The inconvenient truth about the international supply chain is that disruption is inevitable—whether from terrorist intrusions or from natural disasters. Perhaps because of this potential for catastrophic risk, there is increasing collaboration and cooperation among different entities with a stake in securing the global supply chain.

Governments and industry, companies amongst themselves, even competitive retailers are collaborating with each other to assure standardized security procedures and response protocols to help make resiliency a core competency in global supply chain.

In general, it is America that is driving the process. Earl Agron, vice president of security for Singapore-based APL Limited, actively participates in international security dialogs. “Since 9/11, the U.S. has implemented a large number of initiatives, many of which have been replicated by other countries around the world, including the World Customs Organization. This reflects how the world views the effectiveness of these U.S. initiatives.”

But not without reservations, notably from those who fear over-zealous and expensive precautions threaten to slow the wheels of international commerce while not delivering additional security. With that comes concern that some proposed programs can dilute or kill effective programs already in placc—programs like C-TPAT (Customs-Trade Partnership Against Terrorism) and CSI (Container Security Initiative).

 

Security is organic

Because security is organic, the dynamic is never ending to keep pace with ever-changing threats, risks, and vulnerabilities. “You are never completely safe because threats continue to evolve, but I believe the global supply chain and the nation’s ports are more secure than they were on September 11, 2001,” says Allen Thompson, vice president of global supply chain policy for the Retail Industry Leaders Association (RILA) in Arlington, Virginia.

James Liddy reminds us a holistic approach to security can reduce the cascading effects of any disaster. “By preparing to mitigate the cascading effects, you increase your ability to recover quickly so you can stop the loss of revenues and productivity,” says Liddy, president of Layered Security Solutions in Virginia Beach, Virginia.

Prior to 9/11, the No. 1 challenge to U.S. ports was limited financial resources for infrastructure investments to accommodate increasing trade, says Kurt Nagle, president and CEO of the American Association of Port Authorities (AAPA) in Alexandria, Virginia. “That challenge clearly is exacerbated by the significant increases in security requirements and investments.”

The Port Authority of New York and New Jersey has been pushing for mandatory cargo security standards over the last few years. “Right now what’s out there is strictly voluntary and there is nothing that requires our U.S. ports or foreign ports to implement any program that ensures high-level security for individual containers,” says spokesperson Steve Coleman. “We view this as one of the biggest threats to global ports.”

Fostering false sense of security?

The trading community is currently involved in two most controversial proposals—100 percent scanning (requiring universal scanning of all in-coming cargo) and the 10+2 rule (requiring detailed information from importers and carriers). The big worry: that these initiatives will negatively impact international supply chain operations while engendering a false sense of security. To comply with the requirements would, in the words of Kelby Woodard, principal of Trade Innovations in Austin, Texas, “position the U.S. as an outsider in the world community.”

The cost factor of such extensive compliance figures prominently in the objections. “We have to remember we all have limited resources,” says Shaun Donnelly, senior director of international business policy for National Association of Manufacturers (NAM) in Washington, D.C. “We need to focus on targeting shipments that present the highest risk. U.S. manufacturers who receive components from their well-established overseas partners who are all C-TPAT-compliant should not be subjected to the same amount of scrutiny as an unknown shipper in another part of the world.”

Woodard cautions that the Congressional mandate for 100 percent scanning (in every one of 700 ports shipping to the U.S.) could actually make the supply chain less secure, because people could get lax in their due responsibility. “This could put an end to C-TPAT.”

Meeting recently with a Senate committee, U.S. Customs and Border Protection (CBP) Deputy Commissioner Jayson Ahern warned “no one should be misled to believe that 100 percent scanning…is going to present 100 percent security.” He reported that 27 countries, nine international trade organizations, and others have expressed concern that the mandate will overwhelmingly burden their ports and treasuries and it will negatively impact trucking, rail, and other industries.

The Government Accountability Office weighed in, reporting that it had identified critical problems arising from the 100 percent requirement and the Secure Freight Initiative (SFI). These include cost, data ownership, the impact on logistics in ports already constrained physically and operationally.

The mandate presents significant challenges, concedes Todd Owen, executive director of cargo and conveyance security for CBP in Washington, D.C. These include the expensive equipment and IT infrastructure required to transmit data back to the U.S.  “There are also political challenges,” Owen says. “There has been significant pushback from the international community,” notes Owen, “because it runs counter to the risk-management approach with its multiple layers that we have employed since 9/11.”

Of about 700 seaports that ship to the U.S., fifty-eight locations currently operate under CSI. Owen says these 58 locations account for 86 percent of maritime cargo to the U.S., so there are some very small ports around the world where 100 percent scanning will be required by 2012.

Nevertheless, CBP must respond to the legislation, and it is focusing on high-risk trade corridors for initial deployments. “We think this makes the most sense because it supplements the existing security layers we already have in place like C-TPAT and CSI,” Owen says.

The port industry is still awaiting clarification from the government informing where responsibility will fall in implementing 100 percent scanning. “We need to know the costs and the operational impacts,” says Cummings. “We have to ensure these resource commitments are proportional to the risks because resources are not unlimited.”

Nagle at AAPA reports provisions in the 100 percent scanning mandate allow the Department of Homeland Security to grant waivers for up to two-year renewable increments if it can certify that the technology is not available and/or would significantly impact the movement of trade. “They also need to determine if a program like this can be accomplished through bilateral and multilateral negotiations with our trading partners. With all of these caveats, we think it is imperative that programs like C-TPAT, CSI, and various pilot programs established under the SAFE (Security and Accountability For Every) Port Act of 2006, be continued while determining the next level of effective security.”

10+2 rule

The 10+2 rule (part of CBP’s Secure Freight Initiative) raises concerns about a unilateral approach that could impede on the sovereignty of other countries. It requires 12 additional pieces of information on cargo entering the U.S. on such things as the manufacturer, seller, consolidator, buyer and ship to names and addresses, container stuffing location, and country of origin of goods. “But it’s not really good, clean data until it is finalized because the data changes before the actual shipments occur,” Woodard argues. He points to the 24-Hour Advance Manifest Rule that is working successfully using clean data.

Donnelly reports that NAM is playing a major role in objecting to the 10+2 rule. “This has the potential of adding a few extra days of sitting in a foreign port. And, cargo at rest is cargo at risk. This also could very quickly cost companies billions of dollars on a cumulative annual basis,” he warns.

On the other hand, CBP feels the rule will offer greater supply chain visibility earlier into the process, resulting in targeting benefits, says Owen. “We are evaluating the benefits of gathering data to let us know who are the people involved with shipments and what is happening where.” Owen adds that the rule can afford importers greater trade facilitation because CBP will know earlier in the process who the importer of record is.

It works: risk-based, layered approach

The risk-based targeting system under the SAFE Port Act, says Thompson at RILA, has proven a major achievement that strikes the right balance between the government setting requirements while allowing the private sector flexibility to integrate supply chain security practices consistent with respective business models. “It demonstrates Congress’ support for the program and recognition that industry plays a large role in securing the international supply chains they operate.”

Thompson says RILA members who are high-level Tier-3 C-TPAT-certified companies like Target, Home Depot, and Nike “are rewarded for the significant steps they have taken to secure their respective global supply chains, and they are treated as low-risk shippers and receive expeditious handling of shipments.”

James Phillips would like to see the full mission of the CSI (Container Security Initiative) achieved. “We would like to see the completion of our endgame vision, called Coordinated Clearance Point of Departure Determination (CCPDD),” says Phillips, president and CEO of the Can/Am Border Trade Alliance in Lewiston, New York.

This approach ensures all cargo and people are deemed low-risk prior to departure to the U.S., says Phillips. Cargo would be handled as it is currently through CSI, but the piece that is missing, explains Phillips, is a conveyance security device to ensure the container receives no tampering from the point of origin to the point of destination. Some in the industry claim the technology is still not high-level enough to be able to deliver the security desired.

Nevertheless, Phillips insists this approach can deem containers on a ship to be low risk and therefore eligible for Green Lane offloading and expeditious treatment when they arrive at a Canadian or U.S. port. “Inspecting every container would definitely shut down global trade. So the choice is really to make trade lanes safe through risk-management assessments.”

Shared intelligence is also getting more attention. Recently RILA began to work with OSAC (Overseas Security Advisory Council) to discuss how to establish a central intelligence-collecting office at OSAC. U.S. companies would then have a central location to report anomalies they experience in particular countries. “OSAC could then do the holistic analysis and advise the industry about risks in a particular country so companies can implement proactive measures,” explains Tenney. “Without this kind of centralization, companies have no place to report incidents, so that critical intelligence just gets lost.”

Trust is truly the keystone in all of these initiatives. “The law enforcement side needs to share intelligence with the industry without compromising its sources,” says Agron at APL. “What is important to recognize is that the private sector is charged with protecting its assets. So we need to have a peek behind what we call the security curtain so that the private sector can take the appropriate countermeasures to protect our infrastructure, which is so critical to the world economy.”

Necessity: mother of inventive leadership

Another significant improvement in supply chain mechanics is brand-to-brand retailer collaboration, notes Ranta at Nike. “We use a risk-based management approach to validate and audit the processes in place in foreign factories we share with other retailers. This means that Nike and another Tier-3 C-TPAT brand can collaborate in auditing and validating those foreign factories, which helps marshal our respective resources.”

Collaboration between industry and government continues to improve, reports Ranta. “Prior to 9/11 there was very much an ‘us-versus-them’ mentality between CBP and importers. Now a collaborative environment promotes a serious dialog that didn’t exist before. For instance, we spent a lot of time with them developing C-TPAT.”

In the final analysis, the international supply chain is only as strong as its weakest link. “We are all interdependent,” states Tenney at Target. “We have a vested interest in ensuring everyone’s supply chain is at least as secure as ours. If something blew up in a Target container, that would be very bad. But if something were to blow up in a Wal-Mart container, that would still be very bad.”

Yet another security layer is the Transportation Worker Identification Credential (TWIC) program, scheduled to be implemented fully next April (2009). “The program will be significant in terms of access control, but it also creates some challenges in assuring that once it is implemented it won’t impede the flow of commerce significantly,” notes Cummings.

Liddy adds that TWIC is a good step forward in establishing a baseline in the industry. “It offers that layered approach to successful security.” There are still too many different identification cards personnel require to access different ports, he notes, and redundancy inhibits efficiencies. “So the concept of having one or two types of ID that pre-clears you to access the transportation systems is a good thing.”

While not objecting to things like the TWIC card, the trade industry would like to see continued solid support of Customs processes that have been working efficiently and cost-effectively, continues Ranta. “We know things like C-TPAT, CSI, and targeted scanning all work. What we fear is that things that work and make sense—like risk-based methodologies—will get lost in this discussion.”

Since 9/11, the eyes and ears on the ground continue to notice anomalies that help identify and eliminate threats. “The biggest fear I have is that we become complacent because nothing has happened since implementing these initiatives,” cautions Woodard. “I hope we never see companies asking why we are still using C-TPAT. We should never lose our guard and our awareness.” wt

How Target Handles Security

Like other Tier-3 CTPAT companies, Target Corporation incorporates strict security standards into all of its vendor agreements, says William Tenney, Hong Kong-based group manager of Assets Protection International. “We view security as part of a holistic vendor process.”

Target vendors must adhere to exacting standards in safety, security, manufacturing capabilities, quality assurance, and ethical assurance, notes Tenney. “Our goal for security has been not to have it be a ‘bolt-on,’ but to be an integral part of the vendor process.”

Target achieves greater visibility and control, especially over the notoriously risky inland drayage leg of the supply chain, through a process called FCA—or Free Carrier At—meaning Target takes possession of goods at foreign factories. “We bring our economies of scale to bear and secure inland trucking contracts instead of having our vendors individually going out and finding mom-and-pop vendors,” explains Tenney. “By consolidating that process, we have greater control over the standards those inland trucking companies are using.”

Tenney adds that Target’s consolidators are a critical piece to international supply chain security. “We require them to be C-TPAT-certified, and they help add another layer of eyes and ears on the ground, helping us manage those risks in inland drayage.”

Tenney emphasizes that there are many companies—such as Nike, APL, Maersk, and Lowe’s—that Target connects with on a regular basis. “They are doing similar initiatives and many of us are employing similar techniques—not exact, because everyone’s supply chain is different. Many of us share the same factories and we are examining whether to establish a common audit standard for our common vendors. Right now, we all audit to C-TPAT criteria, but our audits may not look the same. We think we can better secure our collective supply chains by being more efficient in this process and, where necessary, bring more collective power to bear is someone is not meeting security standards.”

The retailers Tenney collaborates with are companies that have had high-level security standards in place for years. “They have company strategies and brands to protect. But I would not pretend to say that every company who imports thinks the same way that this group of companies does.”

APL's Annual Security Exercise

APL recognizes that the fate of the private sector with respect to response and recovery from a terrorist attack is primarily in the hands of the public sector, including the U.S. Coast Guard, Customs and Border Protection, the FBI, first responders, and the intelligence community.

“However, we at APL believe that sitting back and waiting for them to do their thing is essentially naïve,” notes Earl Agron, vice president of security for the Oakland, California-based international company. “Hope is not a strategy.”

 APL hosts an annual security meeting and conducts a major security exercise every year. So far, the exercises have been done at different U.S. ports and in Singapore. “We generally have over 100 first responders involved,” explains Agron. “When we conduct an exercise in the U.S., we draw in the community by utilizing the U.S. Coast Guard Auxiliary, which is a group of volunteers. Each group conducts its own analysis on our performance and then we review together to discuss lessons learned, where the gaps exist, and where we could see improvements.”

One key benefit of these exercises is that they provide an excellent opportunity for government agencies—the first responders—to practice on actual vessels in actual marine terminals, says Agron. “We learn better ways to work with first responders and better ways of communicating with our customers in case of an evacuation of a terminal.”

Although the industry works within the guidelines of the International Ship & Port Facility Security Code (ISPS), APL has taken it to a higher level, says Agron. “Our annual exercises are over and above what the regulations require.”

An actual exercise involves an APL ship and its customers’ cargo. “What happens is we simulate an event, after which all of the preparedness strategies fall into place. For instance, our last exercise was done in Oakland and because we are so close to the Lawrence Livermore Lab (LLL), we simulated the discovery of WMD components in a container. We were able to use the expertise of LLL and the first responders in a WMD event, which includes a National Guard unit called the Civil Support Team.”

“We constantly vary the exercises so we are always learning new things,” Agron reports.