Global Logistics: Cargo security and fine print

Since the tragic day of September 11, 2001, our nation’s airports and seaports have been partners with the federal government and local communities in developing and implementing comprehensive security programs. Unfortunately, not all the proposed solutions have been practical or enforceable. Shippers are now clamoring for clarity.

“Safe and secure seaports are fundamental to protecting our borders and moving goods,” says Kurt Nagle, president of the American Association of Port Authorities (AAPA). “But there have been some significant problems with concepts that are simply too expensive and unwieldy.”

Container scanning is without a doubt the most outstanding example of this state of affairs, affirms Nagle. He joined 70 other shipping organization leaders in writing a letter of objection to U.S. Secretary of Homeland Security Jeh Johnson last month in an effort to postpone enactment indefinitely.

The Safe Port Act passed by Congress seven years ago mandates that all maritime containers being shipped to the U.S. must be scanned by non-intrusive inspection devices and radiation portal monitors at the foreign port prior to departure. The original goal for implementation of this requirement was July 1, 2012. However, the Department of Homeland Security (DHS) invoked a two-year waiver citing lack of resources and technology. 

In 2009, then DHS Secretary Janet Napolitano told a Senate Committee that a pilot program designed to test the feasibility of 100 percent scanning had revealed several serious problems including infrastructure, lack of technology, and expense. At that time, DHS estimated that deploying scanning equipment would cost approximately $8 million per lane for the more than 2,100 shipping lanes at the more than 700 ports around the world that ship to the U.S.

Johnson now maintains that the objective is “highly improbable, hugely expensive, and bound to impair trade.”

Meanwhile, DHS will continue to use and improve existing programs and policies to ensure the veracity of inbound ocean containers.

These include the Container Security Initiative (CSI), which identifies and screens high-risk containers and is operational at nearly 60 ports around the world that handle about 80 percent of the maritime cargo containers destined for the U.S. DHS says that it will also refine its targeting algorithms and process to better monitor high-risk containers and cut the number of “false positives.”

Layered approach
At the same time, the AAPA continues to work with DHS on implementing the Transportation Worker Identification Credential (TWIC) program, including monitoring and commenting on U.S. Coast Guard (USCG) regulations for facility compliance with TWIC. AAPA would like to see a TWIC rule finalized.

“We have concerns with the USCG’s proposed TWIC reader rule for several reasons,” says Nagle. “These include the criteria used for determining which ports are subject to the reader requirement, the inflexibility of the risk analysis methodology, and the lack of tailoring reader requirements for the individual circumstances of each port or facility. Most facilities under the proposal rule would not require a TWIC.”

The question then becomes why have such a costly card that few will use other than as a flash pass? AAPA believes more robust use of card readers would result in increased security.

“The current proposal only requires facilities that handle certain dangerous cargos to use readers,” says Nagle. “AAPA believes that the requirement for readers is too narrow. In the meantime, the delay in the final USCG regulations related to TWIC reader requirements has resulted in reprogramming of some TWIC grants to other priorities.”

Nagle adds emphatically that once the new rules are finalized, DHS should make TWIC grants a priority. Security analysts agree that this “priority” makes sense when “layering of risk” is properly employed.

This methodology consists of flexible methods like CSI and Importer Security Filing (ISF), or more commonly called “10+2.” This requires shippers to provide containerized cargo information to be transmitted to the agency at least 24 hours before departure.

Finally, there’s Customs-Trade Partnership Against Terrorism (C-TPAT), a voluntary supply chain security program led by U.S. Customs and Border Protection (CBP). Certification allows shippers to be considered low risk, resulting in expedited processing of their cargo, including fewer Customs examinations.

Cyber concerns
U.S. maritime ports handle more than $1.3 trillion in cargo annually. The operations of these ports are supported by information and communication systems that are, of course, susceptible to cyber-related threats.

Failures in these systems could degrade or interrupt operations at ports, including the flow of commerce. Federal agencies—in particular the DHS—and industry stakeholders have specific roles in protecting maritime facilities and ports from physical and cyber threats. However, officials at the U.S. Government Accountability Office (GAO) say more has to be done.

Actions taken by two of DHS’ component agencies, the U.S. Coast Guard and Federal Emergency Management Agency (FEMA), as well as other federal agencies, to address cyber security in the maritime port environment have been limited. While the Coast Guard initiated a number of activities and coordinating strategies to improve physical security in specific ports, it has not conducted a risk assessment that fully addresses cyber-related threats, vulnerabilities, and consequences, says GAO.

Meanwhile, Coast Guard officials insist that they intend to conduct such an assessment in the future, but have yet to provide details to show how it would address cyber security. Until the Coast Guard completes a thorough assessment of cyber risks in the maritime environment, the ability of stakeholders to appropriately plan and allocate resources to protect ports and other maritime facilities will be limited.

Maritime security plans required by law and regulation generally did not identify or address potential cyber-related threats or vulnerabilities. This was because the guidance issued by Coast Guard for developing these plans did not require cyber elements to be addressed.

Officials stated that guidance for the next set of updated plans, due for update in 2014, will include cyber security requirements. However, in the absence of a comprehensive risk assessment, the revised guidance may not adequately address cyber-related risks to the maritime environment.

GAO now recommends that DHS direct the Coast Guard to assess cyber-related risks; use this assessment to inform maritime security guidance; and determine whether the sector coordinating council should be reestablished. GAO also suggests that DHS should direct FEMA to develop procedures to consult DHS cyber security experts for assistance in reviewing grant proposals and use the results of the cyber-risk assessment to inform its grant guidance.

Fortunately, DHS concurs with GAO’s conclusions, and is working with the shipping community to address this growing concern.

Air risk assessment
A coalition of associations representing airfreight forwarding companies is calling on the federal government to solicit input from small- and medium-sized forwarders before expanding the Air Cargo Advanced Screening (ACAS) program.

The program, which analyzes advance data on inbound air shipments to the U.S. to assess risk, is currently in pilot phase, but CBP has signaled that they intend to expand it to apply to all inbound air cargo via a rulemaking.

The Airforwarders Association (AfA), the National Customs Brokers and Forwarders Association of America (NCBFAA), The International Air Cargo Association (TIACA), and the Express Delivery and Logistics Association (XLA) have jointly sent letters to CBP and the Transportation Security Administration (TSA) noting their support of the concept of the ACAS program’s risk-based analysis at the shipment level, but emphasize that “we are concerned about certain issues which we feel have not yet been fully resolved within the ACAS pilot.”

Brandon Fried, AfA’s president, says that all of the groups endorse the enhanced security initiatives, but wish “to have their voices heard” before implementation. “We’ve been telling our members for some time that this issue can be a real security enhancement if it’s done right,” he says.

In addition to detailing issues regarding potential negative impacts on small- and medium-sized air forwarding businesses, the letters included requests to meet with both agencies and representatives from air carriers to discuss the concerns and try to resolve them.

The four associations—representing non-asset companies that arrange for the shipment of goods by air—are concerned that the ACAS pilot program has involved only a handful of forwarders, mostly larger operations that already have integrated supply chains and an overseas infrastructure.

Their letters emphasized that the pilot has not included smaller forwarding companies “that rely on an extensive network of independent agents at overseas airports” and for whom “the size and scope of their technology infrastructure…varies widely.”

Accordingly, the groups call for more work to be done to determine how the ACAS program will be applied to small- and medium-sized forwarders before they’re brought under its requirements. Furthermore, say these freight intermediaries, the ACAS rule should maintain a level playing field for all filers. “No requirement should create an unfair competitive business advantage for one filer over another,” says Fried.

The groups point to other issues of concern, including that ACAS may not take into account variances among U.S. trading partners in the applicability and procedures of their own screening programs, most notably that not all countries of origination allow forwarders to screen cargo.

On this issue, forwarders say that it’s important for ACAS to clarify what the process and verification procedures will be when an ACAS dual-filing is made at a foreign location—first by the forwarder and then by the carrier.

Another key area of concern, pertinent to both TSA and CBP, has to do with the “targeting rule sets” for determining when additional high-risk screening will be performed. Specifically, the letter requests that ACAS utilize only those risk analysis formulas that have been tested in the pilot.

The TSA letter further outlines concerns about operational procedures for forwarders’ screening of targeted shipments into the U.S., which have also not yet been fully tested. It also raises questions about the potential impact for screening of U.S. export shipments when other countries’ advance data programs take effect.