Posts

Nothing Found

Sorry, no posts matched your criteria

CORE-Observatory

Review on “MARITIME CRITICAL INFRASTRUCTURE PROTECTION – DHS Needs to Better Address Port Cybersecurity”, Report to the Chairman, Committee on Commerce, Science, and Transportation, U.S. Senate, United States Government Accountability Office, June 2014 (CORE1098)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , /by

CORE1098-Summary: Actions taken by the Department of Homeland Security (DHS) and two of its component agencies, the U.S. Coast Guard and Federal Emergency Management Agency (FEMA), as well as other federal agencies, to address cybersecurity in the maritime port environment have been limited. Report is available at: http://www.gao.gov/assets/670/663828.pdf

[s2If is_user_logged_in()]

Full review: While the Coast Guard initiated a number of activities and coordinating strategies to improve physical security in specific ports, it has not conducted a risk assessment that fully addresses cyber-related threats, vulnerabilities, and consequences. Coast Guard officials stated that they intend to conduct such an assessment in the future, but did not provide details to show how it would address cybersecurity. Until the Coast Guard completes a thorough assessment of cyber risks in the maritime environment, the ability of stakeholders to appropriately plan and allocate resources to protect ports and other maritime facilities will be limited.

Maritime security plans required by law and regulation generally did not identify or address potential cyber-related threats or vulnerabilities. This was because the guidance issued by Coast Guard for developing these plans did not require cyber elements to be addressed. Officials stated that guidance for the next set of updated plans, due for update in 2014, will include cybersecurity requirements. However, in the absence of a comprehensive risk assessment, the revised guidance may not adequately address cyber-related risks to the maritime environment.

The degree to which information-sharing mechanisms (e.g., councils) were active and shared cybersecurity-related information varied. Specifically, the Coast Guard established a government coordinating council to share information among government entities, but it is unclear to what extent this body has shared information related to cybersecurity. In addition, a sector coordinating council for sharing information among nonfederal stakeholders is no longer active, and the Coast Guard has not convinced stakeholders to reestablish it. Until the Coast Guard improves these mechanisms, maritime stakeholders in different locations are at greater risk of not being aware of, and thus not mitigating, cyber-based threats.

Under a program to provide security-related grants to ports, FEMA identified enhancing cybersecurity capabilities as a funding priority for the first time in fiscal year 2013 and has provided guidance for cybersecurity-related proposals. However, the agency has not consulted cybersecurity-related subject matter experts to inform the multi-level review of cyber-related proposals—partly because FEMA has downsized the expert panel that reviews grants. Also, because the Coast Guard has not assessed cyber-related risks in the maritime risk assessment, grant applicants and FEMA have not been able to use this information to inform funding proposals and decisions. As a result, FEMA is limited in its ability to ensure that the program is effectively addressing cyber-related risks in the maritime environment.

Why GAO Did This Study? U.S. maritime ports handle more than $1.3 trillion in cargo annually. The operations of these ports are supported by information and communication systems, which are susceptible to cyber-related threats. Failures in these systems could degrade or interrupt operations at ports, including the flow of commerce. Federal agencies—in particular DHS—and industry stakeholders have specific roles in protecting maritime facilities and ports from physical and cyber threats. GAO’s objective was to identify the extent to which DHS and other stakeholders have taken steps to address cybersecurity in the maritime port environment. GAO examined relevant laws and regulations; analyzed federal cybersecurity-related policies and plans; observed operations at three U.S. ports selected based on being a high-risk port and a leader in calls by vessel type, e.g. container; and interviewed federal and nonfederal officials.

What GAO Recommends? GAO recommends that DHS direct the Coast Guard to (1) assess cyber-related risks, (2) use this assessment to inform maritime security guidance, and (3) determine whether the sector coordinating council should be reestablished. DHS should also direct FEMA to (1) develop procedures to consult DHS cybersecurity experts for assistance in reviewing grant proposals and (2) use the results of the cyber-risk assessment to inform its grant guidance. DHS concurred with GAO’s recommendations.

Full citation:  “MARITIME CRITICAL INFRASTRUCTURE PROTECTION – DHS Needs to Better Address Port Cybersecurity”, Report to the Chairman, Committee on Commerce, Science, and Transportation, U.S. Senate, United States Government Accountability Office, June 2014.

CORE1098

Keywords: Maritime Security, Port Security, Cyber – Security, CBP U.S. – Customs and Border Protection, Coast Guard U.S., DHS-Department of Homeland Security, FEMA-Federal Emergency Management Agency, ISAC-information sharing and analysis center, IT-information technology, MTSA-Maritime Transportation Security Act of 2002, NIPP-National Infrastructure Protection Plan, AFE Port Act-Security and Accountability for Every Port Act of 2006, TSA-Transportation Security Administration

[/s2If]

Review of Building Resilience in Supply Chains (CORE1055)

/0 Comments/in /by

Summary: Review on Building Resilience in Supply Chains – An Initiative of the Risk Response Network – In collaboration with Accenture – World Economic Forum. The report broadens the view of resilient supply chains away from pure trucking towards taking all available transport modes into account. Additional relevance is given by building partnerships of private companies and creating strategic transport orientation in normal times and to be executed in harsh times. The views given are from large industry and insurers point of view thus serve as hints to SMEs. Demo-WPs concerned with resilience should have the ideas in mind in order to follow the worlds to forum and on the other side identified lacks (of focus on consumers of goods) should be avoided in CORE demonstration layouts.  Coding in CORE e-library is CORE1055. Source file at: http://www3.weforum.org/docs/WEF_RRN_MO_BuildingResilienceSupplyChains_Report_2013.pdf
Read more

Review of “Trade Compliance: a Burden or an Opportunity?” (CORE1054)

/0 Comments/in /by

Summary: Review of “Trade Compliance: A Burden or an Opportunity?” This is a White Paper by DINALOG Dutch Institute for Advanced Logistics, VLM Vereining Logistiek Management. The information aims at Core Demo-WPs where the either trade compliance in general or single aspects of better cargo and data flow is to be demonstrated. This has an impact on the preceding WPs when defining rules and fixing systems. Coding CORE1054, in the CORE e-library. Available to General Public at: http://www.logistiek.nl/PageFiles/5478/010_logistiek-download-LOGNWS113052D01.pdf. Coding CORE1054, in the CORE e-library.

s2If is_user_logged_in()]

The document reads about the basics of Trade Compliance relevant for worldwide economy and movement of goods across borders and shows a quantification of the value for goods exported from the Netherlands. A discussion of administrative burdens conducting international trade follows. Main issues are diversity of applicable governmental laws including ex-, import and transshipped countries, increasing internationalization of trade and the obstacles of physical of goods. Different data sets partly with identical content have to be presented to various agencies and depending on goods, extra rules do apply sometimes. The electronic data transmission contains further obstacles and varies from agency to agency and from one commercial partner to another. Even already established rules on harmonization do not avoid constant update and adoption of ERP systems of traders. When following the physical movements of goods more obstacles unveil with governmental agencies resulting in delays. Certification is already established but does not lower burdens at the moment.

Innovations within compliance named and described then. These innovations are as follows:

  • Surveillance of the systems used for manufacturing and trade (System Based Control);
  • Physical and electronic coordination and interaction of all governmental agencies and data delivery systems (Single Window, One Stop Shop); and
  • Moving traditional border controls away from the border by Use of pre- and post-clearance in order not to disturb the physical movement; and by Disconnect data flows from cargo flow.

The document finalises by naming the challenges for national and international governments and trade companies with a brief review of the three innovations. The report contains very good ideas to follow in CORE Demo WPs but is very high level without giving details.

SWOT Analysis, with reference to CORE:

  • STRENGTHS: The focus on a few but high integrated measures applicable to countries organized in a supra-national organization is clearly an advantage for a research project than having many disconnected single improvements. Project results are easier to disseminate when a common direction is predetermined.
  • WEAKNESSES: The report is a brief one and names the innovations without telling too much detail or how to implement the theory. A balance of the single measures or different regional acceptance is not given. A discussion about trade when introducing these measures in one country and not in another is not given.
  • OPPORTUNITIES: Since no implementation details are given, measures are open for adoption in different regions or trade lanes where measures might be introduced. The list of measures is not exhaustive, additional rules might be implemented.
  • THREATS: When introducing all these measures the same time in a number of countries (e.g. the EU) might either fail due to national or regional established rules or lack of acceptance. By introducing these measures in different levels (ranging from full implementation to no implementation) might have an impact on trade flows, a further disconnection between first and third world might be worst case.

CORE impact anticipation:

  • To CORE: Re-reading of basic principles as shown in the document might open minds for different approaches or could start discussion and implementation from a different angle.
  • From CORE: The named threats and weaknesses of the report might be further evaluated and implementation ideas of named innovations should be evaluated as well as regional characteristics due to many trade lanes might be assessed.

Full Citation:

Trade Compliance: A Burden or an Opportunity? The quality of Dutch Trade Compliance Competences can strengthen our international position as a logistic control centre – Whitepaper Network Trade Compliance, Strategic Advisory Board, March 2012 – DINALOG Dutch Institute for Advanced Logistics , VLM Vereining Logistiek Management

Available to the general public at:

http://www.logistiek.nl/PageFiles/5478/010_logistiek-download-LOGNWS113052D01.pdf

Accessed: 15/01/2015

[/s2If]

Report to Congress on Integrated Scanning System Pilots (Security and Accountability for Every Port (SAFE) Act of 2006, Section 231), U.S. Customs and Border Protection (CORE1039)

/0 Comments/in /by

Summary: The document reports the pilot of an integrated scanning system at three foreign ports during the six month pilot period beginning in October of 2007, which were directed by the US Congress to the Secretary of the Department of Homeland Security (DHS), in coordination with the Secretary of the Department of Energy (DOE), as necessary, and the private sector and host governments when possible. Full review report, and the original source file, can be found in CORE e-library with the code CORE1039. Source file at: http://155.14.72.204/security/documents/sfi_finalreport.pdf
Read more

Authorized Economic Operator (AEO) & Mutual Recognition Agreements (MRA) –study for the Royal Thai Customs (RTC)

/0 Comments/in /by

This article is about Assisting Royal Thai Customs, RTC, to improve the popularity of the Thai AEO program among the economic operators; as well as about guiding RTC in preparing for a future AEO MRA negotiations, primarily with the European Commission Directorate General of Customs and Taxation. The findings on and the outcomes of this article (as well as the full report behind it, available for download on CBRA´s web-site, as of 18.2.2015), can be useful for CORE Risk-cluster and for Other-cluster, in particular WP19 Education and training. This article is published in parallel in CBRA´s supply chain security blog (in two parts, on 16.2 and 19.2.2015), next to the CORE WP18 Information Observatory pilot. Read more

Export product / commodity maps

/0 Comments/in /by

Summary: An interesting web-source for multiple regional maps highlighting the main export products for countries around the world. Can be useful in CORE WP19, for the education and training materials. Source file at: http://www.globalpost.com/dispatch/news/business/global-economy/140502/world-commodities-exports-map

Read more