Posts

Nothing Found

Sorry, no posts matched your criteria

CORE-Observatory

MARITIME SECURITY – Progress and Challenges 10 Years after the Maritime Transportation Security Act, GAO, September 2012 (CORE1013)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: This GAO report reviews how the US government has advanced maritime security since the introduction of the Maritime Transportation Security Act (MTSA) in 2002 and what kind of challenges the Department of Homeland Security (DHS) and its component agencies have encountered in translating the Act’s requirements into practice. The report describes in detail the character, progress and future vision of main US maritime security programs, which, according to the report, fall into four domains: (1) security planning, (2) port and vessel security, (3) maritime domain awareness and information exchange and (4) international supply chain security. The report points out that the US maritime security scheme calls for further improvements in the areas of (1) program management and implementation, (2) partnerships and collaboration, (3) resources, funding, and sustainability as well as (4) performance measures.  This report describes the entire field of US maritime security, and this information is very useful for CORE demonstrations that involve shipping into, through or out of the US ports. The report is available at: http://www.gao.gov/assets/650/647999.pdf

[s2If is_user_logged_in()]

Full review: This scope of this GAO document is broad as it covers the entire US maritime security, its many themes from funding to practical initiatives and risk assessment. CORE’s demonstrations that involve US-related maritime shipping can use this document to get a comprehensive and detailed information about the status and future challenges of the US maritime security scheme. Also the CORE’s risk cluster can use this document to analyze how the US government has established a risk-based, layered security system to protect the seaborne trade and logistics from terrorism, smuggling and other criminal activities. Because of the complete description of the US maritime security scheme, the report is excellent reference material for producing training material and educational contents in the CORE training cluster.

Cross-references:

  • Maritime Security: DHS Progress and Challenges in Key Areas of Port Security. GAO-10-940T. Washington, D.C.: July 21, 2010. See pages 10-11.
  • Maritime Security: The SAFE Port Act: Status and Implementation One Year Later. GAO-08-126T. Washington, D.C.: October 30, 2007. See pages 15-19.
  • Information on Port Security in the Caribbean Basin. GAO-07-804R. Washington, D.C.: June 29, 2007.
  • Supply Chain Security: Container Security Programs Have Matured, but Uncertainty Persists over the Future of 100 Percent Scanning. GAO-12-422T. Washington, D.C.: February 7, 2012. See pages 13-14.
  • Supply Chain Security: Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers. GAO-10-12. Washington, D.C.: October 30, 2009. See pages 41-43.
  • Supply Chain Security: U.S. Customs and Border Protection Has Enhanced Its Partnership with Import Trade Sectors, but Challenges Remain in Verifying Security Practices. GAO-08-240. Washington, D.C.: April 25, 2008.

CORE1013

Additional keywords: Maritime Transportation Security Act, Secure Freight Initiative, Customs-Trade Partnership Against Terrorism (C-TPAT), Container Security Initiative (CSI), risk assessment, container screening, counter-terrorism, maritime security

[/s2If]

Vision and Strategy 2020, U.S. Customs and Border Protection Strategic Plan – Delivering safety, security, and prosperity through collaboration, innovation, and integration 2015 (CORE2010)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary

This document sets a vision of the US Customs and Border Protection (CBP), the primary border control agency present at the US borders, for year 2020. The vision builds on four general goals and associated objectives that aim to improve safety, security and prosperity of the American people. Collaboration, risk management as well as exchange and exploitation of information and intelligence are in the heart of the vision document and integral elements of its goals and objectives. The vision document is available at: http://www.cbp.gov/sites/default/files/documents/CBP-Vision-Strategy-2020.pdf

Review by Toni Männistö (CBRA)

[s2If is_user_logged_in()]

Full review

The vision’s first goal is to counter transnational terrorism and crime at and beyond the US borders. Keys to effective counter-terrorism and anti-crime efforts are understanding of threat landscape as well as interagency and international coordination on border management. The second goal is about promoting a comprehensive, whole-of-government approach to border security and management, in order to exploit complementary capabilities of various border control agencies to the fullest extent. Specific objectives underpinning this goal are “situational awareness of the air, land and maritime borders”, “detection, interdiction and disruption of illegal border activities” and “strengthening comprehensive trade enforcement. Here the key is to collect information and intelligence about trade flows and carry out risk assessment to identify and target high-risk cargo movements and facilitate low-risk traffic. Other objectives are strengthening processes to conduct out-bound enforcement and interdiction of travelers and cargo as well as advance a comprehensive, predictive targeting strategy to identify threats as early as possible.

The third goal is about enhancing the US economic competitiveness by facilitating lawful trade and travel. The goal consists of objectives that seek to reduce cost of trade and travel by streamlining customs processes. Other objectives are to harmonize procedures throughout US government agencies and to develop risk-segmentation for better facilitation of low-risk trade and travel. Agility and adaptability of the CBP organization is the fourth goal. Sub-goals, or objectives, include optimization of CBP’s organizational structure, strengthening organizational structure and advance CBP’s effectiveness through technologies and business innovations. The vision document concludes with a presentation of principles and process of risk management in the customs context.

This vision document contains lots of relevant information for many CORE work packages, especially for those that deal with US-bound supply chains (WP9, WP14 and WP17. Certainly, also work packages dealing with risk assessment and educational material benefit from this material. Altogether, revealing strategic priorities of the CBP, the document reflects the trends of customs-centric supply chain security worldwide, and this information is very valuable for CORE and its work packages.

Reference

US CBP, 2015. Vision and Strategy 2020, U.S. Customs and Border Protection Strategic Plan – Delivering safety, security, and prosperity through collaboration, innovation, and integration

CORE2010

 [/s2If]

SUPPLY CHAIN SECURITY: Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers, GAO (October 2009, CORE1066)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: The document provides a comprehensive outlook on the past and recent US initiatives on container security. The report focuses on the challenges that prevent global implementation of the 100% scanning of US-bound containers in foreign ports with both non-intrusive inspection (NII) technologies and radiation detection devices, as mandated by the SAFE Port Act and the 9/11 Acts. The 100% scanning is believed to deter and detect terrorist attempts of smuggling weapons of mass destruction (WMD) into the United States inside a cargo container. The reports dates back to late 2009, so the description of the current state of the US container security it provides is not necessarily no longer accurate. The report anticipates that the implementation of the 100% scanning requirement will be delayed due to various problems that were identified during the precursory Secure Freight Initiative (SFI) pilots. These problems are related mainly to port logistics (routing of containers through scanning sites), employee safety (radiation of screening equipment) and technical constraints (equipment failures and poor quality of scanning images). Today, we know that the US authorities have deferred the implementation already twice, first to 2014 and for the second time until 2016. Altogether, this GAO report describes in detail the challenges of the 100% scanning law and elaborates some ongoing alternative risk-based approaches to container security: (1) the strategic trade lane strategy that aims to establish 100% scanning only in high terrorist risk foreign sea ports and (2) the “10 + 2” data requirements that importers and ocean carriers must submit to the US Customs and Border Protection (CBP) prior to a container is loaded aboard a US-bound vessel so that the US authorities can calculate more precise risk for each shipping container. This report includes relevant information for all the CORE’s demonstrations that involve US-bound maritime transportation. The source document is available at: http://www.gao.gov/products/GAO-10-12.

[s2If is_user_logged_in()]

Full review: The GAO document provides interesting insights on the evolution of the US container security regulations over the years. This is useful supportive information for CORE demonstrations that involve maritime shipping of containers into the US. The GM demonstration of the WP9 for example covers exports of automobile parts from the EU into the US by transatlantic ocean transport. If the US Congress does not repeal or defer the 100% scanning requirement, the port of Felixstove that participates in the demonstration, need to start scanning also all GM’s US-bound containers. Likewise, the FALACUS demo (WP14), which is about shipping of ceramic tiles from Italy to the US, must take into consideration the possible effects of the 100% scanning requirement. This demonstration is particularly interesting from the 100% scanning requirement standpoint because some ceramic tiles are naturally radioactive, and thus they tend to trigger false alarms in the radiation controls. Also the P&G demonstrator in the WP17, that focuses on shipping of consumer goods into the US, the possible impact of the 100% scanning regulation.

Besides the demonstrations, the CORE’s risk cluster might benefit from the detailed analysis of the risk-based approaches to the US container security, such as the strategic trade lane strategy and the “10 + 2” data requirement. All demonstrations might benefit from lessons learnt how GAO has advises DHS and CBP to carry out cost-benefit analyses for the US container security programs (especially the Secure Freight Initiative).

Cross-references:

  • Combating Nuclear Smuggling: Efforts to Deploy Radiation Detection Equipment in the United States and in Other Countries. GAO-05-840T. Washington, D.C.: June 21, 2005.
  • Container Security: A Flexible Staffing Model and Minimum Equipment Requirements Would Improve Overseas Targeting and Inspection Efforts. GAO-05-557. Washington, D.C.: April 26, 2005.
  • Bakshi, N., Flynn, S. E., & Gans, N. (2011). Estimating the operational impact of container inspections at international ports. Management Science, 57(1), 1-.‐‑20.

Full citation:

U.S. Government Accountability Office (GAO), 2009. Supply Chain Security Feasibility and Cost-Benefit Analysis Would Assist DHS and Congress in Assessing and Implementing the Requirement to Scan 100 Percent of U.S.-Bound Containers.

CORE1066

Additional keywords: Ocean transportation, counter-terrorism, non-intrusive inspection

[/s2If]

Review on “MARITIME CRITICAL INFRASTRUCTURE PROTECTION – DHS Needs to Better Address Port Cybersecurity”, Report to the Chairman, Committee on Commerce, Science, and Transportation, U.S. Senate, United States Government Accountability Office, June 2014 (CORE1098)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , /by

CORE1098-Summary: Actions taken by the Department of Homeland Security (DHS) and two of its component agencies, the U.S. Coast Guard and Federal Emergency Management Agency (FEMA), as well as other federal agencies, to address cybersecurity in the maritime port environment have been limited. Report is available at: http://www.gao.gov/assets/670/663828.pdf

[s2If is_user_logged_in()]

Full review: While the Coast Guard initiated a number of activities and coordinating strategies to improve physical security in specific ports, it has not conducted a risk assessment that fully addresses cyber-related threats, vulnerabilities, and consequences. Coast Guard officials stated that they intend to conduct such an assessment in the future, but did not provide details to show how it would address cybersecurity. Until the Coast Guard completes a thorough assessment of cyber risks in the maritime environment, the ability of stakeholders to appropriately plan and allocate resources to protect ports and other maritime facilities will be limited.

Maritime security plans required by law and regulation generally did not identify or address potential cyber-related threats or vulnerabilities. This was because the guidance issued by Coast Guard for developing these plans did not require cyber elements to be addressed. Officials stated that guidance for the next set of updated plans, due for update in 2014, will include cybersecurity requirements. However, in the absence of a comprehensive risk assessment, the revised guidance may not adequately address cyber-related risks to the maritime environment.

The degree to which information-sharing mechanisms (e.g., councils) were active and shared cybersecurity-related information varied. Specifically, the Coast Guard established a government coordinating council to share information among government entities, but it is unclear to what extent this body has shared information related to cybersecurity. In addition, a sector coordinating council for sharing information among nonfederal stakeholders is no longer active, and the Coast Guard has not convinced stakeholders to reestablish it. Until the Coast Guard improves these mechanisms, maritime stakeholders in different locations are at greater risk of not being aware of, and thus not mitigating, cyber-based threats.

Under a program to provide security-related grants to ports, FEMA identified enhancing cybersecurity capabilities as a funding priority for the first time in fiscal year 2013 and has provided guidance for cybersecurity-related proposals. However, the agency has not consulted cybersecurity-related subject matter experts to inform the multi-level review of cyber-related proposals—partly because FEMA has downsized the expert panel that reviews grants. Also, because the Coast Guard has not assessed cyber-related risks in the maritime risk assessment, grant applicants and FEMA have not been able to use this information to inform funding proposals and decisions. As a result, FEMA is limited in its ability to ensure that the program is effectively addressing cyber-related risks in the maritime environment.

Why GAO Did This Study? U.S. maritime ports handle more than $1.3 trillion in cargo annually. The operations of these ports are supported by information and communication systems, which are susceptible to cyber-related threats. Failures in these systems could degrade or interrupt operations at ports, including the flow of commerce. Federal agencies—in particular DHS—and industry stakeholders have specific roles in protecting maritime facilities and ports from physical and cyber threats. GAO’s objective was to identify the extent to which DHS and other stakeholders have taken steps to address cybersecurity in the maritime port environment. GAO examined relevant laws and regulations; analyzed federal cybersecurity-related policies and plans; observed operations at three U.S. ports selected based on being a high-risk port and a leader in calls by vessel type, e.g. container; and interviewed federal and nonfederal officials.

What GAO Recommends? GAO recommends that DHS direct the Coast Guard to (1) assess cyber-related risks, (2) use this assessment to inform maritime security guidance, and (3) determine whether the sector coordinating council should be reestablished. DHS should also direct FEMA to (1) develop procedures to consult DHS cybersecurity experts for assistance in reviewing grant proposals and (2) use the results of the cyber-risk assessment to inform its grant guidance. DHS concurred with GAO’s recommendations.

Full citation:  “MARITIME CRITICAL INFRASTRUCTURE PROTECTION – DHS Needs to Better Address Port Cybersecurity”, Report to the Chairman, Committee on Commerce, Science, and Transportation, U.S. Senate, United States Government Accountability Office, June 2014.

CORE1098

Keywords: Maritime Security, Port Security, Cyber – Security, CBP U.S. – Customs and Border Protection, Coast Guard U.S., DHS-Department of Homeland Security, FEMA-Federal Emergency Management Agency, ISAC-information sharing and analysis center, IT-information technology, MTSA-Maritime Transportation Security Act of 2002, NIPP-National Infrastructure Protection Plan, AFE Port Act-Security and Accountability for Every Port Act of 2006, TSA-Transportation Security Administration

[/s2If]

Review on The Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities, Policy Paper, July 2013, Center for 21st Century Security and Intelligence (CORE1095)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary: In a 50-page policy paper by the Brookings Institute and authored by Commander Joseph Kramek of the U.S.Coast Guard and a Federal Executive Fellow at the institute, the current state of affairs related to vulnerabilities at our national seaports is discussed and options to shore up cyber security are presented. In the executive summary, Commander Kramek writes that today’s U.S. port facilities rely as much upon networked computer and control systems as they do upon stevedores to ensure the flow of maritime commerce that the economy, homeland, and national security depend upon. Yet, unlike other sectors of critical infrastructure, little attention has been paid to the networked systems that undergird port operations. Report is available at: http://www.brookings.edu/~/media/research/files/papers/2013/07/02%20cyber%20port%20security%20kramek/03%20cyber%20port%20security%20kramek.pdf

[s2If is_user_logged_in()]

Full review: No cybersecurity standards have been promulgated for U.S. ports, nor has the U.S. Coast Guard, the lead federal agency for maritime security, been granted cybersecurity authorities to regulate ports or other areas of maritime critical infrastructure. In the midst of this lacuna of authority is a sobering fact: according to the most recent National Intelligence Estimate (NIE) the next terrorist attack on U.S. Critical Infrastructure and Key Resources (CIKR) is just as likely to be a cyber attack as a kinetic attack.

The potential consequences of even a minimal disruption of the flow of goods in U.S. ports would be high. The zero-inventory, just-in-time delivery system that sustains the flow of U.S. commerce would grind to a halt in a matter of days; shelves at grocery stores and gas tanks at service stations would run empty. In certain ports, a cyber disruption affecting energy supplies would likely send not just a ripple but a shockwave through the U.S. and even global economy.

Given the absence of standards and authorities, this paper explores the current state of cybersecurity awareness and culture in selected U.S. port facilities. The use of the post-9/11 Port Security Grant Program (PSGP), administered by the Federal Emergency Management Agency, is also examined to see whether these monies are being used to fund cybersecurity projects.

Full citation:   The Critical Infrastructure Gap: U.S. Port Facilities and Cyber Vulnerabilities, Policy Paper, July 2013, Center for 21st Century Security and Intelligence.

CORE1095

Keywords: Maritime Security, Cyber-security, Port Security Grant Program (PSGP), Port facility, Coast Guard, Maritime Transportation Security Act (MTSA).

[/s2If]

Introduction to Supply Chain Management (CASSANDRA Compendium Chapter 2, CORE2007a)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , , /by

Summary

The second chapter of the CASSANDRA compendium gives a general outlook on the theory and practice of modern supply chain management. Written in lay-man’s language, the text explains a broad range of strategies for managing supply chains, from lean management to agile and responsive logistics. The chapter also defines fundamental supply chain terminology and discusses current trends in the logistics, including synchromodality, use of 4PL logistics service providers, and green logistics. The chapter introduces several supply chain reference frameworks that illustrate a series of interdependent activities and stakeholders involved in the international transport of cargo. The CASSANDRA compendium is available for download here.

Review by Toni Männistö (CBRA)

[s2If is_user_logged_in()]

Full review

The compendium summarizes the SCOR and UN/CEFACT supply chain models, that may be the two most used logistics reference frameworks in the world. The document also discusses less known academic conceptual models that seek to simplify the complexity of supply chain management by categorizing and explaining management strategies, activities, stakeholders and their roles and responsibilities. The section on the future trends in logistics offers a great outlook on the most likely changes and driving forces in the logistics industry. The outlook suggests that for example synchromodality (increased flexibility in transport mode selection), green logistics (less emissions), use of 4PL logistics service providers (outsourced supply chain management), and continuously increasing ship and port sizes will reshape the cross-border logistics over the years. The document also explains key CASSANDRA concepts and their impacts on international supply chain management. For instance, the Data Pipeline, a pivotal CASSANDRA concept, seeks to enhance sharing of information across supply chain stakeholders, in particularly from business operators to customs and other border control authorities. Most importantly, the Data Pipeline would allow customs officers to access commercial information, that normally is exchanged only between buyers and sellers, early in the upstream supply chain at the consignment completion point (CCP). This accurate, early commercial information would enable the customs and other border control agencies to assess security and other risks of cargo early on.

All in all, the document provides a crash refresher course on basic and advanced logistics terminology that would be beneficial for many the CORE consortium, especially for those partners whose expertise is mainly outside the logistics industry. The CORE demonstrators benefit from descriptions of CASSANDRA innovations that support information exchange and improve visibility across the supply chain. The demos might choose to reuse some of these CASSANDRA innovations or their components. The CASSANDRA compendium also contains a great deal of material that could be reused for education and training purposes in CORE (WP19). Finally, the chapter concludes with recommendations that are relevant also for CORE. The chapter recommends, for example, that because of broad variety of international supply chains, CASSANDRA solutions should be adaptable for different contexts.

Reference

Hintsa, J. and Uronen, K. (Eds.) (2012), “Common assessment and analysis of risk in global supply chains “, Compendium of FP7-project CASSANDRA, Chapter 2

CORE2007

[/s2If]

IT-enabled Resilient, Seamless and Secure Global Supply Chains: Introduction, Overview and Research Topics, Lecture Notes in Computer Science, by Klievink, B., Zomer, G., 2015 (CORE2003)

/0 Comments/in , , , , , , , , , , , , , , , , , , , , /by

Summary: How does IT innovation contribute towards development of secure, resilient and integrated international supply chains? This is the question that Bram and Zomer seek to address by examining research agendas of a set of past and present European supply chain projects. In their research paper, these authors identify three main areas of innovation – technology, supply chain risk concepts and collaboration and supervision concepts – that lead the way towards higher uptake of new IT technologies and services in the global supply chains. The authors argue that developers of modern IT-enabled supply chains should pay more regard on non-technical challenges that often hinder adoption of modern IT solutions. The study also introduces and discusses five research papers that will be presented at the fourth Workshop on IT-enabled Resilient, Seamless and Secure Global Supply Chains, WITNESS 2015. The full paper will be available in public domain by fall 2016.

[s2If is_user_logged_in()]

Full review: The paper provides a comprehensive outlook on innovation agendas that present EU 7th framework supply chain projects follow. The study summarises CORE’s innovation goals and clarifies definitions and purposes of CORE key concepts such as the system-based supervision, supply chain resiliency and advanced data capture and sharing mechanisms. Therefore, the paper strengthens the conceptual basis of the CORE’s IT and risk management clusters. The CORE demonstrations will benefit from the paper indirectly if the IT and risk clusters refine the paper’s ideas and findings into applicable concepts that could be implemented in the demonstrations. The paper highlights three main areas of innovation that will likely improve security, resiliency and efficiency of the global supply in the future:

Technological innovation – The technological innovation focuses largely on IT-enabled capture and sharing of data among operators who are involved in end-to-end supply chains. Timely sharing of relevant and quality data is believed to support secure and efficient supply chain management because such data helps supply chain actors to detect faster logistics contingencies and disruptions and react to them. The higher data availability also supports use of modern sensor, track & trace and cargo screening technologies. For example, better information about cargo flows allow customs administrations to focus their screening activities on high-risk cargo.

Risk concepts – The data availability leads to higher visibility over the supply chain and empowers supply chain actors to regain control over cargo. The increased control helps the supply chain actors to detect faster to operational contingencies and disruptions.

Collaboration and supervision models – Risk-based approach to customs inspections is a departure from the 100% screening philosophy, under which every single shipment faces inspection. The modern risk-based approach disrupts less cross-border trade and commerce than the 100% screening because customs (and other border control agencies) select only a percentage of shipments, those that represent the highest risk, to inspection. Another new concept is system-based supervision, an approach that seeks to assess traders’ internal controls of customs compliance rather than conducting transaction-driven

Reference: Klievink, B., Zomer, G., 2015. IT-enabled Resilient, Seamless and Secure Global Supply Chains: Introduction, Overview and Research Topics, Lecture Notes in Computer Science (pp. 443-453)

CORE2003

[/s2If]

Review of Building Resilience in Supply Chains (CORE1055)

/0 Comments/in /by

Summary: Review on Building Resilience in Supply Chains – An Initiative of the Risk Response Network – In collaboration with Accenture – World Economic Forum. The report broadens the view of resilient supply chains away from pure trucking towards taking all available transport modes into account. Additional relevance is given by building partnerships of private companies and creating strategic transport orientation in normal times and to be executed in harsh times. The views given are from large industry and insurers point of view thus serve as hints to SMEs. Demo-WPs concerned with resilience should have the ideas in mind in order to follow the worlds to forum and on the other side identified lacks (of focus on consumers of goods) should be avoided in CORE demonstration layouts.  Coding in CORE e-library is CORE1055. Source file at: http://www3.weforum.org/docs/WEF_RRN_MO_BuildingResilienceSupplyChains_Report_2013.pdf
Read more

Interviews

Nothing Found

Sorry, no posts matched your criteria