Homeland Security Watch

The Government Accountability Office today released its assessment of the Customs-Trade Partnership Against Terrorism (C-TPAT), a program by the Department of Homeland Security intended to reduce security scrutiny of importers, port authorities, and air, sea and land cargo carriers if these parties commit to self-imposed security standards. GAO finds that C-TPAT has gaps that terrorists could exploit to smuggle weapons of mass destruction in cargo containers.

C-TPAT is the federal program established after 9/11 to discover or deter a potential terrorist attack on or use of commercial cargo passing through 326 of the nation’s airports, seaports, and land crossings.

GAO is also currently investigating the DHS programs focused on combating the threat of smuggled nuclear weapons, specifically those managed by the Domestic Nuclear Detection Office. They have expressed a specific interest in the strategy aspects of how the global nuclear detection architecture figures in. This line of inquiry quickly gets us to the topic of port security in light of the 9/11 Act and its corresponding mandate for 100% scanning of all cargo en route to U.S. ports and corresponding programs like C-TPAT.

The nearly 8000 commercial participants in the C-TPAT program are granted reduced scrutiny of their cargo in exchange for submitting a security plan meeting U.S. Customs and Border Protection’s standards and allowing CBP officials to verify (even at random) implementation of their measures.

According to AP reporting on the GAO findings, under C-TPAT:

• Companies are certified based on self-reported security information that Customs employees use to determine if minimum government criteria are met. But due partly to limited resources, the agency does not typically test the member company’s supply-chain security practices and thus is “challenged to know that members’ security measures are reliable, accurate and effective.”

• Customs employees are not required to utilize third-party or other audits of a company’s security measures as an alternative to the agency’s direct testing, even if such audits exist.

• Companies can get certified for reduced Customs inspections before they fully implement any additional security improvements requested by the U.S. government. Under the program, Customs also does not require its employees to systematically follow up to make sure the requested improvements were made and that security practices remained consistent with the minimum criteria.

I hope to give this GAO report a closer read today, but readers are encouraged to weigh in on the study if they’ve already culled through it in detail. In the meantime, keep an eye out for coverage of the House Homeland Security Committee hearings on resilience in Congressional Quarterly.

DHS today rolled out its Small Vessel Security Strategy (SVSS). The SVSS is designed to reduce risk without needlessly reducing “the freedom of operation common to the nation’s waterways,” according to the Department’s statement.

Homeland Security Secretary Michael Chertoff cites the bombing of the USS Cole at a port in Yemen in 2000 as evidence that terrorists view the maritime domain as a target. He is quoted as saying that the security paradigm in today’s domestic waterways and port areas rely on an “honor-based neighborhood watch program.” The SVSS, he said, replaces this environment “with an efficient and successful means to combat terrorism along our waterways.”

Readers may recall the National Small Vessel Security Summit that DHS convened in June 2007. Findings from this event informed the SVSS and identified risks associated with the illicit use of small vessels. The SVSS focuses on the following threats:
• waterborne improvised explosive devices;
• use of conveyances for smuggling weapons into the U.S.;
• use of conveyances for smuggling terrorists into the U.S.; and
• use of “waterborne platforms for conducting a stand-off attacks.”

To mitigate these threats, the Small Vessel Security Strategy seeks:
• Better identification of small vessels operating in U.S. waters;
• Expanded radiological/nuclear detection capabilities;
• Improved situational awareness and information sharing;
• Enhanced data analysis to identify high-risk concerns;
• Leveraged technology to enhance the ability to detect, determine intent and when necessary, interdict small vessels; and
• Deepened “coordination, cooperation, and communications between federal, state, local and tribal partners in addition to the private sector and international partners.”

The document actually includes descriptions of the authorities vested in DHS and the overall federal government in implementing this strategy. It also includes details about the roles served by each agency within and outside of DHS, and also a list of relevant interagency institutions. DHS plans next to develop the small vessel security implementation plan to take place this year.

DHS convened a major National Small Vessel Security Summit late last year, and the after action report is now available. While I first considered small boat security to be about as niche a topic as is possible (with more public affairs appeal than public policy), this report shows a heck of a lot of work went into the effort of making the event productive and relevant on a national scale.  The report was prepared by the Homeland Security Institute and, at 122 pages, is a daunting read. Especially with so few pictures. HLSWatch readers get the cliffs notes.  Main recommendations of the effort are as follows:

1.  AIS tracking technologies should not be required for vessels under 65 feet in length until the technology is perfected (read: likely never), the cost of such technology significantly reduced (read: paid by the Feds), and until law enforcement has the ability to track and respond to all vessels in the maritime domain (read: moveable goalpost). RFID technology or other OnStar-like monitoring features can be used in the meantime.

2.  The National Homeland Security Strategy needs a component that represents a National Small Vessel Security Strategy based on a layered defense. (Echoes of the WME Task Force.) This strategy should not, the report explains, focus on deterring a specific type of terrorist attack but should enhance the overall safety and security of the maritime domain. Rightly, the forum recommends that the strategy provide for guidance in coordination with international partners.

3.  Licensing, registration, or tracking of small boats used by private individuals should be accomplished by DHS with the lightest of touch. Failing to do so will be costly, ineffective, and rood (it will “alienate the small vessel operator”).

4.  State, local, tribal, and territorial maritime law enforcement entities need additional funding because, in addition to “other public safety and security missions,” this is too much.

5.  Establish a universal hotline telephone number, similar to the National Response Center 1-800 number, for the boating community to use in reporting suspicious activities and emergency situations.

6.  States could add a boat operator credential — like those required for tractor trailer or school bus drivers — to their state driver licenses. This could lead to a national boat registry for use by law enforcement agencies.

7.  The U.S. should enhance international cooperation and intelligence sharing with “our foreign counterparts,” especially Mexico, Canada, and countries of the Caribbean because these nations are the most likely departure points for a small vessel terrorist attack from overseas.

8.  More fusion centers! The report explains that conference participants felt that additional fusion centers would enable stakeholders to better share, analyze, and disseminate intelligence to with the USCG, CPB, U.S. Navy, the Harbor Master and state and local law enforcement agencies.

9.  Permanent Employment of the DNDO Act: Conference participants believe that federal, state, local, tribal, and territorial law enforcement agencies should be “provided with nuclear detection devices so they can detect radioactive signatures on small vessel and in cargo.” The rest of this language is worth reprinting:

The cost of such equipment requires federal guidance and oversight. In addition, the federal government should develop RAD/NUC detection devices with a stand-off capability in order to provide detection without directly impacting small vessel operators. The federal government should also consider placing nuclear detection devices on commercial vessels in a partnership to increase the chance of detecting a nuclear device or nuclear material before it reaches a major U.S. port or population center. Lastly, the federal government needs to strengthen counter-proliferation initiatives with our foreign counterparts to prevent shipments of WMD, their delivery systems, or related materials from reaching the U.S. maritime domain.

GAO reports on how well the DHS Container Security Initiative (CSI) has contributed to strategic planning for supply chain security and strengthened overall container scanning operations.  It raises problems with the CSI concept of operations, but there is a way to improve this — and its accruacy in targeting risky containers.

GAO praises CBP for following its earlier recommendations, but then drills into a core operational reality in the CSI program: limitations in evaluating inspections processes related to the accuracy and completeness of data collected. That data is essentially the main take for this program and its role in informing our targeting of high-risk cargo bound for the U.S. GAO goes on to suggest that if we don’t exercise better control over this aspect of CSI, the security value of the program declines pretty quickly.

Click image to view a conops of the CSI targeting process.

The net net of all this is that CBP “potentially lacks information to ensure that host government examinations can detect and identify weapons of mass destruction, which is important because containers are typically not reexamined in the United States if already examined at a CSI seaport.”

Hold on here. The purpose of CSI is to bring added security through greater transparency in the maritime shipping domain. CSI does this by adding scrutiny to cargo traveling to the U.S., before it arrives in the U.S. (at the foreign CSI port). But if the scrutiny is conducted by host government authorities, that sure dials up the risk.

In a sense, this brings us back to the concern over balancing throughput and security. The last thing we want to do is clamp down on the maritime trade to assure 100% security if that is done at the total expense of economic flows. However, too light of a touch on the system and we wind up adding false scrutiny without adding any value.

Striking the right balance requires revisiting the way in which we look at the maritime domain. It is not only an avenue for sea-based cargo. It is one medium for five global flows: cargo, people, information, finances, and the conveyances themselves (ships in this case). Securing the U.S. by examining every piece of cargo is a sledgehammer approach that we should use if necessary, but a more surgical option would seek to knit together these five flows across the maritime domain, for example, to generate the kind of transparency and intelligence we seek with the container scanning conducted by foreign port authorities.

Treating the information about cargo as a source of risk targeting limits our ability to identify the actual threat and it favors indiscriminate scrutiny that slows throughput without adding any real security. Generating and combining information on cargo in the context of the other four flows would provide an exponentially more accurate understanding of the true risk. Granted, CSI does not operate in a vacuum, but maximizing transparency – and therefore better informed risk targeting – can be more productive with a comprehensive approach that views the domain in a different way.

Congress included $13million for the Global Trade Exchange within the spending bill sent to the Senate last night. GTX is the third phase of an effort to bring better security and system visibility to the global maritime shipping supply chains. The bill reads as follows:

$13,000,000 shall be used to procure commercially available technology in order to expand and improve the risk-based approach of the Department of Homeland Security to target and inspect cargo containers under the Secure Freight Initiative and the Global Trade Exchange.

The Department issued an RFQ (thumbnail below) for this effort last week. Criticism of the effort usually revolves around the opaque nature in which it has evolved. Private sector operators whose information would theoretically populate a central data exchange express concern over the potential imposition on their supply chains that would come without sufficient benefit to their operations.

GTX has the potential to become a game-changing new dynamic between the public and private sector. However, much remains to be revealed in terms of the anticipated concept of operations that would create the appropriate mix of incentives to support private sector involvement. It is conceivable that if such a ConOps is crafted – including data privacy assurances, a durable governance framework, and shared risk, among other things – the kind of transparency that could be brought to the global maritime trade domain may generate a great advantage for our Homeland Security efforts to identify threats and for our maritime economic operators to identify and mitigate disruptions to their supply chains.

NOTE:
Singapore is now the seventh international port to join an effort to test scanning capabilities geared toward preventing radioactive material from being smuggled via U.S.-bound shipping containers. Integrated scanning for these purposes includes radiation detection and X-ray imaging of 100 percent of maritime cargo headed to the U.S.

This effort, part of the Secure Freight Initiative run jointly by DHS, Energy, and State, is in response to a Congressional mandate included in the SAFE Port Act. Other recently announced ports that signed up include Port Qasim (Pakistan), Puerto Cortés (Honduras), and the Port of Southampton (UK).

“Maritime Security: The Port Act: Status and Implementation One Year Later” was released yesterday by the GAO. The report assess several challenges DHS faces, including the 100% screening mandate, and makes recommendations to DHS to develop strategic plans, better plan the use of its human capital, establish performance measures, among other operational improvements. Top-level highlights are available here.

Port terminals at the UK, Pakistan, and Honduras are the first of a batch of countries to sign up for DHS’s current phase of the Secure Freight Initiative (SFI). SFI screens US-bound maritime containers for nuclear or other radiological materials. It is unclear whether the agreements, protocols, equipment, and other requirements put in place to screen for nuclear threats will be put to use for other valuable security and trade purposes.

SFI is part of the DHS response to fulfilling the Security and Accountability For Every (SAFE) Port Act of 2006, which requires non-intrusive scanning for nuclear material on 100% of all maritime containers headed for the U.S. Data from these inspection systems informs the National Targeting Center in its assessment of what seems threatening enough to warrant added scrutiny. SFI almost entirely focuses on the nuclear threat. Jay Ahern, CBP Deputy Commissioner, said “…preventing a nuclear weapon or dirty bomb attack has to be one of our highest priorities. This initiative (SFI) advances a comprehensive strategy to secure the global supply chain and substantially limits the potential for terrorist threats,” said CBP Deputy Commissioner Jayson Ahern.

The “comprehensive strategy to secure the global supply chain” suggests much more than just detecting smuggled nuclear material. Subsequent phases of SFI may reveal a more robust – and much needed – program to view the global supply chain more strategically. The tools being developed and put in place for the nuclear threat, including bilateral and multilateral agreements, can provide significant leverage for bringing more security to the global trade flows. Illicit trafficking – not only of nuclear material – is always a threat in some way to some legitimate party. And the transparency that a program like SFI could generate promises the potential to do much more that detect loose nucs.

The kind of vulnerability these global flows confront carry with them a global concern for their resilience and protection, as well as their economic viability. Imagine if the Secure Freight Initiative and the Advanced Trade Data System were combined with the Proliferation Security Initiative. That would align many of the efforts and interests of DHS, DOD, DOE, State, and the Department of Commerce. It would also reflect a more “comprehensive” approach to a shared concern between the U.S. and her overseas partners – many of whom are reluctant partners – in securing global trade against both terrorism and general threats to economic efficiencies that these global flows attempt to maximize.

NOTE: Thank you for accommodating my absence while I was away. HLSWatch is back up and running.

GAO released a statement this week on the SAFE Port Act. The Act covered a range of policies focused on maritime security, but may be best known for its mandate to scan 100% of all incoming maritime cargo. DHS is principally responsible for executing on the Act, but relevant component agencies include the U.S Coast Guard, Customs and Border Protection, Domestic Nuclear Detection Office, and the Transportation Security Agency.

GAO delved into this one. They “visited domestic and overseas ports; reviewed agency program documents, port security plans, and post-exercise reports; and interviewed officials from the federal, state, local, private, and international sectors.” GAO’s recommendations focus on the need to develop strategic plans, better plan the use of DHS human capital, and establish performance measures. The programs addressed in this document can be organized as follows:

CBP announced the dates of its 2007 trade symposium. To be held on November, 14th and 15th of November, topics include the following:
• Cargo Security
• Trade Issues
• ACE / ITDS
• Post-Incident Business Resumption
• Global Issues

The Trade Symposium will be held at the Ronald Reagan Building and International Trade Center, 1300 Pennsylvania Avenue, N.W., Washington, DC. CBP set up a website dedicated to the event at which updates can be found.

I couldn’t find much more than this for the agenda:

Wednesday, November 14, 2007
• Registration/Exhibition – 10:30am
• Opening and Symposium Panels – 1:00pm – 5:30pm
• Review Exhibits 5:30pm – 6:00pm
• Open Forum with Senior Management – 6:00 pm – 8:00pm

Thursday, November 15, 2007
• Continental Breakfast – 7:30am
• Symposium Panels – 8:15am – 11:45am
• Luncheon – 11:45am – 1:15pm
• Symposium Panels – 1:30pm – 4:45pm
• Closing Remarks – 4:45pm – 5:00pm

This is a placeholder post for lack of time today. DNDO and the Coast Guard announced today the West Coast Maritime pilot.  This effort builds upon the Securing the Cities initiative and the recent feat by DHS to outfit and train all Coast Guard boarding teams with nuclear detection capabilities. 

Seattle and San Diego made the list for this pilot due to the massive flow of small boats making use of these domains, the significant military installations there, and the proximity to international borders.

The main purpose of this new pilot is to create more effective coordination among the defensive efforts at the international, national, and state/local levels by creating a framework for the deployment of detection capabilities, training, response protocols, and alarm resolution.  Following is an excerpt from today’s announcement:

The U.S. Department of Homeland Security’s Domestic Nuclear Detection Office (DNDO) announced today the West Coast Maritime pilot program that will provide maritime radiation detection capabilities for State and local authorities in Washington’s Puget Sound and California’s San Diego areas. The three-year pilot program involves the development of a radiation detection architecture that reduces the risk of radiological and nuclear threats that could be illegally transported on recreational or small commercial vessels. The pilot will be conducted in close coordination with the U.S. Coast Guard and Customs and Border Protection.

This is just a placeholder to share the new DHS strategy document.  The International Supply Chain Security Strategy was recently shared with Congressional staff and is now available here.

 

I’ll come back to this soon for some comments.  In the meantime, enjoy the read.

DHS – through the Domestic Nuclear Detection Office – is starting to test and evaluate equipment focused on the blind spots around the shipment of containerized cargo.  While this effort satisfies Section 121(i) of the SAFE Port Act of 2006, it also reflects proposals made by the Homeland Security Advisory Council in 2005 when it’s Task Force on Preventing Weapons of Mass Effect explained the importance of adopting a layered prevention strategy.  Intermodal chokepoints served as key examples for the Task Force’s argument.  Specifically, the gaps in scanning and other preventive measures needed to be in place when a target item (i.e. cargo container) transferred one conveyance (boat) to another (rail).  The Task Force considered this next layer a “critical deficiency” that required the Department’s attention.The DNDO announced yesterday that: 

The U.S. Department of Homeland Security (DHS) will soon begin conducting multiple projects in the Port of Tacoma, Wash., to evaluate technology and concepts of operations for radiation detection that will scan cargo at various points in transfer from ship to rail.  By establishing a Rail Test Center (RTC) at the port, DHS will identify and evaluate radiological and nuclear detection solutions for intermodal rail port facilities that can be used across the country.

A major recommendation and recurring theme from the Nuclear Defense Working Group at the Center for the Study of the Presidency held that detection efforts were strongest when targets were in motion or under scrutiny already (i.e. cargo was only screened when checked, registered, or loaded, and usually at only one of those points).  Containers and other targets at rest were a glaring weakness, according to the NDWG, in need of innovative solutions that did not include scattering expensive scanners over every square inch of an airport or seaport.  The same DNDO announcement reminded me of that recommendation with this detail:

Projects being considered for further evaluation at the RTC include scanning cargo on the dock, during transport to the rail yard, entering the rail yard, in the container storage stack, during train assembly, and as the train leaves the port.

These are promising efforts, albeit nascent ones.  These are also only one part of the broader effort to reduce the threat of smuggled nucs.  Let’s hope the non-proliferation and Nunn-Lugar-type programs get the same attention.  More on that can be found at Jeffrey’s ArmsControlWonk.com.

Spencer Hsu and Renae Merle write in today’s Washington Post that the U.S. Coast Guard responded to Congressional frustration over the failure of a consortium of contractors to deliver on the $24 billion modernization program called Deepwater.  Among other disappointing developments under Deepwater, a clear necessity for providing the USCG part of what it needs to carry out a growing list of HLS missions, the new cutters built by consortium leads LockheedMartin and Northrop Grumman don’t float.  $100 million a piece, they’ll never be used. 

Failures prompted the House Transportation and Infrastructure Committee leadership yesterday to call for the Justice Department to open a civil and criminal investigation into Deepwater.  As a result of this restructuring of Deepwater, Coast Guard must reissue a 43-month extension of the contract. About $2.3 billion has been committed to the program so far, and the second phase is reported by Hsu and Merle to be worth $2.5-$3 billion.

Perhaps we should’ve seen it coming.  Last August, the DHS IG issued his warning about the program’s execution.  IG Skinner cited “limited oversight as well as unclear contract requirements,” which prevented DHS/USCG from “ensur[ing] that the contractor is making the best decisions toward accomplishing Deepwater IT goals.”  Hmm.  Do we blame the requirements, the agency, or the contractor?  The Washington Post’s Steve Kelman wrote an insightful analysis explaining diff’rent strokes for different IGs by suggesting an ideological posture that may decide how this question is ultimately answered.

And it looks like it may be answered soon enough: Tomorrow’s hearing (4/18) before the House Transportation and Infrastructure Committee at 2:00 p.m. in 2167 Rayburn is entitled “Compliance with Requirements of the Coast Guard’s Deepwater Contract.”  For a witness list, click here.

– Special Note –

Please keep the families and friends of the victims of yesterday’s shootings at Virginia Tech in your thoughts. VT student bloggers commenting on the shooting were highlighted here.  More on this issue is available.  -CZ

DHS released a document today that provides an overview of the FY 2007 infrastructure grant programs at DHS, covering five distinct programs for port security, transit security, truck security, bus security, and buffer zone protection. As was the case with last week’s urban area grants, the port and transit grants allocations are broken up into distinct risk tiers, within which “Tier 1″ high-risk areas will receive approx. 83% of the transit security funding and 60% of the port security funding. Looking at the document, it appears that nearly every Tier 1 transit system or port will receive a significant increase in funding, with the exception of the Louisiana ports. The San Francisco Bay Area ports are up for an especially large increase, from $1.2 million in FY06 to $11.2 million in FY07, a decision that reverses what was a drastic cut in 2006.

Within these programs, Tier 2, 3, or 4 transit systems and ports will have to compete for their allocations from smaller fixed pools of funds. This could lead to cities that were likely on the borderline between Tier 1 and Tier 2 having lower levels of grant funding in 2007, e.g. Seattle’s transit system and the Ports of Baltimore and Charleston.

DHS deserves strong kudos for releasing this document in January, relatively early in fiscal year 2007. By comparison, in FY 2006 this document was not released until the very last week of the fiscal year, a delay that was detrimental to the ability of these transportation systems to manage security activities. Hopefully this is a sign of an better-managed grants process at DHS.

I’ll add a link to the transcript of the press conference announcing these grants when it becomes available.

Update (1/10): The transcript of the press conference is available here. And detailed guidance documents on the port security and transit security grant programs are available here.

Yesterday TSA released the final regulations for the Transportation Worker Identification Credential (TWIC) program, following 7-8 months of consultation and negotiation with the impacted stakeholders. The complete final rule is available at this link. The New York Times summarizes the regs, and stories by the AP and Washington Technology notes the high fees associated with the mandatory program.

Now that the regs have been finalized, DHS is expected to begin enrolling people in TWIC in March of this year. And a great deal of work is still needed to develop and install TWIC card readers, an issue that was somewhat sidestepped during the rulemaking process.

The Congressional Research Service published a new report last week looking at the Coast Guard’s Deepwater acquisition program:

RL33753: Coast Guard Deepwater Program: Background, Oversight Issues, and Options for Congress, December 18, 2006

It’s a useful overview of the Deepwater program, which has been subject to a growing amount of media and watchdog scrutiny in recent weeks.

The full HLS Watch collection of CRS reports is available here.

The Port Authority of New York and New Jersey issued a press release today summarizing the recommendations of a port security taskforce that they’ve convened over the past year. The key recommendations:

• The adoption of federal legislation sanctioning minimum mandatory cargo security standards that use innovative technology and business practices to monitor every cargo shipment.
• The presidential appointment of a National Port and Cargo Security Director, reporting to the Director of Homeland Security, who has ultimate responsibility and accountability for coordinating port and cargo security activities throughout the various federal agencies as well as the international community.
• Establishment of a nationwide “Port Security User Fee,” not later than January 1, 2008, dedicated exclusively to U.S. ports based on size, cargo volume and risk. This fee would be used to offset capital and operating costs incurred by port facility owners/operators associated with security installations and operations.
• Establish response and recovery plans that are unique to the regional environment of each U.S. port, allowing individual ports to return to “normal business” as efficiently as possible after a disaster. Mandate and conduct annual exercises that test the quality of each port’s response and recovery plans.
• Adopt federal legislation that requires every regulated maritime facility and Coast Guard Captain of the Port to implement a comprehensive risk-management plan that will form the basis for resource allocation decision making, similar to the protocols for other state, urban area and mass transit funding.

It’s unclear whether these recommendations are part of a larger task force report; if so, I don’t see it yet on the PANYNJ website. But I’ll post an updated link if one appears.

Update (1/4/07): Here’s the full task force report.

The last chapter of the Dubai Ports World (DPW) brouhaha unfolded earlier today, with DPW announcing the sale of their American port assets to an investment arm of the insurance company AIG. While there were undoubtedly concerns with the initial deal that the federal government struck with DPW in the initial CFIUS review of their purchase of P&O Ports (see my initial concerns here), these issues were manageable, and the political melee in February and March following this announcement inappropriately vilified the company. And since that time, DPW has proven its mettle as a world leader in port and supply chain security, becoming the first company in the world certified to meet the ISO 28000 supply chain security standards and just this week earning praise from a Democratic Congressional delegation examining their operations in the Dominican Republic. While this story had a silver lining - a new political focus on port security that led to the passage of the SAFE Port Act - it was also ultimately unfair to DPW, a reality that can’t be reversed, but one that hopefully will lead to more sober responses the next time that a story like this appears on the political radar.

The New York Times and the Washington Post published stories yesterday and today criticizing the Coast Guard’s Deepwater program, which is managed by a Lockheed Martin and Northrop Grumman joint-venture, Integrated Coast Guard Systems. There are a number of disturbing details in these two stories about the management of this project, for example:

Facing a shortage of patrol boats, the contractors and the Coast Guard decided to speed development of a larger ship, the Fast Response Cutter. The hull was to be built from glass-reinforced plastic, known as a composite, something never tried on a large American military ship.

While acknowledging that it might cost much more to build the 58 planned cutters with composite hulls instead of steel, Northrop and Lockheed claimed the boats would last longer and require less maintenance, saving money over the long run.

Coast Guard engineers again were doubtful that Northrop’s design would work, citing concerns about weight, hull shape and fuel consumption. The Coast Guard also found inconsistencies in the cost data Northrop used to justify the new hull.

One former Northrop executive said the company was pushing the plan not because it was in the best interest of the Coast Guard, but because Northrop had just spent $64 million to turn its shipyard in Gulfport, Miss., into the country’s first large-scale composite hull manufacturing plant for military ships.

“It was a pure business decision,” said the former executive, who disagreed with the plan and would speak only anonymously for fear of retribution. “And it was the wrong one.”

That became clear when a scale model of the Fast Response Cutter was placed in a tank of water — and flunked the test. After three years and $38 million, Northrop Grumman’s plan was suspended.

The Coast Guard clearly needs this new generation of ships and equipment. But these types of procurement screw-ups are unacceptable. Hopefully Coast Guard Commandant Thad Allen will take aggressive action to remedy these issues in the coming months (something that the NYT story suggests).

The Departments of Homeland Security and Energy held a joint press conference today announcing plans to initiate a set of pilot projects in six foreign ports to test new ways to enhance the scanning of outbound cargo containers. This announcement responds to a requirement in the SAFE Port Act for DHS to carry out a set of pilot projects labelled the “Pilot Integrated Scanning System” to test the feasibility of integrated scanning systems akin to Hong Kong’s Integrated Container Inspection System (ICIS).

The pilots will take place in ports in Honduras, Oman, Pakistan, Singapore, South Korea, and the United Kingdom, and the project is expected to cost $60 million in FY 2007. Several news reports in the last hour have noted that Dubai Ports World controls several of the ports involved in the pilots, a fact that I don’t find surprising or troubling, given their global market share and their recent leadership on security issues, exemplified by the fact that earlier this year they became the first company to comply with new ISO supply chain security standards (ISO 28000.01).

The DHS press release labels this project as the first phase of the Secure Freight Initiative, a term of art that originated in Sec. Chertoff’s Second-Stage Review speech in July 2005 and which DHS has subsequently struggled to define. This vision for the Secure Freight Initiative is different from the original vision in that speech, in which Chertoff defined Secure Freight as an effort to “gather, fuse and assess more complete data from the global supply chain to develop a more accurate profile of the history of cargo in any given container.” This is, however, partially consistent with Dep. Sec. Jackson’s vision for Secure Freight as articulated in Congressional testimony in April 2006.

Overall, I think this is an important initiative, one that could help to redefine the cargo security paradigm within the next few years. It’s not a panacea, but if these pilots work then they will make a substantial improvement to global supply chain security.

Update (12/7): Here’s the transcript from the event earlier today.

The LBJ School at the University of Texas recently published a report entitled “Port and Supply-Chain Initiatives in the United States and Abroad,” a compendium and analysis of existing activities in this area on a global basis. The report received media attention recently in this DC Velocity article.

The first half of the report looks at broad supply chain and port security topics, such as the ISPS code, the MTSA, C-TPAT, and the World Customs Organization SAFE Framework. These chapters feature the results of interviews with key stakeholders, which highlight the ongoing challenges associated with implementing these rules and programs. For example, the report notes how the lack of uniformity and clear standards in the implementation of the ISPS code has led to a situation where investments have low efficiencies of scope and are therefore difficult to justify.

The second half of the report consists of case studies of security initiatives at ports in Santos, Brazil; Marseille, France; Hong Kong; Jawaharlal Nehru, India; Veraruz, Mexico; Rotterdam, the Netherlands; and Durban, South Africa. These case studies are the most interesting part of the report, describing the challenges that these seven very different ports have faced in implementing the ISPS code and (in some cases) the Container Security Initiative into their operations. The case studies paint a picture of a maritime trade system that, while vastly more attentive to security matters today, is still struggling to make security a normal and routinized part of its operations. The descriptions of the developing country ports are particularly worth reading, as a way to better understand the practical challenges and limitations of implementing high-tech security tools in environments that rely upon informal and/or non-automated standard operating procedures.

On a personal note, I was also glad to see the white paper I co-authored for IBM on Global Movement Management last year summarized on page 66 of the report.

Overall, a very good report and a useful addition to the public body of knowledge about port and supply chain security.

The latest issue of the Journal of Commerce has an interesting article that profiles a new risk assessment tool used by the Coast Guard to assess maritime security-related threats. From the article (available by subscription only):

No one will dispute that the government lexicon is jargon-happy, and the Coast Guard has coined some doozies. One of the newest acronyms is the Maritime Security Risk Assessment Model, or MSRAM, which is rapidly becoming one of the agency’s premier risk-management tools.

The Coast Guard launched MSRAM last spring, and by the end of summer, the whole national inventory of freight and cargo terminals, bridges, tunnels and other port infrastructure had been given new, improved risk scores. When the Department of Homeland Security handed out $168 million in port security funds in September, the MSRAM score counted for 25 percent of an applicant’s total score. Future grant rounds are as likely to depend on MSRAM results.

Officials said that the MSRAM will make risk assessment more consistent among ports. It replaces the Port Security Risk Assessment Tool, or PSRAT, which that was introduced after the Sept. 11, 2001, terrorist attacks.

….MSRAM is a computer program that is based on the Coast Guard’s triangle of risk management: threat — vulnerability — consequence. For each port facility or “asset,” the program walks the user through the process of identifying threats to the asset, its vulnerability to attack and the consequences of an attack. With that information, MSRAM computes a numerical score that represents the risk posed by a terrorist attack on that particular asset. The numerical scores are classified. On the one hand, assessing threat requires the use of national intelligence. On the other hand, the Coast Guard doesn’t want to say which facilities are vulnerable.

This seems to be unambiguously an improvement on earlier risk assessment methodologies, and is a positive sign that DHS, despite occasional setbacks, is gradually getting better at the difficult task of risk assessment.

To find out more about the MSRAM, there’s a scattering of information on the internet about it. Perhaps the most useful explanation of it is found in this Naval Postgraduate School master’s thesis by a Coast Guard officer on vulnerability assessment of maritime infrastructure, a document that includes this chart that summarizes the methodology:

For additional info, see the chapter entitled “Safely Securing U.S. Ports” in this issue of the Coast Guard’s Proceedings magazine and this GAO report from earlier in 2006 which mentions it several times.

RAND released a report on Monday entitled “Maritime Terrorism: Risk and Liability” which provides a comprehensive qualitative risk assessment of terror threats in the maritime domain (including container shipping, cruise lines, and passenger ferries) and discusses issues related to civil liability in maritime terrorism. The press release for the report highlights some of its key conclusions:

Cruise ships and ferry boats need more protection against terrorist attacks that could kill and injure many passengers and cause serious financial losses, according to a new RAND Corporation report.

“Attacks on cruise ships and ferry boats would meet the interrelated requirements of visibility, destruction and disruption that drive transnational terrorism in the contemporary era,” said Peter Chalk, one of the report’s co-authors. “Recognizing this is essential to any comprehensive regime of maritime security.”

The report concludes it is not adequate to base maritime counterterrorism efforts only on increasing port security and the security of cargo container ships, rail cars and trucks that transport goods into and out of United States ports.

“Focusing solely on securing the container supply chain without defending other parts of the maritime environment is like bolting down the front door of a house and leaving the back door wide open,” said Henry Willis, a RAND researcher and a co-author of the report.

The study by RAND, a nonprofit research organization, also says a maritime terrorist attack is likely to create complicated liability issues that will slow efforts to compensate victims of an attack.

“We need to examine closely the challenges that a maritime attack would create for our civil justice system,” said Michael Greenberg, another of the report’s authors. “Tort liability is supposed to compensate victims while providing appropriate security incentives for firms. But ambiguous liability standards in the maritime terrorism context raise the prospect that the civil justice system may neither be effective as a compensation mechanism, nor in generating clear incentives for the private sector.”

Overall, it’s a useful and relevant study, in particular the threat assessment in Chapter Two. You can download the full report at this link.

The SAFE Port Act will be signed into law this morning at the White House. The final bill ended up being something of a mess, with provisions related to emergency mobile communications and online Internet gambling tacked onto it in the conference process, because the bill was one of the last trains leaving the station before the election. It’s also notable that all but one (Sen. Baucus) of the Democratic conferees from the Senate apparently did not agree to the final conference report - their names are not found at the end of it - perhaps because of the attachment of these unrelated measures to the final bill.

But the core of the bill - the part that focuses on port and cargo security - remains solid, and will play a strong and positive role in improving port and cargo security in the United States and around the world. It will strengthen existing programs such as CSI and C-TPAT. It will spur DHS to move forward on cargo security standards and new screening technologies. It will authorize funding for key programs. And it will drive DHS towards a more strategic approach to port and cargo security, aligning the motley assortment of programs that exist today into a coherent, interconnected strategy.

All of these outcomes will, at the margins, make our ports and seaways more secure - and for that, the members of Congress can be proud of their work on this bill. It’s a shame that it wasn’t possible for the Congress to apply the same bipartisan, fact-driven ethos to their work on chemical plant security this year, but hopefully DHS will take the limited mandate they’ve been given and use it aggressively and expediently.

The Department of Homeland Security announced its FY 2006 allocations for the port, transit, and intercity bus homeland security grant programs, as detailed in this document. Looking at the allocations, it’s possible to detect a handful of trends:

• Ports with extensive petrochemical assets, primarily along the Gulf Coast, made out very well in the allocations. The eight ports in Texas and Louisiana received funding totaling $57.7 million - approx. 1/3rd of the total allocation.
• New York’s funding increased sharply, from $6.6 million in FY 2005 to $25.7 million in FY 2006 - not surprising given the fallout from the general grant allocations in June.
• Ports in California made out poorly in the allocations. LA/Long Beach’s funding was halved from $24 million to $12 million, and other major ports - Oakland, San Diego - received little or no funding (a fact not lost on the Contra Costa Times).
• Chicago, somewhat surprisingly, received a large allocation of $11.5 million, after have received less than $2 million in all previous rounds of port security grants combined.

A likely general explanation for these decisions, I would expect, is that certain ports (e.g. LA / Long Beach) have already made extensive investments in security, and DHS is spreading funds to a second tier of ports who have not received funding in previous rounds and are insufficiently protected by comparison and have higher “need” scores.

The Congressional Research Service recently published an updated version of a report that looks at pending Congressional issues related to the Coast Guard:

RS21125: Homeland Security: Coast Guard Operations -Background and Issues for Congress, Updated September 12, 2006

The full Homeland Security Watch collection of CRS reports is available here.

On Thursday I was in Manchester, New Hampshire to attend the New England and Eastern Canada Cargo Security Symposium, a regional conference focused on supply chain security. The group of people behind the conference have been working on these issues for more than five years, and were the original folks behind Operation Safe Commerce, before DHS created a new program with the same name that has spent tens of millions and whose results have never been officially publicized.

Instead, the leaders of this group have taken a grassroots approach to addressing the challenges of container security, operating on the cheap in comparison with similar federal projects and organizing in an open, collaborative manner, across formal jurisdictional boundaries. At the event, the organizers presented the results of their latest pilot tests of container security technology, which had been executed in partnership with Lawrence Livermore National Laboratory, which I thought offered a valuable contribution to the body of knowledge on the technical challenges of container security. (I’ll post an updated link to the findings if/when it shows up online; meanwhile, here are two earlier reports from 2005).

This model of homeland security R&D is exactly what’s needed in greater quantities today. The traditional large-scale models from the aerospace and defense world are appropriate for some homeland security challenges, but in many areas what’s needed is the competition of ideas among numerous small, nimble groups. HSARPA within DHS S&T has funded some activities that fit this mold. But too often, small, creative groups akin to this team in New Hampshire are inadequately or inconsistently funded.

At long last, the Senate approved the port security bill this afternoon, by a unanimous 98-0 vote, as noted in this Reuters story. The bill will now need to be reconciled with the House’s version of the legislation, but this should be a quick and feasible process, given the fact that both pieces of legislation were bipartisan in nature and similar in their key provisions.

For those who care about the nation’s port and cargo security, today is a good day, one that will finally provide strategic oversight and guidance from Congress on these issues. And for those who believe that we need to address our nation’s homeland security challenges in a truly bipartisan manner, as I do, this is a very good day. This final legislation is a model for how Congress should act on all matters pertaining to homeland security, with politics stopping at the water’s edge and legislation based on sober assessments of threat, vulnerability, feasibility, and resources. Those Senators who supported this legislation prior to Dubai Ports World brought this issue to the spotlight - notably Senators Collins, Murray, Coleman and Lieberman - can be proud today of their leadership on this issue in the Senate.