Customs and Border Protection (CBP) staff told the Government Accountability Office (GAO) that the Customs-Trade Partnership Against Terrorism (C-TPAT) program have faced challenges in meeting C-TPAT security validation responsibilities because of problems with the functionality of the program’s data management system, called Portal 2.0.
C-TPAT, is a voluntary program in which CBP staff validate that members’ supply chain security practices meet minimum security criteria. In return, members are eligible to receive benefits, such as a reduced likelihood their shipments will be examined.
"Since the system was updated in August 2015, C-TPAT staff have identified instances in which the Portal 2.0 system incorrectly altered C-TPAT members’ certification or security profile dates, requiring manual verification of member data and impairing the ability of C-TPAT security specialists to identify and complete required security validations in a timely and efficient manner,” GAO said in an audit report.
“While the focus of CBP’s staff was initially on documenting and addressing Portal 2.0 problems as they arose, the staff have begun to identify root causes that led to the Portal 2.0 problems,” GAO found. “For example, CBP staff cited unclear requirements for the system and its users’ needs, coupled with inadequate testing, as factors that likely contributed to problems. In response, CBP staff have outlined recommended actions, along with timeframes for completing the actions. The staff stated that they will continue to work on identifying and addressing potential root causes of the Portal problems through 2017.”
C-TPAT officials told GAO that despite the Portal 2.0 problems, they have assurance that required security validations are being tracked and completed as a result of record reviews taking place at field offices.
“However,” GAO reported, “these field office reviews were developed in the absence of standardized guidance from C-TPAT headquarters. While the current validation tracking processes used by field offices do account for security validations conducted over the year, standardizing the process used by field offices for tracking required security validations could strengthen C-TPAT management’s assurance that its field offices are identifying and completing the required security validations in a consistent and reliable manner.”
GAO stated, “CBP cannot determine the extent to which C-TPAT members are receiving benefits because of data problems. Specifically, since 2012, CBP has compiled data on certain events or actions it has taken regarding arriving shipments—such as examination and hold rates and processing times—for both C-TPAT and non-C-TPAT members through its Dashboard data reporting tool. However, on the basis of GAO’s preliminary analyses and subsequent data accuracy concerns cited by C-TPAT program officials, GAO determined that data contained in the Dashboard could not be relied on for accurately measuring C-TPAT member benefits. Also, CBP has likely relied on such questionable data since it developed the Dashboard in 2012, and, thus, cannot be assured that C-TPAT members have consistently received the benefits that CBP has publicized.”
C-TPAT officials told GAO “they are analyzing the Dashboard to finalize an action plan to correct the data concerns. It is too soon to tell, though, whether this process will fully address the accuracy and reliability issues. Despite these issues, C-TPAT officials are exploring new member benefits, and industry officials we met with generally spoke positively of theC-TPAT program.”
GAO noted that, “The economic well-being of the United States depends on the movement of millions of cargo shipments throughout the global supply chain—the flow of goods from manufacturers to retailers or other end users. However, cargo shipments can present security concerns."
“I’ve taken a look at it, but my view hasn’t changed. They are having an IT problem with Portal 2.0 and cannot manage the data that go into it,” Dr. Jim Giermanski, chairman of Powers Global Holdings Inc. and a noted cargo security authority, told Homeland Security Today.
A former Air Force Colonel who, as a special agent in the Air Force Office of Special Investigations concentrated on counterintelligence and clandestine base penetrations, and a former FBI agent who worked with CBP on drug intelligence development, Giermanski said, “With all the CBP programs, IT portal systems for data transfer and the constant updating and changing them, it’s too much for me. I just don’t have the IT background necessary. Even the C-TPAT members seem to be having trouble with all the changes and really avoid, when possible, having to use all these different programs and portals. The ACE portal alone is in CBP’s own words, ‘a work in progress.’ Just take a look at this portal. Now, add all the other CBP programs involving trade, and you can see why there is a problem in managing just Portal 2.0. What is actually amazing is CBP doesn’t even care about out-bound containers which could have a devastating impact on our ports and economy should an explosion using an out-bound container take out one or more of our major ports.”
Another industry cargo official told Homeland Security Today on background that, “I was very familiar with the old [system]. In fact, the reason I haven’t used it is because they change the portal and I couldn’t understand how to get out of it what I needed. After playing with it for a few hours, I was able to get done what was required, but it’s not very user-friendly.”
GAO recommended CBP develop standardized guidance for field offices regarding the tracking of information on security validations, and a plan with milestones and completion dates to fix the Dashboard so the C-TPAT program can produce accurate data on C-TPAT member benefits.
The Department of Homeland Security concurred with GAO’s recommendations.
