Homeland Security Watch

Greetings from Munich. The conference here at the University of the Bundeswehr kicked off this week with a fitting representation of the challenges to global supply chain security from the perspectives of allied military and academic business. Michael Ritchie, Director, the USEUCOM Commander’s Interagency Engagement Group opened the conference with VADM Gallagher, Deputy Commander of EUCOM, Dr. Andreas Brieden, Dean of the School of Business, here at the Universität der Bundeswehr München, and Colonel Freitag, Head of the Military Department, at the Universität.

It seems as though IBM and CISCO are the only private sector companies participating in this symposium. Global supply chain security is a concern for military in terms of supply and logistics for their own operations, but also in terms of their obligation to possibly protect private sector supply chains as an attractive target by terrorists or other adversaries. The private sector already deals with numerous risks to our supply chains, which is one reason why IBM sought to be involved in this discussion. I’ll present on GMM this afternoon and my colleague Colm Leonard, Executive Program Manager, Import Compliance & Supply Chain Security, IBM, will present on a panel discussion to review solutions for greater supply chain visibility and security.

We heard yesterday from a number of experts. Most interesting was a presentation by the DHS attaché at the European Union. She is technically a CBP employee and gave a detailed run-down of C-TPAT, Secure Freight Initiative, Container Security Initiative, and other targeting measures to reduce risk in global supply chains in which the U.S. is a major link.

Her counterpart at the EU also presented and described a number of similar programs. Like C-TPAT, the EU grants special status to “Authorized Economic Operators.” Here in Europe, companies can provide greater transparency into their supply chains so that EU authorities can better identify risks to shared links in the global supply chain. The trust shared between the EU and these AEOs is similar to that which is extended between DHS and C-TPAT members.

Wouldn’t it be great if we could merge the membership? That is a goal, but the companies participating in C-TPAT or as AEOs remain concerned about the privacy protections for themselves if proprietary information about their supply chains – arguably major components in their competitive advantages – is shared with other governments that may favor domestic businesses.

Alas, we have a long way to go in this regard. But merely getting the stakeholders in the room is a valuable first step. I’ll post again later with an update on today’s exchange. The more interesting dimensions of this is a working group of which I’m a part. All symposium participants are broken into groups to dive deeper into such challenges as AEO/C-TPAT integration. In my group, I have the CISCO guy, another IBMer who deals with NATO, and military reps from Azerbaijan, Ukraine, Poland, Hungary, Czech Republic, and the U.S.

Today DHS announced a new regulation that requires maritime cargo carriers and importers to submit more data to Customs and Border Protection (CBP) about thier shipments. The goal is to better target risks in the maritime domain with inspections, added screening, security scanning, etc. The private sector must submit the additional information to CBP before vessels and their cargo are permitted to enter the U.S. Small businesses view this as a major setback for their competitiveness – and they have some backing on the Hill.

The Importer Security Filing and Additional Carrier Requirements requires that importers submit an Importer Security Filing (ISF) with the so-called “10+2” data set no later than 24 hours before the cargo is loaded onto a ship destined for the U.S.

Last month, The White House held a meeting with representatives from the private sector and relevant government agencies, including CBP, to discuss the proposed regulation. The meeting, which seems to have been hosted by the White House Office of Management and Budget, was entitled “”10+2″ Importer Security Filing and Additional Carrier Requirements” and took place on October 6. In attendance either by phone or in person were the following:

• Kristy Daphnis OMB/OIRA
• Nelson Garcia Motor & Equipment Manufacturers Assoc.
• Tom Sullivan SBA/Office of Advocacy
• Bruce Lundegren SBA Office of Advocacy
• Peter Friedmann Pac. Coast Council & CONECT
• Ray Bucheger Pac. Coast Council & CONECT
• Bryan Zumwalt National Marine Manufacturers Association
• Shannon Richter OMB
• Bruce Hirsh USTR
• Ted Posner NSC
• Elena Ryan USCBP
• Lorrie Rodbart USCBP
• Chris Pappas USCBP
• Jerry Coleman, Porta-Nails in North Carolina;
• Bill Gullickson, McLaughlin Gormiey King Co in Minnesota;
• Maggie Smith, Coppersmith, Inc. in California;
• Linda Wood, Bennett and Company in Massachusetts;
• Roger Clarke, Williams Clarke Company, Inc. in California;
• Robin Grove, Masterpiece International in California;
• Anne Marie Bush, Veritrade International in Washington;
• Karen Kenney, Liberty Internationai in Massachusetts;
• Silvia Scherer, Trade Tech Inc. in Washington; and
• Patricia Hainline, George S. Bush Co. in Oregon.

Congresswoman Valezquiez, Chairwoman of the Committee on Small Business, wrote a letter to OMB Director Jim Nussle explaining that CBP has failed to meet its obligations under the Regulatory Flexibility Act (”RegFlex”) to “properly analyze the economic impact of the 10 + 2 Rule on small entities.” RegFlex was enacted to limit disproportionate burdens on small businesses and entrepreneurs facing industry-wide regulations.

To accomplish this, RegFlex mandates that federal agencies conduct an analysis with a “description of any significant alternatives to the proposed rule which accomplish the stated objectives of applicable statutes and which minimize any significant economic impact of the proposed rule on small entities.” CBP has stated that it “does not identify any significant alternatives to the proposed rule that specifically address small entities.”

To be fair, the interim final rule includes a delayed compliance date of one year after the interim final rule takes effect. If CBP perceives a “good faith effort and satisfactory progress toward compliance” among the noncompliant during the first year, CBP “will show restraint in enforcing the rule.”

According to Scott Gudes, Vice President, Government Relations, of the National Marine Manufacturers Association (NMMA), CBP will see a number of such cases because Small businesses, including small brokers, do not have:

1. The resources, i.e., customs experts, to help collect and compile the information being required

2. The 10+2 management system needed to allow their clients to collect 10+2 data from all involved parties

3. The integrated computer systems needed to process the information and communicate with suppliers abroad

CBP will conduct a review to determine any specific compliance difficulties that importers and shippers may experience in complying. Both the Congresswoman and the NMMA believe that the unintended consequences likely to be found include increased inventories, additional charges for dwell time, and costly infrastructure and IT system upgrades that larger firms can more easily absorb.

CBP’s review is intended to address just these types of impacts. It will examine compliance costs, the barriers to submitting the data 24 hours prior to lading, and the benefits of collecting the data. CBP states that “based upon the analysis, DHS will determine whether to eliminate, modify or maintain these requirements.”

The Importer Security Filing and Additional Carrier Requirements interim final rule will take effect 60 days from today.

DHS Customs and Border Protection plans to issue a new rule requiring U.S. importers and manufacturers to provide new data about U.S.-bound shipments. The data sharing procedure is designed to improve port security and prevent terrorist use of shipments and containers headed U.S. The proposed rule is part of the SAFE Port Act of 2006, in which CBP began requiring 12 new categories of data on shipments to the U.S. to be provided at least 24 hours before loading in foreign ports.

The Hill reports today that business groups oppose the rule, warning that it would “disrupt supply chains without improving security at a time when the U.S. economy is in the doldrums.” The National Association of Manufacturers (NAM) is been leading the effort to oppose, or at least modify, the proposed rule. NAM is joined by the U.S. Chamber of Commerce, the European-American Business Council, the Association of International Automobile Manufacturers, the American Petroleum Institute, and the Consumer Electronics Association.

DHS suggests the new rule could at first delay shipments by as much as 24 hours, and will eventually drop to 12 hours. Businesses, however, suggest that security would be actually reduced because cargo would sit unguarded while it awaited permission to be loaded and that today’s already fragile global economy can’t handle further strains like those they believe the new rule would impose. The new rule would prohibit a shipment from leaving its foreign port until DHS has the required data for each container. NAM argues that other hidden costs of compliance, longer delays in the supply chain, software needs, and added personnel for the new requirements would cost U.S. businesses about $20 billion a year.

These firms also argue it is more realistic to expect a two-to-five-day delay, depending on the complexity of the supply chain. As a compromise, opponents in the private sector are calling for a pilot program to be set up to test the new rule on a small scale first before full deployment.

While OMB and DHS are inundated with complaints from constituents in the manufacturing districts of Michigan and hard-hitting lobbying efforts by the U.S. Chamber of Commerce, a CBP spokeswoman told The Hill that OMB “is currently leading an interagency review of the rule, but would not comment on … why the agency wants to proceed without a pilot program.”

Whoever says that homeland security is a domestic enterprise misses the big picture (and a number of posts here). GAO this month released a study commissioned by the Congress that investigates how U.S. Customs and Border Protection engages the global community to harmonize security standards intended to secure the international supply chain. “CBP has taken a lead role in working with foreign customs administrations and the World Customs Organization (WCO),” GAO states.

Oceangoing cargo containers serve as the lifeblood of global trade. Yet they also pose a risk of terrorist exploitation, according to the GAO and numerous other studies. CBP is the main government entity in the U.S. responsible for overseeing security of the global supply chain.

The adoption of uniform international customs security standards is the foundation for governance frameworks that can support greater security through mutual recognition of customs security-related practices and programs. Ultimately, such governance frameworks enable partnering nations to recognize and accept security measures taken by another administration. This leads to less porous security networks, greater efficiencies, and a more resilient global economy.

CBP collaborated with eleven other members of the WCO to develop the Framework of Standards to Secure and Facilitate Global Trade (SAFE Framework), which draws upon familiar concepts of the Container Security Initiative (CSI) and the Customs-Trade Partnership Against Terrorism (C-TPAT). While these two programs have their flaws, the SAFE Framework provides standards for collaboration among numerous national customs organizations participating in the global supply chain. As of July 2008, 154 WCO members had signed letters of intent to implement the SAFE Framework standards.

While the SAFE Framework establishes a system of mutual recognition for smoother global trade among interdependent countries, it is by no means the only effort underway to harmonize global supply chain security initiatives. GAO reports that in June 2007, “CBP signed a mutual recognition arrangement with New Zealand – the first such arrangement in the world – to recognize each other’s customs-to-business partnership programs.” Just this summer, CBP signed mutual recognition agreements with Jordan and Canada, and by early 2009, CBP anticipates establishing a mutual recognition agreement with the European Commission, representing 27 nations of the European Union.

The Government Accountability Office today released its assessment of the Customs-Trade Partnership Against Terrorism (C-TPAT), a program by the Department of Homeland Security intended to reduce security scrutiny of importers, port authorities, and air, sea and land cargo carriers if these parties commit to self-imposed security standards. GAO finds that C-TPAT has gaps that terrorists could exploit to smuggle weapons of mass destruction in cargo containers.

C-TPAT is the federal program established after 9/11 to discover or deter a potential terrorist attack on or use of commercial cargo passing through 326 of the nation’s airports, seaports, and land crossings.

GAO is also currently investigating the DHS programs focused on combating the threat of smuggled nuclear weapons, specifically those managed by the Domestic Nuclear Detection Office. They have expressed a specific interest in the strategy aspects of how the global nuclear detection architecture figures in. This line of inquiry quickly gets us to the topic of port security in light of the 9/11 Act and its corresponding mandate for 100% scanning of all cargo en route to U.S. ports and corresponding programs like C-TPAT.

The nearly 8000 commercial participants in the C-TPAT program are granted reduced scrutiny of their cargo in exchange for submitting a security plan meeting U.S. Customs and Border Protection’s standards and allowing CBP officials to verify (even at random) implementation of their measures.

According to AP reporting on the GAO findings, under C-TPAT:

• Companies are certified based on self-reported security information that Customs employees use to determine if minimum government criteria are met. But due partly to limited resources, the agency does not typically test the member company’s supply-chain security practices and thus is “challenged to know that members’ security measures are reliable, accurate and effective.”

• Customs employees are not required to utilize third-party or other audits of a company’s security measures as an alternative to the agency’s direct testing, even if such audits exist.

• Companies can get certified for reduced Customs inspections before they fully implement any additional security improvements requested by the U.S. government. Under the program, Customs also does not require its employees to systematically follow up to make sure the requested improvements were made and that security practices remained consistent with the minimum criteria.

I hope to give this GAO report a closer read today, but readers are encouraged to weigh in on the study if they’ve already culled through it in detail. In the meantime, keep an eye out for coverage of the House Homeland Security Committee hearings on resilience in Congressional Quarterly.

DHS today rolled out its Small Vessel Security Strategy (SVSS). The SVSS is designed to reduce risk without needlessly reducing “the freedom of operation common to the nation’s waterways,” according to the Department’s statement.

Homeland Security Secretary Michael Chertoff cites the bombing of the USS Cole at a port in Yemen in 2000 as evidence that terrorists view the maritime domain as a target. He is quoted as saying that the security paradigm in today’s domestic waterways and port areas rely on an “honor-based neighborhood watch program.” The SVSS, he said, replaces this environment “with an efficient and successful means to combat terrorism along our waterways.”

Readers may recall the National Small Vessel Security Summit that DHS convened in June 2007. Findings from this event informed the SVSS and identified risks associated with the illicit use of small vessels. The SVSS focuses on the following threats:
• waterborne improvised explosive devices;
• use of conveyances for smuggling weapons into the U.S.;
• use of conveyances for smuggling terrorists into the U.S.; and
• use of “waterborne platforms for conducting a stand-off attacks.”

To mitigate these threats, the Small Vessel Security Strategy seeks:
• Better identification of small vessels operating in U.S. waters;
• Expanded radiological/nuclear detection capabilities;
• Improved situational awareness and information sharing;
• Enhanced data analysis to identify high-risk concerns;
• Leveraged technology to enhance the ability to detect, determine intent and when necessary, interdict small vessels; and
• Deepened “coordination, cooperation, and communications between federal, state, local and tribal partners in addition to the private sector and international partners.”

The document actually includes descriptions of the authorities vested in DHS and the overall federal government in implementing this strategy. It also includes details about the roles served by each agency within and outside of DHS, and also a list of relevant interagency institutions. DHS plans next to develop the small vessel security implementation plan to take place this year.

DHS convened a major National Small Vessel Security Summit late last year, and the after action report is now available. While I first considered small boat security to be about as niche a topic as is possible (with more public affairs appeal than public policy), this report shows a heck of a lot of work went into the effort of making the event productive and relevant on a national scale.  The report was prepared by the Homeland Security Institute and, at 122 pages, is a daunting read. Especially with so few pictures. HLSWatch readers get the cliffs notes.  Main recommendations of the effort are as follows:

1.  AIS tracking technologies should not be required for vessels under 65 feet in length until the technology is perfected (read: likely never), the cost of such technology significantly reduced (read: paid by the Feds), and until law enforcement has the ability to track and respond to all vessels in the maritime domain (read: moveable goalpost). RFID technology or other OnStar-like monitoring features can be used in the meantime.

2.  The National Homeland Security Strategy needs a component that represents a National Small Vessel Security Strategy based on a layered defense. (Echoes of the WME Task Force.) This strategy should not, the report explains, focus on deterring a specific type of terrorist attack but should enhance the overall safety and security of the maritime domain. Rightly, the forum recommends that the strategy provide for guidance in coordination with international partners.

3.  Licensing, registration, or tracking of small boats used by private individuals should be accomplished by DHS with the lightest of touch. Failing to do so will be costly, ineffective, and rood (it will “alienate the small vessel operator”).

4.  State, local, tribal, and territorial maritime law enforcement entities need additional funding because, in addition to “other public safety and security missions,” this is too much.

5.  Establish a universal hotline telephone number, similar to the National Response Center 1-800 number, for the boating community to use in reporting suspicious activities and emergency situations.

6.  States could add a boat operator credential — like those required for tractor trailer or school bus drivers — to their state driver licenses. This could lead to a national boat registry for use by law enforcement agencies.

7.  The U.S. should enhance international cooperation and intelligence sharing with “our foreign counterparts,” especially Mexico, Canada, and countries of the Caribbean because these nations are the most likely departure points for a small vessel terrorist attack from overseas.

8.  More fusion centers! The report explains that conference participants felt that additional fusion centers would enable stakeholders to better share, analyze, and disseminate intelligence to with the USCG, CPB, U.S. Navy, the Harbor Master and state and local law enforcement agencies.

9.  Permanent Employment of the DNDO Act: Conference participants believe that federal, state, local, tribal, and territorial law enforcement agencies should be “provided with nuclear detection devices so they can detect radioactive signatures on small vessel and in cargo.” The rest of this language is worth reprinting:

The cost of such equipment requires federal guidance and oversight. In addition, the federal government should develop RAD/NUC detection devices with a stand-off capability in order to provide detection without directly impacting small vessel operators. The federal government should also consider placing nuclear detection devices on commercial vessels in a partnership to increase the chance of detecting a nuclear device or nuclear material before it reaches a major U.S. port or population center. Lastly, the federal government needs to strengthen counter-proliferation initiatives with our foreign counterparts to prevent shipments of WMD, their delivery systems, or related materials from reaching the U.S. maritime domain.

GAO reports on how well the DHS Container Security Initiative (CSI) has contributed to strategic planning for supply chain security and strengthened overall container scanning operations.  It raises problems with the CSI concept of operations, but there is a way to improve this — and its accruacy in targeting risky containers.

GAO praises CBP for following its earlier recommendations, but then drills into a core operational reality in the CSI program: limitations in evaluating inspections processes related to the accuracy and completeness of data collected. That data is essentially the main take for this program and its role in informing our targeting of high-risk cargo bound for the U.S. GAO goes on to suggest that if we don’t exercise better control over this aspect of CSI, the security value of the program declines pretty quickly.

Click image to view a conops of the CSI targeting process.

The net net of all this is that CBP “potentially lacks information to ensure that host government examinations can detect and identify weapons of mass destruction, which is important because containers are typically not reexamined in the United States if already examined at a CSI seaport.”

Hold on here. The purpose of CSI is to bring added security through greater transparency in the maritime shipping domain. CSI does this by adding scrutiny to cargo traveling to the U.S., before it arrives in the U.S. (at the foreign CSI port). But if the scrutiny is conducted by host government authorities, that sure dials up the risk.

In a sense, this brings us back to the concern over balancing throughput and security. The last thing we want to do is clamp down on the maritime trade to assure 100% security if that is done at the total expense of economic flows. However, too light of a touch on the system and we wind up adding false scrutiny without adding any value.

Striking the right balance requires revisiting the way in which we look at the maritime domain. It is not only an avenue for sea-based cargo. It is one medium for five global flows: cargo, people, information, finances, and the conveyances themselves (ships in this case). Securing the U.S. by examining every piece of cargo is a sledgehammer approach that we should use if necessary, but a more surgical option would seek to knit together these five flows across the maritime domain, for example, to generate the kind of transparency and intelligence we seek with the container scanning conducted by foreign port authorities.

Treating the information about cargo as a source of risk targeting limits our ability to identify the actual threat and it favors indiscriminate scrutiny that slows throughput without adding any real security. Generating and combining information on cargo in the context of the other four flows would provide an exponentially more accurate understanding of the true risk. Granted, CSI does not operate in a vacuum, but maximizing transparency – and therefore better informed risk targeting – can be more productive with a comprehensive approach that views the domain in a different way.

Congress included $13million for the Global Trade Exchange within the spending bill sent to the Senate last night. GTX is the third phase of an effort to bring better security and system visibility to the global maritime shipping supply chains. The bill reads as follows:

$13,000,000 shall be used to procure commercially available technology in order to expand and improve the risk-based approach of the Department of Homeland Security to target and inspect cargo containers under the Secure Freight Initiative and the Global Trade Exchange.

The Department issued an RFQ (thumbnail below) for this effort last week. Criticism of the effort usually revolves around the opaque nature in which it has evolved. Private sector operators whose information would theoretically populate a central data exchange express concern over the potential imposition on their supply chains that would come without sufficient benefit to their operations.

GTX has the potential to become a game-changing new dynamic between the public and private sector. However, much remains to be revealed in terms of the anticipated concept of operations that would create the appropriate mix of incentives to support private sector involvement. It is conceivable that if such a ConOps is crafted – including data privacy assurances, a durable governance framework, and shared risk, among other things – the kind of transparency that could be brought to the global maritime trade domain may generate a great advantage for our Homeland Security efforts to identify threats and for our maritime economic operators to identify and mitigate disruptions to their supply chains.

NOTE:
Singapore is now the seventh international port to join an effort to test scanning capabilities geared toward preventing radioactive material from being smuggled via U.S.-bound shipping containers. Integrated scanning for these purposes includes radiation detection and X-ray imaging of 100 percent of maritime cargo headed to the U.S.

This effort, part of the Secure Freight Initiative run jointly by DHS, Energy, and State, is in response to a Congressional mandate included in the SAFE Port Act. Other recently announced ports that signed up include Port Qasim (Pakistan), Puerto Cortés (Honduras), and the Port of Southampton (UK).

“Maritime Security: The Port Act: Status and Implementation One Year Later” was released yesterday by the GAO. The report assess several challenges DHS faces, including the 100% screening mandate, and makes recommendations to DHS to develop strategic plans, better plan the use of its human capital, establish performance measures, among other operational improvements. Top-level highlights are available here.

Port terminals at the UK, Pakistan, and Honduras are the first of a batch of countries to sign up for DHS’s current phase of the Secure Freight Initiative (SFI). SFI screens US-bound maritime containers for nuclear or other radiological materials. It is unclear whether the agreements, protocols, equipment, and other requirements put in place to screen for nuclear threats will be put to use for other valuable security and trade purposes.

SFI is part of the DHS response to fulfilling the Security and Accountability For Every (SAFE) Port Act of 2006, which requires non-intrusive scanning for nuclear material on 100% of all maritime containers headed for the U.S. Data from these inspection systems informs the National Targeting Center in its assessment of what seems threatening enough to warrant added scrutiny. SFI almost entirely focuses on the nuclear threat. Jay Ahern, CBP Deputy Commissioner, said “…preventing a nuclear weapon or dirty bomb attack has to be one of our highest priorities. This initiative (SFI) advances a comprehensive strategy to secure the global supply chain and substantially limits the potential for terrorist threats,” said CBP Deputy Commissioner Jayson Ahern.

The “comprehensive strategy to secure the global supply chain” suggests much more than just detecting smuggled nuclear material. Subsequent phases of SFI may reveal a more robust – and much needed – program to view the global supply chain more strategically. The tools being developed and put in place for the nuclear threat, including bilateral and multilateral agreements, can provide significant leverage for bringing more security to the global trade flows. Illicit trafficking – not only of nuclear material – is always a threat in some way to some legitimate party. And the transparency that a program like SFI could generate promises the potential to do much more that detect loose nucs.

The kind of vulnerability these global flows confront carry with them a global concern for their resilience and protection, as well as their economic viability. Imagine if the Secure Freight Initiative and the Advanced Trade Data System were combined with the Proliferation Security Initiative. That would align many of the efforts and interests of DHS, DOD, DOE, State, and the Department of Commerce. It would also reflect a more “comprehensive” approach to a shared concern between the U.S. and her overseas partners – many of whom are reluctant partners – in securing global trade against both terrorism and general threats to economic efficiencies that these global flows attempt to maximize.

NOTE: Thank you for accommodating my absence while I was away. HLSWatch is back up and running.

GAO released a statement this week on the SAFE Port Act. The Act covered a range of policies focused on maritime security, but may be best known for its mandate to scan 100% of all incoming maritime cargo. DHS is principally responsible for executing on the Act, but relevant component agencies include the U.S Coast Guard, Customs and Border Protection, Domestic Nuclear Detection Office, and the Transportation Security Agency.

GAO delved into this one. They “visited domestic and overseas ports; reviewed agency program documents, port security plans, and post-exercise reports; and interviewed officials from the federal, state, local, private, and international sectors.” GAO’s recommendations focus on the need to develop strategic plans, better plan the use of DHS human capital, and establish performance measures. The programs addressed in this document can be organized as follows:

CBP announced the dates of its 2007 trade symposium. To be held on November, 14th and 15th of November, topics include the following:
• Cargo Security
• Trade Issues
• ACE / ITDS
• Post-Incident Business Resumption
• Global Issues

The Trade Symposium will be held at the Ronald Reagan Building and International Trade Center, 1300 Pennsylvania Avenue, N.W., Washington, DC. CBP set up a website dedicated to the event at which updates can be found.

I couldn’t find much more than this for the agenda:

Wednesday, November 14, 2007
• Registration/Exhibition – 10:30am
• Opening and Symposium Panels – 1:00pm – 5:30pm
• Review Exhibits 5:30pm – 6:00pm
• Open Forum with Senior Management – 6:00 pm – 8:00pm

Thursday, November 15, 2007
• Continental Breakfast – 7:30am
• Symposium Panels – 8:15am – 11:45am
• Luncheon – 11:45am – 1:15pm
• Symposium Panels – 1:30pm – 4:45pm
• Closing Remarks – 4:45pm – 5:00pm

This is a placeholder post for lack of time today. DNDO and the Coast Guard announced today the West Coast Maritime pilot.  This effort builds upon the Securing the Cities initiative and the recent feat by DHS to outfit and train all Coast Guard boarding teams with nuclear detection capabilities. 

Seattle and San Diego made the list for this pilot due to the massive flow of small boats making use of these domains, the significant military installations there, and the proximity to international borders.

The main purpose of this new pilot is to create more effective coordination among the defensive efforts at the international, national, and state/local levels by creating a framework for the deployment of detection capabilities, training, response protocols, and alarm resolution.  Following is an excerpt from today’s announcement:

The U.S. Department of Homeland Security’s Domestic Nuclear Detection Office (DNDO) announced today the West Coast Maritime pilot program that will provide maritime radiation detection capabilities for State and local authorities in Washington’s Puget Sound and California’s San Diego areas. The three-year pilot program involves the development of a radiation detection architecture that reduces the risk of radiological and nuclear threats that could be illegally transported on recreational or small commercial vessels. The pilot will be conducted in close coordination with the U.S. Coast Guard and Customs and Border Protection.

This is just a placeholder to share the new DHS strategy document.  The International Supply Chain Security Strategy was recently shared with Congressional staff and is now available here.

 

I’ll come back to this soon for some comments.  In the meantime, enjoy the read.

DHS – through the Domestic Nuclear Detection Office – is starting to test and evaluate equipment focused on the blind spots around the shipment of containerized cargo.  While this effort satisfies Section 121(i) of the SAFE Port Act of 2006, it also reflects proposals made by the Homeland Security Advisory Council in 2005 when it’s Task Force on Preventing Weapons of Mass Effect explained the importance of adopting a layered prevention strategy.  Intermodal chokepoints served as key examples for the Task Force’s argument.  Specifically, the gaps in scanning and other preventive measures needed to be in place when a target item (i.e. cargo container) transferred one conveyance (boat) to another (rail).  The Task Force considered this next layer a “critical deficiency” that required the Department’s attention.The DNDO announced yesterday that: 

The U.S. Department of Homeland Security (DHS) will soon begin conducting multiple projects in the Port of Tacoma, Wash., to evaluate technology and concepts of operations for radiation detection that will scan cargo at various points in transfer from ship to rail.  By establishing a Rail Test Center (RTC) at the port, DHS will identify and evaluate radiological and nuclear detection solutions for intermodal rail port facilities that can be used across the country.

A major recommendation and recurring theme from the Nuclear Defense Working Group at the Center for the Study of the Presidency held that detection efforts were strongest when targets were in motion or under scrutiny already (i.e. cargo was only screened when checked, registered, or loaded, and usually at only one of those points).  Containers and other targets at rest were a glaring weakness, according to the NDWG, in need of innovative solutions that did not include scattering expensive scanners over every square inch of an airport or seaport.  The same DNDO announcement reminded me of that recommendation with this detail:

Projects being considered for further evaluation at the RTC include scanning cargo on the dock, during transport to the rail yard, entering the rail yard, in the container storage stack, during train assembly, and as the train leaves the port.

These are promising efforts, albeit nascent ones.  These are also only one part of the broader effort to reduce the threat of smuggled nucs.  Let’s hope the non-proliferation and Nunn-Lugar-type programs get the same attention.  More on that can be found at Jeffrey’s ArmsControlWonk.com.

Spencer Hsu and Renae Merle write in today’s Washington Post that the U.S. Coast Guard responded to Congressional frustration over the failure of a consortium of contractors to deliver on the $24 billion modernization program called Deepwater.  Among other disappointing developments under Deepwater, a clear necessity for providing the USCG part of what it needs to carry out a growing list of HLS missions, the new cutters built by consortium leads LockheedMartin and Northrop Grumman don’t float.  $100 million a piece, they’ll never be used. 

Failures prompted the House Transportation and Infrastructure Committee leadership yesterday to call for the Justice Department to open a civil and criminal investigation into Deepwater.  As a result of this restructuring of Deepwater, Coast Guard must reissue a 43-month extension of the contract. About $2.3 billion has been committed to the program so far, and the second phase is reported by Hsu and Merle to be worth $2.5-$3 billion.

Perhaps we should’ve seen it coming.  Last August, the DHS IG issued his warning about the program’s execution.  IG Skinner cited “limited oversight as well as unclear contract requirements,” which prevented DHS/USCG from “ensur[ing] that the contractor is making the best decisions toward accomplishing Deepwater IT goals.”  Hmm.  Do we blame the requirements, the agency, or the contractor?  The Washington Post’s Steve Kelman wrote an insightful analysis explaining diff’rent strokes for different IGs by suggesting an ideological posture that may decide how this question is ultimately answered.

And it looks like it may be answered soon enough: Tomorrow’s hearing (4/18) before the House Transportation and Infrastructure Committee at 2:00 p.m. in 2167 Rayburn is entitled “Compliance with Requirements of the Coast Guard’s Deepwater Contract.”  For a witness list, click here.

– Special Note –

Please keep the families and friends of the victims of yesterday’s shootings at Virginia Tech in your thoughts. VT student bloggers commenting on the shooting were highlighted here.  More on this issue is available.  -CZ

DHS released a document today that provides an overview of the FY 2007 infrastructure grant programs at DHS, covering five distinct programs for port security, transit security, truck security, bus security, and buffer zone protection. As was the case with last week’s urban area grants, the port and transit grants allocations are broken up into distinct risk tiers, within which “Tier 1″ high-risk areas will receive approx. 83% of the transit security funding and 60% of the port security funding. Looking at the document, it appears that nearly every Tier 1 transit system or port will receive a significant increase in funding, with the exception of the Louisiana ports. The San Francisco Bay Area ports are up for an especially large increase, from $1.2 million in FY06 to $11.2 million in FY07, a decision that reverses what was a drastic cut in 2006.

Within these programs, Tier 2, 3, or 4 transit systems and ports will have to compete for their allocations from smaller fixed pools of funds. This could lead to cities that were likely on the borderline between Tier 1 and Tier 2 having lower levels of grant funding in 2007, e.g. Seattle’s transit system and the Ports of Baltimore and Charleston.

DHS deserves strong kudos for releasing this document in January, relatively early in fiscal year 2007. By comparison, in FY 2006 this document was not released until the very last week of the fiscal year, a delay that was detrimental to the ability of these transportation systems to manage security activities. Hopefully this is a sign of an better-managed grants process at DHS.

I’ll add a link to the transcript of the press conference announcing these grants when it becomes available.

Update (1/10): The transcript of the press conference is available here. And detailed guidance documents on the port security and transit security grant programs are available here.

Yesterday TSA released the final regulations for the Transportation Worker Identification Credential (TWIC) program, following 7-8 months of consultation and negotiation with the impacted stakeholders. The complete final rule is available at this link. The New York Times summarizes the regs, and stories by the AP and Washington Technology notes the high fees associated with the mandatory program.

Now that the regs have been finalized, DHS is expected to begin enrolling people in TWIC in March of this year. And a great deal of work is still needed to develop and install TWIC card readers, an issue that was somewhat sidestepped during the rulemaking process.

The Congressional Research Service published a new report last week looking at the Coast Guard’s Deepwater acquisition program:

RL33753: Coast Guard Deepwater Program: Background, Oversight Issues, and Options for Congress, December 18, 2006

It’s a useful overview of the Deepwater program, which has been subject to a growing amount of media and watchdog scrutiny in recent weeks.

The full HLS Watch collection of CRS reports is available here.

The Port Authority of New York and New Jersey issued a press release today summarizing the recommendations of a port security taskforce that they’ve convened over the past year. The key recommendations:

• The adoption of federal legislation sanctioning minimum mandatory cargo security standards that use innovative technology and business practices to monitor every cargo shipment.
• The presidential appointment of a National Port and Cargo Security Director, reporting to the Director of Homeland Security, who has ultimate responsibility and accountability for coordinating port and cargo security activities throughout the various federal agencies as well as the international community.
• Establishment of a nationwide “Port Security User Fee,” not later than January 1, 2008, dedicated exclusively to U.S. ports based on size, cargo volume and risk. This fee would be used to offset capital and operating costs incurred by port facility owners/operators associated with security installations and operations.
• Establish response and recovery plans that are unique to the regional environment of each U.S. port, allowing individual ports to return to “normal business” as efficiently as possible after a disaster. Mandate and conduct annual exercises that test the quality of each port’s response and recovery plans.
• Adopt federal legislation that requires every regulated maritime facility and Coast Guard Captain of the Port to implement a comprehensive risk-management plan that will form the basis for resource allocation decision making, similar to the protocols for other state, urban area and mass transit funding.

It’s unclear whether these recommendations are part of a larger task force report; if so, I don’t see it yet on the PANYNJ website. But I’ll post an updated link if one appears.

Update (1/4/07): Here’s the full task force report.

The last chapter of the Dubai Ports World (DPW) brouhaha unfolded earlier today, with DPW announcing the sale of their American port assets to an investment arm of the insurance company AIG. While there were undoubtedly concerns with the initial deal that the federal government struck with DPW in the initial CFIUS review of their purchase of P&O Ports (see my initial concerns here), these issues were manageable, and the political melee in February and March following this announcement inappropriately vilified the company. And since that time, DPW has proven its mettle as a world leader in port and supply chain security, becoming the first company in the world certified to meet the ISO 28000 supply chain security standards and just this week earning praise from a Democratic Congressional delegation examining their operations in the Dominican Republic. While this story had a silver lining - a new political focus on port security that led to the passage of the SAFE Port Act - it was also ultimately unfair to DPW, a reality that can’t be reversed, but one that hopefully will lead to more sober responses the next time that a story like this appears on the political radar.

The New York Times and the Washington Post published stories yesterday and today criticizing the Coast Guard’s Deepwater program, which is managed by a Lockheed Martin and Northrop Grumman joint-venture, Integrated Coast Guard Systems. There are a number of disturbing details in these two stories about the management of this project, for example:

Facing a shortage of patrol boats, the contractors and the Coast Guard decided to speed development of a larger ship, the Fast Response Cutter. The hull was to be built from glass-reinforced plastic, known as a composite, something never tried on a large American military ship.

While acknowledging that it might cost much more to build the 58 planned cutters with composite hulls instead of steel, Northrop and Lockheed claimed the boats would last longer and require less maintenance, saving money over the long run.

Coast Guard engineers again were doubtful that Northrop’s design would work, citing concerns about weight, hull shape and fuel consumption. The Coast Guard also found inconsistencies in the cost data Northrop used to justify the new hull.

One former Northrop executive said the company was pushing the plan not because it was in the best interest of the Coast Guard, but because Northrop had just spent $64 million to turn its shipyard in Gulfport, Miss., into the country’s first large-scale composite hull manufacturing plant for military ships.

“It was a pure business decision,” said the former executive, who disagreed with the plan and would speak only anonymously for fear of retribution. “And it was the wrong one.”

That became clear when a scale model of the Fast Response Cutter was placed in a tank of water — and flunked the test. After three years and $38 million, Northrop Grumman’s plan was suspended.

The Coast Guard clearly needs this new generation of ships and equipment. But these types of procurement screw-ups are unacceptable. Hopefully Coast Guard Commandant Thad Allen will take aggressive action to remedy these issues in the coming months (something that the NYT story suggests).

The Departments of Homeland Security and Energy held a joint press conference today announcing plans to initiate a set of pilot projects in six foreign ports to test new ways to enhance the scanning of outbound cargo containers. This announcement responds to a requirement in the SAFE Port Act for DHS to carry out a set of pilot projects labelled the “Pilot Integrated Scanning System” to test the feasibility of integrated scanning systems akin to Hong Kong’s Integrated Container Inspection System (ICIS).

The pilots will take place in ports in Honduras, Oman, Pakistan, Singapore, South Korea, and the United Kingdom, and the project is expected to cost $60 million in FY 2007. Several news reports in the last hour have noted that Dubai Ports World controls several of the ports involved in the pilots, a fact that I don’t find surprising or troubling, given their global market share and their recent leadership on security issues, exemplified by the fact that earlier this year they became the first company to comply with new ISO supply chain security standards (ISO 28000.01).

The DHS press release labels this project as the first phase of the Secure Freight Initiative, a term of art that originated in Sec. Chertoff’s Second-Stage Review speech in July 2005 and which DHS has subsequently struggled to define. This vision for the Secure Freight Initiative is different from the original vision in that speech, in which Chertoff defined Secure Freight as an effort to “gather, fuse and assess more complete data from the global supply chain to develop a more accurate profile of the history of cargo in any given container.” This is, however, partially consistent with Dep. Sec. Jackson’s vision for Secure Freight as articulated in Congressional testimony in April 2006.

Overall, I think this is an important initiative, one that could help to redefine the cargo security paradigm within the next few years. It’s not a panacea, but if these pilots work then they will make a substantial improvement to global supply chain security.

Update (12/7): Here’s the transcript from the event earlier today.

The LBJ School at the University of Texas recently published a report entitled “Port and Supply-Chain Initiatives in the United States and Abroad,” a compendium and analysis of existing activities in this area on a global basis. The report received media attention recently in this DC Velocity article.

The first half of the report looks at broad supply chain and port security topics, such as the ISPS code, the MTSA, C-TPAT, and the World Customs Organization SAFE Framework. These chapters feature the results of interviews with key stakeholders, which highlight the ongoing challenges associated with implementing these rules and programs. For example, the report notes how the lack of uniformity and clear standards in the implementation of the ISPS code has led to a situation where investments have low efficiencies of scope and are therefore difficult to justify.

The second half of the report consists of case studies of security initiatives at ports in Santos, Brazil; Marseille, France; Hong Kong; Jawaharlal Nehru, India; Veraruz, Mexico; Rotterdam, the Netherlands; and Durban, South Africa. These case studies are the most interesting part of the report, describing the challenges that these seven very different ports have faced in implementing the ISPS code and (in some cases) the Container Security Initiative into their operations. The case studies paint a picture of a maritime trade system that, while vastly more attentive to security matters today, is still struggling to make security a normal and routinized part of its operations. The descriptions of the developing country ports are particularly worth reading, as a way to better understand the practical challenges and limitations of implementing high-tech security tools in environments that rely upon informal and/or non-automated standard operating procedures.

On a personal note, I was also glad to see the white paper I co-authored for IBM on Global Movement Management last year summarized on page 66 of the report.

Overall, a very good report and a useful addition to the public body of knowledge about port and supply chain security.

The latest issue of the Journal of Commerce has an interesting article that profiles a new risk assessment tool used by the Coast Guard to assess maritime security-related threats. From the article (available by subscription only):

No one will dispute that the government lexicon is jargon-happy, and the Coast Guard has coined some doozies. One of the newest acronyms is the Maritime Security Risk Assessment Model, or MSRAM, which is rapidly becoming one of the agency’s premier risk-management tools.

The Coast Guard launched MSRAM last spring, and by the end of summer, the whole national inventory of freight and cargo terminals, bridges, tunnels and other port infrastructure had been given new, improved risk scores. When the Department of Homeland Security handed out $168 million in port security funds in September, the MSRAM score counted for 25 percent of an applicant’s total score. Future grant rounds are as likely to depend on MSRAM results.

Officials said that the MSRAM will make risk assessment more consistent among ports. It replaces the Port Security Risk Assessment Tool, or PSRAT, which that was introduced after the Sept. 11, 2001, terrorist attacks.

….MSRAM is a computer program that is based on the Coast Guard’s triangle of risk management: threat — vulnerability — consequence. For each port facility or “asset,” the program walks the user through the process of identifying threats to the asset, its vulnerability to attack and the consequences of an attack. With that information, MSRAM computes a numerical score that represents the risk posed by a terrorist attack on that particular asset. The numerical scores are classified. On the one hand, assessing threat requires the use of national intelligence. On the other hand, the Coast Guard doesn’t want to say which facilities are vulnerable.

This seems to be unambiguously an improvement on earlier risk assessment methodologies, and is a positive sign that DHS, despite occasional setbacks, is gradually getting better at the difficult task of risk assessment.

To find out more about the MSRAM, there’s a scattering of information on the internet about it. Perhaps the most useful explanation of it is found in this Naval Postgraduate School master’s thesis by a Coast Guard officer on vulnerability assessment of maritime infrastructure, a document that includes this chart that summarizes the methodology:

For additional info, see the chapter entitled “Safely Securing U.S. Ports” in this issue of the Coast Guard’s Proceedings magazine and this GAO report from earlier in 2006 which mentions it several times.

RAND released a report on Monday entitled “Maritime Terrorism: Risk and Liability” which provides a comprehensive qualitative risk assessment of terror threats in the maritime domain (including container shipping, cruise lines, and passenger ferries) and discusses issues related to civil liability in maritime terrorism. The press release for the report highlights some of its key conclusions:

Cruise ships and ferry boats need more protection against terrorist attacks that could kill and injure many passengers and cause serious financial losses, according to a new RAND Corporation report.

“Attacks on cruise ships and ferry boats would meet the interrelated requirements of visibility, destruction and disruption that drive transnational terrorism in the contemporary era,” said Peter Chalk, one of the report’s co-authors. “Recognizing this is essential to any comprehensive regime of maritime security.”

The report concludes it is not adequate to base maritime counterterrorism efforts only on increasing port security and the security of cargo container ships, rail cars and trucks that transport goods into and out of United States ports.

“Focusing solely on securing the container supply chain without defending other parts of the maritime environment is like bolting down the front door of a house and leaving the back door wide open,” said Henry Willis, a RAND researcher and a co-author of the report.

The study by RAND, a nonprofit research organization, also says a maritime terrorist attack is likely to create complicated liability issues that will slow efforts to compensate victims of an attack.

“We need to examine closely the challenges that a maritime attack would create for our civil justice system,” said Michael Greenberg, another of the report’s authors. “Tort liability is supposed to compensate victims while providing appropriate security incentives for firms. But ambiguous liability standards in the maritime terrorism context raise the prospect that the civil justice system may neither be effective as a compensation mechanism, nor in generating clear incentives for the private sector.”

Overall, it’s a useful and relevant study, in particular the threat assessment in Chapter Two. You can download the full report at this link.

The SAFE Port Act will be signed into law this morning at the White House. The final bill ended up being something of a mess, with provisions related to emergency mobile communications and online Internet gambling tacked onto it in the conference process, because the bill was one of the last trains leaving the station before the election. It’s also notable that all but one (Sen. Baucus) of the Democratic conferees from the Senate apparently did not agree to the final conference report - their names are not found at the end of it - perhaps because of the attachment of these unrelated measures to the final bill.

But the core of the bill - the part that focuses on port and cargo security - remains solid, and will play a strong and positive role in improving port and cargo security in the United States and around the world. It will strengthen existing programs such as CSI and C-TPAT. It will spur DHS to move forward on cargo security standards and new screening technologies. It will authorize funding for key programs. And it will drive DHS towards a more strategic approach to port and cargo security, aligning the motley assortment of programs that exist today into a coherent, interconnected strategy.

All of these outcomes will, at the margins, make our ports and seaways more secure - and for that, the members of Congress can be proud of their work on this bill. It’s a shame that it wasn’t possible for the Congress to apply the same bipartisan, fact-driven ethos to their work on chemical plant security this year, but hopefully DHS will take the limited mandate they’ve been given and use it aggressively and expediently.