Container Security: Is the Layered Approach Working?
Guest columnist Jim Giermanski says the government's five-layered approach to container security is on the right track, but needs significant improvements
By James Giermanski
June 25, 2008 —
On April 2, Deputy Commissioner of Customs and Border Protection Jayson P. Ahern made a statement before the Committee on Appropriations, Subcommittee on Homeland Security, U.S. House of Representatives. One of the topics included in his statement was an explanation of the layers of security used by Customs and Border Protection (CBP) to protect the nation against potential terrorism connected to commerce through U.S. ports.
"CBP uses a multi-layered approach to ensure the integrity of the supply chain from the point of stuffing through arrival at a U.S. port of entry," he said, citing five layers:
- The 24-hour manifest;
- Screening through the Automated Targeting System (ATS) and National Targeting Center (NTC);
- Customs Trade Partnership Against Terrorism (C-TPAT);
- The Container Security Initiative (CSI) the Security Freight Initiative (SFI); and
- The Non-Intrusive Inspection (NII) program.
The goal of this layered approach, he said, is to combine each of the layers while limiting their combined affect on "hindering the movement of commerce through our ports."
Some of those in the trade community might take issue with this statement, believing that the layered approach has already hindered commerce. Others might take issue with the value of the layered approach in preventing a terrorist attack on a port of entry or interior target within the United States. I think that looking at each layer is important in appreciating this approach to security. Understanding the basics of each layer will indicate the knowledge CBP will likely have of the actual contents of containers reaching the United States.
Layer-1: The 24-hour Manifest
In general, a cargo manifest is a document that indicates the identity and description of the cargo contained in a shipment. There is certainly no problem using data from the manifest to determine contents. However, the manifest is made by vessel carriers, shipping lines that have no idea of actual contents. Therefore, any problem will always be linked to the person or firm that completes the manifest and their real knowledge of the contents of a container. CSI's 24-hour rule places the responsibility of sending the manifest to CBP with the shipping line, specifically the liner that loads the cargo into the vessel at the foreign port, carrying it to the United States, and discharging the cargo in the United States. "Carriers and/or automated NVOCC's will be required to submit a cargo declaration 24 hours before cargo is laden aboard the vessel at a foreign port for any vessel beginning the voyage on or after Dec. 2, 2002." Originally, there were 14 types of data placed on the manifest; today there are 21:
- 1. Carrier SCAC code (standard carrier alpha code)
- 2. Last foreign port
- 3. Vessel name
- 4. Voyage number
- 5. IMO vessel ID number
- 6. Date of departure from port
- 7. Container number
- 8. Commodity description (with HTS-6)
- 9. Commodity Weight
- 10. Bill of loading number
- 11. Shipper name and address
- 12. Consignee name and address
- 13. Hazmat code
- 14. Seal Number
- 15. Numbers and quantity
- 16. Foreign port of loading
- 17. First foreign place of receipt
- 18. Vessel country
- 19. Date of arrival at first U.S. port
- 20. Port of unloading
- 21. Time of departure from port
Furthermore, there's an expectation that CBP will announce in August or September the requirement to submit additional data contained in the "10-Plus-Two Program." There will be 10 pieces of data the shipper will have to submit, and an additional two pieces that the vessel carrier has to submit. From reviewing only six customs forms connected to inbound shipments, there were 122 distinct pieces of information. Of these bits of information there were 26 pieces that were repeated in the six forms. If that is any indication, there are hundreds of pieces of information-data that are CBP's mainframes that may or may not really be necessary or accurate. Regardless of how many elements are in the manifest today, the fundamental reality is that all elements represent what the shipper, not an individual, said to be true. In effect, the manifest states what is "alleged" to be in the container.
But the purpose of the 24-hour rule is to enable U.S. Customs to analyze container content information before a container is loaded and thereby decide on its "load/do not load" status in advance. An NVOCC is a non-vessel operating common carrier. In reality that entity can be a motor carrier leasing space on liners. For instance, Yellow Roadway trucking company is an NVOCC. Therefore, it accepts cargo from a shipper and provides the shipper a bill of lading to destination, including ocean travel, but Yellow Roadway does not own or operate an ocean-going vessel. Yet, it still is the carrier to its shipper and then it's the shipper to the vessel carrier. But only those NVOCCs who are authorized to communicate with CBP through an approved electronic portal can file a manifest as the liner can.
There is a flaw in this layer. How does a carrier know what's in the container? The carrier does not open the container to inspect it. The carrier simply takes the word of the shipper. Who is the shipper? Does the carrier really know? Even if the carrier really knows, the carrier is still relying on the shipper's word for the contents of the container. What if we have a perfectly honorable and well recognized shipper? Does that mean that between the stuffing of the container at origin and its arrival at the port of export, no surreptitious entry was made into that container and no weapon of mass destruction placed in the container before it arrived at the port of export? Since the carrier does not know what is really in the container that arrived at the port, how would CBP know what was really in the container if CBP relied only on the carrier's manifest? Assuming the shipper has historically been honest and trustworthy, the likelihood of CBP suspecting foul play is remote or non-existent under this layered approach. Thus, any positive or special treatment given this container can be deadly to either the recipients of the container, the United States, or to the exporting port where the explosive could really have been meant to detonate.
Layer-2: Screening through the Automated Targeting System (ATS) and National Targeting Center (NTC)
Video surveillance requires a lot more than turning on a camera or two. Here is expert advice on budgeting for and building a surveillance system, and using it most effectively to serve your business goals
Inside the new World Trade Center's 'situational awareness' platform
A prominent facility connects video to access management and more
The march to megapixel continues
The ongoing evolution of video technology
VMS: How to manage surveillance video
Keep records straight, storage requirements controlled, and evidence usable
VSaaS: The basics of video surveillance as a service
Hosted video emerges as a viable option
Buyers' guide to IP surveillance cameras
Case study: digital video ROI
- Introduction to VMware vCenter Site Recovery Manager 5
- Reliable Disaster Protection with VMware vCenter Site Recovery Manager
- Introduction to Virtualization
- Preventing Unplanned Downtime with Server Virtualization
- Secure Cloud Infrastructure and Next-Generation Data Centers - An Interactive Panel for Decision Makers
- Gartner Next Generation Network IPS Webcast
- Patch Tuesday preview, February 2012
Microsoft published its Patch Tuesday Preview for February of 2012 a few minutes ago. IT admins can expect nine bulletins to address 21 security vulnerabilities.
It looks like four bulletins will be rated critical while the rest are designated as important.
Affected Microsoft products are:
- M86 report proves water is wet
- Actor, banker, soldier, spy: Suits and Spooks Anti-Conference aims to redefine security
More Salted Hash with Bill Brenner
