SUPPLY CHAIN SECURITY – CBP Needs to Conduct Regular Assessments of Its Cargo Targeting System, GAO, October 2012 (CORE1014)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: The US maritime security strategy uses advance cargo information to assess risk levels of US-bound maritime shipping containers. This GAO report reviews how the Automated Targeting System, a web-based computer program that calculates risk scores for the containers, support the US Customs and Border Protection’s (CBP) targeting efforts. The report argues that CBP could improve its targeting program by establishing sound procedures and criteria for assessing the performance of the targeting activity. This GAO report contains information about the US risk-based shipment targeting solution that benefit the CORE’s risk and IT clusters. The US-related demonstrations may also find the report’s information useful. The report is available at: http://gao.gov/assets/650/649695.pdf

[s2If is_user_logged_in()]

Full review: The risk targeting systems are part of governments’ supply chain security programs worldwide. The GAO reports gives unparalleled, detailed information about the principles that the US authorities follow to collect and analyse data about cargo movements that allow them to calculate risk scores for US-bound maritime shipping containers. The CORE’s risk cluster should pay attention to this information and learn how risk-based screening and examination of maritime shipping containers has been organized in the US, in the leading country of supply chain security. The report reveals useful information about IT infrastructure that support the risk targeting system, therefore providing a sound reference material for the CORE’s IT cluster. Project partners engaged in the CORE’s demonstrations – logistics operators, authorities and technology providers – benefit from the report’s description of the US automated targeting system (ATS) that play an important security role in the US-bound maritime trade and logistics.

Cross-references:

  • Supply Chain Security: Container Security Programs Have Matured, but Uncertainty Persists over the Future of 100 Percent Scanning. GAO-12-422T. Washington, D.C.: February 7, 2012.
  • Supply Chain Security: Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers. GAO-10-12. Washington, D.C.: October 30, 2009.
  • Supply Chain Security: CBP Has Made Progress in Assisting the Trade Industry in Implementing the New Importer Security Filing Requirements, but Some Challenges Remain. GAO-10-841. Washington, D.C.: September 10, 2010.

CORE1014

Additional keywords: Terrorism, automated targeting system (ATS), 24-hour rule, the importer security filing and additional carrier requirements (10 + 2 rule)

[/s2If]

MARITIME SECURITY – Progress and Challenges 10 Years after the Maritime Transportation Security Act, GAO, September 2012 (CORE1013)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This GAO report reviews how the US government has advanced maritime security since the introduction of the Maritime Transportation Security Act (MTSA) in 2002 and what kind of challenges the Department of Homeland Security (DHS) and its component agencies have encountered in translating the Act’s requirements into practice. The report describes in detail the character, progress and future vision of main US maritime security programs, which, according to the report, fall into four domains: (1) security planning, (2) port and vessel security, (3) maritime domain awareness and information exchange and (4) international supply chain security. The report points out that the US maritime security scheme calls for further improvements in the areas of (1) program management and implementation, (2) partnerships and collaboration, (3) resources, funding, and sustainability as well as (4) performance measures.  This report describes the entire field of US maritime security, and this information is very useful for CORE demonstrations that involve shipping into, through or out of the US ports. The report is available at: http://www.gao.gov/assets/650/647999.pdf

[s2If is_user_logged_in()]

Full review: This scope of this GAO document is broad as it covers the entire US maritime security, its many themes from funding to practical initiatives and risk assessment. CORE’s demonstrations that involve US-related maritime shipping can use this document to get a comprehensive and detailed information about the status and future challenges of the US maritime security scheme. Also the CORE’s risk cluster can use this document to analyze how the US government has established a risk-based, layered security system to protect the seaborne trade and logistics from terrorism, smuggling and other criminal activities. Because of the complete description of the US maritime security scheme, the report is excellent reference material for producing training material and educational contents in the CORE training cluster.

Cross-references:

  • Maritime Security: DHS Progress and Challenges in Key Areas of Port Security. GAO-10-940T. Washington, D.C.: July 21, 2010. See pages 10-11.
  • Maritime Security: The SAFE Port Act: Status and Implementation One Year Later. GAO-08-126T. Washington, D.C.: October 30, 2007. See pages 15-19.
  • Information on Port Security in the Caribbean Basin. GAO-07-804R. Washington, D.C.: June 29, 2007.
  • Supply Chain Security: Container Security Programs Have Matured, but Uncertainty Persists over the Future of 100 Percent Scanning. GAO-12-422T. Washington, D.C.: February 7, 2012. See pages 13-14.
  • Supply Chain Security: Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers. GAO-10-12. Washington, D.C.: October 30, 2009. See pages 41-43.
  • Supply Chain Security: U.S. Customs and Border Protection Has Enhanced Its Partnership with Import Trade Sectors, but Challenges Remain in Verifying Security Practices. GAO-08-240. Washington, D.C.: April 25, 2008.

CORE1013

Additional keywords: Maritime Transportation Security Act, Secure Freight Initiative, Customs-Trade Partnership Against Terrorism (C-TPAT), Container Security Initiative (CSI), risk assessment, container screening, counter-terrorism, maritime security

[/s2If]

Vision and Strategy 2020, U.S. Customs and Border Protection Strategic Plan – Delivering safety, security, and prosperity through collaboration, innovation, and integration 2015 (CORE2010)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary

This document sets a vision of the US Customs and Border Protection (CBP), the primary border control agency present at the US borders, for year 2020. The vision builds on four general goals and associated objectives that aim to improve safety, security and prosperity of the American people. Collaboration, risk management as well as exchange and exploitation of information and intelligence are in the heart of the vision document and integral elements of its goals and objectives. The vision document is available at: http://www.cbp.gov/sites/default/files/documents/CBP-Vision-Strategy-2020.pdf

Review by Toni Männistö (CBRA)

[s2If is_user_logged_in()]

Full review

The vision’s first goal is to counter transnational terrorism and crime at and beyond the US borders. Keys to effective counter-terrorism and anti-crime efforts are understanding of threat landscape as well as interagency and international coordination on border management. The second goal is about promoting a comprehensive, whole-of-government approach to border security and management, in order to exploit complementary capabilities of various border control agencies to the fullest extent. Specific objectives underpinning this goal are “situational awareness of the air, land and maritime borders”, “detection, interdiction and disruption of illegal border activities” and “strengthening comprehensive trade enforcement. Here the key is to collect information and intelligence about trade flows and carry out risk assessment to identify and target high-risk cargo movements and facilitate low-risk traffic. Other objectives are strengthening processes to conduct out-bound enforcement and interdiction of travelers and cargo as well as advance a comprehensive, predictive targeting strategy to identify threats as early as possible.

The third goal is about enhancing the US economic competitiveness by facilitating lawful trade and travel. The goal consists of objectives that seek to reduce cost of trade and travel by streamlining customs processes. Other objectives are to harmonize procedures throughout US government agencies and to develop risk-segmentation for better facilitation of low-risk trade and travel. Agility and adaptability of the CBP organization is the fourth goal. Sub-goals, or objectives, include optimization of CBP’s organizational structure, strengthening organizational structure and advance CBP’s effectiveness through technologies and business innovations. The vision document concludes with a presentation of principles and process of risk management in the customs context.

This vision document contains lots of relevant information for many CORE work packages, especially for those that deal with US-bound supply chains (WP9, WP14 and WP17. Certainly, also work packages dealing with risk assessment and educational material benefit from this material. Altogether, revealing strategic priorities of the CBP, the document reflects the trends of customs-centric supply chain security worldwide, and this information is very valuable for CORE and its work packages.

Reference

US CBP, 2015. Vision and Strategy 2020, U.S. Customs and Border Protection Strategic Plan – Delivering safety, security, and prosperity through collaboration, innovation, and integration

CORE2010

 [/s2If]

Criminalization of global supply chains, by Mr. Hamon

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Hi David, and thanks for joining a CBRA Interview – can you first tell a bit who are you and what you do?

I served in the US Army as a logistician, served with the United Nations Peacekeeping Department as well as work with the UN humanitarian organizations.  I recently retired from a not-for-profit government contractor to pursue more creative work.  Whilst at the latter position I was seconded to the US Defense Department, first in African Affairs, and then as Research and Studies Director for a strategic studies office within a US Defense Agency.  I currently work, mostly independently, on a great many things related to future threats and re-defining of security/stability as it pertains and impacts diplomacy, development, defense, society, and economics/finance.

We met first time in Lausanne, Switzerland, around 2005 – what was that roundtable event again about?

Many years before cyber based terror threats were on the radar, we launched an inquiry into what we termed “Economic/Financial Terrorism” and whether security threats emanating from terrorism in the future would take the form of attacks on the Western system of finance and the economy.  We brought in a host of experts from the US and Europe to debate the changing face of terrorism and likely goals of future terror groups.  We examined everything from evolving ideology, motivation and intent, culture and identity to strategy, tactics, targets, weapons, and groups.  It was an extremely interesting event with industry admitting – at the time – they were not prepared for this phenomenon and governments largely split on the issue.  Additionally, experts and think tanks disagreed on whether economic terrorism was tangible.  It was very forward-looking for its time.  All participants came away with greater awareness on the subject as we went above and beyond what is currently called “financial crimes,” exploring potential kinetic based threats terror groups would use against the economic and financial machinery that included physical attacks on the supply chain, tourist industry, psychological undermining of the Western economic system to disrupt the normal provision of goods and services.

Can you tell more about your views on ´criminalization of global supply chains´?

I take similar views on the subject as Dr. Moisés Naim, in his 2005 book ‘Illicit: How smugglers, traffickers, and copycats are hijacking the global economy.’ He addresses several tenants that remain true today including the role of governments, technology, the Illicit traders mimicking licit trade and logistics actors – while simultaneously collaborating with many of them, and criminal groups seek high-profit opportunities as opposed to any other attribution (see CBRA Blog 21 October 2014).  Terror groups care less about profit but when thinking about logistics networks, what if the two groups collaborated?  Today logistics systems are more complex and move faster than ever in history, have less margin to fail, are far less ‘hands-on’ and offer many ways and places to hide illegal activity.  Detection and interdiction of this activity isn’t exclusively in the realm of governments. Industry has a role to play if it wishes to minimize new regulations, taxes, deter corruption, and other drains on efficiency and profit.  Experts, both public and private, rarely take a systems approach to detecting criminal activity with much throughput going undetected.  Both parties want to specialize on one aspect and miss the big picture.  A good example was the AQ Khan network.  How long has it been since industry has undertaken an assessment of whether there is a new “Khan” network out there?  Do trade organizations war-game with governments on criminality within supply chains?

Interesting! What are your views on ‘multi-commodity trafficking / crime portfolios’?

At the last corporate organization where I worked my team did some analysis on unregulated, illegal fishing as a security threat to Pacific Island nations.  In the course of this analysis, we discovered it was the same actors doing the illegal fishing as doing illegal dumping, illegal smuggling, illegal trafficking, among other illicit activities.  The criminality was only one aspect of the supply chain as the “demand” side as well as the delivery side was entirely legal and within businesses who conduct practically all business legally.  The same boats as platforms – and their crews – were used to conduct all activity legal and illegal and to the local authorities – as well as donor nations attempting to help – it was impossible to project accurately when the activity would switch between licit and illicit.  We couldn’t analyze if this was a regional or global phenomena but I guess it was a widely copied practice.  As Anthony Barone has pointed out, border management and controls are not the panacea of containment but need to be part of a larger practice (see CBRA Interview 18 December 2015). Criminals use technology just as effectively!  His idea of assembling a group of independent experts to rethink new approaches to border management – and I might add, redefining the meaning of borders and how thinking differently about borders per se – is a good start.   Using strategic foresight come up with several alternative futures to present to a dedicated [supply chain] private-public partnership empowered to make changes would be my overarching recommendation

Sounds that the global supply chain community is facing increasingly more threats and risks! Any other suggestions on how to improve the situation, both short term and long term?

In the short term, as I mentioned, conduct a public-private-partnership exercise to rethink the concept supply chain surveillance for illicit activity and anticipating new and emerging illicit activity.  In the long run, we don’t give enough thought to knowledge as a part of the supply chain.  Using the supply chain for illicit activity begins with motivation and intent getting out in front of those who may do harm.  To address alternative futures will take some innovation and creativity, but the stakes are high.  The next AQ Khan Network may bring very bad things into Europe (and beyond!) compliments of ISIS.  We don’t know what knowledge the current refugee population possesses that may be part of some future attack on the financial and economic system of the EU or if some refugees worked on chemical or biological programs in their countries of origin.

Thanks David for this interview – and let´s start working towards a joint project on these topics of common professional and research interest!

Web-links:

https://www.cross-border.org/2014/10/21/dr-naim-on-illicit-trade/

https://www.cross-border.org/interviews/new-approaches-to-border-management/

COMMISSION IMPLEMENTING REGULATION (EU) No 889/2014 of 14 August 2014 amending Regulation (EEC) No 2454/93, as regards recognition of the common security requirements under the regulated agent and known consignor programme and the Authorised Economic Operator programme, 2014 (CORE1069)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: Existing customs Regulation ((EEC) No 2913/92 establishing the Community Customs Code) and aviation legislation (Regulation (EC) No 300/2008) provides for certain recognition of the certifications under the respective programmes, in particular with regard to the security examinations done for each of them. Regulation (EU) No 889/2014 is necessary for the recognition of the known consignor status with its relevance for the AEO as well, frame the scope of recognition of the common requirements between the respective programmes and allow for the necessary exchange of information between customs and aviation authorities. The 889/2014 is available for download at: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0889&from=EN.

[s2If is_user_logged_in()]

Full review: Commission Regulation (EEC) No 2454/93 now provides that if the applicant for Authorised Economic Operator (AEO) status is already a regulated agent or a known consignor, the criterion on ‘appropriate security and safety standards’ shall be deemed to be met in relation to the premises for which the economic operator obtained the status of regulated agent or known consignor. Points 6.3.1.2 and 6.4.1.2 of the Annex to Commission Regulation (EU) No 185/2010 (4) provide that the appropriate authority, or independent validator acting on its behalf, should take into account whether or not the applicant for regulated agent or known consignor is a holder of an AEO certificate.

The practical implementation of both the customs legislation governing the AEO status and the aviation legislation governing the regulated agent and known consignor has shown that the existing recognition between the programmes is not sufficient to ensure the highest possible synergies between the respective security programmes. The security requirements for both the aviation security regulated agent and known consignor programme and for the customs AEO programme are equivalent to such an extent that both programmes may be aligned further.

Further alignment of both programmes in terms of equal level of recognition, including required exchange of information is necessary in order to decrease the administrative burden for the economic sector concerned and government authorities (both customs and civil aviation) while strengthening further the current level of security.

Regulation (EU) No 889/2014 is necessary for the recognition of the known consignor status with its relevance for the AEO as well, frame the scope of recognition of the common requirements between the respective programmes and allow for the necessary exchange of information between customs and aviation authorities.

The issuing customs authority shall immediately make available to the appropriate national authority responsible for civil aviation security the following minimum information related to the status of authorised economic operator which it has at its disposal:

  • the AEO certificate – security and safety (AEOS) and AEO certificate – customs simplifications/security and safety (AEOF) including the name of the holder of the certificate and, where applicable, their amendment or revocation or the suspension of the status of authorised economic operator and the reasons therefore;
  • information about whether the specific site concerned has been visited by customs authorities, the date of the last visit and the purpose for the visit (authorisation process, reassessment, monitoring); and
  • any reassessments of AEOS and AEOF certificates and the results thereof.

Relevance for CORE: The CORE implementation objectives, which specify what will be done and how to reach the vision, are all subject to the Policies, Regulations, and Standards that exist within the Security Domain of the Global Supply Chain. The following Work Packages are directly impacted by the implementing regulation (EU) No 889/2014:

  • Research and Analysis: Undertake requirements analysis and impact assessment. The project will undertake requirements analysis from different perspectives. In WP1 we will consolidate reviews of SCS regulations policies and standards from Reference Projects and specify implementation support requirements.
  • The Demonstrators: The CORE demonstrators will validate the applicability and benefits of the CORE approach in representative operating scenarios characteristic of the global supply chain. They will specifically show the way towards a Global Secure Supply Chain. The overriding goal is to demonstrate substantial gains in security and facilitation covering every major facet of the supply chain security sector.

The CORE demonstrators affected by the implementing regulation (EU) No 889/2014 are:

  • WP12: Demonstrator Schiphol – apply global data pipeline concept to air cargo supply chains, managing air freight specific trade compliance requirements, and offering supply chain visibility in dashboards. Trade lanes with e.g. Africa, involving multiple inspection authorities.
  • WP17: DHL Demonstrator – managing airfreight trade compliance requirements EU-US in the context of fast supplying of parts.

Also, WP19 is affected here: Stakeholder Engagement – Knowledge Diffusion and Sustainable Development. Specify and apply an inclusive Stakeholder Engagement Strategy emphasizing international co-operation to promote harmonization of regulations, and to support further development and implementation of international standards.

Cross-references and citations:

  • http://ec.europa.eu/transport/modes/air/security/
  • Regulation (EEC) No 2913/92. EU Regulation establishing the Community Customs Code.
  • Regulation (EC) No 300/2008. EU Regulation on common rules in the field of civil aviation security allows that entities complying with certain conditions and requirements may be certified to ensure and contribute to a secure supply chain.
  • Barosso, J. (2014), “COMMISSION IMPLEMENTING REGULATION (EU) No 889/2014 of 14 August 2014 amending Regulation (EEC) No 2454/93, as regards recognition of the common security requirements under the regulated agent and known consignor programme and the Authorised Economic Operator programme”, available at: http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32014R0889&from=EN.

CORE1069
[/s2If]

Supply Chain Security: DHS Should Test and Evaluate Container Security Technologies Consistent with All Identified Operational Scenarios to Ensure the Technologies Will Function as Intended, GAO, 2010 (CORE1068)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This report reviews container security technologies that the Science and Technology (S&T) Directorate of the US Department of Homeland Security (DHS) has evaluated and tested between 2004 and 2009. These container security technologies aim to (1) detect and report unauthorized intrusions into the shipping containers and (2) to track the movement of the containers through the supply chain. As of 2009, DHS has funded and tested four different container security technologies. So far, none of the candidate technologies meet all desired functional requirements: main problems are high false alarm rates, low detection probability, and difficult installation and calibration. Besides the unsatisfactory test results, the report points out problems of conducting the phase II practical “trade lane” testing in the context of the maritime transport only. The report recommends to test the technologies “across all operational scenarios,” considering contextual differences across different modes of transport. Once the technologies would pass this extended trade lane testing, the DHS should (1) obtain support from the trade industry and international partners, (2) develop a concept of operations (CONOPS) for using the technology, and (3) certify the container security technologies for use. The source document is available at: http://www.gao.gov/products/GAO-10-887.

[s2If is_user_logged_in()]

Full review: This GAO document describes in detail the four container security technologies that DHS has tested since 2004, and one of these technologies happens to be the very same “composite security container” that the WP22 CORE demonstration studies. The report discusses in details the problems that the previous tests and pilots of container security technologies have encountered. Being aware of the past problems help the CORE demonstrations to avoid past mistakes. In addition to the WP22 demonstration, the other demonstrations that involve tracking & tracing of intermodal containers benefit from the information of this GAO report. For instance, the GM demonstration on maritime shipping of automobile parts from the EU to the US via the port of Bremerhaven (WP9) might use this GAO document to evaluate available technical solutions for tracking the shipping containers. The demonstrations in work packages 14-17 involve tracking and tracing and therefore may use the detailed analysis this GAO report offers on available container security technologies.

 Cross-references:

  • Homeland Security: Key Cargo Security Programs Can Be Improved. GAO-05-466T. Washington, D.C.: May 26, 2005.
  • Cargo Container Inspections: Preliminary Observations on the Status of Efforts to Improve the Automated Targeting System. GAO-06-591T. Washington, D.C.: March 30, 2006.
  • Supply Chain Security: Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers. GAO-10-12. Washington, D.C.: October 30, 2009.
  • Maritime Security: DHS Progress and Challenges in Key Areas of Port Security. GAO-10-940T. Washington, D.C.: July 21, 2010.

Full citation:

U.S. Government Accountability Office (GAO), 2008. Supply Chain Security: DHS Should Test and Evaluate Container Security Technologies Consistent with All Identified Operational Scenarios to Ensure the Technologies Will Function as Intended.

CORE1068

Additional keywords: Container security, maritime logistics, container security device, tracking & tracing
[/s2If]

AVIATION SECURITY – Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation Security Programs, but More Work Remains, GAO 2008 (CORE1067)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This GAO report discusses the impact of the 26 billion USD that the Transportation Security Administration (TSA) has spent on aviation security since 2004. The report focuses especially on the current status and the future challenges of passenger screening, air cargo security and passenger watch-list matching program known as Secure Flight. The air cargo security discussion is the report’s most relevant section from the CORE’s viewpoint. The information in the report, that has been published as early as July 2008, is anyhow largely outdated: it discusses challenges that TSA and the air cargo community need to overcome before starting the 100% screening of air cargo that flies on board passenger planes, a legal requirement that become into force in August 2010 and that was set by the Implementing Recommendation of the 9/11 Commission Act of 2007 (aka the 9/11 Act). The report also recommended strengthening the security of US-bound foreign air cargo (into the US from the rest of the world), to bring it on a par with outbound air cargo security (from the US to rest of the world). More recent regulations and initiatives have corrected this weakness in the US air cargo security: today, third country air carriers must screen cargo up to US standards (or national standards if the country of origin and the US recognize each other’s air cargo regimes) before loading cargo on US-bound planes. The source document is available at: http://www.gao.gov/products/GAO-08-1024T.

[s2If is_user_logged_in()]

Full review: This GAO report provides useful background information about the US air cargo security regime. This information is going to be useful for the CORE demonstration 17.1 that is about time-critical express shipping of military aircraft parts from the US to Spain. In the demonstration, the express operator DHL ships the parts by plane, and thus compliance with the US air cargo security requirements is one of the key themes of this demo. Also WP 1 might use this GAO report to describe evolution of the US air cargo regime over the years. But though this analysis would be interesting, it is not going to be the essential content in the deliverable of the WP1.

 Cross-references:

  • GAO, Aviation Security: Federal Coordination for Responding to In-flight Security Threats Has Matured, but Procedures Can Be Strengthened, (Washington, D.C.: July 31, 2007).
  • G_A_O_, Aviation Security: Transportation Security Administration May Face Resource and other Challenges in Developing a System to Screen All Cargo Transported on Passenger Aircraft
  • GAO, Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo Are in the Early Stages and Could Be Strengthened, GAO-07-660 (Washington, D.C.: April 2007).
  • GAO, Aviation Security: Progress Made in Systematic Planning to Guide Key Investment Decisions, but More Work Remains, GAO-07-448T (Washington, D.C.: February 13, 2007).

Full citation:

U.S. Government Accountability Office (GAO), 2008. Aviation Security – Transportation Security Administration Has Strengthened Planning to Guide Investments in Key Aviation Security Programs.

CORE1067

Additional keywords: Air cargo security, Certified Cargo Screening Program (CCSP)

[/s2If]

SUPPLY CHAIN SECURITY: Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers, GAO (October 2009, CORE1066)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: The document provides a comprehensive outlook on the past and recent US initiatives on container security. The report focuses on the challenges that prevent global implementation of the 100% scanning of US-bound containers in foreign ports with both non-intrusive inspection (NII) technologies and radiation detection devices, as mandated by the SAFE Port Act and the 9/11 Acts. The 100% scanning is believed to deter and detect terrorist attempts of smuggling weapons of mass destruction (WMD) into the United States inside a cargo container. The reports dates back to late 2009, so the description of the current state of the US container security it provides is not necessarily no longer accurate. The report anticipates that the implementation of the 100% scanning requirement will be delayed due to various problems that were identified during the precursory Secure Freight Initiative (SFI) pilots. These problems are related mainly to port logistics (routing of containers through scanning sites), employee safety (radiation of screening equipment) and technical constraints (equipment failures and poor quality of scanning images). Today, we know that the US authorities have deferred the implementation already twice, first to 2014 and for the second time until 2016. Altogether, this GAO report describes in detail the challenges of the 100% scanning law and elaborates some ongoing alternative risk-based approaches to container security: (1) the strategic trade lane strategy that aims to establish 100% scanning only in high terrorist risk foreign sea ports and (2) the “10 + 2” data requirements that importers and ocean carriers must submit to the US Customs and Border Protection (CBP) prior to a container is loaded aboard a US-bound vessel so that the US authorities can calculate more precise risk for each shipping container. This report includes relevant information for all the CORE’s demonstrations that involve US-bound maritime transportation. The source document is available at: http://www.gao.gov/products/GAO-10-12.

[s2If is_user_logged_in()]

Full review: The GAO document provides interesting insights on the evolution of the US container security regulations over the years. This is useful supportive information for CORE demonstrations that involve maritime shipping of containers into the US. The GM demonstration of the WP9 for example covers exports of automobile parts from the EU into the US by transatlantic ocean transport. If the US Congress does not repeal or defer the 100% scanning requirement, the port of Felixstove that participates in the demonstration, need to start scanning also all GM’s US-bound containers. Likewise, the FALACUS demo (WP14), which is about shipping of ceramic tiles from Italy to the US, must take into consideration the possible effects of the 100% scanning requirement. This demonstration is particularly interesting from the 100% scanning requirement standpoint because some ceramic tiles are naturally radioactive, and thus they tend to trigger false alarms in the radiation controls. Also the P&G demonstrator in the WP17, that focuses on shipping of consumer goods into the US, the possible impact of the 100% scanning regulation.

Besides the demonstrations, the CORE’s risk cluster might benefit from the detailed analysis of the risk-based approaches to the US container security, such as the strategic trade lane strategy and the “10 + 2” data requirement. All demonstrations might benefit from lessons learnt how GAO has advises DHS and CBP to carry out cost-benefit analyses for the US container security programs (especially the Secure Freight Initiative).

Cross-references:

  • Combating Nuclear Smuggling: Efforts to Deploy Radiation Detection Equipment in the United States and in Other Countries. GAO-05-840T. Washington, D.C.: June 21, 2005.
  • Container Security: A Flexible Staffing Model and Minimum Equipment Requirements Would Improve Overseas Targeting and Inspection Efforts. GAO-05-557. Washington, D.C.: April 26, 2005.
  • Bakshi, N., Flynn, S. E., & Gans, N. (2011). Estimating the operational impact of container inspections at international ports. Management Science, 57(1), 1-.‐‑20.

Full citation:

U.S. Government Accountability Office (GAO), 2009. Supply Chain Security Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers.

CORE1066

Additional keywords: Ocean transportation, counter-terrorism, non-intrusive inspection

[/s2If]

Review on “MARITIME CRITICAL INFRASTRUCTURE PROTECTION – DHS Needs to Better Address Port Cybersecurity”, Report to the Chairman, Committee on Commerce, Science, and Transportation, U.S. Senate, United States Government Accountability Office, June 2014 (CORE1098)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , /by

CORE1098-Summary: Actions taken by the Department of Homeland Security (DHS) and two of its component agencies, the U.S. Coast Guard and Federal Emergency Management Agency (FEMA), as well as other federal agencies, to address cybersecurity in the maritime port environment have been limited. Report is available at: http://www.gao.gov/assets/670/663828.pdf

[s2If is_user_logged_in()]

Full review: While the Coast Guard initiated a number of activities and coordinating strategies to improve physical security in specific ports, it has not conducted a risk assessment that fully addresses cyber-related threats, vulnerabilities, and consequences. Coast Guard officials stated that they intend to conduct such an assessment in the future, but did not provide details to show how it would address cybersecurity. Until the Coast Guard completes a thorough assessment of cyber risks in the maritime environment, the ability of stakeholders to appropriately plan and allocate resources to protect ports and other maritime facilities will be limited.

Maritime security plans required by law and regulation generally did not identify or address potential cyber-related threats or vulnerabilities. This was because the guidance issued by Coast Guard for developing these plans did not require cyber elements to be addressed. Officials stated that guidance for the next set of updated plans, due for update in 2014, will include cybersecurity requirements. However, in the absence of a comprehensive risk assessment, the revised guidance may not adequately address cyber-related risks to the maritime environment.

The degree to which information-sharing mechanisms (e.g., councils) were active and shared cybersecurity-related information varied. Specifically, the Coast Guard established a government coordinating council to share information among government entities, but it is unclear to what extent this body has shared information related to cybersecurity. In addition, a sector coordinating council for sharing information among nonfederal stakeholders is no longer active, and the Coast Guard has not convinced stakeholders to reestablish it. Until the Coast Guard improves these mechanisms, maritime stakeholders in different locations are at greater risk of not being aware of, and thus not mitigating, cyber-based threats.

Under a program to provide security-related grants to ports, FEMA identified enhancing cybersecurity capabilities as a funding priority for the first time in fiscal year 2013 and has provided guidance for cybersecurity-related proposals. However, the agency has not consulted cybersecurity-related subject matter experts to inform the multi-level review of cyber-related proposals—partly because FEMA has downsized the expert panel that reviews grants. Also, because the Coast Guard has not assessed cyber-related risks in the maritime risk assessment, grant applicants and FEMA have not been able to use this information to inform funding proposals and decisions. As a result, FEMA is limited in its ability to ensure that the program is effectively addressing cyber-related risks in the maritime environment.

Why GAO Did This Study? U.S. maritime ports handle more than $1.3 trillion in cargo annually. The operations of these ports are supported by information and communication systems, which are susceptible to cyber-related threats. Failures in these systems could degrade or interrupt operations at ports, including the flow of commerce. Federal agencies—in particular DHS—and industry stakeholders have specific roles in protecting maritime facilities and ports from physical and cyber threats. GAO’s objective was to identify the extent to which DHS and other stakeholders have taken steps to address cybersecurity in the maritime port environment. GAO examined relevant laws and regulations; analyzed federal cybersecurity-related policies and plans; observed operations at three U.S. ports selected based on being a high-risk port and a leader in calls by vessel type, e.g. container; and interviewed federal and nonfederal officials.

What GAO Recommends? GAO recommends that DHS direct the Coast Guard to (1) assess cyber-related risks, (2) use this assessment to inform maritime security guidance, and (3) determine whether the sector coordinating council should be reestablished. DHS should also direct FEMA to (1) develop procedures to consult DHS cybersecurity experts for assistance in reviewing grant proposals and (2) use the results of the cyber-risk assessment to inform its grant guidance. DHS concurred with GAO’s recommendations.

Full citation:  “MARITIME CRITICAL INFRASTRUCTURE PROTECTION – DHS Needs to Better Address Port Cybersecurity”, Report to the Chairman, Committee on Commerce, Science, and Transportation, U.S. Senate, United States Government Accountability Office, June 2014.

CORE1098

Keywords: Maritime Security, Port Security, Cyber – Security, CBP U.S. – Customs and Border Protection, Coast Guard U.S., DHS-Department of Homeland Security, FEMA-Federal Emergency Management Agency, ISAC-information sharing and analysis center, IT-information technology, MTSA-Maritime Transportation Security Act of 2002, NIPP-National Infrastructure Protection Plan, AFE Port Act-Security and Accountability for Every Port Act of 2006, TSA-Transportation Security Administration

[/s2If]

Review on Consideration and Adoption of Amendments to the International Convention for the Safety of Life at Sea, 1974, International Maritime Organization (CORE1097)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: The International Ship and Port Facility Security (ISPS) Code sets new standards for security for ships at sea as well as port facilities around the world. It aims to make shipping activities more secure against threats of terrorism, piracy and smuggling. Security at sea has been a concern to governments, shipping lines, port authorities and importers and exporters for years. The terrorist attacks of September 11, 2001, however, provided the catalyst for formalizing tough new security measures. In December of 2002, the International Maritime Organization (IMO) a specialized agency of the United Nations (UN) organized a conference to discuss issues related to security at sea. At this conference, representatives from 150 nations (the Contracting Governments) participated in drafting amendments to the Safety of Life at Sea (SOLAS) Convention, and the ISPS Code was adopted. Changes to the SOLAS Convention include amendments to Chapters V and XI, and Chapter XI was divided into Chapters XI-1 and XI-2. The new Chapter XI-2 provides the umbrella ISPS regulations. The Code itself is divided into two parts. Part A presents mandatory requirements, Part B contains guidance regarding the provisions of Chapter XI-2 of the Convention and part A of the Code. Source document is available at: http://www.un.org/en/sc/ctc/docs/bestpractices/32.pdf

[s2If is_user_logged_in()]

Full review: The Code aims, among other things, to establish an international framework for co-operation between Contracting Governments, government agencies, local administrations and the shipping and port industries to detect security threats and take preventive measures against security incidents affecting ships or port facilities used in international trade and to establish relevant roles and responsibilities at the national and international level. ISPS provisions relating to port facilities relate solely to the ship/port interface. Also, ISPS provisions do not extend to the actual response to attacks or to any necessary clear-up activities after such an attack. In addition, for each ship and port authority affected, the ISPS Code requires:

  • The implementation of a Ship Security Plan (SSP),
  • The implementation of a Port Facility Security Plan (PFSP),
  • The appointment of a Ship Security Officer (SSO),
  • The appointment of a Company Security Officer (CSO),
  • The appointment of a Port Facility Security Officer (PFSO),
  • The installation of ship alarms, and
  • The installation of shipboard Automatic Identification Systems (AIS).

Enforcement Date: The ISPS Code went into effect on July 1, 2004.

Full citation:   Consideration and Adoption of Amendments to the International Convention for the Safety of Life at Sea, 1974, International Maritime Organization. SOLAS/CONF.5/32. 12 December 2002

CORE1097

Keywords: Maritime Security, Port Security, Ship Security Plan (SSP), Port Facility Security Plan (PFSP), Ship Security Officer (SSO), Port Facility Security Officer (PFSO), International Maritime Organization (IMO), Safety of Life at Sea (SOLAS).

[/s2If]