Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274 (2003)

Operation Safe Commerce (OSC) is an innovative public–private partnership dedicated to enhancing security throughout international and domestic supply chains while facilitating the efficient cross-border movement of legitimate commerce. The object is to prevent terrorists or their weapons from gaining access to the United States to cause catastrophic harm, while sustaining the viability of the global transportation lifelines that support international commerce. The way to accomplish this is to move away from primary reliance on a system of control at the borders that lie within U.S. jurisdiction and toward point-of-origin controls. Point-of-origin controls are to be supported by controls developed within international supply chains and accompanied by a concentric series of checks built into the system at points of transshipment and at points of arrival. In return, the nation’s world trade partners rightfully expect reciprocity and controls on U.S. exports to aid the security of their imports.

Effective international trade corridor security must rest on a foundation of credible risk management—that is, a regime that can reliably identify the people, goods, and conveyances that are legitimate, so their movements can be facilitated. This would allow shippers, importers, regulators, and inspectors to focus on the smaller number of entities about which they know little or have specific concerns. Achieving this goal requires a layered public–private approach.

OSC will validate security at the point of origin and will demonstrate what is needed to ensure that parties associated with commercial shipping exert reasonable care and due diligence in packing, securing, and manifesting the contents of

a shipment of goods in a container. In addition, OSC will demonstrate various methods to ensure that the information and documentation associated with these shipments are complete, accurate, and secure from unauthorized access. The project will ultimately gauge the security of the supply chain with these new procedures in order to determine their viability.

OSC will provide validated recommendations and workable solutions to legislators, regulatory agencies, the International Maritime Organization, and the World Customs Organization on how best to address the critical issue of cargo security.

The following are some of the major objectives of OSC:

• Ensure the integrity of the supply chain by encompassing the entire transaction between an importer and a supplier. This includes validating security at the point of origin, ensuring the contents of containers, and tracking the container in transit with the intent of identifying methods and evidence of possible tampering.

• Pilot the use of off-the-shelf technologies and conduct proof-of-concept projects to demonstrate other technologies to monitor the movement of legitimate cargo in transit before it reaches the U.S. border and all the way to its final destination.

• Provide a tangible prototype that can inform post–September 11 efforts—by federal and international authorities—that aim to enhance the security associated with all types of cargo, conveyances, and people moving across borders and within international trade corridors, by proving the feasibility of various industry and government proposals for layered cargo security strategies.

To achieve these objectives, OSC proposes the following:

1. Apply a common set of standard security practices to govern the loading and movement of cargo throughout the supply chain. The goal is to ensure that an authorized packer of a container knows what is in that container and can report those contents accurately.

2. Ensure that the container’s electronic documentation is complete, accurate, and secure against computer hackers and is provided to law enforcement agencies in a timely manner.

1. Reduce the risk of a container being intercepted and compromised in transit.

OSC will work initially with three major ports: Seattle/Tacoma, New York/ New Jersey, and Los Angeles/Long Beach. Seventy percent of the container movement in the United States originates or terminates with these entities. To achieve these objectives, the three load centers will use several methods that may include all or some of the following:

• Validating and assessing the entire delivery system through examination of the discrete stages of the product flow (supply chain):

  1. Product origination (the factory and subcontract manufacturing),

  2. Product shipping to export facility (transportation company),

  3. Export stage repackaging and shipping (export broker),

  4. International transport (freight company),

  5. Export arrival and storage (transportation company, warehouses, customs facilities, port, ocean carrier),

  6. Vessel voyage (ocean carrier),

  7. Import arrival and storage (port, transportation company, warehouses, customs facilities),

  8. Cargo conveyance (rail, truck),

  9. Cargo breakup into multiproduct facilities (drop centers, distribution warehouses), and

  10. Product arrival and storage at the buyer’s facility.

• Complying with Business Anti-Smuggling Security Coalition or similar procedures and standards.

• Requiring secure packing procedures for loading intermodal containers along the lines of ISO9000 quality assurance rules.

• Maintaining secure loading docks at manufacturing plants or at shipping facilities that restrict access to authorized individuals and that use cameras to monitor the loading process. Loading docks would be subject to periodic, random, independent inspections to ensure compliance.

• Using third-party verifiers to augment the capability of government enforcement authorities to audit, certify, and validate shipments and supply chain service providers.

• Providing and checking proper import vouchers before loading cargo on vessels.

• Using technology to secure and monitor containers and their movement through the intermodal supply chain.

• Outfitting containers with theft-resistant mechanical and electronic seals.

• Installing light, temperature, or other sensors in the interior of the container, which would be programmed to set off an alarm if the container is opened illegally at some point of transit.

• Conducting background checks of truck drivers who deliver goods to the port and outfitting them with biometrically based identity cards.

• Attaching an electronic transponder (such as those used for the “E-ZPass” toll payment system in the northeastern United States) and Global Positioning System devices to the truck cab and chassis or rail car carrying containers and using intelligent transportation system technologies to monitor in-transit movements to and within the port terminal.

• Maintaining the means to communicate with operators from their pickup to their off-load destinations.

• Providing tracking information to the appropriate regulatory or enforcement authorities within the jurisdictions through which the cargo will be transported.

• Leveraging the Port of New York and New Jersey’s Freight Information Real-Time System for Transport vessel and cargo information system, or other similar information portals, by requiring all participants in the supply chain cycle to provide advance notice of the details about their shipments, operators, and conveyances in accordance with agreed-upon protocols. This early notice would give government inspectors the time to assess the validity of the data and check the data against any watch lists they may be maintaining, and would provide timely support to a field inspector deciding what should be targeted for examination.

The following may be among the major project tasks:

1. Forming regional task forces that will include the law enforcement community and other regulatory authorities, as well as appropriate academic and technical experts.

2. Enlisting private business-sector partners involved with all stages of product flow in the construction of a process flow map for the physical movement of each container/supply chain that has been identified. The chain of custody as well as the information flow will also be mapped out to identify security gaps and how they can be redressed.

3. Tasking the regional task force members to examine the following for security gaps: (a) the entire design-to-delivery product flow; (b) the means of conveyance—maritime, rail, truck, and air; and (c) the “who and how” connected with the operators who move the products.

4. Conducting field visits to witness the actual supply chain process.

5. Having the regional task force prepare recommendations they believe might redress the gaps they identify. A recommendation should fall under one of three groupings: (a) off-the-shelf technologies for securing and tracking shipments, (b) improvements to existing data collection and sharing arrangements, and (c) process changes that would close opportunities for compromise at the point of origin or in transit.

6. Enlisting a support group made up of academic and private-sector partners to develop technological applications for testing as the regional task force identifies gaps. An outreach effort will be made to other government-sponsored R&D programs that are field-testing tracking and sensor technologies that support a demonstration of how secure in-transit visibility and accountability can be achieved.

7. Conducting trials of new technologies, data arrangements, or process changes using volunteer manufacturers, importers, surface shippers, freight forwarders, maritime shipping lines, and terminal operators.

8. Testing the integrity of systems with “red-team” exercises.

1. Preparing reports to capture and quickly relate lessons learned from the security gap analyses and the testing and refinement of technological applications. The reports will aim to provide guidance for a layered, multitiered approach for replication and standardization of policy approaches to securing trade corridors. The audience includes legislators and policy makers involved in the U.S.–Canada “Smart Border” Agreement and participants in counter-terrorism initiatives under consideration by the International Maritime Organization, the World Customs Organization, the International Standards Organization, and other relevant multilateral and international bodies.