Scrutinizing Supply Chain Security
New approaches, mandates, and technologies are key links in the quest for global supply chain security. Here’s an inside look at what the logistics sector is doing to root out hidden threats.
In the decade that has passed since the terrorist attacks of Sept. 11, 2001, security has taken on an increasingly more significant role in the global supply chain. What was an afterthought to getting goods to the right place at the right time is now a crucial aspect of supply chain management around the globe. Manufacturing, transporting, and delivering goods safely and securely is as important—and as complex—as it has ever been. And in 2012, the focus on supply chain security will remain top of mind, experts predict.
Ports Need Funding to Continue Fighting Threats
Physical Security: High-Tech or Old Reliable?
Despite tremendous progress, very real threats to global supply chain security remain, says Walt Beadling, managing partner of The Cargo Security Alliance, a security organization that helps supply chains mitigate risk and optimize global cargo flow.
“The air transportation system has clearly been the mode of choice for terrorists, so air cargo specifically is a concern,” says Beadling, citing Sept. 11; the so-called underwear bomber incident; and the parcel bombs that were sent from Yemen on UPS and FedEx planes in 2010.
Air cargo is vulnerable to a number of potential terrorist actions, Beadling explains. For example, a bomb placed in cargo carried on a passenger plane could lead to a mass-casualty event; while a stowaway in a cargo freighter could hijack the plane and use it as a weapon.
When it comes to ocean cargo, nuclear bombs, radioactive materials and explosives, weapons, or even terrorist operatives can be concealed in marine containers. These threats could cause mass casualties, severe material and infrastructure damage, and economic harm from subsequent port closures.
In addition to the actual threats, many factors make global supply chains complex and challenging to secure. The speed at which today’s supply chains operate, for example, can be difficult to reconcile with security measures.
Many Challenges, Many Players
“The supply chain often operates in a compressed time window, and that focus on speed can make it difficult to ensure workers are following security procedures, and not cutting corners,” says Jim Percival, vice president of compliance at Damco, a global logistics and freight forwarding company.
“Any time someone rushes, processes can break down—whether it’s a trucker who doesn’t properly verify an original seal is on a container; vendors at origin not loading cargo as securely as possible; or an ocean carrier struggling to get all the containers on a vessel before it departs,” he notes.
And, because supply chains today are often so long and fragmented, it can also be difficult to ensure security is treated with the same urgency by every party in the process.
“Goods are passed from provider to provider: a vendor books a container and gives it to a trucker, who delivers it to an ocean carrier,” Percival explains. “Then the goods are put on a ship and discharged at a terminal, where they are released to a trucker or intermodal carrier, then delivered to an importer.
“Seven or eight touches can easily occur during transportation,” he notes. “Everyone involved in that process must be diligent and take security seriously, while they are also rushing to deliver the goods on time.”
Government Focus Looms Large
In addition, the United States has only limited control over how security processes and procedures are carried out in other countries. Given the global nature of most companies’ supply chains today, this limitation carries inherent vulnerabilities and difficulties.
“Harmonizing global security practices and protocols around the world is a major challenge,” Beadling notes.
That challenge—and its impact on business operations—is felt keenly by many supply chain players, including global air cargo carriers.
“Governments around the world maintain various security measures, which segments our processes and causes repetition throughout the supply chain,” says James LoBello, Lufthansa Cargo’s head of security for the Americas. “Assessing all the local regulatory requirements and examining each shipment to determine how best to fulfill security procedures are two of the most difficult challenges we face today.”
Consider a shipment that originates in Asia, connects through a hub in Europe, and is destined for the United States. “To be in compliance and properly secure that freight, we have to examine the government requirements of each country within Asia and the European Union, then layer those with the U.S. requirements,” LoBello explains.
For Lufthansa, this increased focus on global security compliance has meant investing in technology, customer service, and “boots on the ground,” LoBello says.
“We’ve had to dedicate additional technology and personnel resources— including more screeners and security personnel, and additional staff at the corporate level to interpret the laws and develop instructions for workers in the field,” he notes.
“Also, we now host annual security conferences to bring regulatory changes and discussion points to center stage for our shippers, forwarders, and business partners,” LoBello adds.
The good news is that governments around the globe are warming up to the idea of mutual recognition of supply chain security programs—bilateral understandings between two Customs administrations that indicate the security requirements or standards of each country are the same or similar.
The United States and the European Union, for example, recently agreed to mutual recognition of their respective voluntary supply chain security programs, U.S. Customs and Border Protection’s (CBP) Customs-Trade Partnership Against Terrorism (C-TPAT), and the EU Authorized Economic Operator program.
Other countries will likely follow suit. “Governments are starting to realize that security is not a one-size-fits-all concept,” LoBello notes. “As long as the supply chain is being secured, the approach and the regulations don’t have to be exactly the same.”
Not surprisingly, these types of government security programs, regulations, and mandates have been the primary driver of supply chain security initiatives around the globe.
Celebrating C-TPAT
In the United States, C-TPAT—which celebrates its 10-year anniversary in March 2012—has been the most influential initiative. The voluntary government-business program is aimed at building cooperative relationships to strengthen and improve overall supply chain security. It has helped bring shippers, the government, and supply chain service providers together in the name of security; and has increased the focus on security’s importance throughout the entire supply chain.
Membership in C-TPAT has become a stamp of approval for supply chain service providers, says Howard Finkel, executive vice president, trade division for global ocean carrier COSCO Container Lines. “We work very closely with our shipper partners in C-TPAT who, like us, strive to make sure the supply chain is secure.
“Many major shippers demand that their carriers be C-TPAT-certified, and include clauses in their contracts that void agreements if a carrier loses its C-TPAT certification.”
As a C-TPAT member, COSCO also works closely with CBP. The agency, for example, recently asked COSCO to trace a few sample shipments and provide a detailed analysis of the measures it took to secure them.
“CBP wanted us to ensure every part of the supply chain was secure, so we started where the cargo was manufactured, and traced every step of the shipment from there,” Finkel says. “It was a great exercise, and we decided to repeat it internally every month.”
COSCO now picks two random shipments monthly and assigns its overseas offices to investigate each part of the move.
“We ask them to find out the manufacturer, trucking company, and warehouse involved, as well as gather information about the people who loaded the vessel, and the service providers’ hiring procedures,” Finkel says. “We’re ensuring that every part of the supply chain we are involved in has security measures in place.”
New Mandates and Measures
While C-TPAT has been largely responsible for kick-starting the global supply chain security dialog and initial actions, newer programs and mandates are also having an impact.
Under the Transportation Security Administration’s (TSA) Certified Cargo Screening Program (CCSP), for example, 100 percent of air cargo carried outbound from the United States on passenger plans must now be screened at the piece level. (CCSP does not currently apply to air cargo coming into the United States on passenger planes, however. TSA recently pushed back its Dec. 31, 2011, deadline for 100-percent screening on U.S.-bound cargo, and had not set a new date as of press time.)
CCSP has been in effect since August 2010, and represents a supply chain-based approach to security that the industry has applauded. Because screening all air cargo at airports would cause extensive delays, CCSP enables freight forwarders and shippers to pre-screen cargo prior to arrival at the airport.
“Pushing security responsibility down the supply chain to shippers or intermediaries is an innovative idea,” notes Beadling. “CCSP marks the first time a supply chain-security approach has been attempted from the top down across a complex trading community.”
“Engaging forwarders and shippers to take on part of the security screening role and tender secure cargo to carriers helps alleviate bottlenecks at the airport,” adds Lufthansa’s LoBello. “This partnership approach within the supply chain seems to be the best model for security measures.”
The TSA’s ideal model is for shippers, forwarders, and air carriers to equally share responsibility for screening cargo, but carriers and freight forwarders have completed most of the screening requirements.
“Ultimately, the onus falls on the carrier to ensure everything is in order before it accepts and brings freight into its facilities—regardless of who completes the screening,” LoBello notes. “We cross-check to ensure the CCSP process has been completed and the cargo is secure.”
Shippers have not been as active in the program as the TSA expected—except in industries shipping sensitive, high-value goods, such as pharmaceuticals and fine art. For some smaller shippers, the screening responsibility, along with the investments and training required to meet the mandate, may simply be too onerous.
They may also be challenged to absorb the costs of screening. “When shippers price their products, they may not know there is a screening cost associated with transportation,” notes Damco’s Percival. “That expense can cut into their margins.”
But complying with the TSA regulation has not been as difficult for carriers as many originally thought. While LoBello admits that Lufthansa “set aside considerable resources for the mandate”—including investments in extensive training and technology equipment at airports—the company was able to meet the mandate ahead of schedule. “The process is just business as usual now,” he says.
Business as usual may soon include more of the risk-based programs that the industry believes are the best approach to air cargo security. CBP and TSA have joined forces to conduct pilots of a risk-based program called Air Cargo Advanced Screening (ACAS).
The program encourages cargo carriers to electronically provide shipment-level data for air cargo bound for the United States prior to loading the cargo at the last point of departure before it enters the United States.
Providing this information early enables TSA to target and inspect high-risk cargo at the point of departure.
“The ACAS initiative is promising because it advocates a risk-based approach, and promotes improved information sharing among trading partners and carriers,” notes Beadling.
“Industry has promoted pre-vetting information and risk-categorizing cargo to apply measures at certain points within the supply chain, based on risk criteria,” adds LoBello. “This approach will ensure we put our valuable resources in the right spot.”
Making Waves in Ocean Cargo Security
This risk-based approach has worked well for ocean cargo security, in the form of CBP’s Importer Security Filing (ISF) program, more commonly known as 10+2. Put into full effect in January 2010, the 10+2 initiative requires importers/exporters and ocean carriers to provide advanced trade data for all non-bulk ocean cargo shipments arriving into the United States. The ISF program has helped CBP identify high-risk shipments in order to prevent smuggling and ensure cargo safety and security.
“The fact that Customs now gets critical shipment data 24 hours before a vessel sails enables the agency to perform data-based research and decide what cargo to inspect on arrival, based on risk factors,” Percival explains.
Like other post-Sept. 11 federal security regulations, complying with 10+2 created headaches for some ocean carriers and forwarders, but Percival believes the efforts are worth it.
“Completing all the IT mapping and programming necessary to adhere to the regulation requires considerable effort,” he says. “Because so much of the data comes from vendors, we have to work closely with the global vendor community. Receiving shipment data earlier in the process is a tangible security enhancement, however.”
Another high-profile ocean cargo security issue is the continuing battle over 100-percent scanning of U.S.-bound ocean containers. It has been an ongoing, divisive, and partisan issue in Congress since it was first proposed as part of the Sept. 11 Report Implementation Act. An original deadline for requiring overseas scanning of all containerized cargo coming into the United States was set for July 2012, but it has been pushed back to 2014.
While scanning every container may make sense for security purposes, supply chain players doubt the feasibility of that plan, and advocate a more risk-based approach.
Pilot programs have shown that 100-percent scanning is possible at smaller ports, but would cause extensive delays at busier port centers. “There isn’t enough available land, real estate, or equipment to examine every container,” says Percival.
Another aspect of the scanning debate centers on scanning and screening technology. Many argue that today’s technology is not up to the 100-percent screening challenge.
“If we had to check every container with the technology available today, we’d bring trade to a screeching halt,” says COSCO’s Finkel.
Using Technology to Tackle Security
Screening technologies seem to be improving, however. Technology companies are developing advanced techniques that are faster and offer more detailed data, notes Joseph Lawless, chairman of the AAPA Security Committee and director of maritime security for the Massachusetts Port Authority.
One Boston area company, for instance, has developed a scanning technology that breaks down every item in a cargo container and provides the makeup of the cargo within.
Cooperation among supply chain security partners—along with active data exchange, proper funding for security initiatives, and effective technologies—are all needed to secure the global supply chain.
“The technology reports the exact components and elements of steel, for example, to differentiate between the different types,” Lawless explains. “That’s the granular detail level the technology will achieve when it is perfected.
“This tool could become a game changer for screening, allowing security personnel to accurately identify a container’s contents,” he adds. “It could also help assess customs duties, and provide quality control for vendors and buyers.”
Ports around the country are actively offering their facilities to test these types of advanced scanning technologies. “We are also looking at emerging optics and intelligent video technologies, and new advancements to improve nuclear, chemical, biological, and radiation detection,” Lawless says.
“We must ensure these technologies don’t delay processes, however,” he adds. “U.S. ports want to facilitate commerce, and to do that, we need to have the best, fastest, most accurate screening and security technologies.”
Ultimately, though, technology alone will not be the solution. Cooperation among the gamut of supply chain security partners—shippers, intermediaries, carriers, ports, and government agencies—along with the active exchange of crucial information, proper funding for security initiatives, and the development of effective technologies, are all needed to secure the global supply chain.
Ports Need Funding to Continue Fighting Threats
As the gateway for a large portion of global trade into the United States, ports play a crucial role in securing the supply chain. Today, they are challenged with reconciling economic realities with the ongoing fight against supply chain threats.
“Our biggest concern right now is funding,” says Susan Monteverde, vice president of government relations for the American Association of Port Authorities (AAPA). That’s because Congress has cut the Port Security Grant (PSG) program—which provides funding for maritime transportation infrastructure security activities—by 40 percent as a result of bundling PSG in with other homeland security programs.
“Since Sept. 11, Congress has allocated roughly $2.6 billion for the PSG program,” she says. “We’ve been thankful for that, but we need that funding to continue.” Roughly 75 percent of the PSG money is allocated for port security equipment, while the rest is spent on a mix of training and safety exercises, planning, technology, and operational needs.
Many security technologies and measures put in place at ports over the past 10 years are rapidly approaching the end of their shelf life. “The funds that were made available to us before seem to be ebbing,” says Joe Lawless, chairman of the AAPA Security Committee. “Without continued funding, it will be a struggle to sustain port security improvements.”
Despite funding concerns, ports are still making strides to boost security and safety in their facilities. Collaboration and information-sharing is a major component of their strategy. “We work closely with the Department of Homeland Security, the FBI, and the Coast Guard to stay informed,” Lawless says. “The walls have come down among our agencies, and the real-time information we receive improves our decision-making.”
Teamed Up to Address Challenges
At the Port of Boston, Lawless conducts a weekly meeting to discuss security issues, developments, and initiatives. Port police, Massachusetts state police, Boston police, the FBI, Coast Guard Investigative Service, CBP, and area industry executives attend to review events from the previous week and prepare for upcoming security challenges.
U.S. ports will continue working together to fight for funding to ensure that security remains a top priority at all port facilities. “America’s ports are part of our international borders and support more than 13 million jobs,” Monteverde says. “Seaport security is critical for both national security and the economy.”
Physical Security: High-Tech or Old Reliable?
Two schools of thought govern securing cargo traveling by air or ocean transportation: attack the problem with technology, or go with a keep-it-simple approach.
Myriad screening technologies, devices, and radio frequency identification (RFID) initiatives have come and gone, with varying degrees of success. Currently, there is no silver-bullet technology that unfailingly protects shipments from theft or tampering, says Erik Hoffer, security consultant with CGM-NV, a manufacturer of cargo security products. Technologies such as RFID may be vulnerable to several problems.
“You cannot reliably get an RF signal out of a metal enclosure for any distance,” Hoffer says. “Also, no dependable infrastructure exists to support RFID. And everyone operates on different frequencies.
“There are also issues of cost, responsibility for monitoring RFID tags and seals, battery life, device ownership and liability, and compromising factors, such as thieves reading the contents of an open RFID format device,” he adds.
In addition, RFID is vulnerable to straightforward physical attack. “If a thief removes the device and simply leaves it where it is, the operating system will never report movement,” he explains.
Hoffer also questions whether RFID tags have the durability to stand up to frequent handling within the shipping process.
“Add up all those factors and RFID is not a viable platform,” he says. “A better approach would prevent theft mechanically through physical and visual deterrents, and enhance transportation security.”
Hoffer recommends devices such as tamper-evident seals and tape that make it apparent if a container or box has been infiltrated.
“These products will keep a thief from getting into the container or box, but if a seal or tape is missing, torn, or voided when cargo arrives, it’s an anomaly that is visually obvious,” he explains. “This awareness keeps shippers from signing for goods that might be missing, tainted, or infiltrated with some sort of device.”
Security Devices of the Future
For those who favor the high-tech approach, Georgia Tech Research Institute (GTRI), recently developed two promising cargo container security systems in concert with the Department of Homeland Security.
The Container Security Device (CSD)—a small, inexpensive system that detects unauthorized door opening or removal on ISO marine containers—and the Composite Container Security System, a lightweight sensor grid that will be incorporated within the walls, doors, and floors of a new type of hybrid composite shipping container being developed by the University of Maine.
“The CSD is designed so that if a container door is opened, it triggers an alarm that alerts authorities and informs them when and how long the door was opened,” explains Gisele Bennett, director of GTRI’s Electro-Optical Systems Laboratory. The product has been tested by Sandia National Labs, and performed successfully in several pilots in which containers were shipped from a factory in China to a distribution center in Georgia.
What makes CSD unique? “Many existing systems are easily defeated, and don’t stand up well to harsh shipping environments,” Bennett explains. “Our requirement for CSD is a high probability of detection and a low probability of false alarms.”
GTRI has used the same high-detection/low-false alarm requirements for its Secure Hybrid Composite Container Security System. The system—which will be placed within hybrid composite containers—detects breaches in the container, and can detect a three-inch or larger hole. It will be used in concert with the CSD to report breaches to the outside world. Together, the two devices will provide useful information if a thief tries to either open or cut a hole in an ocean shipping container.
Ultimately, it will be up to the shipping industry to decide whether to embrace high-tech solutions like these or go the more traditional route.