Posts

Three calls for journal and conference papers

This CBRA Blog advertises three important calls for papers in 2016: Special Issue for Journal of Transportation Security (to be published in 2017); the 11th WCO Customs-Academia PICARD Conference (Sep.2016); and the 7th European Intelligence and Security Informatics Conference (Aug.2016).

 

1. Journal of Transportation Security, Special Issue: Enhancing supply chain security through government-to-government and government-to-business partnerships and collaboration

Journal of Transportation Security (JTRS): The 9/11 terrorist attacks and the subsequent events have compelled stakeholders to understand transport security as more than a single element of the global networks that move people and goods. Once a routine component of modern transportation, security now represents a vital necessity and an urgent national priority. The Journal of Transportation Security probes the relevant aspects of many critical areas of study, including supply chain and logistics; information technology; public policy; international business; political science; engineering; transportation; economics; and counterterrorism, among others. This journal is the first to take a global, apolitical, and in-depth multidisciplinary look at the field. The mission of the journal is to disseminate new research, thought, and analysis for teachers, researchers, policy makers and practitioners around the world who view transportation security as a critical element in the post 9/11 world.

Partnerships and collaboration play a crucial role in the fight against crime in the global supply chains. Investments in traditional security areas such as physical security, personnel security, and IT security no longer suffice. Both government and business actors should extend their security efforts beyond their organizational boundaries, by fostering relationships with each other. Further government-to-government and government-to-business collaboration has a great potential to improve security of the supply chain and regulatory compliance of the trading community, while facilitating trade and logistics for the legitimate, security aware companies. The scope of collaboration covers a broad range of activities, including sharing of information and data; investing in common resource pools and sharing resources; and agreeing on optimum protocols for conducting inspections and audits in the supply chains. Enhancing the information exchange, for example, would help governments and companies to prevent and detect security breaches in supply chains and to recover faster once the breaches happen. In principle, both government and business actors share a common goal of mitigating crime in the global supply chains. Priorities and procedures, however, differ markedly between various business actors (e.g., shippers, carriers, freight forwarders) and government agencies (e.g., customs, police and transport security authorities).

Call for abstracts for the JTRS Special issue is open until 30 September 2016, please visit: www.springer.com …   

(CBRA / Dr. Juha Hintsa is the lead guest editor for this special issue; and abstract review panel consists of multiple experts in FP7-CORE project).

 

 

2. The 11th Annual WCO Picard Conference – Manila, Philippines – 27-29 September 2016

The World Customs Organization and the Philippine Bureau of Customs are pleased to announce the 11th annual WCO Picard Conference. You are invited to submit your research for presentation at the conference. Papers should focus on Customs or, more globally, the regulation, dynamics, and practices of international trade. Although not required, writers could consider submitting research on the following topics: Digital Customs; security; taxation and other revenue matters; and illicit trade.

blog2104162

 

 

Call for papers is open until 15 June 2016, please visit: www.wcoomd.org…

(CBRA / Dr. Juha Hintsa is part of the Scientific Board for the conference; and he also belongs to the PICARD Advisory Group).

 

 

 

3. The 7th European Intelligence and Security Informatics Conference (EISIC) – Uppsala, Sweden – 17-19 August 2016

Intelligence and Security Informatics (ISI) research is an interdisciplinary field of research that focuses on the development, use, and evaluation of advanced information technologies, including methodologies, models and algorithms, systems, and tools, for local, national and international security related applications. Over the past decade, the ISI research community has matured and delivered an impressive array of research results that are both technically innovative and practically relevant. The 2016 European ISI Conference is the seventh ISI conference to be organized by the European ISI community. The conference was first held in 2008 and has been organized annually since 2011.

blog2104163

 

Call for papers is open until 18 May 2016, please visit: http://www.eisic.eu/call.aspx

(CBRA / Dr. Toni Männistö delivers a keynote presentation on FP7-CORE, focusing on Supply chain security education and training (CORE WP19.1) ).

Supply chain security education materials

Blog-29.02.16FP7-CORE is the European flagship research and development project in supply chain security and trade facilitation, running from May 2014 to April 2018. In today´s CBRA Blog we focus on education and training material development – Work package 19, Task 19.1 – in the CORE-project.

The CORE Task 19.1 – Education and training materials development – has an impressive set of partners: INTERPOL, World Customs Organization (WCO), European Shippers Council (ESC), European association for forwarding, transport, logistics and customs services (CLECAT), International Road Union (IRU), and Technical University of Delft (TU Delft) as the established big players; ourselves Cross-border Research Association (CBRA) as the Task leader (and an enthusiastic lecturing body in supply chain security and trade facilitation); as well as the BMT Group, as the Work package 19 leader. We first started interaction with the entire Task 19.1 team during summer 2014, when the CORE-project had just been kicked off, and everything was still in it´s infancy.

Today, at the end of February 2016 – near two years into the project – we are about to launch the full scale production of the CORE education and training materials. We vision content to be produced in three parallel categories: CORE Flagship Handbook (CFH); Partner-specific materials; and Other education content. Content which is considered to be near-final can be published on-the-fly for example at CBRA´s web-portal, www.cross-border.org , where a new section is planned for the “CORE Education” (like the “CORE Observatory” which has been live since last autumn). Having just over two years left with the CORE-project, we are right on schedule to start the full production of education and training materials!

CORE Flagship Handbook (CFH) will be the main joint outcome of Task 19.1, thus we welcome INTERPOL, WCO, ESC, CLECAT, IRU, TU Delft and BMT to work closely with us in the production, review and piloting of the Handbook. In our current plans the Flagship Handbook has the following four sections, each section having multiple chapters (typically between two and six chapters per section):

  1. Introduction to CORE innovation agenda; including explaining key CORE themes and concepts; and frameworks and models.
  2. CORE outcomes, findings and results – written primarily in the context of the 16 CORE-Demonstrations.
  3. Interpretation of CORE results per key stakeholder group: customs, police, cargo owners, logistics sector, security sector and academics
  4. Future research and development roadmap – focusing on gaps and shortcomings; critical assessment on what works and what doesn’t by the end of CORE-project.

Partner specific materials typically fall into two sub-categories. First one is generic, introductory materials which would be of relevance to 1-2 stakeholder groups – for example Supply chain management 101 for police officers. Such materials can quite easily be developed within Task 19.1, using CORE supply chains and trade lanes as examples. At the same time, such basic education material would not be of relevance for supply chain companies, thus it should not be published in the CORE Flagship Handbook, CFH. Second sub-category is on detailed technical content, which again would be relevant to 1-2 stakeholder groups. An example could be technical review on risk management tools for the logistics sector.

Other education material may consist of the following content buckets, listed in a rough “simple to more complex” -order: Factsheets; Quizzes; Basic case studies; Comprehensive case studies; Videos and animations; Serious games, and so forth. It is still early days to decide what makes sense to develop – and for what we have adequate resources, skills and budgets. Maybe we will start with some simple factsheets, quizzes and basic case studies – this is still to be discussed among Task 19.1 partners.

Finally, the plans regarding the CORE Education web-portal are still in a preliminary stage. We could have a simple dropdown menu at www.cross-border.org , for example with the following selection options: Introductory materials; Technical sections; and Factsheets & quizzes. In the last category we could share first outcomes of Task 19.1 work. Here, just like in all other aspects of CORE Task 19.1, we welcome ideas and feedback from the Task 19.1 team, and from the whole CORE Consortium – and even beyond, from any interested stakeholders and potential future users of CORE Education materials!

In Lausanne on 29.2.2016 – CBRA Blog by Juha Hintsa

Chemical Security in Istanbul

2015-12-15 09.02.08I had the most interesting week in Istanbul with the Iraqi government representatives, chemical sector companies and the US State Department Chemical Security Program, CSP.

Security in the chemical supply chain is a major challenge for government agencies and chemical supply chain companies across the globe, including those in the Middle-East and North African (MENA) region. Theft, diversion, trafficking, export violations, counterfeit chemicals, sabotage and terrorism – among other criminal threats – keep the agencies and companies constantly on their toes when considering how to best tackle the vulnerabilities and threats in their respective chemical supply chains.

This was my second time to join as an external expert in a Chemical Security Program (CSP) event in the MENA region. The first time was in Hurghada, Egypt, in March 2015 – thanks again to Professor Andrew Thomas, the Chief Editor of the Journal of Transportation Security, for hooking me up with CRDF Global and the US State Department on this. Now the four day event targeted for the relevant Iraqi government agencies as well as the Iraqi chemical sector companies was held in Istanbul, Turkey, on 14-17 December 2015.

We had a fully packed agenda: Day 1 consisted of several introductory and state-of-play speeches by the workshop facilitators and by Iraqi experts, the latter group sharing key governmental, industry and academic perspectives to the chemical security progress in Iraq.  Day 2 started with a case study presentation on “Post-2001 supply chain security developments at Dow Chemicals”, followed by private-public partnership considerations in chemical supply chain security. During the afternoon of day 2, two more presentations were given on potential threats to materials of interest, as well as on site-physical security. Day 3 started with presentations on international transport of dangerous goods and security rules, followed later by presentations on export control and border security issues, as well as risk assessment methodological aspects.

Interactive sessions, group exercises and other discussions were vivid throughout the four days. On day 1, the main interactive session was about government-industry coordination. On day 2, the focus shifted to identifying key players in Iraqi chemical supply chain security, as well as exploring private sector specific chemical security issues. On day 3, a major interactive session took place to recognize existing vulnerabilities and threats in the chemical supply chain, as well as to identify appropriate countermeasures and other possible means of improvement. And finally, on day 4, a draft table of content for a potential “Iraqi chemical supply chain security master plan and implementation roadmap” was produced in a highly interactive manner, followed ultimately by drafting some actual planning content in areas including chemical transport security and raising security awareness.

The actual workshop outcomes and possible follow-up actions will be worked upon later by the organizing team and some key participants. In the meanwhile, I want to express my warmest thanks for this opportunity and great on-site collaboration in Istanbul to: Ms. Shawn Garcia from the U.S. Department of State, Chemical Security Program (DOS/CSP); Ms. Pelin Kavak and Mr. Nidal Abu Sammour from CRDF Global, US / Jordan; and Dr. Caner Zanbak and Mr. Mustafa Bagan from the Turkish Chemical Manufacturers Association (TCMA). Hope to meet you again in 2016 in Iraq, Algeria and possibly other locations in the MENA region!

 

Cheers, Juha Hintsa

P.S. We also tested two CBRA frameworks / models – CBRA SCS15/16, and CBRA-BAC-Actions and beneficiaries – with the audience during the Istanbul week. Both of them were well perceived, and will be topics for CBRA Blog during the coming couple of months. (SCS = Supply Chain Security, and BAC = Border Agency Cooperation).

PPS. Last but not least I would like to thank Ms. Antonella Di Fazio of Telespazio, Italy, and FP7-project CORE, for excellent inputs on transport of dangerous goods, traceability and monitoring solutions, demonstrators, and practical experiences.

Interviews

Criminalization of global supply chains, by Mr. Hamon

Hi David, and thanks for joining a CBRA Interview – can you first tell a bit who are you and what you do?

I served in the US Army as a logistician, served with the United Nations Peacekeeping Department as well as work with the UN humanitarian organizations.  I recently retired from a not-for-profit government contractor to pursue more creative work.  Whilst at the latter position I was seconded to the US Defense Department, first in African Affairs, and then as Research and Studies Director for a strategic studies office within a US Defense Agency.  I currently work, mostly independently, on a great many things related to future threats and re-defining of security/stability as it pertains and impacts diplomacy, development, defense, society, and economics/finance.

We met first time in Lausanne, Switzerland, around 2005 – what was that roundtable event again about?

Many years before cyber based terror threats were on the radar, we launched an inquiry into what we termed “Economic/Financial Terrorism” and whether security threats emanating from terrorism in the future would take the form of attacks on the Western system of finance and the economy.  We brought in a host of experts from the US and Europe to debate the changing face of terrorism and likely goals of future terror groups.  We examined everything from evolving ideology, motivation and intent, culture and identity to strategy, tactics, targets, weapons, and groups.  It was an extremely interesting event with industry admitting – at the time – they were not prepared for this phenomenon and governments largely split on the issue.  Additionally, experts and think tanks disagreed on whether economic terrorism was tangible.  It was very forward-looking for its time.  All participants came away with greater awareness on the subject as we went above and beyond what is currently called “financial crimes,” exploring potential kinetic based threats terror groups would use against the economic and financial machinery that included physical attacks on the supply chain, tourist industry, psychological undermining of the Western economic system to disrupt the normal provision of goods and services.

Can you tell more about your views on ´criminalization of global supply chains´?

I take similar views on the subject as Dr. Moisés Naim, in his 2005 book ‘Illicit: How smugglers, traffickers, and copycats are hijacking the global economy.’ He addresses several tenants that remain true today including the role of governments, technology, the Illicit traders mimicking licit trade and logistics actors – while simultaneously collaborating with many of them, and criminal groups seek high-profit opportunities as opposed to any other attribution (see CBRA Blog 21 October 2014).  Terror groups care less about profit but when thinking about logistics networks, what if the two groups collaborated?  Today logistics systems are more complex and move faster than ever in history, have less margin to fail, are far less ‘hands-on’ and offer many ways and places to hide illegal activity.  Detection and interdiction of this activity isn’t exclusively in the realm of governments. Industry has a role to play if it wishes to minimize new regulations, taxes, deter corruption, and other drains on efficiency and profit.  Experts, both public and private, rarely take a systems approach to detecting criminal activity with much throughput going undetected.  Both parties want to specialize on one aspect and miss the big picture.  A good example was the AQ Khan network.  How long has it been since industry has undertaken an assessment of whether there is a new “Khan” network out there?  Do trade organizations war-game with governments on criminality within supply chains?

Interesting! What are your views on ‘multi-commodity trafficking / crime portfolios’?

At the last corporate organization where I worked my team did some analysis on unregulated, illegal fishing as a security threat to Pacific Island nations.  In the course of this analysis, we discovered it was the same actors doing the illegal fishing as doing illegal dumping, illegal smuggling, illegal trafficking, among other illicit activities.  The criminality was only one aspect of the supply chain as the “demand” side as well as the delivery side was entirely legal and within businesses who conduct practically all business legally.  The same boats as platforms – and their crews – were used to conduct all activity legal and illegal and to the local authorities – as well as donor nations attempting to help – it was impossible to project accurately when the activity would switch between licit and illicit.  We couldn’t analyze if this was a regional or global phenomena but I guess it was a widely copied practice.  As Anthony Barone has pointed out, border management and controls are not the panacea of containment but need to be part of a larger practice (see CBRA Interview 18 December 2015). Criminals use technology just as effectively!  His idea of assembling a group of independent experts to rethink new approaches to border management – and I might add, redefining the meaning of borders and how thinking differently about borders per se – is a good start.   Using strategic foresight come up with several alternative futures to present to a dedicated [supply chain] private-public partnership empowered to make changes would be my overarching recommendation

Sounds that the global supply chain community is facing increasingly more threats and risks! Any other suggestions on how to improve the situation, both short term and long term?

In the short term, as I mentioned, conduct a public-private-partnership exercise to rethink the concept supply chain surveillance for illicit activity and anticipating new and emerging illicit activity.  In the long run, we don’t give enough thought to knowledge as a part of the supply chain.  Using the supply chain for illicit activity begins with motivation and intent getting out in front of those who may do harm.  To address alternative futures will take some innovation and creativity, but the stakes are high.  The next AQ Khan Network may bring very bad things into Europe (and beyond!) compliments of ISIS.  We don’t know what knowledge the current refugee population possesses that may be part of some future attack on the financial and economic system of the EU or if some refugees worked on chemical or biological programs in their countries of origin.

Thanks David for this interview – and let´s start working towards a joint project on these topics of common professional and research interest!

Web-links:

https://www.cross-border.org/2014/10/21/dr-naim-on-illicit-trade/

https://www.cross-border.org/interviews/new-approaches-to-border-management/

CORE-Observatory

Review on “MARITIME CRITICAL INFRASTRUCTURE PROTECTION – DHS Needs to Better Address Port Cybersecurity”, Report to the Chairman, Committee on Commerce, Science, and Transportation, U.S. Senate, United States Government Accountability Office, June 2014 (CORE1098)

CORE1098-Summary: Actions taken by the Department of Homeland Security (DHS) and two of its component agencies, the U.S. Coast Guard and Federal Emergency Management Agency (FEMA), as well as other federal agencies, to address cybersecurity in the maritime port environment have been limited. Report is available at: http://www.gao.gov/assets/670/663828.pdf

[s2If is_user_logged_in()]

Full review: While the Coast Guard initiated a number of activities and coordinating strategies to improve physical security in specific ports, it has not conducted a risk assessment that fully addresses cyber-related threats, vulnerabilities, and consequences. Coast Guard officials stated that they intend to conduct such an assessment in the future, but did not provide details to show how it would address cybersecurity. Until the Coast Guard completes a thorough assessment of cyber risks in the maritime environment, the ability of stakeholders to appropriately plan and allocate resources to protect ports and other maritime facilities will be limited.

Maritime security plans required by law and regulation generally did not identify or address potential cyber-related threats or vulnerabilities. This was because the guidance issued by Coast Guard for developing these plans did not require cyber elements to be addressed. Officials stated that guidance for the next set of updated plans, due for update in 2014, will include cybersecurity requirements. However, in the absence of a comprehensive risk assessment, the revised guidance may not adequately address cyber-related risks to the maritime environment.

The degree to which information-sharing mechanisms (e.g., councils) were active and shared cybersecurity-related information varied. Specifically, the Coast Guard established a government coordinating council to share information among government entities, but it is unclear to what extent this body has shared information related to cybersecurity. In addition, a sector coordinating council for sharing information among nonfederal stakeholders is no longer active, and the Coast Guard has not convinced stakeholders to reestablish it. Until the Coast Guard improves these mechanisms, maritime stakeholders in different locations are at greater risk of not being aware of, and thus not mitigating, cyber-based threats.

Under a program to provide security-related grants to ports, FEMA identified enhancing cybersecurity capabilities as a funding priority for the first time in fiscal year 2013 and has provided guidance for cybersecurity-related proposals. However, the agency has not consulted cybersecurity-related subject matter experts to inform the multi-level review of cyber-related proposals—partly because FEMA has downsized the expert panel that reviews grants. Also, because the Coast Guard has not assessed cyber-related risks in the maritime risk assessment, grant applicants and FEMA have not been able to use this information to inform funding proposals and decisions. As a result, FEMA is limited in its ability to ensure that the program is effectively addressing cyber-related risks in the maritime environment.

Why GAO Did This Study? U.S. maritime ports handle more than $1.3 trillion in cargo annually. The operations of these ports are supported by information and communication systems, which are susceptible to cyber-related threats. Failures in these systems could degrade or interrupt operations at ports, including the flow of commerce. Federal agencies—in particular DHS—and industry stakeholders have specific roles in protecting maritime facilities and ports from physical and cyber threats. GAO’s objective was to identify the extent to which DHS and other stakeholders have taken steps to address cybersecurity in the maritime port environment. GAO examined relevant laws and regulations; analyzed federal cybersecurity-related policies and plans; observed operations at three U.S. ports selected based on being a high-risk port and a leader in calls by vessel type, e.g. container; and interviewed federal and nonfederal officials.

What GAO Recommends? GAO recommends that DHS direct the Coast Guard to (1) assess cyber-related risks, (2) use this assessment to inform maritime security guidance, and (3) determine whether the sector coordinating council should be reestablished. DHS should also direct FEMA to (1) develop procedures to consult DHS cybersecurity experts for assistance in reviewing grant proposals and (2) use the results of the cyber-risk assessment to inform its grant guidance. DHS concurred with GAO’s recommendations.

Full citation:  “MARITIME CRITICAL INFRASTRUCTURE PROTECTION – DHS Needs to Better Address Port Cybersecurity”, Report to the Chairman, Committee on Commerce, Science, and Transportation, U.S. Senate, United States Government Accountability Office, June 2014.

CORE1098

Keywords: Maritime Security, Port Security, Cyber – Security, CBP U.S. – Customs and Border Protection, Coast Guard U.S., DHS-Department of Homeland Security, FEMA-Federal Emergency Management Agency, ISAC-information sharing and analysis center, IT-information technology, MTSA-Maritime Transportation Security Act of 2002, NIPP-National Infrastructure Protection Plan, AFE Port Act-Security and Accountability for Every Port Act of 2006, TSA-Transportation Security Administration

[/s2If]

Review on The Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities, Policy Paper, July 2013, Center for 21st Century Security and Intelligence (CORE1095)

Summary: In a 50-page policy paper by the Brookings Institute and authored by Commander Joseph Kramek of the U.S.Coast Guard and a Federal Executive Fellow at the institute, the current state of affairs related to vulnerabilities at our national seaports is discussed and options to shore up cyber security are presented. In the executive summary, Commander Kramek writes that today’s U.S. port facilities rely as much upon networked computer and control systems as they do upon stevedores to ensure the flow of maritime commerce that the economy, homeland, and national security depend upon. Yet, unlike other sectors of critical infrastructure, little attention has been paid to the networked systems that undergird port operations. Report is available at: http://www.brookings.edu/~/media/research/files/papers/2013/07/02%20cyber%20port%20security%20kramek/03%20cyber%20port%20security%20kramek.pdf

[s2If is_user_logged_in()]

Full review: No cybersecurity standards have been promulgated for U.S. ports, nor has the U.S. Coast Guard, the lead federal agency for maritime security, been granted cybersecurity authorities to regulate ports or other areas of maritime critical infrastructure. In the midst of this lacuna of authority is a sobering fact: according to the most recent National Intelligence Estimate (NIE) the next terrorist attack on U.S. Critical Infrastructure and Key Resources (CIKR) is just as likely to be a cyber attack as a kinetic attack.

The potential consequences of even a minimal disruption of the flow of goods in U.S. ports would be high. The zero-inventory, just-in-time delivery system that sustains the flow of U.S. commerce would grind to a halt in a matter of days; shelves at grocery stores and gas tanks at service stations would run empty. In certain ports, a cyber disruption affecting energy supplies would likely send not just a ripple but a shockwave through the U.S. and even global economy.

Given the absence of standards and authorities, this paper explores the current state of cybersecurity awareness and culture in selected U.S. port facilities. The use of the post-9/11 Port Security Grant Program (PSGP), administered by the Federal Emergency Management Agency, is also examined to see whether these monies are being used to fund cybersecurity projects.

Full citation:   The Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities, Policy Paper, July 2013, Center for 21st Century Security and Intelligence.

CORE1095

Keywords: Maritime Security, Cyber-security, Port Security Grant Program (PSGP), Port facility, Coast Guard, Maritime Transportation Security Act (MTSA).

[/s2If]