Homeland Security Watch

Although we can say with near certainty that new outbreaks of disease and catastrophic natural disasters will occur during the next several years, we cannot predict their timing, locations, causes, or severity.  We assess the international community needs to improve surveillance, early warning, and response capabilities for these events, and, by doing so, will enhance its ability to respond to manmade disasters.

The intelligence chief’s comments regarding the Iranian threat were considerably more circumspect, “We assess Iran is keeping open the option to develop nuclear weapons, in part by developing various nuclear capabilities that better position it to produce such weapons, should it choose to do so.  We do not know, however, if Iran will eventually decide to build nuclear weapons.”

Yet Senators, the media, and perhaps General Clapper himself gave much more attention to the possible Iranian threat than the probable threat of natural catastrophe and pandemic.  The front page headline in the Washington Post was “U.S. spy agencies see new Iran risk.”

The same day the DNI was testifying on Capitol Hill, Mike Dunaway was making a presentation to a FEMA-hosted audience in Harrisburg, Pennsylvania.   In late 2008 and early 2009 a reasonable sample of  respondents answered a series of questions regarding their perceptions of relative threats to continuity of private sector operations, profitability or survival.

A couple of the survey findings stood out for me: Among 19 threats identified, the lowest perceived threat was “geologic disaster (earthquake, mudslide, volcanic action)”.  The survey was conducted prior to the earthquake-and-tsunami in Japan and none of the respondents were in California.   Perceptions will vary by time and place.

Also low on the list of threats was “interruption in supply or delivery chain.”   Several firms reeling from the loss of Japanese and Thai suppliers might answer differently.  But I don’t doubt the survey findings reflect general attitudes.  (Dr. Dunaway’s dissertation is chock-full of interesting findings.)

As addressed in two posts last Thursday and Friday, the President has signed-out a National Strategy for Global Supply Chain Security.  I appreciate Alan Wolfe and Bill Cumming commenting here on the posts.  Most friends, colleagues, and perhaps an adversary or two, decided to communicate more privately.  Below are a sample of the comments received.

“Just words on paper, very unlikely to really influence supply chain policy.”

“Despite a bow to resilience, this is a security strategy.”

“Lots of cargo and logistics talk, not much recognition of how the supply chain is really something new and different.”

“Though better than the earlier draft, it still seems to be mostly focused on security and less on resilience. However, I know from direct experience it is not easy to write about resiliency, and perhaps being secure is one of the first parts of being resilient.”

“Stalking horse for new (costly) regulations.”

“While it is a national strategy, it feels quite federal/global to me. I’m not sure if many state and/or local folks could conceive how they could contribute to helping realize the goals outlined. It is my belief that a resilient supply chain, like many things, starts and ends in localities around the world.

“C-suites will ignore and deploy their minions to be sure “efficiency” always trumps “resilience,” no matter how inefficient it may be to have a catastrophic collapse of supply chains.”

“The private sector is paramount. It seems to me that much, though certainly not all, of the role of government will be to encourage, support, oversee and in some instances force the private sector to do things. Left to themselves, I think other forces will drive the private sector to not do some of what has to be done to reduce risk and enhance resiliency.”

“To give this the status of a presidential strategy is sort of amazing. It’s made me stop to think. But I feel a bit like a Catholic must feel when it’s announced the Pope has convened a major meeting on an aspect of doctrine I had really never thought of before.”

“What am I supposed to do? I don’t know enough about supply chains to even start a conversation with private sector peers. Besides which private sector peers? These are not the security and EM guys I usually work with.”

“(The strategy is) better than I would have bet. But while behind closed-doors the operators agree it is a real issue, how do you convince CEOs, CFOs, and Boards of Directors? Japan didn’t persuade. Thailand didn’t persuade. White House stationary is easy to ignore. The only things these masters-of-the-universe understand is a swift kick in you know where… and by then it will be too late.”

Perceptions will vary by time and place.  But there is a strong tendency to give more attention to external threats than internal vulnerabilities.  There is more concern regarding possible evil intent elsewhere than accident, neglect, and denial close at hand. We see the splinter in the eye of the other much more quickly than we recognize the log in our own eye.

Yesterday at the World Economic Forum in Davos, Switzerland Secretary Napolitano unveiled the new National Strategy for Global Supply Chain Security (1.5 megabyte PDF).  The President signed-out the document on Monday.

The strategy offers two goals:

Goal 1: Promote the Efficient and Secure Movement of Goods – The first goal of the Strategy is topromote the timely, efficient flow of legitimate commerce while protecting and securing the supply chain from exploitation, and reducing its vulnerability to disruption. To achieve this goal we will enhance the integrity of goods as they move through the global supply chain. We will also understand and resolve threats early in the process, and strengthen the security of physical infrastructures, conveyances and information assets, while seeking to maximize trade through modernizing supply chain infrastructures and processes.

Goal 2: Foster a Resilient Supply Chain – The second goal of the Strategy is to foster a global supply chain system that is prepared for, and can withstand, evolving threats and hazards and can recover rapidly from disruptions. To achieve this we will prioritize efforts to mitigate systemic vulnerabilities and refine plans to reconstitute the flow of commerce after disruptions.

In my judgment we are much closer to achieving “efficient and secure movement” than we are to a “resilient supply chain”.  The new strategy could help with each, but the tougher task will be the effort “to mitigate systemic vulnerabilities.”

On January 11 the Wall Street Journal reported,

After a decade of streamlining their supply chains to make them less costly, the natural disasters and political upheavals that marked 2011 showed many multinational companies just how vulnerable those links have become.

A senior supply chain executive recently told me (clearly depending on me to protect his name and the name of his firm), “We have several known choke-points. I’m sure there are many more we don’t know about.  It won’t take a major disaster to disrupt supply, just a couple of unusual, probably simultaneous accidents.  I think — hope — there would be a similar impact on our competitors.  But that doesn’t help our consumers.”

“There are ways to mitigate our risk, but they’re all expensive,” another executive explains.  ”And for the last decade and the foreseeable future the lower cost of US supply chain management has been our principal economic advantage.  We’re much better than the Europeans, tons more efficient than the Chinese.  Increase supply chain costs and we lose just about the only advantage the US has left on most commodity trading and even a broad range of high-end specialty goods.”

Again from the Wall Street Journal:

Justifying redundancies is one of the toughest aspects of managing a supply chain, because backstopping doesn’t pay off unless there is a disaster. When CFOs ask about the return on such investments, the answer is, “If we’re lucky, absolutely zero return,” says Sean Cumbie, vice president in charge of global supply-chain management at genetics-testing company Qiagen NV, based in Germany.

The new strategy makes a glancing reference to “appropriate redundancy” which, for most supply chain executives, is like discussing the practical difference between manslaughter and murder.   Whatever you call it, the outcome ain’t pretty.

The senior supply chain guys (and a few gals) are the pioneers of the field.  In the last twenty years they have transformed the known world.  Not just the supply chain world, but the everyday world of billions of consumers.  Today the supply chain is faster, cheaper,  delivers much higher quality with much more assurance and transparency than a quarter century ago.

On most days the supply chain is also stronger, more flexible, and better at handling a range of emergencies and disasters.

But what we saw in Northeast Japan and Thailand has exposed a parallel reality.  Like all networked systems, risk tends to pool in unexpected ways and often unexpected places.  What if the earthquake-and-tsunami had hit the economic heartland of Tokyo and Osaka, instead of the Tohoku periphery?  What’s would the outcome be if  instead of Thai flooding it was an earthquake in San Francisco and down the east side of Santa Clara County?  What happens if the Port of Long Beach is seriously disrupted for an extended period?  What if cyber-vandals — or economic or national or terrorist adversaries –seriously target the digital systems on which the modern supply chain absolutely depends?

In a report — “New Models Addressing Supply Chain and Transport Risk” (7 megabyte PDF) —  released Tuesday, the World Economic Forum found:

Supply chain and transport networks have continuously evolved to deliver capacity, speed, efficiency and customer service through organizational trends such as globalization, specialization, volume consolidation and information availability. The focus on cost optimization has highlighted the tension between cost elimination and network robustness – with the removal of traditional buffers such as safety stock and excess capacity. These developments have shifted risk distributions…(while) their effects have often included sharing risk more broadly around the world, reducing high-frequency risks and focusing risk within sectors, common technologies or nodes. Another common feature has been to disassociate risk from responsibility, misaligning incentives and creating moral hazards – the notion that a party that is insulated from risk will behave differently from how it would behave if it had full exposure to risk.

Most supply chain managers I know tend to discount low frequency, high consequence risks (see related post).  They discount this kind of risk because over the last twenty years they have become true masters of risk management.   They also discount high impact risks because their CEO’s, Boards of Directors, and shareholders reward them for squeezing every possible penny out of supply chain costs.  They discount catastrophic risk because their creation — the modern supply chain — has never experienced a fundamental systemic failure.

Yet.

Many supply chain executives have become what economists sometimes call “risk preferers”, they have learned to maximize their return by skating with great style, grace, and confidence along the edge of chaos.   Each day they become more adept at mastering the chaos.   Is the experienced supply chain executive a sorcerer or  sorcerer’s apprentice?

The new National Strategy is the starting point for a collaborative process of discussion, analysis, and policy development.  It seeks to “develop a culture of mutual interest and shared responsibility” across government and the private sector.  It’s the right goal.  It’s the right way to pursue the goal.

It is a very ambitious goal.

Earlier today the President signed out and the Secretary of Defense released new strategic guidance for the Department of Defense. Following are my quick-takes on those aspects of the document  most closely related to homeland security.

Page 1:

The demise of Osama bin Laden and the capturing or killing of many other senior al-Qa?’ida  leaders have rendered the group far less capable. However, al-Qa?’ida and its affiliates remain active in Pakistan, Afghanistan, Yemen, Somalia, and elsewhere. More broadly,violent extremists will continue to threaten U.S. interests, allies, partners, and the homeland.The primary loci of these threats are South Asia and the Middle East. With the diffusion of destructive technology, these extremists have the potential to pose catastrophic threats thatcould directly affect our security and prosperity. For the foreseeable future, the UnitedStates will continue to take an active approach to countering these threats by monitoring theactivities of non-state threats worldwide, working with allies and partners to establishcontrol over ungoverned territories, and directly striking the most dangerous groups and individuals when necessary.

Page 2:

In the Middle East, the Arab Awakening presents both strategic opportunities and challenges. Regime changes, as well as tensions within and among states under pressure toreform, introduce uncertainty for the future. But they also may result in governments that,over the long term, are more responsive to the legitimate aspirations of their people, and aremore stable and reliable partners of the United States.Our defense efforts in the Middle East will be aimed at countering violent extremists anddestabilizing threats, as well as upholding our commitment to allies and partner states.

Page 3:

To enable economic growth and commerce, America, working in conjunction with allies and partners around the world, will seek to protect freedom of access throughout the globalcommons ?– those areas beyond national jurisdiction that constitute the vital connective tissue of the international system. Global security and prosperity are increasingly dependent on the free flow of goods shipped by air or sea. State and non-state actors pose potential threats to access in the global commons, whether through opposition to existing norms orother anti-access approaches. Both state and non-state actors possess the capability and intent to conduct cyber espionage and, potentially, cyber attacks on the United States, with possible severe effects on both our military operations and our homeland. Growth in the number of space-faring nations is also leading to an increasingly congested and contested space environment, threatening safety and security. The United States will continue to lead global efforts with capable allies and partners to assure access to and use of the global commons, both by strengthening international norms of responsible behavior and by maintaining relevant and interoperable military capabilities.

Page 4:

Acting in concert with other means of national power, U.S. military forces must continue to hold al-Qa?’ida and its affiliates and adherents under constant pressure, wherever they may be. Achieving our core goal of disrupting, dismantling, and defeating al-Qa?’ida and preventing Afghanistan from everbeing a safe haven again will be central to this effort. As U.S. forces draw down in Afghanistan, our global counter terrorism efforts will become more widely distributedand will be characterized by a mix of direct action and security force assistance. Reflecting lessons learned of the past decade, we will continue to build and sustain tailored capabilities appropriate for counter terrorism and irregular warfare. We will also remain vigilant to threats posed by other designated terrorist organizations, such as Hezbollah.

Page 5:

Accordingly, DoD will continue to work with domestic and international allies and partners and invest in advanced capabilities to defend its networks, operational capability, and resiliency in cyberspace and space….

U.S. forces willcontinue to defend U.S. territory from direct attack by state and non-state actors. We willalso come to the assistance of domestic civil authorities in the event such defense fails or in case of natural disasters, potentially in response to a very significant or even catastrophic event. Homeland defense and support to civil authorities require strong,steady?–state force readiness, to include a robust missile defense capability. Threats to the homeland may be highest when U.S. forces are engaged in conflict with an adversary abroad.

Page 6:

The nation has frequently called upon its Armed Forces to respond to a range of situations that threaten the safety and well-being of its citizens and those of other countries. U.S. forces possess rapidly deployable capabilities, including airlift and sealift, surveillance, medical evacuation and care, and communications that can be invaluable in supplementing lead relief agencies, by extending aid to victims of natural or man-made disasters, both at home and abroad. DoD will continue to develop joint doctrine and military response options to prevent and, if necessary, respond to mass atrocities. U.S. forces will also remain capable of conducting non-combatant evacuation operations for American citizens overseas on an emergency basis.

You may see more.   The document includes considerable attention to WMD and cyber threats not excerpted above.

I had an opportunity last week to travel on the nation’s largest ferry system.

The Washington State ferry system carries almost 23 million people per year.  It is the third largest ferry system in the world.  (I think British Columbia has the second largest system, and Sydney, Australia the first.)

While I was waiting at one of the terminals, I noticed a sign that said the facility was at Maritime Security (MARSEC) level 1: “the level for which minimum appropriate security measures shall be maintained at all times.”

I saw maybe five Washington State Troopers walking outside the terminal.  Two of the troopers had dogs with them as they walked between the vehicles waiting for the ferry.

I saw several signs inside the terminal reminding passengers to be alert for things that looked out of place.

I saw another sign that read “Bags without people don’t make sense.”

That sign was a little difficult to read.  It was hidden behind a vending machine that sold lottery tickets.

I would like to think some of the money the state makes from selling lottery tickets goes to pay – in part –  for the security at the terminal.

Blocking the “See Something – Say Something” poster with a tax revenue generating activity may be the homeland security equivalent of the self-licking ice cream cone.

Editorial note: Last evening John Comiskey posted the following as a comment to my Thursday post (immediately below this post).  Without receiving his permission, I am moving John’s comment to today’s front page.  If you have read John’s prior comments you know he serves with the NYPD and is also with the Coast Guard Reserve.  John is currently deployed with the USCG to the Gulf of Mexico.  Full disclosure, John and I both serve on the faculty of the new Pace University graduate program in management for public safety and homeland security professionals.  We have met each other precisely once, at a Spring faculty meeting.

–+–

Your Grandpa sounds like a wonderful man. I imagine that he too would be overwhelmed and even frustrated by the levels of bureaucracy and particularly the federal government’s grant strategy (get the locals to do what you want by footing some or the entire bill). “All politics are local and most times federal too” might be the old “all politics are local.”

That being said, it sounds like your grandfather would have found a way. Bennet’s axiom “People are discouraged, encourage them,” should be a homeland security and preparedness mantra.  The obvious – helping people – seems within our grasp, but eludes us all too often.

Homeland security and preparedness are a Pandora’s box of sorts (privacy intrusions, challenges to rights & privileges, economic costs, and others things that are not so nice). But, we need to remind ourselves that the original Pandora’s Box also offered hope.

Today, I heard a Coast Guard Commander refer to Deepwater Horizon as the Coast Guard’s Afghanistan.

The “long spill,” Deepwater Horizon, like the long wars in Afghanistan and Iraq require fortitude, patience, understanding, and hope. Somebody said “hope is not a plan.” Just the same I will keep on hoping and praying for the best whilst I prepare for the worst.

The emotional toll to Gulf residents, government workers, and cleanup volunteers warrants consideration and is bound to be high. The days ahead present three overarching challenges: stopping the spill, extracting the maximum amount of oil feasible, and mitigating the damage. The current forecast of 23+ storms with a 50% chance of a significant storm make that challenge all the more challenging –or might clean most of the mess up -mother nature is most resilient.

I have come to know some of the people of NOLA and have found them to be concerned but going about their business best they can. They talk a lot of football. LSU and the Saints are dear to their hearts. Last year’s super bowl celebration has continued with the team’s preseason visit to Louisiana communities weary of oil: http://www.npr.org/templates/story/story.php?storyId=127561660

If I remain in NOLA past September, I will likely attend a game. For the record I am a Jets fan. Football players and fans are resilient.

My new colleagues in NOLA poke fun at my New York accent. In turn, I enjoy their nawlins’ colloquialisms. They seem to appreciate my reviews of their restaurants and haunts. So far Acme Oyster House, Tujajues, and Café du Monde top the list. Nothing like football and food to bind people.

I have found that Katrina has left the people of NOLA with doubts in the efficacy of the federal government and particularly FEMA. NOLA’s celebrated relationship with the Coast Guard seems uneasy at best. I am told too little is being done too slowly. That phenomena might be a study in a relationship earned in one disaster (Katrina) only to be lost in another (DWH). Social capital is easier lost than earned.

The USCG is most resilient. It is and always has been a multi-mission organization. Today that mission is clear: ensure and facilitate the RP’s (responsible party) response – in this case BP. That mission will not make the Coast Guard popular.

From my view BP is doing all that it can and is most instances more than that. The American people need to know that without the media hype. BP too is resilient. I imagine someone or some people high in the organization deliberated as to their course of action –cut and run or invest in their enterprise. BP chose the latter. I can’t and won’t speak to BP’s alleged wrongdoing because I don’t know if they were negligent or had a catastrophic industrial accident. I know that matter is being investigated and await the final analysis.

Recovery requires everyone to look past their factions, fights, frustrations, and everything else.

I’m rooting for the people of the Gulf and the United States of America.

Greetings from Munich. The conference here at the University of the Bundeswehr kicked off this week with a fitting representation of the challenges to global supply chain security from the perspectives of allied military and academic business. Michael Ritchie, Director, the USEUCOM Commander’s Interagency Engagement Group opened the conference with VADM Gallagher, Deputy Commander of EUCOM, Dr. Andreas Brieden, Dean of the School of Business, here at the Universität der Bundeswehr München, and Colonel Freitag, Head of the Military Department, at the Universität.

It seems as though IBM and CISCO are the only private sector companies participating in this symposium. Global supply chain security is a concern for military in terms of supply and logistics for their own operations, but also in terms of their obligation to possibly protect private sector supply chains as an attractive target by terrorists or other adversaries. The private sector already deals with numerous risks to our supply chains, which is one reason why IBM sought to be involved in this discussion. I’ll present on GMM this afternoon and my colleague Colm Leonard, Executive Program Manager, Import Compliance & Supply Chain Security, IBM, will present on a panel discussion to review solutions for greater supply chain visibility and security.

We heard yesterday from a number of experts. Most interesting was a presentation by the DHS attaché at the European Union. She is technically a CBP employee and gave a detailed run-down of C-TPAT, Secure Freight Initiative, Container Security Initiative, and other targeting measures to reduce risk in global supply chains in which the U.S. is a major link.

Her counterpart at the EU also presented and described a number of similar programs. Like C-TPAT, the EU grants special status to “Authorized Economic Operators.” Here in Europe, companies can provide greater transparency into their supply chains so that EU authorities can better identify risks to shared links in the global supply chain. The trust shared between the EU and these AEOs is similar to that which is extended between DHS and C-TPAT members.

Wouldn’t it be great if we could merge the membership? That is a goal, but the companies participating in C-TPAT or as AEOs remain concerned about the privacy protections for themselves if proprietary information about their supply chains – arguably major components in their competitive advantages – is shared with other governments that may favor domestic businesses.

Alas, we have a long way to go in this regard. But merely getting the stakeholders in the room is a valuable first step. I’ll post again later with an update on today’s exchange. The more interesting dimensions of this is a working group of which I’m a part. All symposium participants are broken into groups to dive deeper into such challenges as AEO/C-TPAT integration. In my group, I have the CISCO guy, another IBMer who deals with NATO, and military reps from Azerbaijan, Ukraine, Poland, Hungary, Czech Republic, and the U.S.

Today DHS announced a new regulation that requires maritime cargo carriers and importers to submit more data to Customs and Border Protection (CBP) about thier shipments. The goal is to better target risks in the maritime domain with inspections, added screening, security scanning, etc. The private sector must submit the additional information to CBP before vessels and their cargo are permitted to enter the U.S. Small businesses view this as a major setback for their competitiveness – and they have some backing on the Hill.

The Importer Security Filing and Additional Carrier Requirements requires that importers submit an Importer Security Filing (ISF) with the so-called “10+2” data set no later than 24 hours before the cargo is loaded onto a ship destined for the U.S.

Last month, The White House held a meeting with representatives from the private sector and relevant government agencies, including CBP, to discuss the proposed regulation. The meeting, which seems to have been hosted by the White House Office of Management and Budget, was entitled “”10+2″ Importer Security Filing and Additional Carrier Requirements” and took place on October 6. In attendance either by phone or in person were the following:

• Kristy Daphnis OMB/OIRA
• Nelson Garcia Motor & Equipment Manufacturers Assoc.
• Tom Sullivan SBA/Office of Advocacy
• Bruce Lundegren SBA Office of Advocacy
• Peter Friedmann Pac. Coast Council & CONECT
• Ray Bucheger Pac. Coast Council & CONECT
• Bryan Zumwalt National Marine Manufacturers Association
• Shannon Richter OMB
• Bruce Hirsh USTR
• Ted Posner NSC
• Elena Ryan USCBP
• Lorrie Rodbart USCBP
• Chris Pappas USCBP
• Jerry Coleman, Porta-Nails in North Carolina;
• Bill Gullickson, McLaughlin Gormiey King Co in Minnesota;
• Maggie Smith, Coppersmith, Inc. in California;
• Linda Wood, Bennett and Company in Massachusetts;
• Roger Clarke, Williams Clarke Company, Inc. in California;
• Robin Grove, Masterpiece International in California;
• Anne Marie Bush, Veritrade International in Washington;
• Karen Kenney, Liberty Internationai in Massachusetts;
• Silvia Scherer, Trade Tech Inc. in Washington; and
• Patricia Hainline, George S. Bush Co. in Oregon.

Congresswoman Valezquiez, Chairwoman of the Committee on Small Business, wrote a letter to OMB Director Jim Nussle explaining that CBP has failed to meet its obligations under the Regulatory Flexibility Act (“RegFlex”) to “properly analyze the economic impact of the 10 + 2 Rule on small entities.” RegFlex was enacted to limit disproportionate burdens on small businesses and entrepreneurs facing industry-wide regulations.

To accomplish this, RegFlex mandates that federal agencies conduct an analysis with a “description of any significant alternatives to the proposed rule which accomplish the stated objectives of applicable statutes and which minimize any significant economic impact of the proposed rule on small entities.” CBP has stated that it “does not identify any significant alternatives to the proposed rule that specifically address small entities.”

To be fair, the interim final rule includes a delayed compliance date of one year after the interim final rule takes effect. If CBP perceives a “good faith effort and satisfactory progress toward compliance” among the noncompliant during the first year, CBP “will show restraint in enforcing the rule.”

According to Scott Gudes, Vice President, Government Relations, of the National Marine Manufacturers Association (NMMA), CBP will see a number of such cases because Small businesses, including small brokers, do not have:

1. The resources, i.e., customs experts, to help collect and compile the information being required

2. The 10+2 management system needed to allow their clients to collect 10+2 data from all involved parties

3. The integrated computer systems needed to process the information and communicate with suppliers abroad

CBP will conduct a review to determine any specific compliance difficulties that importers and shippers may experience in complying. Both the Congresswoman and the NMMA believe that the unintended consequences likely to be found include increased inventories, additional charges for dwell time, and costly infrastructure and IT system upgrades that larger firms can more easily absorb.

CBP’s review is intended to address just these types of impacts. It will examine compliance costs, the barriers to submitting the data 24 hours prior to lading, and the benefits of collecting the data. CBP states that “based upon the analysis, DHS will determine whether to eliminate, modify or maintain these requirements.”

The Importer Security Filing and Additional Carrier Requirements interim final rule will take effect 60 days from today.

DHS Customs and Border Protection plans to issue a new rule requiring U.S. importers and manufacturers to provide new data about U.S.-bound shipments. The data sharing procedure is designed to improve port security and prevent terrorist use of shipments and containers headed U.S. The proposed rule is part of the SAFE Port Act of 2006, in which CBP began requiring 12 new categories of data on shipments to the U.S. to be provided at least 24 hours before loading in foreign ports.

The Hill reports today that business groups oppose the rule, warning that it would “disrupt supply chains without improving security at a time when the U.S. economy is in the doldrums.” The National Association of Manufacturers (NAM) is been leading the effort to oppose, or at least modify, the proposed rule. NAM is joined by the U.S. Chamber of Commerce, the European-American Business Council, the Association of International Automobile Manufacturers, the American Petroleum Institute, and the Consumer Electronics Association.

DHS suggests the new rule could at first delay shipments by as much as 24 hours, and will eventually drop to 12 hours. Businesses, however, suggest that security would be actually reduced because cargo would sit unguarded while it awaited permission to be loaded and that today’s already fragile global economy can’t handle further strains like those they believe the new rule would impose. The new rule would prohibit a shipment from leaving its foreign port until DHS has the required data for each container. NAM argues that other hidden costs of compliance, longer delays in the supply chain, software needs, and added personnel for the new requirements would cost U.S. businesses about $20 billion a year.

These firms also argue it is more realistic to expect a two-to-five-day delay, depending on the complexity of the supply chain. As a compromise, opponents in the private sector are calling for a pilot program to be set up to test the new rule on a small scale first before full deployment.

While OMB and DHS are inundated with complaints from constituents in the manufacturing districts of Michigan and hard-hitting lobbying efforts by the U.S. Chamber of Commerce, a CBP spokeswoman told The Hill that OMB “is currently leading an interagency review of the rule, but would not comment on … why the agency wants to proceed without a pilot program.”

Whoever says that homeland security is a domestic enterprise misses the big picture (and a number of posts here). GAO this month released a study commissioned by the Congress that investigates how U.S. Customs and Border Protection engages the global community to harmonize security standards intended to secure the international supply chain. “CBP has taken a lead role in working with foreign customs administrations and the World Customs Organization (WCO),” GAO states.

Oceangoing cargo containers serve as the lifeblood of global trade. Yet they also pose a risk of terrorist exploitation, according to the GAO and numerous other studies. CBP is the main government entity in the U.S. responsible for overseeing security of the global supply chain.

The adoption of uniform international customs security standards is the foundation for governance frameworks that can support greater security through mutual recognition of customs security-related practices and programs. Ultimately, such governance frameworks enable partnering nations to recognize and accept security measures taken by another administration. This leads to less porous security networks, greater efficiencies, and a more resilient global economy.

CBP collaborated with eleven other members of the WCO to develop the Framework of Standards to Secure and Facilitate Global Trade (SAFE Framework), which draws upon familiar concepts of the Container Security Initiative (CSI) and the Customs-Trade Partnership Against Terrorism (C-TPAT). While these two programs have their flaws, the SAFE Framework provides standards for collaboration among numerous national customs organizations participating in the global supply chain. As of July 2008, 154 WCO members had signed letters of intent to implement the SAFE Framework standards.

While the SAFE Framework establishes a system of mutual recognition for smoother global trade among interdependent countries, it is by no means the only effort underway to harmonize global supply chain security initiatives. GAO reports that in June 2007, “CBP signed a mutual recognition arrangement with New Zealand – the first such arrangement in the world – to recognize each other’s customs-to-business partnership programs.” Just this summer, CBP signed mutual recognition agreements with Jordan and Canada, and by early 2009, CBP anticipates establishing a mutual recognition agreement with the European Commission, representing 27 nations of the European Union.

The Government Accountability Office today released its assessment of the Customs-Trade Partnership Against Terrorism (C-TPAT), a program by the Department of Homeland Security intended to reduce security scrutiny of importers, port authorities, and air, sea and land cargo carriers if these parties commit to self-imposed security standards. GAO finds that C-TPAT has gaps that terrorists could exploit to smuggle weapons of mass destruction in cargo containers.

C-TPAT is the federal program established after 9/11 to discover or deter a potential terrorist attack on or use of commercial cargo passing through 326 of the nation’s airports, seaports, and land crossings.

GAO is also currently investigating the DHS programs focused on combating the threat of smuggled nuclear weapons, specifically those managed by the Domestic Nuclear Detection Office. They have expressed a specific interest in the strategy aspects of how the global nuclear detection architecture figures in. This line of inquiry quickly gets us to the topic of port security in light of the 9/11 Act and its corresponding mandate for 100% scanning of all cargo en route to U.S. ports and corresponding programs like C-TPAT.

The nearly 8000 commercial participants in the C-TPAT program are granted reduced scrutiny of their cargo in exchange for submitting a security plan meeting U.S. Customs and Border Protection’s standards and allowing CBP officials to verify (even at random) implementation of their measures.

According to AP reporting on the GAO findings, under C-TPAT:

• Companies are certified based on self-reported security information that Customs employees use to determine if minimum government criteria are met. But due partly to limited resources, the agency does not typically test the member company’s supply-chain security practices and thus is “challenged to know that members’ security measures are reliable, accurate and effective.”

• Customs employees are not required to utilize third-party or other audits of a company’s security measures as an alternative to the agency’s direct testing, even if such audits exist.

• Companies can get certified for reduced Customs inspections before they fully implement any additional security improvements requested by the U.S. government. Under the program, Customs also does not require its employees to systematically follow up to make sure the requested improvements were made and that security practices remained consistent with the minimum criteria.

I hope to give this GAO report a closer read today, but readers are encouraged to weigh in on the study if they’ve already culled through it in detail. In the meantime, keep an eye out for coverage of the House Homeland Security Committee hearings on resilience in Congressional Quarterly.

DHS today rolled out its Small Vessel Security Strategy (SVSS). The SVSS is designed to reduce risk without needlessly reducing “the freedom of operation common to the nation’s waterways,” according to the Department’s statement.

Homeland Security Secretary Michael Chertoff cites the bombing of the USS Cole at a port in Yemen in 2000 as evidence that terrorists view the maritime domain as a target. He is quoted as saying that the security paradigm in today’s domestic waterways and port areas rely on an “honor-based neighborhood watch program.” The SVSS, he said, replaces this environment “with an efficient and successful means to combat terrorism along our waterways.”

Readers may recall the National Small Vessel Security Summit that DHS convened in June 2007. Findings from this event informed the SVSS and identified risks associated with the illicit use of small vessels. The SVSS focuses on the following threats:
• waterborne improvised explosive devices;
• use of conveyances for smuggling weapons into the U.S.;
• use of conveyances for smuggling terrorists into the U.S.; and
• use of “waterborne platforms for conducting a stand-off attacks.”

To mitigate these threats, the Small Vessel Security Strategy seeks:
• Better identification of small vessels operating in U.S. waters;
• Expanded radiological/nuclear detection capabilities;
• Improved situational awareness and information sharing;
• Enhanced data analysis to identify high-risk concerns;
• Leveraged technology to enhance the ability to detect, determine intent and when necessary, interdict small vessels; and
• Deepened “coordination, cooperation, and communications between federal, state, local and tribal partners in addition to the private sector and international partners.”

The document actually includes descriptions of the authorities vested in DHS and the overall federal government in implementing this strategy. It also includes details about the roles served by each agency within and outside of DHS, and also a list of relevant interagency institutions. DHS plans next to develop the small vessel security implementation plan to take place this year.

DHS convened a major National Small Vessel Security Summit late last year, and the after action report is now available. While I first considered small boat security to be about as niche a topic as is possible (with more public affairs appeal than public policy), this report shows a heck of a lot of work went into the effort of making the event productive and relevant on a national scale.  The report was prepared by the Homeland Security Institute and, at 122 pages, is a daunting read. Especially with so few pictures. HLSWatch readers get the cliffs notes.  Main recommendations of the effort are as follows:

1.  AIS tracking technologies should not be required for vessels under 65 feet in length until the technology is perfected (read: likely never), the cost of such technology significantly reduced (read: paid by the Feds), and until law enforcement has the ability to track and respond to all vessels in the maritime domain (read: moveable goalpost). RFID technology or other OnStar-like monitoring features can be used in the meantime.

2.  The National Homeland Security Strategy needs a component that represents a National Small Vessel Security Strategy based on a layered defense. (Echoes of the WME Task Force.) This strategy should not, the report explains, focus on deterring a specific type of terrorist attack but should enhance the overall safety and security of the maritime domain. Rightly, the forum recommends that the strategy provide for guidance in coordination with international partners.

3.  Licensing, registration, or tracking of small boats used by private individuals should be accomplished by DHS with the lightest of touch. Failing to do so will be costly, ineffective, and rood (it will “alienate the small vessel operator”).

4.  State, local, tribal, and territorial maritime law enforcement entities need additional funding because, in addition to “other public safety and security missions,” this is too much.

5.  Establish a universal hotline telephone number, similar to the National Response Center 1-800 number, for the boating community to use in reporting suspicious activities and emergency situations.

6.  States could add a boat operator credential — like those required for tractor trailer or school bus drivers — to their state driver licenses. This could lead to a national boat registry for use by law enforcement agencies.

7.  The U.S. should enhance international cooperation and intelligence sharing with “our foreign counterparts,” especially Mexico, Canada, and countries of the Caribbean because these nations are the most likely departure points for a small vessel terrorist attack from overseas.

8.  More fusion centers! The report explains that conference participants felt that additional fusion centers would enable stakeholders to better share, analyze, and disseminate intelligence to with the USCG, CPB, U.S. Navy, the Harbor Master and state and local law enforcement agencies.

9.  Permanent Employment of the DNDO Act: Conference participants believe that federal, state, local, tribal, and territorial law enforcement agencies should be “provided with nuclear detection devices so they can detect radioactive signatures on small vessel and in cargo.” The rest of this language is worth reprinting:

The cost of such equipment requires federal guidance and oversight. In addition, the federal government should develop RAD/NUC detection devices with a stand-off capability in order to provide detection without directly impacting small vessel operators. The federal government should also consider placing nuclear detection devices on commercial vessels in a partnership to increase the chance of detecting a nuclear device or nuclear material before it reaches a major U.S. port or population center. Lastly, the federal government needs to strengthen counter-proliferation initiatives with our foreign counterparts to prevent shipments of WMD, their delivery systems, or related materials from reaching the U.S. maritime domain.

GAO reports on how well the DHS Container Security Initiative (CSI) has contributed to strategic planning for supply chain security and strengthened overall container scanning operations.  It raises problems with the CSI concept of operations, but there is a way to improve this — and its accruacy in targeting risky containers.

GAO praises CBP for following its earlier recommendations, but then drills into a core operational reality in the CSI program: limitations in evaluating inspections processes related to the accuracy and completeness of data collected. That data is essentially the main take for this program and its role in informing our targeting of high-risk cargo bound for the U.S. GAO goes on to suggest that if we don’t exercise better control over this aspect of CSI, the security value of the program declines pretty quickly.

Click image to view a conops of the CSI targeting process.

The net net of all this is that CBP “potentially lacks information to ensure that host government examinations can detect and identify weapons of mass destruction, which is important because containers are typically not reexamined in the United States if already examined at a CSI seaport.”

Hold on here. The purpose of CSI is to bring added security through greater transparency in the maritime shipping domain. CSI does this by adding scrutiny to cargo traveling to the U.S., before it arrives in the U.S. (at the foreign CSI port). But if the scrutiny is conducted by host government authorities, that sure dials up the risk.

In a sense, this brings us back to the concern over balancing throughput and security. The last thing we want to do is clamp down on the maritime trade to assure 100% security if that is done at the total expense of economic flows. However, too light of a touch on the system and we wind up adding false scrutiny without adding any value.

Striking the right balance requires revisiting the way in which we look at the maritime domain. It is not only an avenue for sea-based cargo. It is one medium for five global flows: cargo, people, information, finances, and the conveyances themselves (ships in this case). Securing the U.S. by examining every piece of cargo is a sledgehammer approach that we should use if necessary, but a more surgical option would seek to knit together these five flows across the maritime domain, for example, to generate the kind of transparency and intelligence we seek with the container scanning conducted by foreign port authorities.

Treating the information about cargo as a source of risk targeting limits our ability to identify the actual threat and it favors indiscriminate scrutiny that slows throughput without adding any real security. Generating and combining information on cargo in the context of the other four flows would provide an exponentially more accurate understanding of the true risk. Granted, CSI does not operate in a vacuum, but maximizing transparency – and therefore better informed risk targeting – can be more productive with a comprehensive approach that views the domain in a different way.

Congress included $13million for the Global Trade Exchange within the spending bill sent to the Senate last night. GTX is the third phase of an effort to bring better security and system visibility to the global maritime shipping supply chains. The bill reads as follows:

$13,000,000 shall be used to procure commercially available technology in order to expand and improve the risk-based approach of the Department of Homeland Security to target and inspect cargo containers under the Secure Freight Initiative and the Global Trade Exchange.

The Department issued an RFQ (thumbnail below) for this effort last week. Criticism of the effort usually revolves around the opaque nature in which it has evolved. Private sector operators whose information would theoretically populate a central data exchange express concern over the potential imposition on their supply chains that would come without sufficient benefit to their operations.

GTX has the potential to become a game-changing new dynamic between the public and private sector. However, much remains to be revealed in terms of the anticipated concept of operations that would create the appropriate mix of incentives to support private sector involvement. It is conceivable that if such a ConOps is crafted – including data privacy assurances, a durable governance framework, and shared risk, among other things – the kind of transparency that could be brought to the global maritime trade domain may generate a great advantage for our Homeland Security efforts to identify threats and for our maritime economic operators to identify and mitigate disruptions to their supply chains.

NOTE:
Singapore is now the seventh international port to join an effort to test scanning capabilities geared toward preventing radioactive material from being smuggled via U.S.-bound shipping containers. Integrated scanning for these purposes includes radiation detection and X-ray imaging of 100 percent of maritime cargo headed to the U.S.

This effort, part of the Secure Freight Initiative run jointly by DHS, Energy, and State, is in response to a Congressional mandate included in the SAFE Port Act. Other recently announced ports that signed up include Port Qasim (Pakistan), Puerto Cortés (Honduras), and the Port of Southampton (UK).

“Maritime Security: The Port Act: Status and Implementation One Year Later” was released yesterday by the GAO. The report assess several challenges DHS faces, including the 100% screening mandate, and makes recommendations to DHS to develop strategic plans, better plan the use of its human capital, establish performance measures, among other operational improvements. Top-level highlights are available here.

Port terminals at the UK, Pakistan, and Honduras are the first of a batch of countries to sign up for DHS’s current phase of the Secure Freight Initiative (SFI). SFI screens US-bound maritime containers for nuclear or other radiological materials. It is unclear whether the agreements, protocols, equipment, and other requirements put in place to screen for nuclear threats will be put to use for other valuable security and trade purposes.

SFI is part of the DHS response to fulfilling the Security and Accountability For Every (SAFE) Port Act of 2006, which requires non-intrusive scanning for nuclear material on 100% of all maritime containers headed for the U.S. Data from these inspection systems informs the National Targeting Center in its assessment of what seems threatening enough to warrant added scrutiny. SFI almost entirely focuses on the nuclear threat. Jay Ahern, CBP Deputy Commissioner, said “…preventing a nuclear weapon or dirty bomb attack has to be one of our highest priorities. This initiative (SFI) advances a comprehensive strategy to secure the global supply chain and substantially limits the potential for terrorist threats,” said CBP Deputy Commissioner Jayson Ahern.

The “comprehensive strategy to secure the global supply chain” suggests much more than just detecting smuggled nuclear material. Subsequent phases of SFI may reveal a more robust – and much needed – program to view the global supply chain more strategically. The tools being developed and put in place for the nuclear threat, including bilateral and multilateral agreements, can provide significant leverage for bringing more security to the global trade flows. Illicit trafficking – not only of nuclear material – is always a threat in some way to some legitimate party. And the transparency that a program like SFI could generate promises the potential to do much more that detect loose nucs.

The kind of vulnerability these global flows confront carry with them a global concern for their resilience and protection, as well as their economic viability. Imagine if the Secure Freight Initiative and the Advanced Trade Data System were combined with the Proliferation Security Initiative. That would align many of the efforts and interests of DHS, DOD, DOE, State, and the Department of Commerce. It would also reflect a more “comprehensive” approach to a shared concern between the U.S. and her overseas partners – many of whom are reluctant partners – in securing global trade against both terrorism and general threats to economic efficiencies that these global flows attempt to maximize.

NOTE: Thank you for accommodating my absence while I was away. HLSWatch is back up and running.