The Associated Press has a very informative story out today on Operation Safe Commerce, a DHS-funded set of port and cargo security pilot projects that have taken place over the last three years. The AP got hold of a series of previously-unpublished Operation Safe Commerce documents, which serve as the basis for the story. Some findings from the documents:
-Safety problems were not limited to overseas ports. A warehouse in Maine was graded less secure than any in Pakistan, Turkey or Brazil. “There is a perception that U.S. facilities benefit from superior security protection measures,” the study said. “This mind set may contribute to a misplaced sense of confidence in American business practices.”
-No records were kept of “cursory” inspections in Guatemala for containers filled with Starbucks Corp. coffee beans shipped to the West Coast. “Coffee beans were accessible to anyone entering the facility,” the study said. It found significant mistakes on manifests and other paperwork. In a statement to the AP, Starbucks said it was reviewing its security procedures.
-Truck drivers in Brazil were permitted to take cargo containers home overnight and park along public streets. Trains in the U.S. stopped in rail yards that did not have fences and were in high-crime areas. A shipping industry adage reflects unease over such practices: “A container at rest is a container at risk.”
-Practices at Turkey’s Port of Izmir were “totally inadequate by U.S. standards.” But, the study noted, “It has been done that way for decades in Turkey.”
-Containers could be opened aboard some ships during weekslong voyages to America. “Due to the time involved in transit (and) the fact that most vessel crew members are foreigners with limited credentialing and vetting, the containers are vulnerable to intrusion during the ocean voyage,” the study said.
-Some governments will not help tighten security because they view terrorism as an American problem. The U.S. said “certain countries,” which were not identified, would not cooperate in its security study – “a tangible example of the lack of urgency with which these issues are regarded.”
-Security was good at two terminals in Seattle and nearby Tacoma, Wash. The operator in Seattle, SSA Marine, uses cameras and software to track visitors and workers. “We consider ourselves playing an important role in security,” said the company’s vice president, Bob Waters.
Until this story, the actual outcomes and lessons-learned from Operation Safe Commerce have been kept very quiet, for reasons that I don’t understand, since a project like this is only valuable if lessons-learned are shared with the private sector and with international partners. As port security expert Steve Flynn noted at a Center for American Progress policy event last summer (emphasis added):
So we needed to find that out and Operation Safe Commerce was about taking these technologies and applying it and it was a grant program that was ushered through by Senator Patty Murray of Washington, but we did this crazy thing of putting all the results into the cone of silence. All right, TSA was managing it, but we canâ€™t tell anybody what we actually found out, so we can have no independent audit. I havenâ€™t seen it. Even though involved with some of the orchestration of getting it started, I canâ€™t see it because I am not cleared to see it anymore. So we canâ€™t learn these lessons and probably the industry canâ€™t learn these lessons because of the security kind of measure.
Something is very wrong when DHS is unwilling to share the results of a critical port security project with one of the top experts in the world on port security. Hopefully DHS will soon end the blanket of silence that has enveloped Operation Safe Commerce since its inception, and formally publish its findings. If there are vulnerabilities in the system, the best way to fix them is not to keep them quiet, but to openly acknowledge them and pressure key stakeholders to deal with them. And if there are tangible lessons that have been learned from the project, then they need to be shared widely. Secrecy does not make us safer when trying to secure networked and decentralized systems like our ports and the broader supply chain.