Opinion
Container Security: Who's In Charge?
Guest columnist Jim Giermanski takes issue - actually seven specific issues - with DHS comments on the role of technology in container security.
By James Giermanski
Statement 3
"Because DHS does not believe that, at the present time, the necessary technology exists to adequately improve container security without significantly disrupting the flow of commerce, the Department did not make use of the rule-making authority or mandate the use of CSDs."
Response
In the first place, what DHS believes appears to be suspect. The real question is why does it believe what it believes? It is obvious that it doesn't know the technology, the market, or the value to the private sector in improving the global supply chain management. Now it believes that container security would disrupt the flow of commerce in face of the previously cited evidence. What is more amazing is that CBP is now, without the use of CSDs, disrupting the flow of commerce. Simply look at the time it takes to get though CBP at our seaports. Look at the impact of the 24 hour rule under Container Security Initiative (CSI) that requires a carrier who doesn't know what's in a container, to send a manifest saying what's in the container to CBP 24 hours before the container is laden into the vessel. How long was that container at that foreign seaport? Then upon arrival at our seaports, there are the business-as-usual delays in clearing the import.
One of the fundamental purposes of the concept of Green Lanes, or Tier-3 treatment, was to facilitate and movement of cargo more quickly through our ports because the container was a smart container, the vary reason cited by Ahern that would disrupt the flow of commerce.
Statement 4
"It is important to note that CSD technology only improves container security if one can ensure the integrity of the shipment before the CSD is activated. Requiring such a device independent of a process to ensure that the goods within the container were secure before its application would have an adverse effect on security, creating the false impression that a dangerous shipment was secure."
Response
Obviously unknown to Ahern and his staff are container security systems that do just that. In 2002 when Powers International made its first container security system, we could identify and report the person who supervised the stuffing of the container at origin, detect and report breaches in a container, and identify the person who opened the container at destination. This technology was demonstrated successfully to the federal government under a contract with the U.S. Department of Energy at our biggest land port of entry, Laredo, Texas. Customs and Border Protection (CBP) was at that demonstration in 2003. The key to this system, of course, is the vetting of those who are allowed to supervise the stuffing of the container and arm the CSD. Container security devices and systems that do not have that exact system can likely authenticate the contents manually by using firms such as Cotecna that should be able to provide this service. Finally, if anything creates "&the false impression that a dangerous shipment was secure," it is the CSI 24-hour manifest submitted by the ocean carrier, and the pre-arrival data submitted electronically by third-party carriers on the southern border through a CBP portal of the ACE (Automated Commercial Environment) system. In the case of the 24-hour manifest rule, unless the ocean carrier built (loaded) the container itself, there is no way of knowing what's in the container that it receives from the shipper or maritime freight forwarder. In the case of pre-arrival data required on the Southern border, a drayage (transfer) motor carrier or more likely its approved carrier representative, who files the arrival data for them, is ignorant of the actual contents. The reason is that the drayage carrier picks up a sealed trailer in a drop lot ready for transfer to the United States, and its third party filer never even sees the trailer. CBP does not know what is in it either. Therefore, neither of these required submissions can prove a shipment is safe. Filing entry data when a northbound shipment arrives at the border without direct content verification at origin does not ensure the container or trailer is, in fact, safe.
$firstKeyword
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
- A Security Blueprint Delivered From within the Network
- Understanding Data Location is Imperative for Data Loss Prevention
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
