By Dr. James GiermanskiRecently I met with a small group of former FBI agents at a monthly breakfast.\u00a0 The conversations, usually connected to past Bureau activities, moved to the discussion and criticism of Department of Homeland Security (DHS) and Customs and Border Protection (CBP).\u00a0 The flavor of comments follow: they\u2019re out of touch with industry in the container security area; they\u2019re in the pocket of big business; they lack vision; they\u2019re arrogant; and they don\u2019t have leadership; they lack talent; and more. However, while some old crusty ex-agents said it was \u201call of the above,\u201d the consensus, if there was one, was that the fundamental problem within the Department was weak and sometimes flawed leadership.\u00a0While I would expect those comments about DHS from a competitive agency, thinking about the breakfast discussion later that day, it occurred to me that, perhaps, this really is a core problem, especially with container security.\u00a0Therefore, I put together three examples of what I believe represents seriously flawed decision-making important to our security and reflective of questionable and inept leadership within the Department.\u00a0\u00a0All examples involve decision-making tied to container security.\u00a0 The first example involves leadership incongruence within DHS as demonstrated by CBP\u2019s focus on and fascination with the electronic sensing of \u201cdoors only\u201d access or entry into a sealed container.\u00a0 The second is the commitment to radio frequency (RF) devices for container security such as either RFID (Radio Frequency Identification) tags already in use at our ports, or according to CBP\u2019s Request for Information (RFI)\u00a0 dated December 12, 2007, the potential use of Bluetooth-related technology using prescribed frequency ranges published and available through the Federal Communications Commission (FCC).\u00a0 The third example is CBP\u2019s incredible reliance on import security programs with their inherent core concern for \u201cinbound\u201d container security to the exclusion of \u201cexport\u201d container security.\u00a0\u00a0 Only short examples of each of these three fixations will or should demonstrate the level of competent leadership within DHS, perhaps making credible the talk around the former agents\u2019 breakfast table. 1.\u00a0Doors OnlyFor some time now, when treating conveyance security devices, both DHS and CBP have focused on only doors. First, in November 2005, a Request for Information (RFI), an information-gathering and planning vehicle used by DHS in support of Customs and Border Protection, Johns Hopkins University\u2019s Applied Physics Laboratory on behalf of DHS stated, "The purpose of this request is to gather information to identify and evaluate available state-of-the-art container and trailer tracking devices suitable for in-bond shipments."\u00a0 The level of sophistication needed and stated in the RFI seems clear.Sensinga.\u00a0The container and trailer security device must be able to electronically detect closing and opening of either door of the container\/trailer.\u00a0 Monitoring the door status must be continuous from time of arming to disarming by authorized personnel.However, in January 2007 as reported in SecurityInfoWatch.com, W. Ralph Basham, CBP Commissioner, stated I\u2019m saying that just because you have a device that secures the doors does not mean that the container is secure. It just means that the doors are secure and not the whole container. If technology is being developed it should be toward making sure the entire container is tamper proof."\u00a0 "That is the challenge. Not just the doors on the container but the entire container\u2026.\u00a0\u00a0 But, on December 18, 2007 as posted in American Shippers NewsWire, Homeland Security Secretary Michael Chertoff went to the other extreme by saying "Therefore, effective Oct. 15, 2008, we expect to have the requirement in place mandating that all containers be secured with a standard bolt seal."\u00a0 Or, in my words, let\u2019s just bolt the doors. However, one week before Chertoff\u2019s deadbolt-the-doors statement, CBP released an RFI on its Conveyance Security Device (CSD) requirements.\u00a0This RFI, like the one two years before, is still focusing on \u201cdoors only\u201d in spite of Commissioner Basham\u2019s statement on the need to secure the whole container.\u00a0It is also interesting to note that the new 2007 RFI is still referencing the old \u201cin-bond\u201d shipment problem known to it and acknowledged in 2005, essentially admitting that for two years it has failed to address the in-bond issue and does not know if in-bond shipments were accessed during their travel through the United States, or for that matter what\u2019s really in the in-bond container. In the face of fairly clear direction contained in the SAFE Port Act of 2006, DHS and CBP failed to move at the pace specified in the law with respect to container security.\u00a0\u00a0 They are also inconsistent with and lag behind the progress of the private sector in moving away from doors-only detection and reporting.\u00a0 The private sector already has affordable technology that begins \u201cat-stuffing\u201d with the verification of contents and identification of the verifier, \u201call-sides\u201d detection of entry and satellite communication and control through to destination, including the identity of the authorized agent opening the container.\u00a0\u00a0 One such system was demonstrated between Bremerhaven, Germany and Port Everglades, Florida in December 2006.\u00a0[See Rick Eyerdam, Cargo Insecurity: Locals Offer a Better Mouse Trap, Florida Shipper, May 28, 2007, pp. 7, 9, 76.]\u00a0 Although the Germany-U.S. pilot was for demonstration purpose, in reality the system actually caught thieves stealing from one of the containers and it located one of the containers unintentionally lost in transit.\u00a0 DHS is so far behind industry in container security that its decision-making in this area is anything but confidence-producing.2.\u00a0RFI of December 2007Another amazing example of security knowledge and leadership, or lack hereof, is the new RFI.\u00a0 The RFI\u2019s synopsis reveals that "The primary purpose of the CSD System is to monitor the rear doors of a conveyance for an intrusion into the cargo space while in transit."\u00a0 While contravening Commissioner Basham\u2019s own statement on the inadequacy of doors-only container security, the real perilous point of this RFI is its calling for radio frequency technology, specifically cellular, and Bluetooth applications.\u00a0Seriously considering these applications is not only foolish, but also dangerous, again putting into question CBP\u2019s knowledge of what constitutes smart box security.\u00a0The use of almost any Radio Frequency (RF) applications to container security becomes, in effect, an Improvised Explosive Device (IED) if the container carries a bomb.\u00a0The RF signal can trigger that bomb when that container arrives at one of our ports.\u00a0The only difference between this IED and those used by terrorists, is that our own U.S. personnel \u201cpull the trigger\u201d causing the explosion!\u00a0On November 13, 2007 a small team of private and public sector scientists along with security and bomb experts performed a controlled blast in a container at a municipal bomb range.\u00a0 At the range, a detonator and a small amount of explosives were placed in the container.\u00a0A transceiver, like the ones used by our CBP and DOD and operating on frequencies mandated by the Federal Communications Commission (FCC), sent a normal signal interrogating the container as is done everyday at our ports.\u00a0 The explosives in the container detonated.\u00a0 In simple terms, there is now scientific evidence that the use of RFID technology approved for container security and employed today by CBP at all of our seaports and land ports-of-entry can be used as an IED trigger, an indisputable fact\u00a0 unknown to CBP. What was exceptionally relevant in this demonstration was that it showed that encrypting data as required in CBP\u2019s new RFI would not prevent the triggering of the explosives.\u00a0 Of course, maybe CBP doesn\u2019t know this either.\u00a0 If it did know, one would assume it would immediately stop RFID usage at our ports until a fix to the vulnerability was found. The truth has to be that CBP\u2019s leadership is uninformed.\u00a0\u00a0 But this begs the question: how is that possible?\u00a0 The following may explain the ignorance factor.\u00a0 CBP, DHS, the Office of the Secretary of Defense (OSD), the Government Accountability Office (GAO), the Coast Guard, multiple port authorities, and congressional offices were invited to witness the demo.\u00a0 CBP was not only invited in writing but also by telephone.\u00a0 CBP, DHS, GAO, Coast Guard, and the port authorities refused to attend.\u00a0 One congressional office and specifically relevant and important OSD personnel did attend.\u00a0 As a result, OSD stated that the demo was valid and confirmed the findings that current RF signals used today can act as an IED trigger.\u00a0 Additionally, because of the poignancy of this demonstration, a follow-up meeting of Congressional staff, private sector security, and scientific experts was called by a U.S. Congressional Representative for the first week of January, 2008 to address this vulnerability.\u00a0 CBP is also unlikely to be present at this meeting.\u00a0 Yet, in the face of known risks, CBP is continuing to use RFID at our ports, demonstrating its ignorance of this vulnerability or its lack of concern over it.\u00a0 3.\u00a0CBP Programs and U.S. ExportsThe third problem demonstrating the leadership level of CBP and DHS is its lack of focus on the security vulnerability to our ports of cargo leaving the United States.\u00a0 Each of CBP\u2019s four major container security programs, the Container Security Initiative (CSI); Customs Trade Partnership Against Terrorism (C-TPAT); the Secure Freight Initiative (SFI); and the Non Intrusive Inspection (NII) has one focus: inbound cargo and equipment.\u00a0 (The following descriptions are based directly on official DHS and C-TPAT documentation.) So far, the CSI involves up to 58 foreign seaports where CBP has a presence.\u00a0\u00a0 Its major instrument is the 24-hour rule that requires the shipping manifest containing logistics information to be transmitted to CBP in the United States 24 hours before the cargo is loaded at the foreign port into the vessel destined for the United States.\u00a0 The SFI is a joint effort by DHS and the Department of Energy (DOE) designed \u2026to scan containers for nuclear and radiological materials overseas and to better assess the risk of inbound containers.\u00a0\u00a0Announced in 2006, the program was implemented in 2007 in 6 foreign ports to gather information on potential carriage of nuclear material and report the information found.\u00a0 This data will be combined with other available risk assessment information such as currently required manifest submissions, to improve risk analysis, targeting and scrutiny of high-risk containers overseas.\u00a0The NII is smaller in scale and takes place at U.S. ports of entry directed at individuals coming into the country. The goal of the CBP Non-Intrusive Inspection Systems Program (Small Scale) is to match the technology and equipment with the conditions and requirements at ports of entry and Border Patrol checkpoints based upon a requirements analysis of the individual conditions at each location. The program uses hand-held equipment to inspect small-targeted cargo, parcels, luggage, and individuals, allowing system operators to examine their contents without the need for an intrusive manual search.\u00a0\u00a0\u00a0 Finally, C-TPAT is a cooperative voluntary program between industry and CBP.\u00a0 Its purpose is to strengthen the entire global supply chain by requiring its volunteer firms to meet minimum security standards established by CBP.\u00a0 It is an \u201cinbound\u201d program, easily recognized as such by both its security mandates and the type of business participants permitted in the program:U.S. Importers of record;U.S.\/Canada Highway Carriers;U.S.\/Mexico Highway Carriers;Rail Carriers;Sea Carriers; Air Carriers; U.S. Marine Port Authority\/Terminal Operators; U.S. Air Freight Consolidators, Ocean Transportation Intermediaries and Non-Vessel Operating Common Carriers (NVOCC);Mexican and Canadian Manufacturers;Certain Invited Foreign Manufacturers; andLicensed U.S. Customs Brokers.\u00a0\u00a0 Because the primary focus of C-TPAT is imports, it has become the critical obstacle preventing recognition of C-TPAT as equivalent to the EU\u2019s counterpart, the Authorized Economic Operator (AEO), scheduled to be implemented in January, 2008.\u00a0The lack of the inclusion of exports in the U.S. programs, specifically in C-TPAT, makes mutual recognition doubtful.\u00a0So why does the U.S. leave out exports?\u00a0 Do exports serve as a potential host for terrorism?\u00a0Is it any easier for a container bomb to take out a port and its nearby population going outbound from the United States?\u00a0 The answer is: it is no more difficult and is likely easier.\u00a0However, unlike the European Union, CBP does nothing in its security programs to face that threat.\u00a0During the preparation of the recent November 13th demonstration of RFID usage in seaports and land ports, a component of the team that concentrated on port vulnerability discovered that there is equal if not greater vulnerability from an outbound shipment.\u00a0 So why does CBP not include the outbound export function within its programs?\u00a0 Hopefully, the answer must be that CBP knows more than private sector security experts because if it does not, the competence of its leadership should again be questioned, especially with respect to container and port security.I do not hold allegiance to either particular political party and do not like to present one side or the other in an analysis that should be as objective as possible.\u00a0However, it appears to me that Representative Bennie Thompson, Chairman of the House Homeland Security Committee, was right on target in expressing\u00a0his displeasure with the progress and efficacy of DHS with respect to complying with the SAFE Port Act, and\u00a0with DHS\u2019 knowledge about comprehensive smart container systems that do more than check door integrity.\u00a0 In his press release Congressman Thompson said "The department is looked to for setting security standards and enforcing laws, and here they are doing just the opposite.\u00a0 This is the second time DHS is missing the mark on cargo security and it is two times too many.\u00a0 We shouldn\u2019t be waiting any longer for DHS to set standards for equipment that already exists."Door-only, RF-only, and inbound-only are just three examples of \u201cmissing the mark.\u201d\u00a0 What does DHS say when a dirty bomb detonates in one of our ports because of action DHS did not take? For this writer, the depth and breadth of DHS knowledge of container security vulnerabilities that face us every hour constitute more than virtual misfeasance.\u00a0 It may demonstrate a lack of moral judgment that today puts not only our ports and their surrounding communities in danger, but also our entire economy including you, the reader.\u00a0 Maybe it should have been the moral character of DHS that we former agents ought to have been discussing at our breakfast table.\u00a0 With respect to DHS and CBP, all of us deserve better. Dr. James Giermanski is Director of the Centre for Global Commerce at Belmont Abbey College and Chairman of Powers International, a transportation security company.