Homeland Security Watch

Port terminals at the UK, Pakistan, and Honduras are the first of a batch of countries to sign up for DHS’s current phase of the Secure Freight Initiative (SFI). SFI screens US-bound maritime containers for nuclear or other radiological materials. It is unclear whether the agreements, protocols, equipment, and other requirements put in place to screen for nuclear threats will be put to use for other valuable security and trade purposes.

SFI is part of the DHS response to fulfilling the Security and Accountability For Every (SAFE) Port Act of 2006, which requires non-intrusive scanning for nuclear material on 100% of all maritime containers headed for the U.S. Data from these inspection systems informs the National Targeting Center in its assessment of what seems threatening enough to warrant added scrutiny. SFI almost entirely focuses on the nuclear threat. Jay Ahern, CBP Deputy Commissioner, said “…preventing a nuclear weapon or dirty bomb attack has to be one of our highest priorities. This initiative (SFI) advances a comprehensive strategy to secure the global supply chain and substantially limits the potential for terrorist threats,” said CBP Deputy Commissioner Jayson Ahern.

The “comprehensive strategy to secure the global supply chain” suggests much more than just detecting smuggled nuclear material. Subsequent phases of SFI may reveal a more robust – and much needed – program to view the global supply chain more strategically. The tools being developed and put in place for the nuclear threat, including bilateral and multilateral agreements, can provide significant leverage for bringing more security to the global trade flows. Illicit trafficking – not only of nuclear material – is always a threat in some way to some legitimate party. And the transparency that a program like SFI could generate promises the potential to do much more that detect loose nucs.

The kind of vulnerability these global flows confront carry with them a global concern for their resilience and protection, as well as their economic viability. Imagine if the Secure Freight Initiative and the Advanced Trade Data System were combined with the Proliferation Security Initiative. That would align many of the efforts and interests of DHS, DOD, DOE, State, and the Department of Commerce. It would also reflect a more “comprehensive” approach to a shared concern between the U.S. and her overseas partners – many of whom are reluctant partners – in securing global trade against both terrorism and general threats to economic efficiencies that these global flows attempt to maximize.

NOTE: Thank you for accommodating my absence while I was away. HLSWatch is back up and running.

GAO released a statement this week on the SAFE Port Act. The Act covered a range of policies focused on maritime security, but may be best known for its mandate to scan 100% of all incoming maritime cargo. DHS is principally responsible for executing on the Act, but relevant component agencies include the U.S Coast Guard, Customs and Border Protection, Domestic Nuclear Detection Office, and the Transportation Security Agency.

GAO delved into this one. They “visited domestic and overseas ports; reviewed agency program documents, port security plans, and post-exercise reports; and interviewed officials from the federal, state, local, private, and international sectors.” GAO’s recommendations focus on the need to develop strategic plans, better plan the use of DHS human capital, and establish performance measures. The programs addressed in this document can be organized as follows:

CBP announced the dates of its 2007 trade symposium. To be held on November, 14th and 15th of November, topics include the following:
• Cargo Security
• Trade Issues
• ACE / ITDS
• Post-Incident Business Resumption
• Global Issues

The Trade Symposium will be held at the Ronald Reagan Building and International Trade Center, 1300 Pennsylvania Avenue, N.W., Washington, DC. CBP set up a website dedicated to the event at which updates can be found.

I couldn’t find much more than this for the agenda:

Wednesday, November 14, 2007
• Registration/Exhibition – 10:30am
• Opening and Symposium Panels – 1:00pm – 5:30pm
• Review Exhibits 5:30pm – 6:00pm
• Open Forum with Senior Management – 6:00 pm – 8:00pm

Thursday, November 15, 2007
• Continental Breakfast – 7:30am
• Symposium Panels – 8:15am – 11:45am
• Luncheon – 11:45am – 1:15pm
• Symposium Panels – 1:30pm – 4:45pm
• Closing Remarks – 4:45pm – 5:00pm

This is a placeholder post for lack of time today. DNDO and the Coast Guard announced today the West Coast Maritime pilot.  This effort builds upon the Securing the Cities initiative and the recent feat by DHS to outfit and train all Coast Guard boarding teams with nuclear detection capabilities. 

Seattle and San Diego made the list for this pilot due to the massive flow of small boats making use of these domains, the significant military installations there, and the proximity to international borders.

The main purpose of this new pilot is to create more effective coordination among the defensive efforts at the international, national, and state/local levels by creating a framework for the deployment of detection capabilities, training, response protocols, and alarm resolution.  Following is an excerpt from today’s announcement:

The U.S. Department of Homeland Security’s Domestic Nuclear Detection Office (DNDO) announced today the West Coast Maritime pilot program that will provide maritime radiation detection capabilities for State and local authorities in Washington’s Puget Sound and California’s San Diego areas. The three-year pilot program involves the development of a radiation detection architecture that reduces the risk of radiological and nuclear threats that could be illegally transported on recreational or small commercial vessels. The pilot will be conducted in close coordination with the U.S. Coast Guard and Customs and Border Protection.

This is just a placeholder to share the new DHS strategy document.  The International Supply Chain Security Strategy was recently shared with Congressional staff and is now available here.

 

I’ll come back to this soon for some comments.  In the meantime, enjoy the read.

DHS – through the Domestic Nuclear Detection Office – is starting to test and evaluate equipment focused on the blind spots around the shipment of containerized cargo.  While this effort satisfies Section 121(i) of the SAFE Port Act of 2006, it also reflects proposals made by the Homeland Security Advisory Council in 2005 when it’s Task Force on Preventing Weapons of Mass Effect explained the importance of adopting a layered prevention strategy.  Intermodal chokepoints served as key examples for the Task Force’s argument.  Specifically, the gaps in scanning and other preventive measures needed to be in place when a target item (i.e. cargo container) transferred one conveyance (boat) to another (rail).  The Task Force considered this next layer a “critical deficiency” that required the Department’s attention.The DNDO announced yesterday that: 

The U.S. Department of Homeland Security (DHS) will soon begin conducting multiple projects in the Port of Tacoma, Wash., to evaluate technology and concepts of operations for radiation detection that will scan cargo at various points in transfer from ship to rail.  By establishing a Rail Test Center (RTC) at the port, DHS will identify and evaluate radiological and nuclear detection solutions for intermodal rail port facilities that can be used across the country.

A major recommendation and recurring theme from the Nuclear Defense Working Group at the Center for the Study of the Presidency held that detection efforts were strongest when targets were in motion or under scrutiny already (i.e. cargo was only screened when checked, registered, or loaded, and usually at only one of those points).  Containers and other targets at rest were a glaring weakness, according to the NDWG, in need of innovative solutions that did not include scattering expensive scanners over every square inch of an airport or seaport.  The same DNDO announcement reminded me of that recommendation with this detail:

Projects being considered for further evaluation at the RTC include scanning cargo on the dock, during transport to the rail yard, entering the rail yard, in the container storage stack, during train assembly, and as the train leaves the port.

These are promising efforts, albeit nascent ones.  These are also only one part of the broader effort to reduce the threat of smuggled nucs.  Let’s hope the non-proliferation and Nunn-Lugar-type programs get the same attention.  More on that can be found at Jeffrey’s ArmsControlWonk.com.

Spencer Hsu and Renae Merle write in today’s Washington Post that the U.S. Coast Guard responded to Congressional frustration over the failure of a consortium of contractors to deliver on the $24 billion modernization program called Deepwater.  Among other disappointing developments under Deepwater, a clear necessity for providing the USCG part of what it needs to carry out a growing list of HLS missions, the new cutters built by consortium leads LockheedMartin and Northrop Grumman don’t float.  $100 million a piece, they’ll never be used. 

Failures prompted the House Transportation and Infrastructure Committee leadership yesterday to call for the Justice Department to open a civil and criminal investigation into Deepwater.  As a result of this restructuring of Deepwater, Coast Guard must reissue a 43-month extension of the contract. About $2.3 billion has been committed to the program so far, and the second phase is reported by Hsu and Merle to be worth $2.5-$3 billion.

Perhaps we should’ve seen it coming.  Last August, the DHS IG issued his warning about the program’s execution.  IG Skinner cited “limited oversight as well as unclear contract requirements,” which prevented DHS/USCG from “ensur[ing] that the contractor is making the best decisions toward accomplishing Deepwater IT goals.”  Hmm.  Do we blame the requirements, the agency, or the contractor?  The Washington Post’s Steve Kelman wrote an insightful analysis explaining diff’rent strokes for different IGs by suggesting an ideological posture that may decide how this question is ultimately answered.

And it looks like it may be answered soon enough: Tomorrow’s hearing (4/18) before the House Transportation and Infrastructure Committee at 2:00 p.m. in 2167 Rayburn is entitled “Compliance with Requirements of the Coast Guard’s Deepwater Contract.”  For a witness list, click here.

– Special Note –

Please keep the families and friends of the victims of yesterday’s shootings at Virginia Tech in your thoughts. VT student bloggers commenting on the shooting were highlighted here.  More on this issue is available.  -CZ

DHS released a document today that provides an overview of the FY 2007 infrastructure grant programs at DHS, covering five distinct programs for port security, transit security, truck security, bus security, and buffer zone protection. As was the case with last week’s urban area grants, the port and transit grants allocations are broken up into distinct risk tiers, within which “Tier 1″ high-risk areas will receive approx. 83% of the transit security funding and 60% of the port security funding. Looking at the document, it appears that nearly every Tier 1 transit system or port will receive a significant increase in funding, with the exception of the Louisiana ports. The San Francisco Bay Area ports are up for an especially large increase, from $1.2 million in FY06 to $11.2 million in FY07, a decision that reverses what was a drastic cut in 2006.

Within these programs, Tier 2, 3, or 4 transit systems and ports will have to compete for their allocations from smaller fixed pools of funds. This could lead to cities that were likely on the borderline between Tier 1 and Tier 2 having lower levels of grant funding in 2007, e.g. Seattle’s transit system and the Ports of Baltimore and Charleston.

DHS deserves strong kudos for releasing this document in January, relatively early in fiscal year 2007. By comparison, in FY 2006 this document was not released until the very last week of the fiscal year, a delay that was detrimental to the ability of these transportation systems to manage security activities. Hopefully this is a sign of an better-managed grants process at DHS.

I’ll add a link to the transcript of the press conference announcing these grants when it becomes available.

Update (1/10): The transcript of the press conference is available here. And detailed guidance documents on the port security and transit security grant programs are available here.

Yesterday TSA released the final regulations for the Transportation Worker Identification Credential (TWIC) program, following 7-8 months of consultation and negotiation with the impacted stakeholders. The complete final rule is available at this link. The New York Times summarizes the regs, and stories by the AP and Washington Technology notes the high fees associated with the mandatory program.

Now that the regs have been finalized, DHS is expected to begin enrolling people in TWIC in March of this year. And a great deal of work is still needed to develop and install TWIC card readers, an issue that was somewhat sidestepped during the rulemaking process.

The Congressional Research Service published a new report last week looking at the Coast Guard’s Deepwater acquisition program:

RL33753: Coast Guard Deepwater Program: Background, Oversight Issues, and Options for Congress, December 18, 2006

It’s a useful overview of the Deepwater program, which has been subject to a growing amount of media and watchdog scrutiny in recent weeks.

The full HLS Watch collection of CRS reports is available here.

The Port Authority of New York and New Jersey issued a press release today summarizing the recommendations of a port security taskforce that they’ve convened over the past year. The key recommendations:

• The adoption of federal legislation sanctioning minimum mandatory cargo security standards that use innovative technology and business practices to monitor every cargo shipment.
• The presidential appointment of a National Port and Cargo Security Director, reporting to the Director of Homeland Security, who has ultimate responsibility and accountability for coordinating port and cargo security activities throughout the various federal agencies as well as the international community.
• Establishment of a nationwide “Port Security User Fee,” not later than January 1, 2008, dedicated exclusively to U.S. ports based on size, cargo volume and risk. This fee would be used to offset capital and operating costs incurred by port facility owners/operators associated with security installations and operations.
• Establish response and recovery plans that are unique to the regional environment of each U.S. port, allowing individual ports to return to “normal business” as efficiently as possible after a disaster. Mandate and conduct annual exercises that test the quality of each port’s response and recovery plans.
• Adopt federal legislation that requires every regulated maritime facility and Coast Guard Captain of the Port to implement a comprehensive risk-management plan that will form the basis for resource allocation decision making, similar to the protocols for other state, urban area and mass transit funding.

It’s unclear whether these recommendations are part of a larger task force report; if so, I don’t see it yet on the PANYNJ website. But I’ll post an updated link if one appears.

Update (1/4/07): Here’s the full task force report.

The last chapter of the Dubai Ports World (DPW) brouhaha unfolded earlier today, with DPW announcing the sale of their American port assets to an investment arm of the insurance company AIG. While there were undoubtedly concerns with the initial deal that the federal government struck with DPW in the initial CFIUS review of their purchase of P&O Ports (see my initial concerns here), these issues were manageable, and the political melee in February and March following this announcement inappropriately vilified the company. And since that time, DPW has proven its mettle as a world leader in port and supply chain security, becoming the first company in the world certified to meet the ISO 28000 supply chain security standards and just this week earning praise from a Democratic Congressional delegation examining their operations in the Dominican Republic. While this story had a silver lining – a new political focus on port security that led to the passage of the SAFE Port Act – it was also ultimately unfair to DPW, a reality that can’t be reversed, but one that hopefully will lead to more sober responses the next time that a story like this appears on the political radar.

The New York Times and the Washington Post published stories yesterday and today criticizing the Coast Guard’s Deepwater program, which is managed by a Lockheed Martin and Northrop Grumman joint-venture, Integrated Coast Guard Systems. There are a number of disturbing details in these two stories about the management of this project, for example:

Facing a shortage of patrol boats, the contractors and the Coast Guard decided to speed development of a larger ship, the Fast Response Cutter. The hull was to be built from glass-reinforced plastic, known as a composite, something never tried on a large American military ship.

While acknowledging that it might cost much more to build the 58 planned cutters with composite hulls instead of steel, Northrop and Lockheed claimed the boats would last longer and require less maintenance, saving money over the long run.

Coast Guard engineers again were doubtful that Northrop’s design would work, citing concerns about weight, hull shape and fuel consumption. The Coast Guard also found inconsistencies in the cost data Northrop used to justify the new hull.

One former Northrop executive said the company was pushing the plan not because it was in the best interest of the Coast Guard, but because Northrop had just spent $64 million to turn its shipyard in Gulfport, Miss., into the country’s first large-scale composite hull manufacturing plant for military ships.

“It was a pure business decision,” said the former executive, who disagreed with the plan and would speak only anonymously for fear of retribution. “And it was the wrong one.”

That became clear when a scale model of the Fast Response Cutter was placed in a tank of water — and flunked the test. After three years and $38 million, Northrop Grumman’s plan was suspended.

The Coast Guard clearly needs this new generation of ships and equipment. But these types of procurement screw-ups are unacceptable. Hopefully Coast Guard Commandant Thad Allen will take aggressive action to remedy these issues in the coming months (something that the NYT story suggests).

The Departments of Homeland Security and Energy held a joint press conference today announcing plans to initiate a set of pilot projects in six foreign ports to test new ways to enhance the scanning of outbound cargo containers. This announcement responds to a requirement in the SAFE Port Act for DHS to carry out a set of pilot projects labelled the “Pilot Integrated Scanning System” to test the feasibility of integrated scanning systems akin to Hong Kong’s Integrated Container Inspection System (ICIS).

The pilots will take place in ports in Honduras, Oman, Pakistan, Singapore, South Korea, and the United Kingdom, and the project is expected to cost $60 million in FY 2007. Several news reports in the last hour have noted that Dubai Ports World controls several of the ports involved in the pilots, a fact that I don’t find surprising or troubling, given their global market share and their recent leadership on security issues, exemplified by the fact that earlier this year they became the first company to comply with new ISO supply chain security standards (ISO 28000.01).

The DHS press release labels this project as the first phase of the Secure Freight Initiative, a term of art that originated in Sec. Chertoff’s Second-Stage Review speech in July 2005 and which DHS has subsequently struggled to define. This vision for the Secure Freight Initiative is different from the original vision in that speech, in which Chertoff defined Secure Freight as an effort to “gather, fuse and assess more complete data from the global supply chain to develop a more accurate profile of the history of cargo in any given container.” This is, however, partially consistent with Dep. Sec. Jackson’s vision for Secure Freight as articulated in Congressional testimony in April 2006.

Overall, I think this is an important initiative, one that could help to redefine the cargo security paradigm within the next few years. It’s not a panacea, but if these pilots work then they will make a substantial improvement to global supply chain security.

Update (12/7): Here’s the transcript from the event earlier today.

The LBJ School at the University of Texas recently published a report entitled “Port and Supply-Chain Initiatives in the United States and Abroad,” a compendium and analysis of existing activities in this area on a global basis. The report received media attention recently in this DC Velocity article.

The first half of the report looks at broad supply chain and port security topics, such as the ISPS code, the MTSA, C-TPAT, and the World Customs Organization SAFE Framework. These chapters feature the results of interviews with key stakeholders, which highlight the ongoing challenges associated with implementing these rules and programs. For example, the report notes how the lack of uniformity and clear standards in the implementation of the ISPS code has led to a situation where investments have low efficiencies of scope and are therefore difficult to justify.

The second half of the report consists of case studies of security initiatives at ports in Santos, Brazil; Marseille, France; Hong Kong; Jawaharlal Nehru, India; Veraruz, Mexico; Rotterdam, the Netherlands; and Durban, South Africa. These case studies are the most interesting part of the report, describing the challenges that these seven very different ports have faced in implementing the ISPS code and (in some cases) the Container Security Initiative into their operations. The case studies paint a picture of a maritime trade system that, while vastly more attentive to security matters today, is still struggling to make security a normal and routinized part of its operations. The descriptions of the developing country ports are particularly worth reading, as a way to better understand the practical challenges and limitations of implementing high-tech security tools in environments that rely upon informal and/or non-automated standard operating procedures.

On a personal note, I was also glad to see the white paper I co-authored for IBM on Global Movement Management last year summarized on page 66 of the report.

Overall, a very good report and a useful addition to the public body of knowledge about port and supply chain security.

The latest issue of the Journal of Commerce has an interesting article that profiles a new risk assessment tool used by the Coast Guard to assess maritime security-related threats. From the article (available by subscription only):

No one will dispute that the government lexicon is jargon-happy, and the Coast Guard has coined some doozies. One of the newest acronyms is the Maritime Security Risk Assessment Model, or MSRAM, which is rapidly becoming one of the agency’s premier risk-management tools.

The Coast Guard launched MSRAM last spring, and by the end of summer, the whole national inventory of freight and cargo terminals, bridges, tunnels and other port infrastructure had been given new, improved risk scores. When the Department of Homeland Security handed out $168 million in port security funds in September, the MSRAM score counted for 25 percent of an applicant’s total score. Future grant rounds are as likely to depend on MSRAM results.

Officials said that the MSRAM will make risk assessment more consistent among ports. It replaces the Port Security Risk Assessment Tool, or PSRAT, which that was introduced after the Sept. 11, 2001, terrorist attacks.

….MSRAM is a computer program that is based on the Coast Guard’s triangle of risk management: threat — vulnerability — consequence. For each port facility or “asset,” the program walks the user through the process of identifying threats to the asset, its vulnerability to attack and the consequences of an attack. With that information, MSRAM computes a numerical score that represents the risk posed by a terrorist attack on that particular asset. The numerical scores are classified. On the one hand, assessing threat requires the use of national intelligence. On the other hand, the Coast Guard doesn’t want to say which facilities are vulnerable.

This seems to be unambiguously an improvement on earlier risk assessment methodologies, and is a positive sign that DHS, despite occasional setbacks, is gradually getting better at the difficult task of risk assessment.

To find out more about the MSRAM, there’s a scattering of information on the internet about it. Perhaps the most useful explanation of it is found in this Naval Postgraduate School master’s thesis by a Coast Guard officer on vulnerability assessment of maritime infrastructure, a document that includes this chart that summarizes the methodology:

For additional info, see the chapter entitled “Safely Securing U.S. Ports” in this issue of the Coast Guard’s Proceedings magazine and this GAO report from earlier in 2006 which mentions it several times.