border and transportation security (bts)

SMU CSE 8394

Border and Transportation Security (BTS)

Class 2 C-TPAT and CSI

Concept, Technologies, and Vulnerabilities

SMU CSE 8394

C-TPATIn November 2001, Customs initiated C-TPAT – Customs-Trade Partnership Against Terrorism – to improve the security of containers as they move through the global supply chain

Under C-TPAT, Customs officials work in partnership with private industry, reviewing supply chain security plans and recommending improvements

In return, C-TPAT members receive the benefit of a reduced likelihood that containers traveling along their supply chains will be inspected for WMDs.

SMU CSE 8394

C-TPAT– First thing to Note . . .

C-TPAT is a general agreement on a Security Process

It addresses . . .

Security Guidelines (defined by

C-TPAT)

Security Plan

(defined by each

member)

C-TPAT Complian

ce Evaluatio

n.

Validation

Process

SMU CSE 8394

C-TPAT Has Guidelines for . . .

1. Importers2. Air Carriers3. Sea Carriers4. Rail Carriers5. Licensed Brokers6. Air Freight Consolidators/Ocean Transportation

Intermediaries, and NVOCCs (1)

7. U.S. Marine Port Authority/Terminal Operators8. Foreign Manufacturers

a) Warehouse Security Recommendations

b) Status Verification Interfacec) FAST Application Information. (2)

(1) Non-vessel Operating Common Carrier(2) This program allows U.S./Canada and U.S./Mexico partnering importers expedited release for qualifying commercial shipments.

SMU CSE 8394

C-TPAT Process for ImportersImporter Security Recommendations for C-TPAT

Contains a list of suggestions for establishing, improving, or amending, security procedures along the entire supply chain. Each set of recommendations applies to a specific segment of the import chain such as a carrier, broker, importer, or warehouse and is meant to serve as only a guide and not as an established standard

C-TPAT Agreement to Participate Voluntarily Required voluntary agreement that shows a company's commitment to complete the appropriate Security Questionnaire within 60 days and participate in C-TPAT.

SMU CSE 8394

C-TPAT Importers’ Security Profile1. Provide an executive summary outlining the process

elements of the security procedures currently in place. At minimum, address: – Security Program– Personnel Security– Service Provider Requirements - Product suppliers,

Carriers, Forwarders

2. Indicate that the specific detailed procedures noted above are available to Customs in a verifiable format at an identified location– Include an assessment of your security processes– As well as information on what changes you envision

making to correct identified weaknesses.

• Facilities security• Theft prevention• Shipping & receiving

controls• Information security

controls - integrity of automated systems

• Internal controls - process established for reporting and correcting problems.

• Pre-employment screening & periodic bkgnd reviews

• Employee training on security awareness and procedures

• Internal codes of conduct

• Internal controls - process established for reporting and managing problems related to personnel security

• Written standards for physical plant security

• Quality controls• Financial assessment

process• Internal controls to

select service providers• Profiles of Tier 1

suppliers maintained and available for review

• Indicate if your service providers participate . . .

SMU CSE 8394

C-TPAT – Focus on CSIAnnounced in January 2002, the Container Security Initiative addresses security vulnerabilities created by the ocean container trade

Two issues 1) WMDs in a container could destroy a port 2) WMDs slipping into the country could destroy a place

HENCE – CSI allows U.S. Customs to screen containers at CSI-designated foreign seaports.

SMU CSE 8394

Rationale for CSIOcean-going cargo containers are a critical link in the system of global tradeWith the rise of the “just-in-time” delivery system and increased efficiencies in maritime transportation, the U.S. and world economies have become increasingly reliant on the cargo container to transport their goodsApproximately 90 percent of the world’s trade moves by cargo containerAbout 49 percent of U.S.-bound containers arrive from the top 10 international ports shown in Table 1.

SMU CSE 8394

C-TPAT’s Security Architecture• C-TPAT identifies

– Procedural and physical changes to “heighten security”

– Continuous monitoring / updating to maintain it

• CSI identifies– Procedures to qualify and evaluate supply-

chain security as it pertains to shipping containers

– Continuous monitoring / updating to maintain itWhat’s missing?

SMU CSE 8394

C-TPAT’s Security Architecture• Technology

– How can warehouses, depots, and containers be secured

– What must be secured– What should we measure / detect / report

• Infrastructure– What is required to enable a secure

architecture– Who provides it / controls it / or maintains it

Our challenge . . .

SMU CSE 8394

Customs Commissioner Robert C. Bonner asked importers to tighten the security of their supply chains . . .

. . . “security measures must serve a greater purpose” Companies should expand the "security perimeter" of the U.S. by assuring their vendors and transportation means are "airtight."

Dedola International (Nov 28/01)

Compelling Problem – Border Security

U.S. Borders are inundated with Imports

Import levels impact HomeLand Security & may delay processing at the port of entry

SMU CSE 8394

Today’s Short-comings in CSI Security

• Current systems are designed to foul the “dumb criminal”

• They are not “hardened” to foul “smart, well-funded” criminals

• Opportunistic• Insider• “Grab-and-run”

mentality• Timing Delivery-

oriented

• “Idealistic”• Outsider & insider• “Send-a-message”

mentality• Timing Impact-

oriented.

SMU CSE 8394

Security Architecture for CSI

• Now that we understand • the concepts behind C-TPAT and CSI• the security methods introduced• the “terrorist characteristics”

• We will identify processes, technologies, and architecture necessary to give “teeth” to CSI.

SMU CSE 8394

Security Architecture – “Thought Lab”

SRCWhat do we need here to ensure only legitimate goods are loaded

Transport

How can we be sure nothing

“slipped in”

DST How can we maximize the likelihood of a high-detection hit-rate.

SMU CSE 8394


SRCIdentify the conditions needed hereConsider

• Trusted Agent – at each Vendor or Port• Mechanism to ensure that once loaded and

secured, opening a container is detected 100% and reported

• Infrastructure to ensure the “mechanism” cannot be compromised – cloned / mutated.

15 minDiscussion

SMU CSE 8394


Consider• Mechanism to ensure opening any part of a

container is detected 100% and reported• Infrastructure to ensure the “mechanism’s”

ability to report cannot be compromised – jammed / faked.

Identify the conditions needed here

Transport

15 minDiscussion

SMU CSE 8394


Consider• Mechanism to clearly and reliably indicate

container compromise to inspector or inspecting station

• Infrastructure to ensure customs inspector can identify compromised containers quickly

• Infrastructure to analyze possible breeches and to report them for up-stream analysis and reporting.

DST What does Customs need 15 min

Discussion

SMU CSE 8394

End of Current LessonThe purpose of the Thought-experiment was to

1. Identify an architecture to support CSI2. Identify technology characteristics to support

rapid and reliable detection3. Identify the impacts to infrastructure

An extension to our exercise is to determine cost impacts – ultimately, someone has to pay for it – so minimizing cost is a winning goal

Think of what may be lost through cost-minimization.

border and transportation security (bts)

Documents

security procedures

security of containers

ctpat process

security awareness

security vulnerabilities

security processesas

ctpat members

ctpat focus