Amid this geopolitical backdrop of the coming decade, the U.S. Customs and Border Protection (CBP) has issues to contend with that hit close to home. In the urgency of adoption, the 24-Hour Rule and container targeting inherited a number of weak points that the agency must shore up if it is to achieve its goal of efficient supply chain security. Many early speed bumps in the Rule itself, common with almost any new regulation, continue to work themselves out during daily practice. These have included issues of confidentiality, the participation of NVOCCs in advance filing, acceptable cargo descriptions, and the phase-in of automation. Underneath these relatively minor problems, however, are more fundamental questions that require deeper, long-term planning. How CBP chooses to address them could have significant effects on how the entire targeting system functions, and how it affects supply chain management.
The effectiveness of the 24-Hour Rule and maritime container targeting depends on the success of two related programs, the Container Security Initiative (CSI) and the Customs-Trade Partnership Against Terrorism (C-TPAT). Yet these initiatives face implementation problems of their own.
At the heart of CBP’s pushing-out-the-border strategy, CSI is founded on four core elements: 1) using intelligence and automated information to identify containers that pose a risk for terrorism; 2) prescreening those containers at the port of lading before they arrive in the United States; 3) using non-intrusive detection technology whenever possible to examine suspicious containers; and 4) using smarter, tamper-evident containers. CSI places CBP officers at major world seaports to work with foreign colleagues in identifying and examining high-risk containers, using data gathered under the 24-Hour Rule and run through ATS. Without the Rule, CSI can’t work. Conversely, without an effective CSI overseas, the data supplied by carriers under the Rule does nothing to mitigate terrorist threats before it’s too late.
As of October 2004, 16 countries had entered into bilateral CSI agreements with the United States, with the program operational at 31 of the world’s major seaports in Europe, Asia, Africa, and North America. Ultimately, CBP envisions having CSI teams at 40 or more ports, covering more than 80 percent of all containers shipped to the United States. But CSI must be adequately staffed and funded if it is to process the increased trade flow expected over the next decade. The GAO believes CBP will have a difficult time staffing long-term overseas posts with qualified, highly skilled personnel, much the same way the State Department has trouble staffing positions in hardship posts. (1)? Currently CBP sends teams of four to eight inspectors on temporary duty assignments of only three or four months because DHS has not authorized longer assignments. (2)
While on paper CSI appears to accomplish much in deterring terrorist attacks, CBP still lacks hard-data measures of the program’s effectiveness. (3)? This despite the fact that the annual budget for CSI has ballooned. Spending will have to keep pace with the necessity of enrolling additional world ports, but will an easily distracted Congress stay on board. Lawmakers will want to see more inspections with more tangible results—that is, evidence of thwarted attempts at terrorism. Only by keeping talented officers in position and presenting a positive return on investment can CBP guarantee congressional support for this program so crucial to intermodal cargo security.
C-TPAT is a voluntary, joint government-business initiative that asks participating importers, carriers, brokers, warehouse operators, and foreign manufacturers to ensure the integrity of their security practices and those of their partners within the entire supply chain. In exchange for C-TPAT membership, companies receive the benefit of lower container targeting risk in ATS and fewer inspections. From the perspective of private business, C-TPAT is the primary means for avoiding delays and keeping goods moving efficiently. From CBP’s perspective, it is a principal way to reduce the risk of most U.S. imports (at least on paper), thereby helping the agency manage the number of inspections required as the volume of trade increases.
As of September 2004, C-TPAT membership had surpassed 7,000 companies, including most major U.S. importers, accounting for more than 50 percent of maritime cargo by value. (4)? On the plus side, these largest importers who own or operate the entire supply chain route from start to finish experience the fewest security problems because of the greater control they exert. Most smaller importers don’t have that option, however, and rely on several small logistics providers. Studies show that cargo security is affected negatively by the number of smaller individual companies used to move cargo. If it hopes to provide a comprehensive umbrella of U.S. supply chain security, C-TPAT will have to reach out to more of these smaller firms, foreign manufacturers, and foreign logistics providers. That means thousands of additional members from all around the world.
As voluntary membership rapidly approaches the 10,000 mark, however, the effectiveness of C-TPAT as it stands today could be facing its breaking point. Initial and continuing audits of members’ security practices will remain a stiff challenge to limited CBP resources. And no one can predict how often a dangerous security lapse might occur at an unvalidated member operation (or even a validated one), or how easily a terrorist group might infiltrate and exploit such an operation with an overstretched CBP not paying attention. As with CSI, there is no quantifiable evidence yet that C-TPAT even does what it sets out to do.
Already some in the maritime industry have shown a wavering commitment to the program. “Some participants continue to strongly adhere to the program’s goals out of a sense of responsibility, while others, driven by their bottom line, are moving away from the program and are only meeting those requirements in law or regulation,” says Sen. John McCain, R-Ariz. (5)? Simply put, because the program attempts to encompass container stuffing, sealing, and land-based transport overseas—perhaps the most vulnerable phases in a container’s journey—it may be too important to be based on a “trust-but-can’t-confirm” approach to best practices among members. Without tighter government oversight of a program that results in lower targeting risk, the opportunity for terrorists to exploit a member company’s preferred status seems too great. Simultaneously tightening and expanding C-TPAT, however, will only make the program significantly more expensive, on top of already increasing annual budgets in times of deficit.
If a truly effective C-TPAT threatens to grow beyond CBP capabilities, one possibility is to allow the program to evolve out of government hands into an innovative alternative run by private industry. As one expert points out, the Maritime Transportation Security Act required the evaluation and certification of secure systems of intermodal transportation. The law did not specify that these programs be conceived or implemented by the federal government. (6)? It could be that a global trade association funded by its membership, for example, could better reach supply chain players around the world, in coordination with CBP and foreign customs agencies. A less extreme alternative would be for C-TPAT to spawn identical programs for other world markets that together would form a single international standard, under the oversight of the World Customs Organization. CBP Commissioner Robert Bonner already has suggested such a framework for the future, including global versions of the 24-Hour Rule, CSI, and ATS. (7)? Under this framework, all participating nations would require the same advance shipment data; nations would apply the same risk management approach to targeting high-risk containers; customs agencies would share information about terrorist risks to intermodal trade; and participating countries would agree to expedite processing for companies who meet C-TPAT-like best practices for supply chain security. Of course, conservatives in Congress will not like an idea that, on the surface, appears to cede authority for homeland security to a global body. For such a system to gain acceptance, it will have to play up the advantages of a global infrastructure in data gathering and targeting (i.e., scope and resources beyond the capability of any one nation) but recognize the autonomy and flexibility of national customs enforcement.
Now that the urgent days of initial implementation are over, CBP will have to concentrate on more long-term planning, transparent to U.S. firms and lawmakers, for both CSI and C-TPAT. As of the most recent GAO assessment of both programs, for example, CBP had not developed a human capital plan that addresses long-term staffing needs such as recruiting, training, and retaining the highly specialized personnel needed by both programs. (8)? Such long-range plans are already underway, CBP says, as are program effectiveness reviews by the DHS Office of Inspector General. Congress has insisted on a report on these and other programs by February 2005.
If the war on terror is to be a protracted global fight, as Washington has insisted, then these initiatives designed to protect America’s soft underbelly must achieve the same level of untouchable importance across administrations that various government institutions—military, intelligence, codework—received during the Cold War. Congress, the fledgling Department of Homeland Security, and our international customs allies have a long road ahead in making that happen.
The 24-Hour Rule and container targeting also depend on various imperfect systems to get data from carriers overseas to the ATS computer. First among them is the Automated Manifest System (AMS), a multi-modular cargo inventory control and release notification system through which carriers submit their electronic cargo declaration 24 hours before lading. AMS began in the mid-1980s as an experiment intended to accelerate the flow of commerce. It is now being turned into a security tool, a task for which it was not designed and for which it is only partially suited, according to one expert. (9) As the system evolves to incorporate new security goals, it continues to present inconveniences to the trade and more serious roadblocks to information gathering. For example, AMS cannot accommodate consolidated shipments without the entry of separate bills of lading, nor can it allow prescreening to be done at the first port of lading for transshipped cargo. Also, because of the design of AMS, importers, shippers, and forwarders—who possess the most accurate knowledge about foreign manufacturers, the information most useful in container targeting—cannot participate in advance filing.
AMS was originally part of the Automated Commercial System import network, designed in 1984 but more recently unable to meet the increasingly complex, long-term requirements posed by growth in trade, enforcement responsibilities, and security threats. Many of the limitations in AMS may be corrected, CBP says, with the evolution of the Automated Commercial Environment (ACE), a massive Customs modernization project that prompted congressional bickering for years before finally getting underway. As a replacement system, ACE will “revolutionize” how CBP processes commercial import and export data, the agency says, and will be a critical element in preventing cargo from becoming an instrument of terrorism. (10) ?Having evolved already to incorporate security features since its original design, ACE and its Secure Data Portal will be implemented in phases to all CBP ports of entry over the next four years—a process known thus far for running over budget and behind schedule. (11)? CBP has stated that as the various releases of ACE are completed and the ability to collect data and information is enhanced, it will reevaluate related aspects of the 24-Hour Rule. As with any evolving software system, such updates and reevaluation—and subsequent effects on the Rule—can be expected to continue far into the future, subject to changing trade conditions, world events, the globalization of customs security standards, and budgetary politics.
The effectiveness of high-risk container targeting can only be as great as the data the 24-Hour Rule provides to ATS. Currently, ATS relies chiefly on vessel manifests, extracted from individual bills of lading and supplied by carriers once a container comes into their possession, or soon before. ATS matches its targeting rules against 14 manifest data points and other available data, such as intelligence reports, for each incoming container, then assigns a level of risk to each shipment. Although the 24-Hour Rule did successfully eliminate generic cargo descriptions such as “FAK” (freight all kind), “general cargo,” and “STC” (said to contain) that made precise targeting impossible, the manifest data as currently provided still has serious limitations when it comes to ferreting out suspicious containers.
First, although improved in quality and timeliness, manifest information still is not always accurate. (12)? Second, terrorism experts, members of the international trade community, and even CBP inspectors have characterized a ship’s manifest as one of the least reliable or useful types of information for targeting purposes, according to the GAO. Accordingly, if ATS input data are poor, the system’s outputs, or risk-assessed targets, are not likely to be very good. (13)
At the heart of the problem is the fact that the carrier has little knowledge of the loading and transportation history of a sealed container (which it is unable to inspect) beyond the assurances of the customer. In fact, the container may have been vulnerable to tampering several times in the days or even weeks before delivery to the carrier, with such vulnerability virtually unknown to CBP for the purposes of targeting. That’s because bills of lading may not indicate where goods actually originated, nor will they always contain information about intermediate handling or where a shipment may have stopped prior to arriving at the port of lading. CBP attempts to address these vulnerabilities in the earlier stages of a container’s journey by relying on the past record of trusted shippers and through C-TPAT best practices. For example, even though a carrier may not exercise control over the sealing of containers, carriers that join C-TPAT are “expected to promote effective security measures throughout the entire supply chain.” (14)? Besides placing an inordinate amount of liability on carriers, this approach only gives assurances about the companies in possession of a container. It does not offer specific information about the packing and shipping history of individual containers. Even legitimate cargo from legitimate shippers could fall prey to terrorists patient enough to learn supply chain weaknesses.
“I have little doubt that al-Qaeda possesses the means to identify those users of the maritime transportation system that U.S. authorities currently view as low security risks,” says Stephen E. Flynn of the Council on Foreign Relations. “I also believe that they are fully capable of exploiting the many opportunities to intercept and compromise these legitimate shipments either at their point of origin or anywhere along the transportation route they travel.” (15)
CBP continues to look for ways to improve the quality of the limited information that currently feeds ATS, but clearly ATS must incorporate additional types of information in order to identify a wider range of suspicious containers. Future targeting will expand by incorporating data—both documents and right-time readouts from “smart” containers—that will give CBP a complete picture of the risk a particular container might pose. As discussed below, this will require supply chain managers to invest in information infrastructure and new technologies that make business documents and container status information available to CBP for targeting on demand.
CBP may also choose to expand the 24-Hour Rule to include empty containers and bulk cargo, currently exempt, as well as all break-bulk cargo without exceptions. (16)? Certain bulk cargo, such as petroleum products and ammonium nitrate, are inherently dangerous, and empty containers and break-bulk cargo, while more transparent to CBP officers than a sealed container, still present opportunity for concealment. As supply chain security tightens in intermodal trade, terrorists may examine these cargos as possible areas of weakness available for exploit, unless CBP imposes new security measures first.
Across the board, CBP also will have to conduct more simulated tests of ATS to pinpoint weaknesses and determine how best to make improvements. As of March 2004, the only such tests known to the public were two conducted by ABC News without CBP’s knowledge. In both cases, the network sealed depleted uranium inside a lead pipe loaded into a U.S.-bound container. Although CBP targeted the containers as high risk, the non-intrusive VACIS inspections did not detect a visual anomaly in either container, so CBP did not open them for further inspection. (17)? Additional CBP efforts to test the effectiveness of ATS will involve more random inspections. Already CBP has a program in place called the Supply Chain Stratified Examination, which randomly selects containers for examination from among those deemed low risk by ATS. Learning from inspection results will allow the system to evolve and improve, and the random approach may also provide an added layer of deterrence.
Footnotes:
Understand dynamic global markets.
Understand what’s occurred and more accurately assess what’s ahead. Improve your corporate strategic plan, seize the right opportunities, and boost competitiveness and profits.
Informative, analytical and policy-oriented perspectives.
Comprehend the impact of past events and fully grasp and prepare for the challenges ahead.