SUPPLY CHAIN SECURITY – CBP Needs to Conduct Regular Assessments of Its Cargo Targeting System, GAO, October 2012 (CORE1014)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: The US maritime security strategy uses advance cargo information to assess risk levels of US-bound maritime shipping containers. This GAO report reviews how the Automated Targeting System, a web-based computer program that calculates risk scores for the containers, support the US Customs and Border Protection’s (CBP) targeting efforts. The report argues that CBP could improve its targeting program by establishing sound procedures and criteria for assessing the performance of the targeting activity. This GAO report contains information about the US risk-based shipment targeting solution that benefit the CORE’s risk and IT clusters. The US-related demonstrations may also find the report’s information useful. The report is available at: http://gao.gov/assets/650/649695.pdf

[s2If is_user_logged_in()]

Full review: The risk targeting systems are part of governments’ supply chain security programs worldwide. The GAO reports gives unparalleled, detailed information about the principles that the US authorities follow to collect and analyse data about cargo movements that allow them to calculate risk scores for US-bound maritime shipping containers. The CORE’s risk cluster should pay attention to this information and learn how risk-based screening and examination of maritime shipping containers has been organized in the US, in the leading country of supply chain security. The report reveals useful information about IT infrastructure that support the risk targeting system, therefore providing a sound reference material for the CORE’s IT cluster. Project partners engaged in the CORE’s demonstrations – logistics operators, authorities and technology providers – benefit from the report’s description of the US automated targeting system (ATS) that play an important security role in the US-bound maritime trade and logistics.

Cross-references:

  • Supply Chain Security: Container Security Programs Have Matured, but Uncertainty Persists over the Future of 100 Percent Scanning. GAO-12-422T. Washington, D.C.: February 7, 2012.
  • Supply Chain Security: Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers. GAO-10-12. Washington, D.C.: October 30, 2009.
  • Supply Chain Security: CBP Has Made Progress in Assisting the Trade Industry in Implementing the New Importer Security Filing Requirements, but Some Challenges Remain. GAO-10-841. Washington, D.C.: September 10, 2010.

CORE1014

Additional keywords: Terrorism, automated targeting system (ATS), 24-hour rule, the importer security filing and additional carrier requirements (10 + 2 rule)

[/s2If]

MARITIME SECURITY – Progress and Challenges 10 Years after the Maritime Transportation Security Act, GAO, September 2012 (CORE1013)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This GAO report reviews how the US government has advanced maritime security since the introduction of the Maritime Transportation Security Act (MTSA) in 2002 and what kind of challenges the Department of Homeland Security (DHS) and its component agencies have encountered in translating the Act’s requirements into practice. The report describes in detail the character, progress and future vision of main US maritime security programs, which, according to the report, fall into four domains: (1) security planning, (2) port and vessel security, (3) maritime domain awareness and information exchange and (4) international supply chain security. The report points out that the US maritime security scheme calls for further improvements in the areas of (1) program management and implementation, (2) partnerships and collaboration, (3) resources, funding, and sustainability as well as (4) performance measures.  This report describes the entire field of US maritime security, and this information is very useful for CORE demonstrations that involve shipping into, through or out of the US ports. The report is available at: http://www.gao.gov/assets/650/647999.pdf

[s2If is_user_logged_in()]

Full review: This scope of this GAO document is broad as it covers the entire US maritime security, its many themes from funding to practical initiatives and risk assessment. CORE’s demonstrations that involve US-related maritime shipping can use this document to get a comprehensive and detailed information about the status and future challenges of the US maritime security scheme. Also the CORE’s risk cluster can use this document to analyze how the US government has established a risk-based, layered security system to protect the seaborne trade and logistics from terrorism, smuggling and other criminal activities. Because of the complete description of the US maritime security scheme, the report is excellent reference material for producing training material and educational contents in the CORE training cluster.

Cross-references:

  • Maritime Security: DHS Progress and Challenges in Key Areas of Port Security. GAO-10-940T. Washington, D.C.: July 21, 2010. See pages 10-11.
  • Maritime Security: The SAFE Port Act: Status and Implementation One Year Later. GAO-08-126T. Washington, D.C.: October 30, 2007. See pages 15-19.
  • Information on Port Security in the Caribbean Basin. GAO-07-804R. Washington, D.C.: June 29, 2007.
  • Supply Chain Security: Container Security Programs Have Matured, but Uncertainty Persists over the Future of 100 Percent Scanning. GAO-12-422T. Washington, D.C.: February 7, 2012. See pages 13-14.
  • Supply Chain Security: Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers. GAO-10-12. Washington, D.C.: October 30, 2009. See pages 41-43.
  • Supply Chain Security: U.S. Customs and Border Protection Has Enhanced Its Partnership with Import Trade Sectors, but Challenges Remain in Verifying Security Practices. GAO-08-240. Washington, D.C.: April 25, 2008.

CORE1013

Additional keywords: Maritime Transportation Security Act, Secure Freight Initiative, Customs-Trade Partnership Against Terrorism (C-TPAT), Container Security Initiative (CSI), risk assessment, container screening, counter-terrorism, maritime security

[/s2If]

Border Agency Cooperation, Part 2 of 3

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Our second blog on Border Agency Cooperation (BAC) focuses on a conceptual model developed by CBRA. We have crafted this “CBRA-BAC15” diagram to visualize a set of key BAC actions and primary beneficiaries, with contributions by Dr. Toni Männistö (supply chain security post-doc researcher at CBRA), Mr. Gerwin Zomer (TNO, technical manager for the FP7-CORE project) and by Ms. Susana Wong Chan (education and training materials developer at CBRA).BAC-1

The diagram is cut to three sectors: on left side, the supply chain companies are the primary beneficiaries of BAC actions; on the right side, the government agencies form the primary beneficiary group; and on the bottom area, both supply chain companies as well as government agencies benefit from BAC actions. Each of these three sectors contains five examples of concrete border agency cooperation actions – 15 in total – explained in a moment by using real examples, whenever available in the literature or by expert suggestions. In the center of the diagram lies a circle with the more generic “smart cross-border improvement actions”, applicable to virtually any work in global trade facilitation.

The diagram should not be considered exhaustive, when it comes to all optional actions to improve BAC in a given country or region or globally. Some of the 15 key actions may be strongly interconnected, or, partially overlapping. Some of them may apply mainly on national multi-agency environment, and some of them mainly on international e.g. customs-to-customs environment. Also, the division of the key actions into the three beneficiary groups can and should be challenged, by the interested audiences. But, let´s start now by listing and illustrating the key 15 BAC actions:

Supply chain companies as the primary beneficiary (left sector in the diagram). The following five BAC actions can bring immediate benefits to the companies operating in supply chains, in terms of saving administrative costs and speeding up the supply chain – less work dealing with various certifications and audit visits, less variation and IT costs with import/export data filing and less waiting times at the borders.

  • Harmonized ´trusted trader´ & other certification programs: In the European Union, the European Commission´s implementing regulation (No. 889/2014) updates the references to the aviation security legislation in force, including recognition of the Known Consignor (KC) status and its relevance to Authorized Economic Operator (AEO), and framing the scope of recognition of the common requirements between the respective programs.
  • Coordinated company visits & audits: Closely linked to the previous BAC-action, in the Netherlands, the Dutch Customs executes joint audits on AEO security (customs) and known consignor/regulated agent (air cargo) with the Dutch Immigration and air-police agency – during the application phase, as well as during periodical audits.
  • Harmonized data filing requirements: Despite a global, harmonized data model, harmonized tariff codes and standards on clearance procedures, there are many differences in operational import, export and transit procedures and information requirements between countries. This results in additional complexity of IT systems for globally operating traders and logistic service providers. An example is the pre-arrival security declarations, where harmonization would be most useful e.g. between the Importer Security Filing, “10+2” in the US and the Entry Summary Declaration in Europe – Multiple Filing, supported by Standard Trader Interface, under development within the Union Customs Code, UCC.
  • Synchronized border interventions & inspections: The Article 4 of the Greater Mekong Sub-region Cross Border Transport Agreement on Facilitation of Border Crossing Formalities calls upon the contracting parties to progressively adopt measures to simplify and expedite border formalities by carrying out joint and simultaneous inspection of goods and people by respective competent authorities of agencies such as customs, immigration, trade, agriculture, and health. It further provides for single-stop inspection and urges the national authorities of adjacent countries to carry out joint and simultaneous inspections.
  • Harmonized operating hours: This applies particularly in the context of two neighboring country customs offices – having same opening hours across the border helps to maximize the daily throughput volumes. As the Article 8 of the World Trade Organization´s Trade Facilitation Agreement puts it, “Each Member shall, to the extent possible and practicable, cooperate on mutually agreed terms with other Members with whom it shares a common border with a view to coordinating procedures at border crossings to facilitate cross-border trade. Such cooperation and coordination may include: … alignment of working days and hours … “. In the ASEAN region, the Article 7 of the ASEAN Framework Agreement on the Facilitation of Goods in Transit urges the contracting parties to “coordinate working hours of the adjacent border posts”.

Government agencies themselves as the primary beneficiary (right sector in the diagram). The following five BAC actions can provide instant benefits for the cooperating government agencies, in terms of cost savings and improved efficiency – in other words, identifying more violations and catching more bad guys with less total spending.

  • Sharing of agency intelligence, information & data: Customs Mutual Assistance Agreements (CMAAS), signed bilaterally by Canada Border Services Agency (CBSA) and eight counterparties during years 1979-2010 (European Community, France, Germany, Mexico, the Netherlands, South Africa, South Korea and the United States) provide Canada with a legal basis to share customs information to prevent, investigate and combat customs offences, particularly customs fraud, and to provide reciprocal mutual assistance to ensure the proper application of customs laws. Under CMAAs Canada may share customs information pertaining to: persons, goods and means of transport; activities planned, on-going, or completed, that constitute or appear to constitute a customs offence in the territory of the country requesting the data; proven law enforcement techniques; new and emerging trends, means or methods of committing customs offences; and facilitation of risk assessment activities, within the mandate and authority of the CBSA.
  • Joint investments in common resource pools (equipment, facilities etc.): In Finland the Customs Administration and the Border Guard share common premises and equipment. Each authority has a designated role in the servicing and maintenance of the equipment. X-ray machines are largely the responsibility of Customs. Road-testing equipment, such as lorry brake-testing pads, is also maintained by Customs. All equipment can be shared and operated by each agency upon request. Thus, although the equipment belongs to one agency, it can be easily relocated to the other agency, enabling smoother processing of the workflow without unnecessary and lengthy administrative procedures, thereby reducing costs.
  • Joint teams: In the Netherlands, “HARC” – Hit and Run Cargo Rotterdam team, is a joint operation of Dutch Maritime Police, Dutch Customs, the Fiscal and Economic Crime Agency and the Ministry of Justice collaborating operationally in narcotics enforcement. Joint teams differ from Joint operations below by being a long-term / permanent set-up; while Joint operations “come and go”.
  • Joint operations: A joint operation Meerkat, (23-27 July 2012) involving the World Customs Organization and INTERPOL against the illicit trafficking of cigarettes, tobacco and alcohol in East and Southern Africa, resulted in the seizure of tons of illicitly traded products in seven countries. Operation Meerkat saw Customs and police authorities carry out some 40 raids at seaports, inland border crossing points, markets and shops in Angola, Kenya, Mozambique, Namibia, South Africa, Tanzania and Zimbabwe. More than 32 million cigarettes – equivalent to 1.6 million packets, 134 tons of raw tobacco and almost 3,000 liters of alcohol were seized, resulting in national authorities initiating a number of administrative investigations into tax evasion and other potential criminal offences.
  • Collaborative criminal investigations & prosecutions: In the United States the Border Enforcement Security Task Force (BEST) units gather officers from more than 100 different law enforcement agencies under one roof. The objective is to identify, investigate, disrupt and dismantle transnational organizations posing the greatest threat to border security, public safety and national security, by employing the full range of federal, state, local, tribal and international law enforcement resources. Over the years, the BEST has become a successful interagency law enforcement collaboration model that’s keeping the US safer.

Both supply chain companies as well as government agencies as beneficiaries (bottom sector). The five BAC actions can bring instant benefits to all parties in cross-border supply chains, in terms of lowering costs and improving performance, from supply chain company and from governmental agency perspectives.

  • ‘Single window’ -type import/ export/ transit data submissions: In the Netherlands, the authorities have designed Digipoort, the government’s ‘electronic post office’ for businesses. It provides the communication infrastructure for the exchange of digital information between companies and government authorities. Digipoort enables companies to submit import and export information at a single entry point aimed at multiple government authorities.
  • Common risk indicators, risk profiles & targeting systems: In Finland, common databases are linked to the different agencies’ operational and risk management databases, leading to a common approach when a ‘signal’ is recorded. Some control and enforcement officers have access to each other’s systems on a need-to-know basis, with levels of restricted access determined by rank and functional responsibility.
  • Mutual recognition of supply chain inspection procedures & outcomes: As part of the European Union funded research and development project FP7-CORE ( http://www.coreproject.eu/ ), the phytosanitary and customs administrations in Kenya and the Netherlands are working towards mutual recognition of controls carried out by Kenyan authorities, as well as the exploitation of digital phytosanitary certificates and other trade documents, between the two countries. Outside of the research world, mutual recognitions (MR) of customs inspections are being explored in the context of EU MR Agreements, for example with Japan.
  • Cross-training and empowering manpower: In Finland, Customs officers have been trained by the Border Guard to inspect identification documents and visas, among other procedures. Border guards have, in turn, received basic Customs training, which includes the search of vehicles and the recognition of prohibited and restricted goods, such as drugs, alcohol, and counterfeit items.
  • Joint public-private partnership arrangements, training sessions etc.: In 2011 in Hong Kong, the Customs and Excise Department established a Joint Liaison Group with the representatives of shippers, freight forwarders and truck drivers for exchanging operational views and comments on the Road Cargo System “ROCARS”. Moreover, Customs also launched an extensive publicity program and established outreach teams to assist the industry stakeholders to get used to the ROCARS. Following other government departments are listed on the ROCARS web-site http://www.rocars.gov.hk/ : Commerce and Economic Development Bureau, Census and Statistics Department, and Transport Department.

Finally, the center circle of the CBRA-BAC15 diagram highlights the basic, classical principles of trade facilitation – naturally in the context of multiple agencies dealing with cross-border regulations, procedures, IT-systems and data requirements:

  • Simplification & Harmonization: agencies work together with the first aim to streamline certification requirements and procedures, to minimize the number of data elements required from traders etc.; and the second aim to unify the rules and requirements facing supply chain companies.
  • Interoperability & Synchronization: agencies invest in improving interoperability between their inspection technologies, IT-systems etc.; they also work together to better synchronize their supervision and control processes, particularly for the benefit of supply chain companies.
  • Transparency & Predictability: agencies keep each other well informed of their current regulations, procedures, operations etc., as well as planned future changes – such proactive approach helps to minimize surprises and related hassles.

This concludes the second of three parts of our Border Agency Cooperation (BAC) blog. In Part 3 – to be published sometime in February – we focus on the overarching institutional arrangements on Border Agency Cooperation, including establishment of single border agencies (e.g. in the US and Australia); creation of one-stop border posts, OSBPs (multiple examples across the world); carrying work permanently on behalf of other agencies etc. We also plan to discuss bit more on the benefits and costs of BAC, as well as the main challenges and obstacles in BAC-projects across the globe. Talk to you again in February, Juha Hintsa.

 

Bibliography / sources for the examples and cases attached to the 15 BAC key actions:

  • Harmonized ´trusted trader´ & other certification programs: Commission Implementing Regulation (EU) No 889/2014 of 14 August 2014 amending Regulation (EEC) No 2454/93, as regards recognition of the common security requirements under the regulated agent and known consignor programme and the Authorised Economic Operator programme.
  • Coordinated company visits & audits: Email exchange with a Dutch Customs expert
  • Harmonized data filing arrangements: Interview with a Dutch supply chain and trade facilitation expert (29 January 2016); and AnNa Master Plan Extended Collaboration Project Book, December 2015. Available for download at: http://www.annamsw.eu/
  • Synchronized border interventions & inspections: Jain, S.R. (2012), “Coordinated Border Management: The Experience of Asia and the Pacific Region”, World Customs Journal, Vol. 6 No.1. (CBM25).
  • Harmonized operating hours: Article 8 (Border Agency Cooperation) of the WTO Agreement on Trade Facilitation of 15 July 2014; and Jain, S.R. (2012), “Coordinated Border Management: The Experience of Asia and the Pacific Region”, World Customs Journal, Vol. 6 No.1.
  • Sharing of agency intelligence, information & data: “Customs Cooperation Case Study for Canada”, paper submitted by Canada (Canada Border Services Agency – CBSA) for the July 2012 WTO Symposium on Trade Facilitation.
  • Joint investments in common resource pools (equipment, facilities etc.): “Coordinated Border Management”, WCO News, February 2015, No. 76.
  • Joint teams: “Customs find cocaine buried in cocoa bean shipment”, NL Times 25.5.2015, Available online at: http://www.nltimes.nl/2015/05/25/customs-finds-cocaine-buried-in-cocoa-bean-shipment/ (accessed 28 January 2016).
  • Joint operations: “WCO and INTERPOL joint operation against illicit trafficking in Africa leads to tobacco and alcohol seizures”, WCO Press Release, 27 August 2012. Available online at:   http://www.wcoomd.org/en/media/newsroom/2012/august/operation-meerkat.aspx (accessed 28 January 2016).
  • Collaborative criminal investigations & prosecutions: “Coordinated Border Management”, WCO News, February 2015, No. 76
  • ‘Single window’ –type import/ export/ transit data submissions: “Coordinated Border Management”, WCO News, February 2015, No. 76.
  • Common risk indicators, risk profiles & targeting systems: “Coordinated Border Management”, WCO News, February 2015, No. 76.
  • Mutual recognition of supply chain inspection procedures & outcomes: The Consistently Optimised REsilient ecosystem, CORE FP7 project, EU. See online at: http://www.coreproject.eu/ (accessed 28 January 2016).
  • Cross-training and empowering manpower: “Coordinated Border Management”, WCO News, February 2015, No. 76.
  • Joint public-private partnership arrangements, training sessions etc.: “Road Cargo System (ROCARS) (Hong Kong China)”. Available online at: http://www.wcoomd.org/en/topics/wco-implementing-the-wto-atf/atf/border-agency-cooperation.aspx (accessed 28 January 2016).

Border Agency Cooperation, Part 1 of 3

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

“A beloved child has many names”, goes an old Finnish proverb. This saying applies quite well in the conblog-210116text of ´smart cooperation between multiple agencies when dealing with cross-border supply chains, goods movements and transports´. The World Customs Organization talks about Coordinated Border Management (CBM); the European Union about Integrated Border Management (IBM); the World Bank about Collaborative Border Management (CBM); and Organization for Security and Cooperation in Europe about Comprehensive Border Management (CBM). Cross-border Research Association is aligning with a fifth term: Border Agency Cooperation (BAC), a term used in the Trade Facilitation Agreement of the World Trade Organization. Despite minor differences in scope, priorities, underlying principles and philosophies among these five terms (and possibly even more), one can easily agree that the work carried out under any and all of them aims to coordinate activities across and within various border control agencies, for the benefit of both governmental agencies themselves as well as supply chain companies.

Our first blog on Border Agency Cooperation, BAC, provides an illustrative worst case example on how complex, slow and expensive a cross-border supply chain execution comes when no cooperation takes place between relevant government agencies, neither nationally nor internationally. The illustration is about meat export from Latin America (Country X) to the European Union (Country Y), with maritime transport in reefer containers.

A well-known beef producer in country X– also the first Authorized Economic Operator (AEO) beef producing company in the region – has just signed an annual contract with a beef importer and distributor in country Y. As this is the producer ‘s first export deal to the EU, the producer needs to ensure that all licenses and certificates are up to the EU standard. Organizing health certificates, certificates of origin, sanitary certificates, export licenses – and what have we – takes weeks and weeks of time. There is no communication or procedures in place between the various agencies and officials to facilitate the process, no coordinated company visits or audits, no sharing of information, and no mutual recognition of inspections.

When all documents are finally in place, and regular exports can start, the beef producer and it´s forwarding agent face the burden of filing export data to customs, to sanitary agencies, and to national security agencies – with somewhat similar datasets, but with no single-window filing opportunity. And when export controls and inspections take place – which happens often – there is no synchronization of inspection times between the different agencies. One agency might come to inspect the reefer container on Monday noon, second one on Wednesday morning, and third on Friday afternoon – another week lost in the beef supply chain lead-time.

Once the consignment is happily on board towards the EU, one continues to experience lost BAC opportunities: no data is passed from country X customs or sanitary agencies to their counterparties in country Y, to enable pre-arrival compliance control and risk assessment. In case of criminal suspicions – e.g. when supply chain insiders exploit beef shipments for cocaine smuggling – no intelligence is shared between police and customs, from country X to country Y. The option of joint law enforcement operations between country X and Y police and customs agencies has never been even considered. Even on national level, both in country X and Y, the agencies are not co-operating neither on risk profiling and targeting systems, nor during criminal investigations and prosecutions – what a waste of resources when it comes to catching and convicting the bad guys…

In the meanwhile, some ten days later, the ship arrives at a major sea port in country Y. For the importer, there is no option for single-window data filing; instead, import data must be transferred separately to all different agencies in country Y. As the customs administration in country Y has no Mutual Recognition Agreement (MRA) in place with country X customs – neither when it comes to AEO certificates nor when it comes to recognizing inspections carried out at export – it treats the import as a “medium to high risk” one, calling for physical inspections. And as the sanitary agency does not share any common resources with the customs administration – particularly no joint inspection facilities and equipment, including x-ray machines – and even the daily opening hours are different from the customs hours, the sanitary agency carries out their own inspections only two days after the customs intervention. And finally, improving the situation does not seem likely, as there are no joint public-private partnerships, and no export/import compliance training sessions or similar in place, neither in country Y nor in country X.

This concludes the first of three parts of our Border Agency Cooperation (BAC) blog. In Part 2 – to be published next week – we will present CBRA´s conceptual model (Hintsa J., Dec.2015) on BAC key actions and beneficiaries: which key actions to take in order to speed up the logistics chain, to save costs with all actors, to increase overall predictability, and to improve government agency performance e.g. in terms of number of seizures and convictions. In the BAC Blog Part 2, we plan to present some preliminary experiences and real-life results from FP7-project CORE. Please stay tuned!

Supply Chain Security: DHS Should Test and Evaluate Container Security Technologies Consistent with All Identified Operational Scenarios to Ensure the Technologies Will Function as Intended, GAO, 2010 (CORE1068)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This report reviews container security technologies that the Science and Technology (S&T) Directorate of the US Department of Homeland Security (DHS) has evaluated and tested between 2004 and 2009. These container security technologies aim to (1) detect and report unauthorized intrusions into the shipping containers and (2) to track the movement of the containers through the supply chain. As of 2009, DHS has funded and tested four different container security technologies. So far, none of the candidate technologies meet all desired functional requirements: main problems are high false alarm rates, low detection probability, and difficult installation and calibration. Besides the unsatisfactory test results, the report points out problems of conducting the phase II practical “trade lane” testing in the context of the maritime transport only. The report recommends to test the technologies “across all operational scenarios,” considering contextual differences across different modes of transport. Once the technologies would pass this extended trade lane testing, the DHS should (1) obtain support from the trade industry and international partners, (2) develop a concept of operations (CONOPS) for using the technology, and (3) certify the container security technologies for use. The source document is available at: http://www.gao.gov/products/GAO-10-887.

[s2If is_user_logged_in()]

Full review: This GAO document describes in detail the four container security technologies that DHS has tested since 2004, and one of these technologies happens to be the very same “composite security container” that the WP22 CORE demonstration studies. The report discusses in details the problems that the previous tests and pilots of container security technologies have encountered. Being aware of the past problems help the CORE demonstrations to avoid past mistakes. In addition to the WP22 demonstration, the other demonstrations that involve tracking & tracing of intermodal containers benefit from the information of this GAO report. For instance, the GM demonstration on maritime shipping of automobile parts from the EU to the US via the port of Bremerhaven (WP9) might use this GAO document to evaluate available technical solutions for tracking the shipping containers. The demonstrations in work packages 14-17 involve tracking and tracing and therefore may use the detailed analysis this GAO report offers on available container security technologies.

 Cross-references:

  • Homeland Security: Key Cargo Security Programs Can Be Improved. GAO-05-466T. Washington, D.C.: May 26, 2005.
  • Cargo Container Inspections: Preliminary Observations on the Status of Efforts to Improve the Automated Targeting System. GAO-06-591T. Washington, D.C.: March 30, 2006.
  • Supply Chain Security: Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers. GAO-10-12. Washington, D.C.: October 30, 2009.
  • Maritime Security: DHS Progress and Challenges in Key Areas of Port Security. GAO-10-940T. Washington, D.C.: July 21, 2010.

Full citation:

U.S. Government Accountability Office (GAO), 2008. Supply Chain Security: DHS Should Test and Evaluate Container Security Technologies Consistent with All Identified Operational Scenarios to Ensure the Technologies Will Function as Intended.

CORE1068

Additional keywords: Container security, maritime logistics, container security device, tracking & tracing
[/s2If]

SUPPLY CHAIN SECURITY: Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers, GAO (October 2009, CORE1066)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: The document provides a comprehensive outlook on the past and recent US initiatives on container security. The report focuses on the challenges that prevent global implementation of the 100% scanning of US-bound containers in foreign ports with both non-intrusive inspection (NII) technologies and radiation detection devices, as mandated by the SAFE Port Act and the 9/11 Acts. The 100% scanning is believed to deter and detect terrorist attempts of smuggling weapons of mass destruction (WMD) into the United States inside a cargo container. The reports dates back to late 2009, so the description of the current state of the US container security it provides is not necessarily no longer accurate. The report anticipates that the implementation of the 100% scanning requirement will be delayed due to various problems that were identified during the precursory Secure Freight Initiative (SFI) pilots. These problems are related mainly to port logistics (routing of containers through scanning sites), employee safety (radiation of screening equipment) and technical constraints (equipment failures and poor quality of scanning images). Today, we know that the US authorities have deferred the implementation already twice, first to 2014 and for the second time until 2016. Altogether, this GAO report describes in detail the challenges of the 100% scanning law and elaborates some ongoing alternative risk-based approaches to container security: (1) the strategic trade lane strategy that aims to establish 100% scanning only in high terrorist risk foreign sea ports and (2) the “10 + 2” data requirements that importers and ocean carriers must submit to the US Customs and Border Protection (CBP) prior to a container is loaded aboard a US-bound vessel so that the US authorities can calculate more precise risk for each shipping container. This report includes relevant information for all the CORE’s demonstrations that involve US-bound maritime transportation. The source document is available at: http://www.gao.gov/products/GAO-10-12.

[s2If is_user_logged_in()]

Full review: The GAO document provides interesting insights on the evolution of the US container security regulations over the years. This is useful supportive information for CORE demonstrations that involve maritime shipping of containers into the US. The GM demonstration of the WP9 for example covers exports of automobile parts from the EU into the US by transatlantic ocean transport. If the US Congress does not repeal or defer the 100% scanning requirement, the port of Felixstove that participates in the demonstration, need to start scanning also all GM’s US-bound containers. Likewise, the FALACUS demo (WP14), which is about shipping of ceramic tiles from Italy to the US, must take into consideration the possible effects of the 100% scanning requirement. This demonstration is particularly interesting from the 100% scanning requirement standpoint because some ceramic tiles are naturally radioactive, and thus they tend to trigger false alarms in the radiation controls. Also the P&G demonstrator in the WP17, that focuses on shipping of consumer goods into the US, the possible impact of the 100% scanning regulation.

Besides the demonstrations, the CORE’s risk cluster might benefit from the detailed analysis of the risk-based approaches to the US container security, such as the strategic trade lane strategy and the “10 + 2” data requirement. All demonstrations might benefit from lessons learnt how GAO has advises DHS and CBP to carry out cost-benefit analyses for the US container security programs (especially the Secure Freight Initiative).

Cross-references:

  • Combating Nuclear Smuggling: Efforts to Deploy Radiation Detection Equipment in the United States and in Other Countries. GAO-05-840T. Washington, D.C.: June 21, 2005.
  • Container Security: A Flexible Staffing Model and Minimum Equipment Requirements Would Improve Overseas Targeting and Inspection Efforts. GAO-05-557. Washington, D.C.: April 26, 2005.
  • Bakshi, N., Flynn, S. E., & Gans, N. (2011). Estimating the operational impact of container inspections at international ports. Management Science, 57(1), 1-.‐‑20.

Full citation:

U.S. Government Accountability Office (GAO), 2009. Supply Chain Security Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers.

CORE1066

Additional keywords: Ocean transportation, counter-terrorism, non-intrusive inspection

[/s2If]

Review on “MARITIME CRITICAL INFRASTRUCTURE PROTECTION – DHS Needs to Better Address Port Cybersecurity”, Report to the Chairman, Committee on Commerce, Science, and Transportation, U.S. Senate, United States Government Accountability Office, June 2014 (CORE1098)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , /by

CORE1098-Summary: Actions taken by the Department of Homeland Security (DHS) and two of its component agencies, the U.S. Coast Guard and Federal Emergency Management Agency (FEMA), as well as other federal agencies, to address cybersecurity in the maritime port environment have been limited. Report is available at: http://www.gao.gov/assets/670/663828.pdf

[s2If is_user_logged_in()]

Full review: While the Coast Guard initiated a number of activities and coordinating strategies to improve physical security in specific ports, it has not conducted a risk assessment that fully addresses cyber-related threats, vulnerabilities, and consequences. Coast Guard officials stated that they intend to conduct such an assessment in the future, but did not provide details to show how it would address cybersecurity. Until the Coast Guard completes a thorough assessment of cyber risks in the maritime environment, the ability of stakeholders to appropriately plan and allocate resources to protect ports and other maritime facilities will be limited.

Maritime security plans required by law and regulation generally did not identify or address potential cyber-related threats or vulnerabilities. This was because the guidance issued by Coast Guard for developing these plans did not require cyber elements to be addressed. Officials stated that guidance for the next set of updated plans, due for update in 2014, will include cybersecurity requirements. However, in the absence of a comprehensive risk assessment, the revised guidance may not adequately address cyber-related risks to the maritime environment.

The degree to which information-sharing mechanisms (e.g., councils) were active and shared cybersecurity-related information varied. Specifically, the Coast Guard established a government coordinating council to share information among government entities, but it is unclear to what extent this body has shared information related to cybersecurity. In addition, a sector coordinating council for sharing information among nonfederal stakeholders is no longer active, and the Coast Guard has not convinced stakeholders to reestablish it. Until the Coast Guard improves these mechanisms, maritime stakeholders in different locations are at greater risk of not being aware of, and thus not mitigating, cyber-based threats.

Under a program to provide security-related grants to ports, FEMA identified enhancing cybersecurity capabilities as a funding priority for the first time in fiscal year 2013 and has provided guidance for cybersecurity-related proposals. However, the agency has not consulted cybersecurity-related subject matter experts to inform the multi-level review of cyber-related proposals—partly because FEMA has downsized the expert panel that reviews grants. Also, because the Coast Guard has not assessed cyber-related risks in the maritime risk assessment, grant applicants and FEMA have not been able to use this information to inform funding proposals and decisions. As a result, FEMA is limited in its ability to ensure that the program is effectively addressing cyber-related risks in the maritime environment.

Why GAO Did This Study? U.S. maritime ports handle more than $1.3 trillion in cargo annually. The operations of these ports are supported by information and communication systems, which are susceptible to cyber-related threats. Failures in these systems could degrade or interrupt operations at ports, including the flow of commerce. Federal agencies—in particular DHS—and industry stakeholders have specific roles in protecting maritime facilities and ports from physical and cyber threats. GAO’s objective was to identify the extent to which DHS and other stakeholders have taken steps to address cybersecurity in the maritime port environment. GAO examined relevant laws and regulations; analyzed federal cybersecurity-related policies and plans; observed operations at three U.S. ports selected based on being a high-risk port and a leader in calls by vessel type, e.g. container; and interviewed federal and nonfederal officials.

What GAO Recommends? GAO recommends that DHS direct the Coast Guard to (1) assess cyber-related risks, (2) use this assessment to inform maritime security guidance, and (3) determine whether the sector coordinating council should be reestablished. DHS should also direct FEMA to (1) develop procedures to consult DHS cybersecurity experts for assistance in reviewing grant proposals and (2) use the results of the cyber-risk assessment to inform its grant guidance. DHS concurred with GAO’s recommendations.

Full citation:  “MARITIME CRITICAL INFRASTRUCTURE PROTECTION – DHS Needs to Better Address Port Cybersecurity”, Report to the Chairman, Committee on Commerce, Science, and Transportation, U.S. Senate, United States Government Accountability Office, June 2014.

CORE1098

Keywords: Maritime Security, Port Security, Cyber – Security, CBP U.S. – Customs and Border Protection, Coast Guard U.S., DHS-Department of Homeland Security, FEMA-Federal Emergency Management Agency, ISAC-information sharing and analysis center, IT-information technology, MTSA-Maritime Transportation Security Act of 2002, NIPP-National Infrastructure Protection Plan, AFE Port Act-Security and Accountability for Every Port Act of 2006, TSA-Transportation Security Administration

[/s2If]

Review on Consideration and Adoption of Amendments to the International Convention for the Safety of Life at Sea, 1974, International Maritime Organization (CORE1097)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: The International Ship and Port Facility Security (ISPS) Code sets new standards for security for ships at sea as well as port facilities around the world. It aims to make shipping activities more secure against threats of terrorism, piracy and smuggling. Security at sea has been a concern to governments, shipping lines, port authorities and importers and exporters for years. The terrorist attacks of September 11, 2001, however, provided the catalyst for formalizing tough new security measures. In December of 2002, the International Maritime Organization (IMO) a specialized agency of the United Nations (UN) organized a conference to discuss issues related to security at sea. At this conference, representatives from 150 nations (the Contracting Governments) participated in drafting amendments to the Safety of Life at Sea (SOLAS) Convention, and the ISPS Code was adopted. Changes to the SOLAS Convention include amendments to Chapters V and XI, and Chapter XI was divided into Chapters XI-1 and XI-2. The new Chapter XI-2 provides the umbrella ISPS regulations. The Code itself is divided into two parts. Part A presents mandatory requirements, Part B contains guidance regarding the provisions of Chapter XI-2 of the Convention and part A of the Code. Source document is available at: http://www.un.org/en/sc/ctc/docs/bestpractices/32.pdf

[s2If is_user_logged_in()]

Full review: The Code aims, among other things, to establish an international framework for co-operation between Contracting Governments, government agencies, local administrations and the shipping and port industries to detect security threats and take preventive measures against security incidents affecting ships or port facilities used in international trade and to establish relevant roles and responsibilities at the national and international level. ISPS provisions relating to port facilities relate solely to the ship/port interface. Also, ISPS provisions do not extend to the actual response to attacks or to any necessary clear-up activities after such an attack. In addition, for each ship and port authority affected, the ISPS Code requires:

  • The implementation of a Ship Security Plan (SSP),
  • The implementation of a Port Facility Security Plan (PFSP),
  • The appointment of a Ship Security Officer (SSO),
  • The appointment of a Company Security Officer (CSO),
  • The appointment of a Port Facility Security Officer (PFSO),
  • The installation of ship alarms, and
  • The installation of shipboard Automatic Identification Systems (AIS).

Enforcement Date: The ISPS Code went into effect on July 1, 2004.

Full citation:   Consideration and Adoption of Amendments to the International Convention for the Safety of Life at Sea, 1974, International Maritime Organization. SOLAS/CONF.5/32. 12 December 2002

CORE1097

Keywords: Maritime Security, Port Security, Ship Security Plan (SSP), Port Facility Security Plan (PFSP), Ship Security Officer (SSO), Port Facility Security Officer (PFSO), International Maritime Organization (IMO), Safety of Life at Sea (SOLAS).

[/s2If]

Review on“Contributing to shipping container security: can passive sensors bring a solution?” G. Janssens-Maenhout a, F. De Roob, W. Janssens, Journal of Environmental Radioactivity, 2009 (CORE1096)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: Illicit trafficking of fissionable material in container cargoes is recognized as a potential weakness in Nuclear Security. Triggered by the attacks of 11 September 2001, measures were undertaken to enhance maritime security in extension to the Safety Of Life At Sea (SOLAS) Convention and in line with the US Container Security Initiatives. Effective detection techniques are needed that allow the inspector to intercept illicit trafficking of nuclear weapons components or components of other nuclear explosive devices. Report abstract is available at (one can ask for the full report e.g. vie ResearchGate): https://www.researchgate.net/publication/38053693_Contributing_to_shipping_container_security_can_passive_sensors_bring_a_solution

[s2If is_user_logged_in()]

Full review: Many security measures focus on active interrogation of the container content by X-ray scan, which might be extended with the newly developed tagged neutron inspection system. Both active interrogation techniques can, with the current huge volume of container traffic, only be applied to a limited number of selected containers. The question arises whether a passive detection technique can offer an alternative solution.

This study investigates if containers equipped with a small passive detector will register during transport the neutron irradiation by fissionable material such as plutonium in a measurable way. In practice, 4/5 of the containers are about 1/8 filled with hydrogenous material and undergo a typical 2 months route. For this reference case, it was found that the most compatible passive detector would be an activation foil of iridium. Monte-Carlo simulations showed that for the reference case the activity of a 250 μm thin foil with 6 cm2 cross-section would register 1.2 Bq when it is irradiated by a significant quantity of Reactor-Grade PuO2. However this activity drops with almost two orders of magnitude for other fillings and other isotopic compositions and forms of the Pu-source. The procedure of selecting the target material for Pu detection is detailed with the theoretical methods, in order to be useful for other applications. Moreover the value of such additional passive sensors for securing maritime container transport is situated within the global framework of the First, Second and Third Line of Defense against illicit trafficking.

Full citation:   G. Janssens-Maenhout a, F. De Roob, W. Janssens (2009). Contributing to shipping container security: can passive sensors bring a solution?” Journal of Environmental Radioactivity 101(2):95-105 · OCTOBER 2009.

Keywords: Nuclear illicit trafficking, Maritime container transport, Passive detection technique

[/s2If]

Review on The Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities, Policy Paper, July 2013, Center for 21st Century Security and Intelligence (CORE1095)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: In a 50-page policy paper by the Brookings Institute and authored by Commander Joseph Kramek of the U.S.Coast Guard and a Federal Executive Fellow at the institute, the current state of affairs related to vulnerabilities at our national seaports is discussed and options to shore up cyber security are presented. In the executive summary, Commander Kramek writes that today’s U.S. port facilities rely as much upon networked computer and control systems as they do upon stevedores to ensure the flow of maritime commerce that the economy, homeland, and national security depend upon. Yet, unlike other sectors of critical infrastructure, little attention has been paid to the networked systems that undergird port operations. Report is available at: http://www.brookings.edu/~/media/research/files/papers/2013/07/02%20cyber%20port%20security%20kramek/03%20cyber%20port%20security%20kramek.pdf

[s2If is_user_logged_in()]

Full review: No cybersecurity standards have been promulgated for U.S. ports, nor has the U.S. Coast Guard, the lead federal agency for maritime security, been granted cybersecurity authorities to regulate ports or other areas of maritime critical infrastructure. In the midst of this lacuna of authority is a sobering fact: according to the most recent National Intelligence Estimate (NIE) the next terrorist attack on U.S. Critical Infrastructure and Key Resources (CIKR) is just as likely to be a cyber attack as a kinetic attack.

The potential consequences of even a minimal disruption of the flow of goods in U.S. ports would be high. The zero-inventory, just-in-time delivery system that sustains the flow of U.S. commerce would grind to a halt in a matter of days; shelves at grocery stores and gas tanks at service stations would run empty. In certain ports, a cyber disruption affecting energy supplies would likely send not just a ripple but a shockwave through the U.S. and even global economy.

Given the absence of standards and authorities, this paper explores the current state of cybersecurity awareness and culture in selected U.S. port facilities. The use of the post-9/11 Port Security Grant Program (PSGP), administered by the Federal Emergency Management Agency, is also examined to see whether these monies are being used to fund cybersecurity projects.

Full citation:   The Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities, Policy Paper, July 2013, Center for 21st Century Security and Intelligence.

CORE1095

Keywords: Maritime Security, Cyber-security, Port Security Grant Program (PSGP), Port facility, Coast Guard, Maritime Transportation Security Act (MTSA).

[/s2If]