Container Security: Is the Layered Approach Working?

Guest columnist Jim Giermanski says the government's five-layered approach to container security is on the right track, but needs significant improvements

1 2 Page 2
Page 2 of 2

However, the CSI program is anchored in the 24-hour manifest rule. CBP officers are only allowed to physically inspect containers in the participating foreign country ports when authorized to do so by that nation's customs authorities. The CSI program is more dependent on data acquisition and analysis.

There is a link between CSI and SFI, but not an extensive one. First, SFI is a scanning project composed of radiation portal monitors to detect radiation through NII (non-intrusive inspection) imaging systems. NII is really intended for small package imaging and border crossing functions. The Secure Freight Initiative is active at only three ports at full capacity: Puerto Cortes, Honduras; Port Qasim, Pakistan; and Southampton, United Kingdom as opposed to the 58 foreign ports participating in CSI. It was active in a limited capacity at Busan, Korea; Singapore; Port of Salalah, Oman; and Hong Kong. However, because there are significant problems with the SFI project, further deployment of machines is being reviewed due to recent lessons learned as revealed by CBP Deputy Commissioner Jayson Ahern in his April 2 statement. Ahern specifically cited 13 problem areas with SFI.

Essentially, CSI like other layers is really anchored in data flow. Its validity is only as good as the accuracy of the data submitted. SFI is similar but slightly different. It's only as good as its operators and the sophistication of its technology. According to the trade community, it is inefficient and according to scientists, SFI is 100 percent ineffective for highly enriched, shielded uranium. The technology is still being developed. The project is limited in scope, and there is serious discussion about its acceptance and application around the world. In June, 2008 the WCO called for the repeal of a U.S. law requiring all inbound maritime cargo containers to be scanned at foreign ports by July 1, 2012. And on June 11 in a report to Congress, DHS released all of the lessons learned from the SFI operational ports. In light of what the report revealed, it is doubtful if the SFI will continue, given its level and sophistication of its development and technology and the objections of the other trading nations.

Layer-5: Non-Intrusive Inspection (NII)

NII is mobile gamma-ray imaging technology. It is deployed at seaports and at land ports of entry, permitting officers to detect and interdict contraband (such as narcotics, weapons and currency) hidden within conveyances and/or cargo while simultaneously facilitating the flow of legitimate trade and travel. The mobile gamma-ray imaging system employs a gamma ray source that permits officers to quickly see inside tankers, commercial trucks, cargo containers and other conveyances without having to physically open the conveyance and/or container. NII machines can scan vehicles up to 125 feet in length in one pass. One version of the system is mounted on a truck chassis and is operated by a three-man crew. The NII operates by slowly driving past a parked vehicle with a boom extended over the target vehicle.

As a layer, NII is equivalent to "boots on the ground." It detects something it sees. It is not data-centered. While often the densities it reads may not turn out to be guns, drugs, or currency, but only something resembling them, it does have very clear security usage. In fact, NII has been used at the Super Bowl in 2008 and at NASCAR events in addition to its ports security duties.

Conclusion

While I have often criticized DHS and CBP for many of their decisions, policies, and management decisions, the layered system is fundamentally sound. It is sound in spite of the lack of active intelligence gathering and the lack of container security technological applications which are currently available. However, its weaknesses, while few, are significant. In fact, the tremendous reliance on submitted information on which to base security decisions is a weakness and needs to be addressed. While C-TPAT is good, a recent GAO (Government Accountability Office) report in May 2008, pointed out numerous areas of concern. There are also GAO reports on the effectiveness of scanning at border ports of entry.

It seems that the layered security concept needs two more layers. The first is an actual intelligence/counterintelligence layer. That will be a problem. A short, but true story will help to explain. In the late 1990s a young man came to my office when I was teaching at Texas A&M in Laredo. He knew that I was a colonel in the Air Force Office of Special Investigations (AFOSI), at that time a little known fact, and was told to contact me. He told me that he was an Air Force first lieutenant, and he said that he just finished the intelligence program at Fr. Huachuca and was just assigned to the Border Patrol.

When I asked why, he said that he was assigned there to teach them how to set up an intelligence net and that AFOSI sent him to me for guidance. Needless to say, even if he were successful, what level of intelligence gathering and counterintelligence capacity and ability would CBP have roughly 10 years later? Again, from personal experience with Customs (CBP) on cross-border drug movements, I found that CBP had little or no expertise in developing intelligence. Since it was not their job to do so, one can expect it would not be done. In fact, there has always been a stigma attached to CBP's law enforcement history and status. For many in law enforcement, and for some outside of law enforcement, CBP had the image of a government tax collector and border guard. However, as of July 6, 2008, CBP officers have law enforcement retirement coverage, indicating a significant change in the perception that many had of them. CBP now has federal law enforcement status. Under DHS, CBP clearly has enforcement status and all that should with it, including an intelligence function. While maybe not having it before given their historical role was understandable in the 1990s, it is not understandable today.

Also, today there should be greater cooperation between and among counterintelligence and law enforcement areas, unlike when I was an FBI agent. Yet, it seems that it may still be a problem. What cooperation does CBP receive from those agencies that could help CBP in preventing terrorist acts? CBP's National Targeting Center should be fed more than CBP's own data. There should be, and hopefully there is, the sharing of intelligence collected by other federal law enforcement and intelligence agencies. Thus, the first new layer, the counterintelligence layer, could be attained, not by CBP's own operations, but through the cooperation of those agencies that currently conduct counterintelligence.

The second new layer, and probably the easiest to accomplish, is a layer of security provided by smart containers. A smart container system is more than just a locked door or an RFID (Radio Frequency Identification) tag. A smart container is one that can be questioned and can respond in real time or close to real time. It can tell CBP that it is being breached, moved, or used as a host for WMD. Specifically it has eight general characteristics.

  • 1. It functions as a part of a system approach necessary to coordinate all facets of the supply-chain process to ensure visibility and security, beginning at origin.
  • 2. It electronically identifies the authorized personnel stuffing and securing the container at origin.
  • 3. It captures and transmits electronically certain trade data that will link to other supply-chain documentation, and accept and report information such as container/trailer number and booking data.
  • 4. It complies with the WCO, C-TPAT and AEO (European Union's Authorized Economic Operator) requirements to maintain the integrity of the entire container, by detecting a breach anywhere into its body.
  • 5. It reports in real time or as close to real time, any breach.
  • 6. It provides worldwide geographic positioning throughout the supply chain when queried, and when programmed, automatically report its position if it is off its designated course of travel.
  • 7. It recognizes and records the identity of the authorized person opening the container at destination.
  • 8. It accommodates an array of sensors and is able to communicate with or be adaptable to varied software packages used by shippers and carriers within the supply chain.

The international call centers or control centers that interact with smart container messages also sever as third party verifiers of the container's integrity and global movement. Smart boxes are essential to improving supply-chain security. They must be included in CBP's layered approach. They already exist. Unfortunately, it appears that CBP does not know that.

All security systems are penetrable with enough time, money, knowledge or inside help. Good security systems limit that probability. The layered approach is good. It just needs to be better. And it can be better with two additions: "boots on the ground" counterintelligence and the use of smart containers.

Dr. James Giermanski is chairman of transportation security company Powers International and Director of the Centre for Global Commerce at Belmont Abbey College.

Copyright © 2008 IDG Communications, Inc.

1 2 Page 2
Page 2 of 2
Microsoft's very bad year for security: A timeline