Achieving Security in the Global Supply Chain
October 2005
Since approximately 90 percent of the world's
cargo is shipped via containers, the ability to keep the Global Supply Chain
(GSC) moving efficiently and safely is of paramount importance. Prior to September
11, 2001, GSC security was focused primarily on avoiding theft and mismanagement.
After September 11, the concern became maintaining the integrity of the shipping
process and avoiding a catastrophic disruption in traffic flow. Yet causing
a major disruption in the GSC would be incredibly easy to achieve.
by Daniel
Wagner*
Asian Development Bank
Consider this: even after implementation of the U.S. Container Security Initiative
(CSI)—which is an ambitious effort—less than 5 percent of the 16 million containers
that enter the United States every year are inspected under the program. Even
with the advent of anti-tamper-proof seals, x-ray and gamma-ray scanning, radiation
pagers, portal sensors, and remote monitoring, the current ability to identify
a bomb or similar device is extremely difficult to achieve because so few containers
are actually inspected. The Department of Homeland Security has estimated that
if just one bomb exploded on board a container at a U.S. port, it would effectively
shut down trade to/from the United States for at least 2 weeks, with severe
global economic ramifications. Even if a bomb or weapon of mass destruction
were detected at a point of origination and did not explode, it could still
seriously interrupt trade as it would be presumed that other similar devices
may exist elsewhere.
If that is not enough food for thought, consider the implications of a successful
terrorist attack on any of the key choke points in global shipping, such as
the Panama Canal, Suez Canal, Strait of Hormuz, or Strait of Malacca. If operation
of either canal were stopped as a result of a ship being sunk, for example,
global trade could be disrupted for months. Ships would be forced to endure
lengthy detours around Africa and South America to get to their destinations,
with serious consequences for time sensitive deliveries. In some respects, it
is truly surprising that no such attacks have yet occurred. Part of the reason
for this is a generally heightened awareness of terrorism, but also, thankfully,
a lack of sophistication on the part of terrorist organizations.
The Need for a Global Supply Chain
Ultimately, maintaining a secure and efficient GSC will be the product of
both human and technological agents. Containerized shipping systems contain
a variety of means for improving security and efficiency. Enhancing safeguards
at the policy and regulatory level are an initial point of departure, but the
ability to increase the percentage of containers inspected and the effectiveness
of technological tools employed will make the real difference. The role of deterrence
should also not be underestimated since each new proposal for enhanced security
is designed to make it more difficult to successfully attack the GSC.
Unfortunately, the routes through which cargo travels are large and difficult
to secure. Tamper-proof seals can be very useful in identifying which containers
have been interfered with, but it may not be detected for weeks. Current sensor
technologies for detecting weapons or illegal shipments are expensive to operate
and impose serious delays on logistics systems, and they are all easy to circumvent.
Future planning in this area will need to be coordinated between the producers
and users of such technologies taking into account development and deployment
costs.
The Public/Private Partnership Initiative
If there was ever a compelling need to enhance the ability of the private
and public sectors to work together, it is to achieve greater GSC security—the
ultimate public/private partnership (P3). Ports are in essence P3 operations,
being run jointly by government port authorities and private shipping firms.
It is government's responsibility to plan a response to a catastrophe; it is
also its responsibility to assess security and make a determination about if
and when to close a port. It is the private sector that is responsible for making
alternative shipping arrangements and changing supply chain logistics.
One of the best examples of P3 in this area is the U.S. Customs-Trade Partnership
Against Terrorism (CTPAT), perhaps the largest and most successful P3 initiative
to have emerged post-September 11. CTPAT is a multifaceted approach to establishing
trade security that requires advance electronic information regarding all cargo
shipments coming to the United States and provides the ability to analyze that
information before it is loaded onto vessels headed for the United States. Under
the program, private sector participants agree to make investments in security
protocol to enable them to identify weapons that may be used by terrorists.
In exchange, the U.S. Customs and Border Protection Agency (CBP) requires fewer
inspections upon arrival and a streamlined distribution process. So the time
spent to pre-screen cargo is essentially earned back upon delivery. Some 9,000
companies now participate in the program and approximately 40 percent of containerized
goods imported into the United States (by value) are covered.1
Yet CTPAT is a voluntary program. The U.S. Government readily admits that
it does not have the ability to effectively enforce its own regulations so as
to ensure point of origin security for a manufacturer's loading dock. Participating
companies are expected to use their own leverage with vendors to help increase
security at the point of origin, which places a lot—perhaps too much—reliance
on these companies. If a fault in the system occurs, it is likely to occur here.
CBP knows this, which is why to date some 20 percent of the security profiles
submitted for CTPAT membership have been rejected and nearly 100 companies have
been de-certified and suspended because of negative validations, failure to
meet their commitments, or because supply chain security was compromised. This
is a serious problem.
CBP believes it is only a question of time until a terrorist attack interrupts
the GSC. For that reason, it is important that the world's nations develop a
common framework for addressing the risk now. The P3 approach adopted by the
CBP will ultimately need to be adopted on a much wider scale. Each country will
need to adopt a common approach to risk management that will require broadly
based information sharing, including information about terrorist suspects, targets,
and methods. Whether this can be achieved in any truly meaningful fashion remains
to be seen. Doing so would itself create a whole host of problems related to
the accuracy of such information, information leakage, and enforcement capabilities.
Complex logistics systems incorporating advanced information technology are
at once more robust and more fragile than less sophisticated and less efficient
options. Well-tuned supply chain management systems excel at handling supply
or demand fluctuations within their competence and design capacity. What they
cannot do is respond effectively to conditions that far outstrip their normal
operating circumstances, such as major spikes in demand (created by a large
military deployment, for example) or significant reductions in supply (that
might result from the imposition of government security measures). Few, if any,
logistics systems are designed to cope with massive failures in their operational
or communications infrastructure. This is important because most firms operate
in several independent yet interconnected supply chains.2
The Response to Terrorism
So, what would happen if a terrorist attack successfully impacts the GSC?
No doubt governments have contingency plans in mind, but will they work? Consider
the recent terrorist attacks on the London Underground. London became well acquainted
with such attacks during the height of the IRA bombings in the 1980s and has
well documented procedures for addressing them. The net result in this case,
however, was that the entire underground and bus transport system was shut down
and the authorities were not able to fully reopen the system for several days.
Even basic internal communication systems did not work properly. After the event,
London's transportation system is every bit as vulnerable as it was before the
attacks.
The problem is that governments do not have the human and monetary resources
to fully address such risks and the public does not have the tolerance to do
what is necessary to allow governments to properly protect them. To do what
is really necessary—implement a stringent security protocol—would require much
more than the public will allow and more than a government can generally provide.
In cities where such a protocol has been in place for a long time, public tolerance
is much greater, but such tolerance is the result of conditioning. In Manila,
for example, people and bags are screened at virtually every business, shopping
center, movie theater, and hotel.3 In a city like
London, the idea of such a protocol is anathema.
The same is true of security for the GSC. Political culture in most developed
countries is skewed toward avoiding discomfort among the general population,
so governments tend to adopt procedures and contingency plans that will provide
the greatest amount of perceived protection with the least amount of discomfort
for its citizens. Also, governments tend to be reactive rather than proactive.
New York only adopted random screening of subway passengers after the London bombings (much to the chagrin
of New Yorkers), and most governments did nothing to increase security for trains
after the Madrid bombings last year.4 Even though
there are calls in the U.S. for 100 percent inspection of shipping containers,
doing so would seriously disrupt global trade as well as require enormous human
and financial resources. The potential economic cost of imposing greater levels
of security could be higher than the potential damage of a terrorist attack
on the GSC.
Clearly, more must be done to adequately address the threat, but in a targeted
and measured fashion. Governments do not have unlimited resources to throw at
the problem, business is time and cost-sensitive, and the general public in
developed countries do not presently have the tolerance to do what is necessary
to effectively address security. The G8 leaders are making the right noises,
fortunately, and have agreed to create a global container security regime, to
implement common standards for electronic customs reporting, and to support
the installation of automatic identification systems in certain types of cargo
vessels. This is a step in the right direction, but only a first step.
Another initiative has recently been taken by the World Customs Organization
to increase port security standards globally. The 166 customs agencies that
form the Organization recently agreed to enhance their standards. Among the
new measures to be implemented is one that permits any member state to request
container inspections at any other member state's ports. They also agreed to
make a greater effort to stop shipment of suspicious containers at the port
of origin, to share information on outbound containers through an automated
system, and to enhance the efficiency of the inspection process to prevent unnecessary
delays in shipments. Effective implementation of these measures will present
their own challenges.
Conclusion
The ultimate challenge is to craft a security protocol that achieves its
objectives while taking into account the resource limitations of governments
and businesses, and at the same time encouraging more public/private partnership
solutions. The costs associated with achieving heightened levels of security
will in the end have to be borne jointly by governments and business.
Reprinted with permission from "Securing the Weakest Link," Trade Finance Magazine (Asian Trade Finance
Supplement), August 2005.
Opinions expressed in Expert Commentary articles are those of the author and are
not necessarily held by the author’s employer or IRMI. This article does not purport
to provide legal, accounting, or other professional advice or opinion. If such advice
is needed, consult with your attorney, accountant, or other qualified adviser.