Ken Wheatley, vice president of corporate security for Sony Electronics, answers readers’ questions about cargo securityQ: How can shippers be sure that only the right person at the right time in the supply chain receives only the information required?A: To successfully and consistently meet the requirements you’ve set forth, shippers would ideally have a closed-loop system whereby they controlled the process from the time of pickup to the time of delivery. They would also benefit from a robust software tracking system on a VPN that, based on the person’s access authorization, would display only the information that he needed to view.Q: It’s one thing to justify processes that will keep cargo from being stolen. But how can you add value to the process of keeping cargo from being tampered with?A: I don’t see the twotampering and theftas separate issues. If people can lay hands on the cargo to tamper with it then they can certainly steal it. So the same objectives of deterrence and detection apply. You have to convince your adversaries that your processes and systems are so ironclad they will go elsewhere. If they can’t get to the cargo, then they can’t tamper with it or steal it, so limiting physical access to the cargo is essential.Visually concealing the contents of the pallets and boxes by using black wrapping or an overbox, and coding the paperwork to conceal the actual contents of the pallet or trailer will also help.Q: Is the shipping security dilemma a problem for technology to solve?A: Not by itself, and not without a careful analysis of the problem to determine if a technical solution is the appropriate path. Too often technical “solutions” are treated as a set-it-and-forget-it fix. There are interactive applications where technology is a force-multiplier, such as speeding up the inspection process or extending human capabilities using backscatter X-rays or passive millimeter wave imaging. Plus, technical advances are never-ending propositions because our adversaries immediately try to find ways to defeat or go around a new application.Q: Can you give us a sense of the scale of the problems you’re dealing with? That is, compared to pieces of luggage that need to be screened, how many containers are coming through the system? A: As you’re probably aware, there are millions of containers entering the United States through the various borders, and approximately 2 percent of those are screened by U.S. Customs and Border Protection. So the scale of the problem you’re referring to is really the nagging question of, What about the other 98 percent of the shipments? Well, it’s a multifaceted approach to the problem. Customs and Border Protection has to use other tools to supplement the risk assessment process, such as the 24-hour rule on paperwork submission for ocean shipments, to help further screen and identify which shipments need closer inspection. And programs such as CTPAT and the Container Security Initiative help to further refine that assessment.Q: Following on that, what happens to the shipping industry if security concerns are raised? In other words, if you’re dealing with the equivalent of the Department of Homeland Security’s orange alert in shipping, do the world’s ports get thrown into backed-up chaos?A: This is where our role as the CSO comes into play. Rather than being reactive to any particular alert level or color code, we should be advising our operations on proactive, flexible methods to harden our targetsin this case, containers. That way, minor midcourse corrections in security protocols can be implemented in response to a particular threat level. And the impact on our economy and industry is minimized. Related content news UK Cyber Security Council CEO reflects on a year of progress Professor Simon Hepburn sits down with broadcaster ITN to discuss Council’s work around cybersecurity professional standards, careers and learning, and outreach and diversity. By Michael Hill Sep 27, 2023 3 mins Government Government Government news FIDO Alliance certifies security of edge nodes, IoT devices Certification demonstrates that products are at low risk of cyberthreats and will interoperate securely. By Michael Hill Sep 27, 2023 3 mins Certifications Internet Security Security Hardware news analysis Web app, API attacks surge as cybercriminals target financial services The financial services sector has also experienced an increase in Layer 3 and Layer 4 DDoS attacks. By Michael Hill Sep 27, 2023 6 mins Financial Services Industry Cyberattacks Application Security news Immersive Labs adds custom 'workforce exercising' for each organizational role With the new workforce exercising capability, CISOs will be able to see each role’s cybersecurity readiness, risk areas, and exercise progress. By Shweta Sharma Sep 27, 2023 3 mins Security Software Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe