Cybersecurity of Freight Information Systems: A Scoping Study -- Special Report 274 (2003)

The U.S. Bureau of Customs and Border Protection (Customs) has developed an extensive array of information systems that support the collection, processing, and analysis of data on goods, people, and conveyances entering and exiting the United States. These systems were developed over the past three decades with the involvement of many government agencies and the international business and transportation communities. The following statistics are intended to provide a brief picture of the magnitude of two of these systems:

• The Automated Commercial System (ACS) currently processes more than 99 percent of the $1.8 trillion in imports and exports in all modes of transportation.

• The ACS database has 4 terabytes of electronic storage and 6.2 billion records accessed 578 million times daily.

• The Treasury Enforcement Communications System (TECS) currently processes more than 475 million travelers entering the United States by air, land, and sea.

• The TECS database has 3 terabytes of DASD and a database of 5.3 billion records accessed 766 million times daily.

• ACS and TECS support or have interfaces with more than 100 U.S. government agencies and foreign countries, nearly all international transportation carriers, and thousands of international businesses and service providers.

In August 2001, Customs embarked on a Modernization Program, a 15-year initiative to modernize and integrate its information technology infrastructure to support the government’s oversight of import and export trade compliance, border enforcement, and international passenger processing. Modernization will enable Customs and all participating government agencies to collect, analyze, collaborate on, and disseminate the right international trade and traveler information to internal and outside users in advance or in real time—to the right people, at the right time, and in the right place. Furthermore, the program will enable border-related government agencies and the international trade and travel private sector to transform the way they do business by implementing new processes that support future trade growth and changing business requirements.

Today, Customs has information systems in place at the 300 U.S. ports of entry to process all inbound and outbound cargo and passengers. Although these systems are antiquated, they still provide the platform for air and sea carriers to transmit cargo and passenger manifests in advance of arrival and enable importers to file their entries electronically. Customs interfaces with virtually every entity in the international supply chain process—importers, exporters, carriers, and a multitude of intermediaries and service providers.

Currently, Customs uses multiple systems that process international trade and travel and support a multitude of agencies and commercial businesses. The following are examples:

• ACS tracks and monitors all imports of goods entering the United States.

• The Automated Broker Interface is the central government system for the filing of commercial declarations on imported cargo.

• The Automated Manifest System is a multimodular international cargo inventory control and release notification system for sea, air, and rail carriers.

• The Automated Export System is the central point through which export shipment data required by multiple agencies is filed electronically for all methods of transportation.

• The Advance Targeting System assembles and screens commercial, transportation, and passenger data to identify high-risk imported cargo and arriving international passengers.

• TECS is a megadatabase of law enforcement information shared by the Federal Bureau of Investigation, the Immigration and Naturalization Service, and Customs. It is used to screen all persons entering the United States.

• The Interagency Border Information System meets the data-sharing, analytical, and processing needs of a multiagency (State, Treasury, Justice, Agriculture) border effort for international passengers and conveyances.

• The Advance Passenger Information System receives and analyzes biographical data on international air passengers before their arrival in the United States. It covers about 85 percent of the 67 million passengers arriving.

The communications backbone is the Treasury Communications System Wide Area Network (Frame Relay) with multiple levels of protection and multiple remote access methods and controls.

The Customs Modernization Program will integrate all Customs information systems that encompass imports and exports, conveyance and shipment tracking, passenger enforcement, investigative and intelligence support, human resources, and financial management.

The first components currently under development are the Automated Commercial Environment (ACE) and the International Trade Data System (ITDS) programs, which focus on cargo import and export operations. ACE and ITDS form a coordinated system that provides a “single window” allowing the international business community to interact with Customs and all government agencies on import/export requirements.

ACE will lay the technology foundation for all Modernization programs and deliver enhanced “cradle-to-grave” support of the cargo control and enforce-

ment process. All related functions in field operations and enforcement will be supported from a single common user interface, a single window for officers to perform their work. ACE will process both imports and exports and will be linked seamlessly to enforcement, revenue management, and mission support systems to enable integrated field operations and nationwide collaborative teaming among officers. Delivery of ACE functions will begin in the field in January 2004 and will continue in phases extending through April 2006.

The following are the major business functions of ACE that directly link to the freight transportation sector:

• Portal—a universal, secure Internet “window” for all authorized system users (Customs, other government agencies, and the international transportation community) to transmit, analyze, and collaborate on supply chain data. Projected for spring 2003.

• Account Management—provides a single comprehensive, nationwide account-based picture of all reported activity and relationships for an importer, an exporter, an international carrier, or a logistics/service provider. Projected beginning spring 2003 through 2005.

• e-Release—provides for advance receipt of transportation data via transponders/electronic seal transmissions resulting in inspection or release information at the earliest point in the supply chain. Projected for truck transportation in 2004 and all other modes beginning in 2005.

• Multimodal Manifest—provides for advance transportation data at the earliest point in the supply chain. Projected for truck transportation in 2004 and all other modes beginning in 2005; will track cargo across modes in 2007.

• Cargo and Conveyance Tracking—provides for tracking shipments (including in-bond) and conveyances, and provides release or status of shipment subject to government agency control.

ITDS supports 101 agencies with information and actual operational interaction on shipments, crew, and conveyances crossing the border.

As stated by the ITDS multiagency Board of Directors:

Customs’ new Enterprise Architecture (EA) for ACE and the Modernization is established to support all field activities and align information technology with the strategic objectives of Customs and all agencies. The EA provides for a multi-layer security management system. The information Customs has made public is represented in Figure D-1.

The Customs Modernization and ACE programs will be state of the art but are subject to cyberattacks, as are all information systems. The reality of connectivity with the international trade and transportation community and the electronic exchange of massive amounts of data and database queries add to the potential vulnerability.