2016)

[s2If is_user_logged_in()]

Full review: C-TPAT partners receive a wide range of benefits listed below:

  • C-TPAT Partners are examined at a considerably lower rate than non-C-TPAT Partners.
  • C-TPAT certified/validated highway carrier Partners are granted expedited border crossing privileges. C-TPAT Partners at many Canada/Mexico land border ports of entry have access to Free and Secure Trade (FAST) Lanes.
  • Some categories of C-TPAT importer Partners are exempt from stratified exams.
  • C-TPAT shipments subject to examination are moved ahead of any non-C-TPAT shipments, to the extent possible.
  • In the event of a significant disruption/delay in cargo processing operations, actions are taken to maintain communication and coordination with C-TPAT Partners for business resumption.
  • C-TPAT Partners’ trade compliance issues are given priority over those issues related to non-C-TPAT Partners.
  • Each C-TPAT Partner is assigned a Supply Chain Security Specialist (SCSS) who coordinates between the C-TPAT Partner and the US Customs and Border Protection agency (CBP). The Specialist also assists the Partner with supply chain security issues.
  • Partners have access to the C-TPAT’s automated Portal system, to communicate with CBP and exchange program related information in a secure manner.
  • C-TPAT Partners are eligible to attend C-TPAT events like the annual Conference and other training seminars organized by the program.
  • C-TPAT importer Partners are eligible to participate in the Importer Self-Assessment (ISA) Program.
  • The Penalty Mitigation benefit is granted to sea carriers for late submission of data required under the Importer Security Filing requirements.
  • C-TPAT members are eligible to participate in other U.S. Government pilot programs, such as the Food and Drug Administration’s Secure Supply Chain program.

In addition, some benefits are associated with Mutual Recognition Arrangements (MRAs) when two customs authorities formally acknowledge the security requirements or standards of one program, as being equivalent to the other program. Some of the resulting benefits to the trade community are illustrated below:

  • C-TPAT importer Partners that also conduct export operations and Partners of the foreign Customs Administration programs (manufacturers and exporters of record) are granted a reduction in their overall cargo risk score, implying fewer examinations at export and import ports.
  • A C-TPAT validation for an overseas partner is not required if an MRA is in place because CBP recognizes the status of the Partner in the foreign partnership program.
  • Companies covered by MRAs need only to comply with a common set of security requirements, avoiding the hassle of following multiple sets of requirements from one partnership program to another.
  • MRAs lead to more transparency in international commerce. Mutual exchange of information between these partners facilitates trade across Mutual Recognition Partner nations.

CORE1032

[/s2If]

C-TPAT Best Practices Catalog Addendum, 2009 (CORE1031)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This addendum document lists cargo security best practices with focus on prevention of weapons of mass effect, terrorists, and/or contraband from infiltrating into the international supply chain. Each best practice is linked to a specific business entity, such as a Manufacturing Company, a Highway Carrier, an Importer or a Foreign Consolidator but these may apply to other business types as well. The document is available at: https://www.cbp.gov/sites/default/files/documents/ctpat_bpa_2009_0.pdf (link tested on 3 March 2016)

[s2If is_user_logged_in()]

Full review: The best practices are outlined as follows:

Risk assessment: Programs are in place to enable the identification of the most vulnerable supply chain areas, to grade suppliers supply chain security criteria. Specific processes have been developed to manage the supplier’s products, software and services and internal monitoring systems to enhance the safety and security procedures.

Business partner requirements: Several security measures have been taken by entities. These include conducting supply chain security audits to ensure compliance of non-C-TPAT business partners; carrying out security audits of a foreign manufacturer; making security self-assessments, conducting onsite inspections to ensure freight security; shipping cargo only through accredited ports and steamship lines; monitoring compliance of manufacturing facilities; screening procurements to identify ineligible status of suppliers, and performing audits of business partners.

Conveyance/Container/Trailer Security: Examples of such security practices are: integrating special security features in the GPS (global positioning system); using laser beams to protect trailers; using colour codes for matching consignments; installing infrared sensors in docks to prevent unauthorized access; using special codes to identify correct shipments; documenting all seal changes for shipments in transit; ensuring delivery by authorized Company drivers; sealing containers; operating through C-TPAT carriers; using only “seaworthy” containers; installing in-transit temperature data sensors to ensure product quality; enclosing container storage area; conducting non-intrusive inspection prior to loading a vessel; establishing specific inspection points; using multiple security devices on each container; using automated container yards; instructing foreign suppliers to provide inspection checklists; using dock locking arms for container storage; installing motion sensors in a trailer; operating through contracted highway carriers and security services; documenting a seal destruction policy, and so forth.

Physical Access Controls: Some practices by Importers include establishing multiple security stations within the building; using metal detectors for employees; installing an electronic swipe card/ lock box systems for access control for sensitive documents; conducting electronic scanning of visitors’ drivers licenses; utilizing a third-party software system to manage key inventory; and providing panic buttons for company employees.

Physical Security: Several innovative solutions have been designed to ensure physical security, such as electronically closing gates and activating tire puncturing devices to prevent vehicle exits; using an electronic security information reporting system, installing invisible electronic fences; installing laser sensors; setting up optical light beams to detect intruders; fitting double locks on doors; Installing infrared sensors on fences; using body alarm functions for emergencies; appointing patrolling guards, using multiple glass meeting rooms; using multiple interior infrared security alarm beams to detect unauthorized access; and installing security guard view towers.

Personnel Security: An Importer requires business partners to provide a monthly master list of employees and immediately notify when their employees are hired or terminated, in order to ensure that only authorized business partner’s employees enter the manufacturing facilities.

Security Training/Threat Awareness/Outreach: Business entities have invested in a wide range of training programs. One such initiative is the four-tier C-TPAT training targeted for management and supervisors, shipping and receiving personnel, internal personnel dealing with contractors and hourly staff. Other businesses use different approaches, like establishing an online training portal;; offering general security training and of site-specific training for security guards; issuing security advisories; making regular security awareness assessments; establishing a situation matrix chart to address possible incidents; establishing a direct communication channel between the president of the company and employees; putting in place a toll free hotline for company personnel; conducting security drills and exercises; establishing a web-based security awareness training; documenting security incidents in a central database; and establishing a global communication system to contact all employees and contractors remotely.

Procedural Security: Instances of this type of security measures include a bio-thermal intrusion alarm system; a global SAP network to generate all written orders for import and export; automatic screening procedures of purchase orders for restricted parties; lock boxes for sensitive documentation; an automated loading module called the Automatic Truck Loading System (ATLS); a container seal number as the shipment tracking (invoice/bill of lading) number, and so forth.

Information Technology (IT) Security: Such security practices include a biometric fingerprint door lock; a remote data backup center; a retina scanning system for access to the computer system; requiring supervisory approval to copy data; use of electronic password protected purchase orders; establishing a daily “e-test” for employees to access computers, and so forth.

CORE1031

[/s2If]

CEN Supply Chain Security — Good Practice Guide for Small and Medium Sized Operators, 2012 (CORE1030)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This is a guidance document for small and medium sized enterprises, SMEs. on how to apply a supply chain security approach to their operations in order to mitigate the risk of criminal activities. It gives an overview of the main crime types occurring in the supply chain along with some countermeasures, as well as the supply chain security initiatives, and the compliance requirements thereof. The document is available for purchase e.g. at:   http://shop.bsigroup.com/ProductDetail/?pid=000000000030258778  (link tested on 3 March 2016)

[s2If is_user_logged_in()]

Full review: The recommended supply chain strategy rests on a six-step approach. The first step is to define a context for the supply chain, crime prevention and security management activities taking into consideration the security sensitiveness, the geography and transport modes, and the main stakeholders involved in the supply chain operation. The second step is to make a threat and vulnerability analysis with regard to terrorist and other criminal threats in the supply chain. The main criteria included are the gaps existing in enhanced security, the high-risk crime types, and the potential consequences of crime occurrences. The third step covers the regulatory framework, the major aspects being the regulations and programs required for successful business operations, expectations of customers and suppliers, requirements laid down by insurance providers, and relevant government authorities. The fourth step refers to an overall security plan, taking into account the physical security, data security, human resources security (including selection, training, and exit procedures), business partner security (including selection, and auditing), and process control and monitoring of deviations. The fifth step involves implementing into practice concrete security measures, investment in technologies, procurement of services, in-house solutions and so forth. The final step is to monitor and measure the security performance and take appropriate corrective actions.

Five supply chain crime types have been elucidated in this guide. These include:  Property theft (cargo theft, intellectual property breaches); targeted damage (terrorism, sabotage); cross-border duty and tax fraud; illegitimate transporting, exporting and/or importing (smuggling of prohibited and restricted goods, people smuggling); and crime facilitation (document forgery, bogus companies, cybercrime). For each crime type, the main focus should be on the issue (main features and typical sectors/products involved), scope of the problem and actions to mitigate risks.

This guidebook has chosen eight security initiatives for illustration purposes. It explains the context of each initiative, whom it is meant for, and some basic requirements and the implications. These are as follows:

  • Import Control System (ICS) in the EU (a systems tool meant for the lodging and processing of Entry Summary Declarations, and for the exchange of messages across national customs agencies, economic operators and the European Commission).
  • Export Control System (ECS) in the EU (introduces EU procedures to computerize and control indirect exports and to implement the EU safety and security regulations);
  • Maritime Security Legislation, International Ship and Port Facility Security (ISPS) Code in the EU (International regulations to ensure the security of maritime transportation are being issued by the International Maritime Organization, IMO, in the International Ship and Port Facility Security Code);
  • Aviation Security Legislation, Air Cargo Supply Chains in the EU (three categories of aviation security legislation exist in the EU- Framework regulation, supplementing regulations, and implementing regulations-all targeted towards civil aviation security).
  • European Union Authorized Economic Operator, EU AEO (operators involved in international trade of goods certified as complying with WCO or equivalent supply chain security standards);
  • Regulated agent, Known consignor and Account consignor in the EU (Specific “trusted trader” status existing in the European air cargo supply chains);
  • ISO 28000 Series of Standards on Supply Chain Security Management Systems (address potential security issues at all stages of the supply process, e.g. terrorism, fraud and piracy);
  • Transported Asset Protection Association (TAPA) in Europe (fighting cargo crime using real-time intelligence and the latest preventative measures).

CORE1030

[/s2If]

SUPPLY CHAIN SECURITY – Examinations of High- Risk Cargo at Foreign Seaports Have Increased, but Improved Data Collection and Performance Measures Are Needed, GAO, January 2008 (CORE1010)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This report reviews the progress that the US Customs and Border Protection (CBP) has made with the Container Security Initiative (CSI) – a program for screening US-bound high-risk shipping containers in foreign ports with X-ray and radiation detection solutions – since the latest 2005 GAO review. The report discusses how the CBP’s CSI efforts have (1) contributed to the long-term, strategic planning on the US supply chain security, (2) strengthened CSI activities worldwide and (3) established means to evaluate performance of the CSI activities. The report recommends CBP to develop its data collection practices that are related to the CSI team performance and the host government’s inspections of the US-bound containers. This report provides relevant information for CORE demonstrations that deal with US-bound maritime logistics and commerce. Also the risk cluster might benefit from the descriptions of the US risk-based supply chain security scheme – Automated Targeting System (AST), 24-hour rule and the importer security filing 10+2 – that the report elaborates in detail. The report is available at http://www.gao.gov/new.items/d08187.pdf.

[s2If is_user_logged_in()]

Full review: This GAO report elaborates the status and challenges of the US Container Security Initiative, but it also provides a comprehensive outlook on the US maritime supply chain security. This information is likely to be relevant for the CORE’s demonstrations (WP9 and WP14) that deal with US-bound container traffic. The report is a good reference document for those CORE work packages that seek to describe the state-of-the-art of the global supply chain and that are producing relevant training material on supply chain security. The CORE’s risk and IT clusters benefit from the information the report offers on risk-based security solutions that use advance cargo information to calculate risk scores for US-bound shipments by the aid of automatic risk assessment algorithms.

Cross-references:

  • Preventing Nuclear Smuggling: DOE Has Made Limited Progress in Installing Radiation Detection Equipment at Highest Priority Foreign Seaports. GAO-05-375. Washington, D.C.: March 31, 2005.
  • Homeland Security: Process for Reporting Lessons Learned from Seaport Exercises Needs Further Attention. GAO-05-170. Washington, D.C.: January 14, 2005.
  • Port Security: Better Planning Needed to Develop and Operate Maritime Worker Identification Card Program. GAO-05-106. Washington, D.C.: December 10, 2004.
  • Maritime Security: Substantial Work Remains to Translate New Planning Requirements into Effective Port Security. GAO-04-838. Washington, D.C.: June 30, 2004.
  • Homeland Security: Summary of Challenges Faced in Targeting Oceangoing Cargo Containers for Inspection. GAO-04-557T. Washington, D.C.: March 31, 2004.
  • Container Security: Expansion of Key Customs Programs Will Require Greater Attention to Critical Success Factors. GAO-03-770. Washington, D.C.: July 25, 2003.

Additional keywords: Container Security Initiative (CSI), counter-terrorism, homeland security, maritime supply chain security

CORE1010

[/s2If]

AVIATION SECURITY – Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and Could Be Strengthened, GAO, April 2007 (CORE1008)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This GAO reports reviews the current state and future challenges of the Transportation Security Administration’s (TSA) and the Customs and Border Protection’s (CBP) efforts for enhanced security of foreign origin US-bound air cargo. The report also discusses how the Department of Homeland Security (DHS) has reached out to the air cargo industry and foreign authorities in order to strengthen the international air cargo security. The GAO report recommends that the DHS would establish a risk-based air cargo security strategy, improve interagency communication nationally, to step up compliance monitoring for the air cargo industry’s stakeholders and to assess the foreign authorities’ intent and capabilities to meet US expectations on the air cargo security that is the foundation for mutual recognition and international harmonization of regulatory frameworks on the air cargo security. This GAO report is going to be useful for the CORE risk and education cluster as well as for all the demonstrations that involve shipping of air cargo by air. The report is available at http://www.gao.gov/assets/600/590789.pdf.

[s2If is_user_logged_in()]

Full review: This GAO report provides a comprehensive picture of the air cargo security in the US, in a country that is no doubt the leading force in supply chain security in general, and in air cargo security in particular. All CORE work that is related to air transport might benefit from the insights and information this GAO report offers. The DHL demonstration, that involves transport of parts for military aircraft from the US to Spain, is the most obvious work detail in CORE that can directly benefit from this GAO report. In addition, the CORE’s risk cluster can use the description of the US approach to risk-based air cargo security as a starting point when designing the CORE-specific risk-based strategies. Given that the report is very detailed and informative, the CORE’s education cluster can benefit from the report’s analysis and learn from its conclusions.

Cross-references:

  • GAO, Aviation Security: Federal Coordination for Responding to In-flight Security Threats Has Matured, but Procedures Can Be Strengthened, (Washington, D.C.: July 31, 2007).
  • GAO, Aviation Security: Transportation Security Administration May Face Resource and other Challenges in Developing a System to Screen All Cargo Transported on Passenger Aircraft
  • GAO, Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and Could Be Strengthened, GAO-07-660 (Washington, D.C.: April 2007).
  • GAO, Aviation Security: Progress Made in Systematic Planning to Guide Key Investment Decisions, but More Work Remains, GAO-07-448T (Washington, D.C.: February 13, 2007).

Additional keywords: Air cargo security, mutual recognition, regulatory harmonization, screening, advance cargo information, and counterterrorism

CORE1008

[/s2If]

Border Agency Cooperation, Part 3 of 3

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

The last blog in our three-part series on Border Agency Cooperation introduces a conceptual framework capturing the essential dimensions of Border Agency Coordination: three levels of collaboration, four areas of integration and four objects for sharing. We hope that the framework helps the customs and other border agency communities to see all levels of Border Agency Cooperation (BAC) so that they can move from isolated coexistence towards more active cooperation at the borders. Higher levels of cooperation are likely to translate into higher levels of trade facilitation, control over cross-border cargo flows and resource efficiency, simultaneously. Compared with the previous BAC Blog Part 2, this BAC Blog Part 3 intends to present a comprehensive framework surrounding BAC ambitions, plans, implementations and monitoring activities – while the previous BAC Bloc 2 focused purely on a set of 15 key BAC actions, grouped according to the main beneficiary groups. This final BAC Blog has been written by Dr. Toni Männistö of CBRA.

Let’s start by first presenting the BAC diagram: Conceptual framework on Border Agency Cooperation (source: Männistö, T., and Hintsa J., 2015; inspired by Polner, 2011 and by Institute of Policy Studies, 2008)

blog-200516-1

Levels of cooperation

Intra-agency cooperation is about aligning goals and work within one organization, either horizontally between departments or vertically between headquarters and local branches, in particular border-crossing offices / stations. Ways to foster horizontal intra-agency cooperation include development of intranet networks, cross-training, inter-departmental rotation of staff, and establishment of joint task forces that tackle multifaceted challenges like transnational terrorism. Ideally, the vertical cooperation would be bi-directional: headquarters would define priorities and objectives and then communicate them to local branches. The branches would, reciprocally, send back status reports and suggest improvements to the general policies. Solving intra-agency cooperation lays a basis for broader cooperation: it’s hard for any organization to cooperate efficiently with external stakeholders if it struggles with internal problems. The logical first step in coordinated border management is therefore breaking departmental silos and building a culture of cooperation within boundaries of one organization.

Inter-agency cooperation, at the operational level, concerns relationships among a broad range of border agencies that play a role in controlling cross-border trade and travel. In many countries, primary agencies present at the borders include customs, border guards, immigration authorities and transport security agencies. However, also police organizations, health authorities, and phytosanitary and veterinary controllers, among others, take part in border management. According to a recent study, typical areas of customs- border guard inter-agency cooperation can include strategic planning, communication and information exchange, coordination of workflow of border crossing points, risk analysis, criminal investigations, joint operations, control outside border control points, mobile units, contingency/emergency, infrastructure and equipment sharing, and training and human resource management (CSD, 2011). Governmental inter-agency cooperation occurs between border control agencies and ministries and policy making bodies that are responsible for oversight and financing of border management activities.

International cooperation may take place locally at both sides of a border. One Stop Border Posts, OSBPs – border crossings managed jointly by two neighboring countries – are prime examples of such cooperation. One Stop Border Posts can involve various forms of collaboration: harmonization of documentation, shared maintenance of the infrastructure, joint or mutually recognized controls, exchange of data and information and common investments in infrastructure and so forth. Operational arrangements between the Norwegian, Finnish and Swedish customs illustrate advanced international cross-border cooperation that save time and money of border control authorities and trading companies. The cooperation builds on division of labor, where the national border authorities of each country are allowed to provide services and exercise legal powers of their home country and neighboring countries. For instance, when goods are exported from Norway, all paperwork related to both exports and imports may be attended by either Swedish, Finnish or Norwegian customs office (Norwegian Customs, 2011). At the political level, this requires international cooperation between authorities and policy makers in two or more countries. Operational cooperation (e.g., mutual recognition of controls or regional Single Window), often bringing tangible trade facilitation benefits, usually follows from political, supranational decisions (e.g., the WCO’s Revised Kyoto Convention and SAFE Framework of Standards).

Areas of integration

Technical integration often entails improving connectivity and interoperability of information and communication technology systems within and across organizations. Single Window solutions are typical outcomes of technical cooperation as they enable automatic exchange of electronic trade information among border control agencies. The UN Centre for Trade Facilitation and Electronic Business, UN/CEFACT, is an important international organization helping to build connectivity across countries and between business and governmental stakeholders. UN/CEFACT, for instance, develops and maintains globally recognized standards for EDI messages.

Operational integration is largely about coordination of inspection and auditing activities among border control agencies. Benefits of synchronized activities are evident: organizing necessary controls at one place and at the same time reduces delays and administrative burden that trading companies and travelers face at borders. A simple and powerful example of operational integration is coordination of opening hours and days of customs offices at the both sides of a border. Operational integration also covers provision of mutual administrative assistance, joint criminal investigations and prosecution, and sharing of customs intelligence and other information.

Legislative integration seeks to remove legal barriers and ambiguities that prevent border control agencies from exchanging information, sharing responsibilities or otherwise deepening their cooperation. Essentially, most forms of Border Agency Coordination require some degree of legislative harmonization and political commitment. For example, Article 8 of the WTO/TFA to the WTO Members requires that national authorities and agencies responsible for border controls and dealing with the importation, exportation and transit of goods must cooperate with one another and coordinate their activities in order to facilitate trade.

Institutional integration is about restructuring roles and responsibilities of border controls agencies. An example of a major restructuring is the annexing of US border control agencies – including the US Customs and Border Protection, Transportation Security Administration and Coast Guard – into the Department of Homeland Security, DHS, a body that took over the key governmental functions involved in the US non-military counter-terrorism efforts in the aftermaths of the September 11th, 2001, terrorist attacks.

Objects of sharing

Sharing of information – data, knowledge and intelligence – reduce duplicate work (e.g., sharing of audit findings), enable operational coordination (e.g., synchronized border controls) and facilitate development of common agenda for future border agency coordination. At the global level, the WCO’s Customs Enforcement Network CEN is an example of a trusted communication system for exchanging information and intelligence, especially seizure records, between customs officials worldwide. Another WCO initiative, the Globally Networked Customs, analyzes potential to further “rationalize, harmonize and standardize the secure and efficient exchange of information between WCO Members” (WCO 2015).

Resource sharing involves multi-agency joint investments in equipment, facilities, IT systems, databases, expertise and other common resources. The joint investment activities are likely to result in higher resource utilization and bulk purchasing discounts. For example, national and regional Single Window solutions are often outcomes of joint development and investment activities of various government agencies.

Sharing of work is mostly about rationalization of overlapping border control activities, controls and formalities. If two border control agencies, for instance, agree to recognize each other’s controls, there is no need to control the same goods more than once. Combining forces to investigate and prosecute crime also often help border control agencies to use their limited resources more efficiently.

Sharing of responsibilities is about coordinating and streamlining administrative and control tasks among border control agencies. Norway, again, sets a good example of sharing the responsibilities. The Norwegian customs represents all other border control agencies – except the veterinary office – at the frontier. Customs officers are responsible for routine border formalities, and they summon representatives of other border control agencies as and when the officers need assistance. Internationally, the Norwegian customs cooperates closely with Swedish and Finnish border control authorities at the Northern Scandinavian border posts. Bilateral agreements between its neighbors allow Norwegian customs officers authority to perform most customs checks and formalities for and on behalf of their Swedish and Finnish colleagues. The coordination decreases border-crossing times and lowers administrative costs for trading companies and the border control agencies in the three countries.

This concludes now our three-part series on Border Agency Cooperation. In Part 1, we shared an illustrative worst case example on how complex, slow and expensive a cross-border supply chain execution comes when no cooperation takes place between relevant government agencies, neither nationally nor internationally. In Part 2, we presented a conceptual BAC model with 15 key actions to improve the degree of cooperation in a given country or region – for the direct benefit of supply chain companies, or government agencies, or both. And in this Part 3, we finally presented our comprehensive BAC framework, which hopefully helps government policy makers and border agencies to design, implement and monitor their future BAC programs and initiatives in an effective and transparent manner. Toni Männistö and Juha Hintsa.

Bibliography:

Center for the Study of Democracy (CSD), 2011. “Better Management of EU Borders through Cooperation”, Study to Identify Best Practices on the Cooperation Between Border Guards and Customs Administrations Working at the External Borders of the EU.

Institute of Policy Studies 2008, Better connected services for Kiwis: a discussion document for managers and front-line staff on better joining up the horizontal and vertical, Institute of Policy Studies, Wellington, NZ.

Männistö, T., and Hintsa J., “Theory of Border Agency Cooperation”, CBRA working paper 2015, Lausanne, Switzerland.

Norwegian Customs, 2011. Case Study on Border Agency Cooperation Submitted by Norway for the November Symposium.

Polner, M. (2011). Coordinated border management: from theory to practice. World Customs Journal, 5(2), 49-61.

United Nations Conference on Trade and Development (UNCTAD), 2011 Border Agency Coordination”, UNCTAD Trust Fund for Trade Facilitation Negotiations Technical Note No. 14.