Watch Now


Scan-all lite

Scan-all lite

Homeland security expert threads the needle on 100% container inspections, says scans could redefine ISF.



By Eric Kulisch



Stephen Flynn
president,
Center for National Policy
'If the industry is engaged in integrating the inspection process into their operations, they will almost certainly come up with a more cost-effective and less disruptive approach than one in which they try to accommodate the requirement of a government-owned and operated process.'

      Stephen Flynn has been a loud voice the past nine years for greater government and maritime industry accountability when it comes to supply chain security.

      He helped the U.S. government after 9/11 develop a strategy of pushing out its borders by developing partnerships with customs authorities in key foreign ports to inspect suspicious cargo headed its way ' what is now known as the Container Security Initiative (CSI).

      After that security regime was up and running, Flynn advocated that private marine terminals operate integrated scanning systems with sensors to collect physical evidence on every ocean container that rolled through an entrance by truck. Four years ago, the new president of the Center for National Policy and homeland security expert thought it would be sufficient for such a system to verify the contents of every container, but not analyze the images in real time because of the massive amount of manpower and time involved. Customs officers would check only those containers thought to be from a high-risk source. The rest would be stored in case questions crop up during transit or as a forensic tool to go back and quickly identify the source of a container breach in the event of a terrorist attack involving a weapon smuggled through a port.

      As his concept matured, he proposed a business model in which terminal operators own and operate X-ray and radiation detection machines, charge shippers a per-box fee for the scans, and upload the images and readouts to participating customs agencies.

   Now his thinking has evolved again in an effort to find a political solution to the nightmare scenario of a mass destruction weapon smuggled in a shipping container.

      Flynn said a refined version of his inspection model, in which the private sector manages the entire data collection and analysis process, offers a middle ground between politicians who want every ocean box to be checked and those who believe the status quo risk-management approach towards selective inspections is the only way to prevent gridlock in commercial ports. And, the former Coast Guard captain argues, quick scans of every container would allow U.S. Customs and Border Protection to loosen its requirements for the new Importer Security Filing (ISF), thereby relieving businesses of a major compliance burden.

      'We don't have the risk management tools in place yet to survive the 'morning after' problem' of a government faced with shutting down U.S. ports because it can't determine how a terrorist compromised a low-risk container, Flynn recently said. The cascading effect of such a move would grind trade to a halt, cause a massive pileup of containers at overseas ports and take weeks to unwind the backlog after the all-clear from further attacks is given ' all at a cost of hundreds of billions of dollars, according to logistics and security experts.

      In 2006, Congress instructed the Department of Homeland Security to conduct a trial program to study the feasibility of inspecting 100 percent of U.S.-bound cargo containers using non-intrusive imaging and radiation detection equipment. The first piece of legislation passed by House Democrats in January 2007 after they took control of Congress was the 9/11 Implementation Act, which included a mandate for scanning 100 percent of U.S.-bound cargo containers at foreign ports by 2012. The law was enacted in August 2007 ' before CBP had even completed its Secure Freight Initiative (SFI) pilot program in seven (now five) ports ' over the strong objection of the international trade community and governments around the world who complained about the unilateral nature of the scanning requirement, the cost it imposed on them, and trade disruption.

      The scan-all law was a no-confidence motion by Congress in:

      ' CSI (which results in technology-based inspections for about 0.1 percent of all inbound containers).

      ' The Customs-Trade Partnership Against Terrorism (a program that allows certified importers to bypass most security inspections at CSI or U.S. ports).

      ' The 24-hour manifest rule for collecting limited advance cargo information.

      ' The rules-based Automated Targeting System that scores shipments and flags some for inspection.

      ' The International Ship and Port Facility Security code.

      CBP currently inspects 5 percent to 6 percent of all ocean containers entering the United States and every container runs through radiation detection machines before exiting most U.S. ports. Many trade security experts argue that criminals and terrorists know what rules lead to inspections and how to operate within the system without setting off alarms.

      Trying to use CSI ports and foreign customs authorities to meet the 100 percent mandate will not work because terminals at the world's busiest ports could inspect no more than 1.5 percent of U.S-bound traffic, according to a paper coauthored earlier this year by Flynn, Noah Gans of the Wharton School at the University of Pennsylvania, and Nitin Bakshi of the London School of Business. The researchers' analysis of container throughput found that a slightly smaller terminal could sustain an inspection rate of 5 percent of U.S.-bound containers.

      The lack of capacity is a function of the targeted approach in which CBP officers identify high-risk boxes after they have been stacked in a container yard and request that their customs counterparts conduct a non-intrusive inspection. Dockworkers have to use equipment to retrieve the container from a stack, place it on a truck to be shuttled to an inspection station, and then return the box to the yard until time of vessel loading ' all of which adds time and cost to cargo handling operations.

      The SFI approach placed drive-through imaging and radiation detection portals, along with optical character recognition technology for capturing container and truck license plate numbers, at terminal entrances. But CBP and the Government Accountability Office (GAO) maintain that space constraints can require seaports to place scanning equipment miles from where cargo containers are stored, natural bottlenecks at some ports make scanning difficult without causing congestion, and transshipment containers are only available to scan for a short period of time or are difficult to access because they enter the port by sea for quick transfer to another vessel.

      CBP officials say that replicating the comprehensive inspection regime beyond the small volume ports included in the pilot program would cause huge technology, infrastructure, workforce and legal challenges, and be prohibitively expensive.

      CBP's position is that a scan-all approach makes sense only in some specific high-risk trade lanes, such as from Pakistan, where the additional data can provide assurance that the inbound cargo is not compromised. But top officials recently signaled that they are moving away from even such a limited application to focus on their layered security strategy.

      The imaging devices and radiation portal monitors work in tandem. Radiation portal monitors are known to miss highly enriched uranium that is shielded by lead, but the imaging machines can detect the lead and show an anomaly in the cargo image.



Global Approach. Flynn, a former Council on Foreign Relations scholar, and his colleagues instead argue for an industry-centric approach in which relatively low-cost, drive-through portals rapidly screen outbound containers to any destination ' not just the United States. Boxes that fail the initial inspection are separately scanned by more sensitive equipment. Such a system would provide much better inspection capacity than a CSI system at a lower cost per container, they claim.

      During a World Customs Organization forum held in Seattle Oct. 4-5, Flynn elaborated on how a market-based approach is more sustainable and effective at dealing with the terrorist threat to the intermodal supply chain infrastructure.

      Operating that global network, much like the financial system, requires trust to function smoothly. A terrorist attack would lead participants to opt out of the system, and limit transactions to domestic customers, if they perceive the risks are greater than the benefits in the same way people pulled money out of stocks and bank accounts and put it under their mattresses during last year's financial crisis, Flynn noted.

      Building a container inspection system that is global in nature rather than centered on only protecting the United States has the advantage of gaining the cooperation of other nations and the business community, and amortizing costs across a wider pool of users, Flynn said.

      He articulated the attitude of foreign officials towards the scan-all mandate as: 'You're the most powerful country in the world, you're the wealthiest country in the world and you want us to basically bankroll your security. You want us to do things in our neighborhood, with our resources to protect you ' the United States.'



Resilience. Repeating a common theme, Flynn said the key motivation for designing a way to scan all containers within the normal course of port operations ' what he called 'baking it into the system' ' is to build resilience in the supply chain instead of serving as a policing mechanism to find weapons or contraband.

Napolitano

      The Obama administration has embraced the concept of resilience as a key component of national security by creating a new office within the White House called the Directorate for Resilience Policy, according to the ex-National Security Council staff member. Janet Napolitano, secretary of homeland security, has also made it a priority for national infrastructure systems, such as health care and emergency response, to quickly bounce back from man-made or natural crises.

      Resilient systems are able to withstand a foreseeable threat, rapidly recover from a negative event and adapt to changing threats, Flynn said.

      He compared development of a bend-but-don't-break container inspection regime to the way engineers design buildings to survive the probability of a severe, 300-year earthquake but not to the theoretical limits of the 10-point Richter scale.

      For the intermodal system, that means being able to isolate the source of a terrorist attack instead of having to shut down the system and conduct an exhaustive search of containers in the pipeline to make sure they're safe.

      'Right now I think we're still in a position where we generalize the sense of risk and uncertainty without being able to pinpoint where that comes from,' Flynn told an audience of about 100 international customs officials and private sector trade compliance officers.



Private Partners. The third critical element of container security, besides being resilient and global in scale, is that the government should treat large terminal operators and ocean carriers as true partners with responsibility for designing and running the system, Flynn said.

      'If the industry is engaged in integrating the inspection process into their operations, they will almost certainly come up with a more cost-effective and less disruptive approach than one in which they try to accommodate the requirements of a government-owned and operated process, whether that is CSI or SFI,' Flynn said in an e-mail.

      'This is not to suggest that there are not engineering challenges associated with undertaking this approach. However, if the terminals are in a position to recover their costs, they are likely to figure out how to resolve these issues. If governments try to impose these costs on them, they will understandably resist.'

      A major limitation of the SFI approach that the Wharton study attempts to address is that it relied on customs inspectors to examine every image of inbound containers and resolve alarms in real time. The study's premise is that only containers with radiation detected by sensors, or weapon-size dense material picked up by the imaging, would be diverted to a secondary inspection station. About 95 percent of containers would automatically be cleared for the threat of a radiological or nuclear bomb. Alarms would be resolved at secondary locations by next-generation advanced spectroscopic portals that are able to differentiate between radioactive isotopes and identify whether they are dangerous or naturally occurring. The remaining 1 percent of images that have dense material of a size that could suggest the possibility of shielding would require human interpretation of the images, Flynn said.

      (DHS and GAO evaluations of the advanced radiation detectors indicate that the technology still cannot do much better than legacy systems at detecting lightly shielded enriched uranium or plutonium, although there is optimism that they can reduce the nuisance alarm rate. Congress recently prohibited DHS from full-scale procurement of the monitors until the secretary submits a report certifying that they have achieved a significant increase in operational effectiveness.)

      Global terminal operators, such as DP World, already do business in unstable parts of the world and can be entrusted with the security task because they have a huge brand name to protect, Flynn said.

      'They have a vested interest to make sure what's put in place is going to sustain a level of integrity' and probably can do so better than many customs authorities whose agents are susceptible to bribes to look the other way, he added.

      Governments would essentially become a customer and devote their attention to checking the inspectors.

      The key to a successful self-regulated, private sector approach is allowing terminals to recover the cost of deploying the equipment, Flynn said. Terminal operators would likely hire a third party to manage the information technology system, troubleshoot problems and move data to customs authorities as needed.

      One model he floated would use certified third parties that operate remotely out of large data centers in Europe, Asia, the United States and the Middle East. The data hubs potentially could host on-site customs agents to analyze advance data.

      He challenged the transportation industry to support such a scheme to make sure that continuity of its core business is not undermined by inefficient government inspections or an incident that shuts down trade. Several global terminal operators already have embraced an outsourced inspection approach.

      Flynn, who no longer consults for cargo inspection equipment maker SAIC, said it would cost shippers about $15 per box to support the scanning system, although that could go down over time as container volumes increase again and the technology gets cheaper. The figure is higher than mentioned in the study because it includes the data management function in addition to the non-intrusive inspection system.

      'We also envision a process where high-volume terminals would collect an additional $2 to $3 per box to be used to bankroll equipment that would be donated to low-volume ports in developing countries who lack the resources to invest in the regime so they would not be placed at a competitive disadvantage,' Flynn said via e-mail.

      Some industry officials in the past have expressed concern that such a system would become a profit center for port operators, rather than simply a breakeven proposition.

      'We should be embracing anything that basically involves something where the marketplace says we can develop a better system that answers our needs but also satisfies (government's) needs. We need to get out of this passive posture waiting for tablets to come down from Washington' or the WCO with compliance mandates, Flynn said in Seattle.

      'I don't know how it works if you're relying solely on government-to-government solutions. Even if you solve the integrity and competency problems, it (becomes) a resource issue.'

      Flynn dismissed the notion propounded by the Bush administration and top CBP officials that the risk of the maritime transportation system being used to deliver a nuclear or radiological device is relatively low because terrorists are likely to want a more reliable method for transporting what may be their one and only nuclear device, and therefore the agency is putting too many resources towards container security at the expense of other modes that face equal or greater threats.

      Although the spectacular, mass-casualty attack is still a way to rally support for a cause, sophisticated terrorist networks are more likely to use a dirty bomb as a tactic in a campaign of asymmetric warfare designed to cause mass disruption to critical systems in the civil and economic arena, Flynn said.

      A 'dirty bomb' is made by attaching a piece of radiological material to an ordinary explosive device, which acts as a poor man's dispersal agent. The impact is more localized than a nuclear explosion, but can cause contamination and death.

      The probability of such an attack is still low, but the consequences are so severe that taking precaution is justified to maintain network resilience, according to Flynn.



ISF Alternative. One of CBP's key measures to strengthen the risk-based approach to targeted inspections is the new Importer Security Filing rule. Realizing that the ocean carrier manifest only represents a generalized checklist of cargo carried onboard a vessel, the agency last January began requiring 10 pieces of specific transaction data from importers about their suppliers, logistics providers and shipment contents. Many of the data sets are eventually filed with CBP when the customs entry is submitted upon cargo arrival in the United States. The big challenge and concern from the perspective of many importers is that the data must be electronically transmitted far in advance ' 24 hours prior to loading at the overseas port.

      Importers and their transportation intermediaries are scrambling to set up processes and IT systems to obtain the information, and transmit it in a timely and accurate fashion. Some pieces of information were often never shared by the overseas vendor with the importer before, such as the consolidator or container stuffing location. Other complications include trying to find who has the origin data when imported goods are purchased from a middleman. Many cargo customers still experience difficulty obtaining the bill of lading number from some container lines early enough so they can file the ISF on time. CBP uses the B/L filed by the ocean carrier as an admittedly imprecise benchmark for measuring the timeliness of the ISF.

      Shippers are worried that when full '10+2' enforcement goes into effect in January they may incur penalties of $5,000 per filing or have to delay shipments until all the necessary information is lined up.

      Flynn says the industry-centric scanning approach removes the need for advance supply chain data, which is especially difficult to obtain for small importers that lack an overseas presence or sophisticated IT systems, and forestalls the possibility of more data requirements in the future.

      He predicted 'that three years from now there is going to be a DHS inspector general investigation and GAO evaluation and they will find there are a lot of false alarms with targeting based on ISF and that they're also going to find it's missing stuff.'

      CBP's reaction? 'We're going to need more information and we're going to need it earlier.'

      A technology solution that validates what is shipped means the U.S. government would not need all the manufacturing and shipping information upfront and could end up being more economical, according to Flynn.

      'It's like when you go to an airport. We don't ask what your childhood history is, what your income level is' because people get screened for guns and explosives that can lead to mid-air hijacking or explosion, he said.

      Instead, he proposed CBP adjust the deadline to allow importers to file the '10+2' data 96 to 48 hours before a vessel arrives at a U.S. port.

      'The only thing we need to focus on at the point of loading that truly threatens both the vessel that's carrying it and the receiving country is the nuclear weapon scenario or the dirty bomb scenario,' Flynn said in a post-presentation interview. 'Any other form of contraband we can land and handle and cope with.'

      Devices that check for weapons of mass destruction should be deployed and other sophisticated compliance enforcement tools postponed until arrival to avoid backups at the port of loading, he explained.

      'The rationale for acquiring all the ISF data 24 hours before loading is because we're going to use it to find extremely dangerous cargo, not just a whole range of customs concerns,' such as counterfeit goods and unsafe food, Flynn said. 'If you can look for the bomb-in-the-box more simply without all the data needs then it solves the delay problem. So there's no need to unwind '10+2,' but you can change the deadlines. It has value for customs compliance. I'm not real optimistic about it for solving my bomb-in-the-box problem.'

      Flynn said his system creates a level playing field instead of just imposing a security information burden on U.S. importers and is a better business proposition.

      'The challenge is this has to become a universal system, so everybody has to participate' to benefit the global supply chain, he added.