Supply Chain

 

 

https://sm.asisonline.org/Pages/The-Most-Resilient-Countries-in-the-World.aspxThe Most Resilient Countries in the WorldGP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a43444652017-05-11T04:00:00Zhttps://adminsm.asisonline.org/pages/lilly-chapa.aspx, Lilly Chapa<p>​Property loss prevention consultant FM Global released its <a href="http://www.fmglobal.com/research-and-resources/tools-and-resources/resilienceindex/explore-the-data/?&sn=1" target="_blank">fifth annual <em>Resilience Index</em></a><em>,</em> which ranks 130 countries on their enterprise resilience to disruptive events. The ranking is data-driven and assesses categories such as economic factors, risk quality, and supply chain. It allows executives to plan supply chain and expansion strategies based on insight regarding risks and opportunities, according to the FM Global website. </p><p>Giving a nod to new trends that affect supply chain resilience, FM Global introduced three new drivers of resilience to its assessment: supply chain visibility, urbanization rate, and inherent cyber risk. Supply chain visibility addresses the ease of tracking goods across a country’s supply chain. “The more visible and robust the supply chain and the faster it can begin functioning as normal following a major local event, the greater its resilience,” the report notes.</p><p>The urbanization rate is based on the percentage of the country’s population that lives in urban areas. While urbanization is typically associated with a country’s development, it can prove to be risky in an area with high natural hazards. And rapid and unplanned urbanization can create pressure on utilities and infrastructure, which can be a significant threat to the country’s resilience, according to the report.</p><p>2017 is also the first year that the threat of cyberattacks has been acknowledged in the report. The inherent cyber risk driver is defined as “a blend of a country’s vulnerability to cyberattack, combined equally with the country’s ability to recover.” This is calculated by determining the percentage of citizens with access to the Internet, as well as how the government responds to cyberattacks. “Countries that recover well from major events are those with a thriving industry in malware or cybersecurity, and where governments are willing to step in and help citizens in the event of a nationwide hacking,” the report says.</p><p>At the top of the list for the fifth year is Switzerland, an “acknowledged area of stability for generations” with infrastructure and political stability that makes its supply chain reliable and resilient. However, natural disasters and cyberattacks remain a threat to the country. </p><p>Also notable is Luxembourg, which was ranked eighth in 2013 but placed second this year. A growth in the country’s services sector, combined with its reduced economic reliance on oil and its business-friendly regulations, makes Luxembourg a safe place to expand operations to, the report finds. And due to its location, Luxembourg may serve as a new home for companies following the United Kingdom’s departure from the European Union.</p><p>At the other end of the spectrum, Haiti is ranked last due to its lack of supply chain and standards and its high rate of poverty. Similarly, Venezuela fared poorly due to corruption, natural disasters, poor infrastructure, and ill-perceived quality of local suppliers.  ​</p>

Supply Chain

 

 

https://sm.asisonline.org/Pages/The-Most-Resilient-Countries-in-the-World.aspx2017-05-11T04:00:00ZThe Most Resilient Countries in the World
https://sm.asisonline.org/Pages/Supply-Chain-Strategies.aspx2017-02-01T05:00:00ZSupply Chain Strategies
https://sm.asisonline.org/Pages/The-Usual-Suspects.aspx2016-08-01T04:00:00ZThe Usual Suspects
https://sm.asisonline.org/Pages/Book-Review---Diamond-Mine-Security.aspx2016-07-29T04:00:00ZBook Review: Diamond Mine Security
https://sm.asisonline.org/Pages/In-the-Public-Interest.aspx2016-05-01T04:00:00ZIn the Public Interest
https://sm.asisonline.org/Pages/Slavery-in-the-Supply-Chain.aspx2015-12-17T05:00:00ZSlavery in the Supply Chain
https://sm.asisonline.org/Pages/Port-Protection.aspx2015-02-01T05:00:00ZPort Protection
https://sm.asisonline.org/Pages/Strategic-Shrink-Reduction.aspx2015-02-01T05:00:00ZStrategic Shrink Reduction
https://sm.asisonline.org/Pages/Linking-Crime-and-Terrorism.aspx2015-01-01T05:00:00ZLinking Crime and Terrorism
https://sm.asisonline.org/Pages/Supply-Chain-Security.aspx2014-10-01T04:00:00ZSupply Chain Security: A Comprehensive Approach
https://sm.asisonline.org/Pages/Protecting-Food-Imports.aspx2014-07-01T04:00:00ZProtecting Food Imports
https://sm.asisonline.org/Pages/Supply-Chain-Resources.aspx2014-06-01T04:00:00ZSupply Chain Resources
https://sm.asisonline.org/Pages/security-and-loss-prevention-introduction-sixth-edition-0013394.aspx2014-05-01T04:00:00ZSecurity and Loss Prevention: An Introduction, Sixth Edition
https://sm.asisonline.org/Pages/asset-tracking-trends-0013104.aspx2014-02-01T05:00:00ZAsset Tracking Trends
https://sm.asisonline.org/Pages/Getting-the-Goods.aspx2013-09-01T04:00:00ZGetting the Goods
https://sm.asisonline.org/Pages/loss-prevention-0012628.aspx2013-08-01T04:00:00ZGlobal Retail Crime and Loss Prevention Trends
https://sm.asisonline.org/Pages/digital-edition-cover-story-uncovering-art_E2_80_99s-dark-past-0012457.aspx2013-02-01T05:00:00ZDigital Edition Cover Story: Uncovering Art’s Dark Past
https://sm.asisonline.org/Pages/The-Fight-Against-Food-Fraud.aspx2012-12-01T05:00:00ZThe Fight Against Food Fraud
https://sm.asisonline.org/Pages/report-billions-dollars-worth-smartphones-lost-annually-009733.aspx2012-03-23T04:00:00ZReport: Billions of Dollars Worth of Smartphones Lost Annually
https://sm.asisonline.org/Pages/Planning-for-Disaster.aspx2012-03-01T05:00:00ZPlanning for Disaster

 You May Also Like...

 

 

https://sm.asisonline.org/Pages/Book-Review---Security-Risk-Assessment.aspxBook Review: Security Risk Assessment<p>Risk assessments, security assessments, threat assessments, and security surveys are explored by numerous publications. Many of these focus on defining the differences between the types of assessments and surveys. Author John M. White avoids this academic approach; instead, he defines, describes, and provides practical information from a bottom-up, rather than top-down, perspective.</p><p>A longtime security consultant, White shares his expertise and years of practical experience in performing security assessments. His hands-on book practically and clearly guides the new security manager (or other professional tasked with the security function) through the stages of successfully completing a security assessment. His position as a consultant is easily recognized in the beginning chapters, as he emphasizes the advantage of using an outside expert. His argument is well-founded and persuasive. He proceeds to walk the first-time assessment provider through organizing the team, developing the scope of work, conducting the assessment, and reporting the findings. He accomplishes this at a level that allows the reader to clearly understand and appreciate the practicality of this process. Pertinent observations the author has gathered from his years of experience add depth to the writing.</p><p>White has created an excellent book with material drawn from the well of his experience. Although the first several chapters are a bit long on the advantages of using a consultant, this book is clearly a must-read for the inexperienced or nonsecurity professional who is faced with the task of conducting a security assessment. The book applies to most facilities, especially healthcare-related facilities.</p><p><em><strong>Reviewer: R. William Leap, CPP</strong>, is vice president of security services for Chicago-based Titan Security Group. He is responsible for the design and implementation of manned and remote security services, including security assessments, project management, planning, and quality control. He is a member of the ASIS Security Services Council. </em></p>GP0|#28ae3eb9-d865-484b-ac9f-3dfacb4ce997;L0|#028ae3eb9-d865-484b-ac9f-3dfacb4ce997|Strategic Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/asset-tracking-trends-0013104.aspxAsset Tracking Trends<div class="body"> <p>You’ve probably misplaced your keys at one time or another. You may even have misplaced your car in a parking lot temporarily. On a personal level, that’s just inconvenient, but for businesses, it can be costly. Management needs a way to keep tabs on assets, whether they’re precious assets, like newborn babies in a hospital, or just very important, like computers in an office building or retail goods in a warehouse, in transit, or on the shelves.</p> <p>Companies have been grappling with this challenge for as long as they have had assets, but today they have many more options thanks to technology. In fact, helping companies track assets is a multibillion dollar industry, the capabilities of which are continuously evolving.</p> <p> <strong>Bar Codes </strong></p><p><strong>Bar codes are among the more traditional and cost-effective solutions. They have been around for decades, but they have evolved over the years and are now more sophisticated. There are several different types of bar codes to choose from, says Kelly Harris, director of program management at Barcoding Inc. There are tamper-evident bar code labels that can show when someone has attempted to alter them. For example, Harris says that some look like chipped paint and crumble when a person tries to remove them. There are others that leave behind a checkerboard print when removed. With these systems, someone must scan a bar code label to get the tracking data.</strong></p> <p> </p> <p>There are companies that are concerned about tracking traditional fixed assets, such as computer equipment, says Harris. And there are rental scenarios, “where you’re going to have an inventory of assets that you’re going to loan to a client, bill them for the rental, and then bring that back into inventory. And being able to know where all those are and how long they’ve been there is vital to that rental business,” says Harris. </p> <p>Harris says that while companies have automated the tracking of fixed assets for years, she’s seeing it branch out even more to places [it had slower adoption], such as those rental businesses.</p> <p> <strong>RFID</strong> </p> <p>While bar codes have to be manually scanned, radio-frequency identification (RFID) technology uses radio-frequency electromagnetic waves to transfer the information wirelessly. There are various types of RFID.</p> <p>One type is passive RFID tags, which are not battery powered, so they must be within 20 feet of a reader. But because they are not externally powered, these tend to be relatively inexpensive tags.</p> <p>“Passive RFID are tags that require an external stimulus in order to be read. So it’s a chip with an antenna. And when you apply a radio signal to that label, you get what they call the backscatter, or a reflection, off that signal, and then you read that reflection and that’s how the passive RFID is read,” says Zahir Abji, president and CEO of Guard RFID Solutions. It’s inexpensive, he adds, running from several cents to several dollars for a tag or label. You’ll often see passive RFID tags on retail items.</p><p>Active RFID can be four to five times as expensive as passive RFID, says Richard Jenkins, vice president of marketing and strategic partnerships at RF Code, which specializes in active RFID. But despite the cost, he notes that several large companies, such as Bank of America and Thomson Reuters, started out with passive RFID and then switched to the active technology because it suited their needs better.</p><p>For example, passive RFID doesn’t do as well in a metal-dominated environment like a data center, because the RF waves bounce off the metal. “They are either not read well or not read at all,” says Jenkins.</p><p>Active RFID tags use batteries for power and to broadcast information via radio waves to readers in real time. “So any time one of our tags is in motion, it’s traveling every 10 seconds to a network of receivers, which then broadcast the location of that particular piece of equipment to the potential head end,” says Mohsen Hekmatyar, of Elpas (a division of Tyco), another company that sells this type of product. By contrast, passive tags only tell the company where the asset was the last time the system saw it.</p><p>Companies set up their RFID systems in a variety of ways. Steve Pisciotta of Remote Tracking Systems says his company often implements its v-track RFID system in fixed sites like airports, seaports, and military bases. He explains how it works: “We set up a series of base receivers throughout a facility…. So we create a wireless infrastructure around that facility,” he says. Then when a person “with one of our tracking devices is driving and walking around, every second it’s sending out a message that says, this is the tracking ID and this is where I’m located.”</p><p>Pisciotta explains that the information then goes over the radio back to the base unit that is in the vicinity, which receives the message and sends it to one of the servers. Servers merge the data together, to be sent to a display system or a security system. “We’re just one piece of a large security system,” Pisciotta says.</p><p>The v-track system will often look like a smartphone, with a device embedded. It can include a panic button that can be depressed when in trouble and it can even detect a “man-down” scenario, Pisciotta says, and that will prompt an alert.</p><p>The active tags also work at much longer ranges than the passive tags. For example, Abji says that small tags that a hospital can put on at-risk patients, such as babies or the elderly, can be read up to 200 feet away, even through walls.</p><p><strong>Uses.</strong> Companies can use active RFID tags to achieve a range of objectives. “Let’s say I’m a nurse, and I try to use a fusion pump, and it doesn’t work,” says Hekmatyar. “I can simply trip the button on the asset tag and that button press can generate an automatic message that goes to the biomedical technician saying that this particular infusion pump, located currently in this room with number, let’s say, 232, is out of order.”</p><p>The automated workflow not only takes that particular piece of equipment out of circulation, but it also broadcasts a message to the technician to come and repair it. Most importantly, it gives the exact location of that piece of equipment at that point in time, so the technician doesn’t have to look for it, Hekmatyar says.</p><p>Abji explains another approach. “Studies have found that if you were able to track both staff members and assets in healthcare especially…you would be able to potentially save a lot of cost by increasing their efficiency and the way they use the equipment and the way they go to the different rooms and the amount of time they spend on certain locations and so on.” He adds that there is pushback from staff who don’t want to be watched by “Big Brother,” but “once you really make the user understand what the consequences of being tagged are going to be, they’re very happy and actually accept that.”</p><p>Although RFID tags can store information, many companies are careful about how much information is stored on the tag for security and privacy reasons. Hekmatyar says, his company, for example, tries to limit information to the product tag number and the location of the tag, as well as other maintenance information, such as the tag’s battery level.</p><p>“Any other pertinent data that the facility wants can be entered in user-designable fields…that information is associated with that particular tag ID number, but it’s not necessarily stored in the tag,” he explains. It’s on a secure computer. “We can secure it using passwords and log-in IDs and so on, so that it’s not being exposed, it’s not being transmitted in air,” he says.</p><p>RFID tags can have other sensors and microprocessors to report motion, or temperature, or to sense light, for example. “Quite a few different kinds of sensors can be put in there,” says Abji.</p><p> <strong>Longer-range Solutions</strong></p><p>Companies also use the Global System for Mobile Communications (GSM) cellular network tracking and satellite tracking, which enables tracking goods in transit virtually anywhere. “You can go international with those devices, as long as you have a SIM card that is valid in those regions,” says Pisciotta. He says his company has also deployed GSM trackers with panic buttons; some of the applications are for executives who are traveling and might not want to be tracked but can push a panic button and send a message back to the company’s monitor system, which will then turn on tracking.</p><p>The satellite network can theoretically be tracked anywhere the satellites reach, which is helpful in areas without cellular coverage. Pisciotta says that tags will sometimes have all three types of trackers in them—GSM, cellular, and RFID. There are also Global Positioning System (GPS) solutions. Some systems are real-time locater systems (RTLS), which add a continual tracking component to the tags. This is more costly and sometimes requires access to a network.</p><p>Pisciotta’s company pairs GPS with active RFID. The main components are the GPS and the long-range radios. As you’re moving, the GPS is always determining its location via the radios, but there’s an active RFID reader as well for tracking assets indoors. When the GPS signal is lost, the system switches over and uses the active RFID technology. It’s not as accurate as GPS, but will report generally on the asset’s vicinity, Pisciotta says.</p><p>Harris says real-time tracking makes sense in certain applications, such as in a hospital. Hospitals buy very expensive equipment that is continuously moved from patient room to patient room. “Many a time, they don’t know where all their stuff is, so then they’re putting in requisitions to buy more,” notes Harris. If they knew where all their equipment was and could locate it quickly, there would be actual return-on-investment to the bottom line, he says. Such real-time tracking systems are not as likely to pay for themselves in an office environment.</p><p><strong>Trends<br> </strong><br> The tags have gotten smaller over the years, says Hekmatyar, as battery power has evolved and batteries have become smaller. “But the biggest factor has been acceptance. A few years ago, not too many people were considering asset tracking, whereas nowadays, we’re getting constant interest in that particular area.”</p><p>Abji says that performance is another issue. His company has focused on making tags work better among metal objects. “We wanted the tags to be such that they could be placed on heavy-metal objects without degrading the performance, also have a fast transaction of the tag, between the tag and the system. We can determine theoretically, for example, a thousand tags per second,” he says, “whereas old technology would potentially miss one or two because the transaction rate is very slow. And you can imagine that you may put tags on hundreds of items that are put on a skid and go through a warehouse door, for example. So it’s very necessary for us to have those [faster] types of transaction speeds,” Abji says.</p><p>Another trend in this arena is toward standardization, much like in other areas of security. Abji says his company has been involved in the development of a standard for the Institute of Electrical and Electronics Engineers (IEEE) which was released last year. This alleviates the concerns some companies might have when investing in proprietary technology. Such systems would become useless if the manufacturer went out of business.</p><p>As a result of these improvements and other factors, such as the need for companies to comply with regulations like those stemming from Sarbanes-Oxley, RFID is being used more in places like data centers, says Jenkins. The RFID in data centers industry is expected to grow to nearly $1 billion by 2017, according to the site RFID 24-7.</p><p> In retail, by contrast, RFID has fallen short of initial expectations, but it still holds promise. Fifteen years ago, Walmart wanted all of its manufacturers to start using RFID tags to track merchandise, but even a company with that much clout couldn’t make it happen back then, notes Read Hayes, research scientist, Crime Prevention Research Team, at the University of Florida and director of the Loss Prevention Research Council (LPRC). And JCPenney is reportedly reversing its decision to try a switch to RFID that has been blamed for increased shrinkage, though the details on that are unknown at this point.</p><p> The main barrier to RFID adoption has been cost. For the system to really work, the RFID tags have to be on everything and the readers have to be everywhere—all over distribution centers, in trucks, in stores. Obviously, this is an expensive proposition.</p><p>But if such a system could be successfully and economically implemented, says Hayes, “you would actually know where all your stuff is.” The allure of that potential is strong, so all the retail chains are looking into RFID, he says.</p><p>Some are already starting to roll it out for expensive items or items at high risk of theft. Tyco ADT and Checkpoint Systems are two companies that already market such solutions. And Hayes says this will increasingly catch on in the market, but it’s hard to say whether that will be in one year, five years, or longer.</p><p>Part of the key to success is to find ways to more closely integrate tracking technology with other security technologies, like video surveillance, throughout the supply chain and in stores, says Hayes. That’s the focus of the LPRC’s RFID Center of Excellence. Hayes expects that the center will be “up and running” with some RFID innovation projects by June 2014. That will include live testing in stores or distribution centers. The center hopes to ultimately output best practices guidance to help stores implement solutions and get good return-on-investment metrics.</p><p>Asset tracking is an ever-growing field. “There’s a lot of R&D going on,” notes Hayes. And while most businesses may never get to a point where it is worth the cost for every asset to be tagged, RFID and other technologies are sure to be more pervasive in the future.</p><p> <em>Laura Spadanuta was formerly a senior associate editor at Security Management.</em></p></div>GP0|#cd529cb2-129a-4422-a2d3-73680b0014d8;L0|#0cd529cb2-129a-4422-a2d3-73680b0014d8|Physical Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465
https://sm.asisonline.org/Pages/Port-Protection.aspxPort Protection<p>​<span style="line-height:1.5em;">It was Christmas Eve in Tampa, Florida, and Laura Hains, CPP, a Customs and Border Protection (CBP) supervisor, was awoken by a phone call: “Laura, we have an anomaly. You need to come in.” She drove to Port Tampa Bay, the largest port in Florida, where she worked as a cargo and port security specialist. When she arrived, the crew filled her in on the details: a shipping container of crackers from Italy had arrived at the port, and a standard scan had revealed a large, dark mass in the center of the container. The mass was recorded on the scanners as possible radiological material.</span></p><p><em>Oh gosh, this is it,</em> Hains thought.</p><p>By the time Hains had called all the people who needed to know, it was Christmas Day. Officials were hopping on expensive last-minute flights to Tampa, and local law enforcement was called to the scene. Hains and her team opened the back of the container and began unloading it. As the supervisor, Hains offered to climb in first. It took almost two hours of rearranging and removing boxes to reach the center of the container, and each step Hains took destroyed the cargo beneath her feet. She dug down, looking for the anomaly…and discovered a crate of wine the shippers had sent as a Christmas present. </p><p>Hains has seen a lot in her 20-plus years in the port security industry, and fortunately most of her experiences have been as benign as the Christmas incident. However, she says it’s only a matter of time until some group takes advantage of the maritime supply chain to debilitate a U.S. port, or worse.</p><p>“The fear is that out of the 4 million containers that arrive in U.S. ports each year from around the world, all it takes is one to bring a dirty bomb,” Hains said during a maritime security session at the ASIS International 60th Annual Seminar and Exhibits.</p><p>And Hains is not the only one with concerns about port security. The Government Accountability Office (GAO) recently published reports and testified before Congress about the challenges faced by port security programs, as well as the need for the U.S. Department of Homeland Security (DHS) to address port cybersecurity. </p><p>Stephen Caldwell—who last month retired as director of homeland security and justice at GAO—spearheaded the two reports, Progress and Challenges with Selected Port Security Programs and DHS Needs to Better Address Port Cybersecurity. He says that one issue plaguing U.S. ports is the failure to assess various security programs.</p><p> “There are a lot of challenges in developing meaningful performance measures,” Caldwell says. “In terms of the security measures you have in place and your ability to measure the things you have in place, there are real difficulties in measuring things like deterrents and security.”</p><p>That’s not surprising, considering the activity that takes place at U.S. maritime ports. More than $1.3 trillion in cargo enters the country by sea annually, and approximately 90 percent of the goods consumed in the United States come by vessel, Hains said. Two ports, the Port of New York and New Jersey and the Port of Los Angeles and Long Beach, receive half of all those containers.</p><p>“As security experts, that should be a little alarming to you, because that means that if those two ports got hit, 50 percent of our container traffic would go down,” Hains noted.</p><p>DHS is the lead federal department when it comes to port security. The Transportation Security Administration (TSA) controls who can enter the ports. The U.S. Coast Guard conducts facility and vessel inspections at ports, and the CBP is involved in screening throughout the global supply chain process.</p><p>Port security, and maritime supply chain security in particular, is dictated by a number of laws and regulations intended to enhance security. Some of these regulations were analyzed in the GAO reports. The Security and Accountability for Every Port Act (SAFE), along with the 9/11 Commission Act, requires DHS to implement 100 percent screening of all cargo that enters U.S. ports, as well as 100 percent physical scanning of high-risk cargo. And the Container Security Initiative (CSI) places CBP officials at selected foreign ports to assess the risks of shipping out of that country. </p><p>Here’s how a shipping container moves from overseas to a U.S. port under the various shipping regulations: Before the cargo container is loaded onto a vessel, its manifest—the list of cargo in the container—is screened by CBP and a risk score is assigned to the container by an automated targeting system. Where it’s coming from, whether it’s from a trusted shipping company, and the type of cargo being shipped are all factors considered. If the score passes a certain threshold, it’s flagged for extra radiation and x-ray scanning, in accordance with the SAFE Port Act. If it passes, the vessel is then sent on its way and eventually arrives in a U.S. port, where, depending on the targeting system score, it may undergo another x-ray or radiation scan. </p><p>This current method concerns Hains. The risk score is based on the manifest, not the cargo itself, and it doesn’t necessarily account for a stop in another country before arriving in the United States. For example, a container could be shipped from Pakistan to Spain, then from Spain to England, put on a new boat in England, and sent to the United States. The CBP officials at the receiving port will only know that the container came from England and may not screen it as thoroughly, Hains explained. </p><p>“These containers and ships move by trust, based on what’s on the manifest, passenger list, and port assessments,” Hains said. “Every day in the United States, vessels arrive and containers arrive, and we believe what it says on the manifest.”</p><p>The GAO also found flaws in the current system. The agency notes that the automated targeting system used to rate containers is based on outdated intelligence information, and Caldwell says the organization is auditing the ranking program to learn more about how effective the practice is. </p><p>Another concern the GAO raised in its reports is the effectiveness of screening mandated by the SAFE Port Act. The law was initially supposed to be implemented in July 2012, but in May 2014 the secretary of homeland security extended the deadline until May 2016. However, only an estimated 4.1 percent of containers are currently x-rayed before they come to the United States. </p><p>“DHS’s position is that this is not doable and not something that really makes sense, but it’s still a statutory requirement and will remain so until the law is revised,” Caldwell explains.</p><p>GAO found that some international privacy laws prevent the sharing of screening information, which makes the SAFE Port Act challenging to implement, Caldwell says. After a container is scanned overseas, communicating the findings becomes difficult due to issues such as who owns the data, whether it can be shared with the United States, and even whether CBP, a private company, or the host government should do the scanning. DHS believes that scanning all cargo, including trusted or low-risk containers, is not the best use of its resources, he explains. </p><p>“Even if you went to that 100 percent scanning, until you look at the details of the implementation, it’s hard to know if it would even improve security,” Caldwell asserts. “If there’s no training standard, then you get the Pakistanis or Indonesians, as well as others, like the Brits and New Zealand, and do they have the same training? Do they have the same level of skill in interpreting those x-ray images?”</p><p>The CSI, which places border patrol officials in foreign ports to conduct risk assessments, is “the biggest boondoggle that the CBP has,” Hains said. According to the GAO report, CBP has not assessed the risks posed by foreign ports that ship cargo to the United States since 2005, which means that many of the 58 foreign ports that participate in the initiative haven’t been assessed for threats in a decade. Both Caldwell and Hains question how well the foreign ports are managed by CBP officials.</p><p>Another concern Caldwell has is the sustainability of the current port security systems. Budget cuts have caused both CBP and Coast Guard personnel to be pulled from port security. </p><p>In June of last year, the GAO released an entire report on port cybersecurity. Like most critical infrastructure, maritime stakeholders rely on numerous types of information and communications technologies to manage cargo, the report states. Port owners and operators are responsible for the cybersecurity of their operations, but the report found that ports are receiving little to no guidance from the federal government. </p><p>The report cites a 2011 cyberattack on the Port of Antwerp as an illustration. In that incident, hackers accessed the computer systems of two container terminals, which allowed them to track and control the movements of certain containers. Criminals in another country would place illegal goods in a container, and once it arrived in Antwerp the hackers could divert it so it would not be screened before it left the port. This went on for two full years until officials arrested nine members of the criminal group in 2013 and seized almost a ton of heroin, as well as firearms and other contraband. </p><p>Caldwell says he was surprised at how weak maritime cybersecurity initiatives are. “There have been national-level strategies and presidential directives that have clearly said, ‘Hey, federal government, you need to start looking at the cyber as well as the physical aspects of security.’ And yet the Coast Guard was not moving smartly.” Since the cybersecurity report came out, Caldwell says the Coast Guard has agreed to take steps to address the cybersecurity threat. </p><p>One way to make the supply chain more secure and consistent is proper training, Hains said. Due to budget cuts and CBP reorganization, it’s increasingly common for immigration officials with little to no customs and shipping training to be put in charge of interpreting the cargo risk assessments. </p><p>A well-trained official should be able to consider not only the manifest and the automated risk assessment score, but the origin of the products, the weight of the crate, and more. Hains said that an experienced official may notice that the container weighs more than it should as indicated by the manifest, or that it’s from a first-time shipping company, even though it’s from a trusted country. These would make the container high-risk, and officials could further scan the cargo before it gets to U.S. shores.</p><p>Another solution Hains advocates for is the implementation of container security devices. She notes that the technology is still new and expensive, but the sensors can be retrofitted onto any container and would alert officials to the presence of numerous chemical tracers, as well as carbon dioxide to detect humans, light sensors to detect whether the container has been compromised, and geofencing to make sure the container or its contents aren’t stolen. </p><p>“It’s the only way we’re going to make ourselves safe,” Hains said.</p>GP0|#21788f65-8908-49e8-9957-45375db8bd4f;L0|#021788f65-8908-49e8-9957-45375db8bd4f|National Security;GTSet|#8accba12-4830-47cd-9299-2b34a4344465