ARC's 1st Law: As a "progressive" online discussion grows longer, the probability of a nefarious reference to Karl Rove approaches one

Tuesday, March 07, 2006

National Security and the Ports

Interesting article regarding the steps that the Bush administration is taking (and has taken) regarding national security and the flood of container ships from overseas. Of course, when you look for news on this topic you turn to....

CIO Magazine:

Customs Rattles the Supply Chain
The government wants you to secure your supply chain. Right now, its program is voluntary. It won’t stay that way for long. And the responsibility for collecting the data Uncle Sam wants is going to fall on—you guessed it—the CIO.

Between 2002 and 2005, the Department of Homeland Security spent $75 million to track several companies' cargo containers coming into the seaports of Seattle/Tacoma, Los Angeles/Long Beach, and New York/New Jersey. The project, called Operation Safe Commerce, used GPS technology and radio frequency identification to monitor cargo from a handful of major importers (including Sara Lee and Motorola) as it made its way from overseas factories to its final destination in the United States.

The goal of Operation Safe Commerce was to identify weak links in the global supply chain. A report summarizing its findings was due more than a year ago, in February 2005. To date, for a variety of reasons, no report has been released. But sources close to the project have told CIO that Operation Safe Commerce revealed that companies actually know very little about what goes on in their supply chains.

Among common unsafe practices identified by these sources were: truckers dropping off containers without ever encountering terminal security, containers left in unsecured areas, and containers bypassing a port that's considered safe (even if scheduled to pass through that port) and traveling instead through a country that poses a greater threat—without either the company or U.S. Customs and Border Protection being informed.

According to Steve Schellenberg, a senior consultant at the trade advisement company IMS Worldwide who worked on Operation Safe Commerce for the port of Seattle, the project "showed us that there needs to be a quantum leap in the information we possess about the supply chain."

Companies will have to find a way to make that leap—possibly within the next year—because soon the government will make sharing this information a cost of doing business for every company that engages in international commerce.

The mechanism for the government's initiative is already in place: the Customs-Trade Partnership Against Terrorism, or C-TPAT, which requires that companies take responsibility for the security of their supply chains. C-TPAT is currently voluntary, but program members say that the benefits of compliance—which include reduced wait time at borders and fewer inspections—will make participation an unavoidable cost of doing business.

"There's really very little that Customs can do to speed things up," says Schellenberg. "But they can sure as heck slow you down."

Furthermore, members of the trade community believe that the government will eventually make C-TPAT participation mandatory, although a spokesman for Customs disputes that. CIOs need to begin preparing now, or they could find themselves facing a massive last-minute hurry-up, comparable to their Sarbanes-Oxley travails, if they don't want to watch their company's containers get held up at Customs while their competitors' crates sail through.

"There's no doubt that this is going to happen," says Kevin Smith, general director of global customs for General Motors. "This is an inevitability."

The Nightmare Scenario: When, Not If

Right now, information about any given supply chain is hard to come by. And that's by design. The goal of supply chains is to get something that's needed—a part, a product—to where it's needed as quickly and cheaply as possible. If a container arrives too late to be loaded onto one ship, it's rerouted and loaded onto another. And as long as the container arrives on time—or close to it—no one need be the wiser. In fact, historically, each person or entity that handles a shipment collects and shares information only to the extent necessary to guard against liability.

Similarly, Customs was created to enforce tariffs and calculate import taxes. And while Customs' role expanded to combat drug trafficking in the 1980s, regulating trade was the department's primary job until September 11, 2001. Now, says Robert Bonner, former commissioner of U.S. Customs and Border Protection (he resigned in November), "The priority mission of U.S. Customs is national security."

Experts say that Bonner, who was sworn in at Customs on Sept. 24, 2001, was right to change the agency's focus. Most agree that the likelihood of terrorists attacking the United States through the global supply chain is so high that it's a matter of when, not if. Such an attack (most analyses focus on a dirty bomb) won't primarily be designed to kill a lot of people, but to cause panic. "It isn't the event but the sudden lack of faith in the system that it causes," says Stephen Flynn, senior fellow for national security studies at the Council on Foreign Relations.

If a bomb goes off, Flynn says, there will be huge pressure on the government to close all the nation's ports until every container on every site in the country is inspected. An October 2002 war game that mimicked that scenario found that closing the nation's ports for as many as 12 days created a 60-day container backlog and cost the economy roughly $58 billion. "Any incident would shut down commerce," Sen. Patty Murray of Washington told CIO. Murray is the ranking member of the Senate Appropriations Committee Subcommittee on Transportation, Treasury, the Judiciary, Housing and Urban Development and Related Agencies.

Securing the Supply Chain: Sox and C-TPAT

Customs has developed a two-pronged strategy to prevent the dirty-bomb scenario. First, it's asking companies to assume responsibility for their supply chain security.

Legally, a company is responsible for a container only when it formally purchases it, which—precisely for that reason—usually doesn't occur until it reaches a port, either in the United States or abroad. Target, for example, typically does not legally purchase the clothes it orders from China until they arrive in the terminal. But the government wants importers to take responsibility for everything that occurs prior to purchase, even if the container is in the custody of a trucker in China or a longshoreman in Rio de Janeiro. The principle vehicle for this is C-TPAT. This so-far voluntary program gives certain benefits, such as reduced inspections, to companies that can show they meet a minimum level of supply chain security. The better a company's security (as judged by Customs auditors), the more benefits it receives. There are currently three tiers of C-TPAT compliance, and containers belonging to members in the top tier sail through Customs virtually uninspected.

If C-TPAT is the carrot, then the Sarbanes-Oxley Act (Sox)—which requires that companies put in place reasonable safeguards against events that could materially affect the company's value—is the stick. There's little doubt, experts agree, that events in the supply chain fall under the Sox umbrella.

With both C-TPAT and Sox, IT's job is the same: Secure the data, make sure that purchasing and security have access to one another's information, and collect more data about what is happening in the extended global supply chain.

The second prong of Customs' strategy is to collect as much information as it can about what's happening in the supply chain so that, through data mining, it can spot anomalies. The key to this is the Automated Commercial Environment, or ACE, a $3 billion-plus trade processing system begun in 2000, which Customs plans to complete by 2010. ACE has modules that do everything from serving as Customs' ERP system to targeting containers for inspection. Within the next six months, carriers entering the United States through land-border crossings in seven states will be required to send close to 100 data elements to Customs, including information about the vehicle, its driver and its cargo. If they don't, they don't get in. Customs is also piloting an ambitious ACE add-on called the Advance Trade Data Initiative (ATDI), which requires importers to share with Customs every bit of information about a shipment, including the purchase order, which ports it passes through, proof of delivery and its final destination within the United States.

"ATDI will make companies collect information that they haven't collected before, share information they haven't shared and provide information earlier than they've been required to provide it before," says GM's Smith. For example, it's the rare company that knows where on a ship its container is located, but ATDI will require it.
The Secure 10,000

After 9/11 there were calls by some members of Congress to inspect each and every one of those 9 million containers coming into the country. But the vast majority of those containers are filled with legitimate goods from legitimate sources heading to legitimate companies. "The question we faced was, Can you risk-manage for terrorism?" says Bonner. "If the answer is yes, you can spot-inspect." (For more on the issue of risk-managing onetime events, see "Managing the Terror Risk" .)

In July 2002, Bonner unveiled C-TPAT, which, by shifting that burden onto the importers, was designed to reduce the need for the government to inspect containers. Since then, over 10,000 companies have applied for C-TPAT membership. In 2005 C-TPAT members accounted for 42 percent of all imports by volume.

There are three tiers of C-TPAT membership, each of which comes with progressively fewer inspections. The first level simply requires an attestation that your company has performed a risk analysis of its supply chain and has taken steps to mitigate any vulnerabilities. So far, 5,757 of these attestations have been accepted by Customs. Tier-two members have had this attestation validated by Customs officials. Right now, 1,511 companies have achieved tier two (another 2,273 validations are in progress). Tier-three members are companies that Customs has determined follow supply chain security best practices (although Customs has not yet defined any). These are the companies that will be eligible for the Green Lane. Only 126 companies to date have qualified for tier three, including Boeing, General Motors and Target.

So, in July 2002 - less than a year after 9/11 - US Customs had developed a program to manage the risk associated with terrorist threat involving containers at our ports, essentially by forcing companies to be responsible not only for goods that they are in possession of (and which they have ownership of), but for those goods in their entire supply chain. This is a significant change in the world of business... and to date 42% of all imports are covered.

Now, I know the progressives don't like private sector being responsible for anything, since the word "corporation" is often preceded by the word "evil" in their lexicon. But I think it's interesting to see that, contrary to conventional wisdom, significant changes are being implemented and they don't get the recognition that they likely deserve. Simply saying on 9/12 that all containers need to be inspected is a simple-minded solution, unless your goal is not security, but rather the destruction of the US economy.

Read the whole article... it's too lengthy to post here in full and there is some interesting information which I unfortunately had to leave out.

Your Co-Conspirator,
ARC: St Wendeler