With the reliance of the US economy on a secure global supply chain, securing the millions of cargo shipments arriving in the US every year is critical. However, a recent Government Accountability Office audit found Customs and Border Protection (CBP) has not been accurately recording the disposition of high-risk maritime shipments, which may be creating vulnerabilities in the supply chain.
“Criminal or terrorist attacks using cargo shipments can cause disruptions to the supply chain and can limit global economic growth and productivity,” GAO’s audit report stated.
GAO said from Fiscal Years 2009 through 2013, less than 1 percent of the roughly 12 million maritime shipments arriving in the United States each year were identified as high risk by CBP, the agency responsible for cargo security.
The Department of Homeland Security (DHS) has encouraged CBP to refine aspects of its layered security approach in absence of being able to ensure that 100 percent of US-bound maritime cargo containers are scanned at foreign ports.
In examining high-risk shipments, CBP employs a layered risk-based security approach which relies on obtaining advance cargo information to help identify shipments that are potentially high risk for containing terrorist contraband. However, CBP can waive examination of a container if it meets certain criteria.
For example, GAO noted, “A shipment could be identified as high risk because it is associated with a shipper on a terrorist watch list, but through further research, CBP officials determine the shipper is not a true match to the terrorist watch list and, therefore, the shipment should not be considered high risk.”
CBP can waive examination if a high-risk shipment meets a “standard exception” or an “articulable reason.” However, there are no CBP-wide definitions for the standard exception categories, which raises the concern CBP may be waiving shipments that should be examined and examining shipments that could be waived.
In addition, CBP did not properly record articulable reasons for waivers, which limits CBP’s ability to determine whether policy is being followed. Moving forward, GAO suggested CBP update and disseminate guidance in policy on how to record articulable reason waivers.
The auditors discovered CBP’s high-risk shipment data is not reliable. CBP overstated the number of high-risk data shipments, included shipments never sent to the US, and applied inconsistent criteria to making waiver decisions, calling into question whether waivers are being applied judiciously.
“Given that examining and waiving, if appropriate, high-risk shipments are critical aspects of CBP’s strategy, it is important for CBP to ensure that these practices are carried out consistently and that results of its targeters’ actions regarding the disposition of high-risk cargo shipments are recorded accurately,” GAO concluded.
In response, GAO recommended among other things that CBP define standard exception waiver categories and disseminate policy on documenting articulable reason waivers, as well as enhancing its methodology for selecting shipments for self-inspections and change the way it calculates the compliance rate.
DHS concurred with GAO’s recommendations.
Vulnerabilities in the layered approach to port security
As Homeland Security Today reported in September, Congress has passed two pieces of legislation, the SAFE Port Act of 2006 and the Implementing Regulations of the 9/11 Commission Act of 2007 requiring 100 percent scanning of incoming cargo at US ports. The mandate for 100 percent screening – which has been plagued with problems and declared impractical by some authorities — was scheduled to begin in 2012, but DHS has had to delay its implementation.
In turn, since CBP cannot scan 100 percent of cargo entering the US, the agency relies on a layered security approach. Jim Giermanski, chairman of Powers International Inc., an international transportation security company, told Homeland Security Today the layered security approach is a step in the right direction, however, it contains some significant flaws.
“While I have often criticized DHS and CBP for many of their decisions, policies and management decisions, the layered system is fundamentally sound,” Giermanski said. “It is sound in spite of the lack of active intelligence gathering and the lack of container security technological applications which are currently available. However, its weaknesses, while few, are significant.”
Giermanski recommends two additional layers of security: intelligence/counterintelligence and a smart container system. Giermanski believes CBP should have an intelligence function given the crucial function of intelligence in preventing terrorist attacks. Moreover, agencies that do conduct counterintelligence operations need to share their data with CBP.
The second layer, a smart container, “is more than just a locked door or an RFID (Radio Frequency Identification) tag” and is “one that can be questioned and can respond in real time or close to real time,” according to Giermanski.
Smart containers have a number of capabilities, but most importantly, they function as a part of a system approach necessary to coordinate all facets of the supply-chain process to ensure visibility and security, beginning at origin.
“All security systems are penetrable with enough time, money, knowledge or inside help,” Giermanski said. “Good security systems limit that probability. The layered approach is good. It just needs to be better. And it can be better with two additions: ‘boots on the ground’ counterintelligence and the use of smart containers.”
Moving Forward: No such thing as a perfect security system
While CBP needs to improve its oversight of high-risk maritime shipments, David P. Cohen, a recognized cargo security expert who served as chief of staff to three separate US Customs commissioners and is executive director of the Cargo Intelligence Security and Logistics Association (CISLA), told Homeland Security Today that no perfect security system exists. Reviews like the one conducted by GAO are in place to ensure that CBP’s policies and procedures are routinely examined and updated.
“There is no such thing as the perfect security system,” Cohen said. “Risk-based, layered security as deployed by CBP involves any number of complimentary and overlapping elements specifically to ensure that in the instance one element fails, others are in place to manage those failures. Such an approach requires constant review, reevaluation, refinement and updating.”
Cohen emphasized the point that DHS is operating in austere times where budgets are tight and resources are stretched thin. Given these circumstances, Cohen applauded CBP’s efforts to safeguard the nation.
“Like the mythical Sisyphus forever pushing a boulder up a hill, each year CPB is responsible for targeting, scanning and otherwise inspecting over 12 million shipments into the US,” Cohen said. “It’s a thankless and difficult job andin that regard, the agency has a remarkable and consistent track record of protecting our nation."
Cohen said, "The findings included in the GAO report certainly need to be addressed and clearly CBP recognizes that fact.”
Moving forward, Cohen asserted that strengthening port security requires DHS encourage technology providers to develop new technologies that not only better scan shipments for threats, but do so in a faster more efficient manner.
“The importance of directed cooperation with our nations shipping industry, centers of excellence, universities and national labs cannot be overstated in this regard,” Cohen explained.
In addition, Cohen said port security requires both domestic and international cooperation, so DHS must continue to work with our allies abroad to ensure the country’s ports remain safe.
“In that same vain, DHS needs to continue to work closely with our allies abroad,” Cohen added. “Information sharing is key. The department has done a terrific job since 9/11 through programs like CSI and CTPAT, but those initiatives are now over a decade old. What’s next? Innovation and leadership on these issues are critical to ensure our ports remain safe and secure.”