Jackson calls for next-generation cargo security system
In a speech that at once seemed to praise and diminish U.S. Customs and Border Protection efforts, Michael Jackson, deputy secretary of Homeland Security, said the United States needs to overhaul its cargo security approach by relying on the private sector to collect and manage new sources of commercial data for screening inbound container shipments.
Jackson called for a next-generation business model based on third party information clearinghouses that would allow government access to real-time, advance data without placing the burden on government to collect and manage massive quantities of information.
Jackson, the architect of the department’s nascent Secure Freight Initiative, told a large audience of trade specialists gathered in Washington for a CBP-sponsored trade symposium that the Automated Commercial Environment is fine for normal government reporting purposes and data analysis, but that it would be overwhelmed by trying to sift through millions of commercial messages each day.
At the same time, he appeared to question the ongoing value of programs such as the Container Security Initiative and the Customs-Trade Partnership Against Terrorism, saying “that next-generation system I understand to be a fundamental philosophical jump from where we are today.”
Cargo security will not work if each country tries to set up separate security regimes using disparate information technology systems and tries to secure shipments through a series of unrelated bilateral arrangements, he said. The World Customs Organization’s effort to spread standards for global trade facilitation and security “is a tremendously good sign because it moves us beyond just the United States government effort to regulate industry.” Other countries need the same type of data the United States seeks to risk manage the terrorist threat in the supply chain, he said.
“ACE is not resident in every country in the world and ACE is not perfect. It’s limited by the type of data and complexity of data that we get about the pre-history of a move. So if we can get deeper, richer, better, more timely data then we can improve ACE. It will be ACE on steroids.
“If the government tries to endlessly build ACE to be the repository for all data, then we begin to hit a wall of those types of concerns” related to data privacy and data fusion.”
Jackson, who previously worked for systems integrator Lockheed Martin and as senior vice president at AECOM Technology Corp., said “the U.S. government is just no good as a general concept at doing incredibly nimble and complex technology development, and then keeping it fresh and refreshing that technology base.”
He pointed out that the Federal Aviation Administration was still using vacuum tube technology from the 1960s in its air traffic control system in the 1990s, because it was easier to use an existing system than try to make any changes.
The air traffic control system demonstrates that “the government when it builds technology systems, typically because of difficulties of funding them, developing them and making them work right, is very slow and not so good at replacing them,” he said. “The distinguishing characteristic of the private sector is we inject competition into the rapid cycling of technology in ways that totally outstrips what the government can do.
“It’s not that the government wouldn’t have a core government system that we build, develop and own. What we need to do is think about being nimble and ahead of the bad guys as they innovate and figure out our vulnerabilities and how to attack those vulnerabilities. We have to be more nimble in the way that we build the systems necessary to gather information about the supply chain. And I don’t think we are going to do that in an adequate way simply by looking at government-owned IT systems. What we have to do is leverage the data that exists out in the world of commerce in a more aggressive and I think innovative fashion.”
Jackson challenged the department and industry to develop a next-generation system that moves beyond automated analysis of poor data obtained by “scraping off the waybill.” He characterized post-Sept. 11, 2001 maritime security measures handled by the Coast Guard for ships and crews as “good” and cargo security efforts as “adequate.”
Those efforts included the 24-hour rule for advance manifest submissions, the Container Security Initiative placing inspectors at overseas ports and the Customs-Trade Partnership Against Terrorism.
“We can do much better,” Jackson said.
At the same time CBP is building out CSI to 50 nations by the end of the year, Jackson suggested CSI will need to be rolled back because it is not an efficient for countries all over the world to send inspectors to all their trading partners.
“At the end of the day it is a first-generation tool that was strong and rood and right. But it is not a tool that works on a global basis. It has to be refined,” he said.
The United States would be better off if its security standards were globally harmonized and risk targeting scores reflected extra credit for sealing, background checks and other measures companies had taken to ensure the integrity of their containers, Jackson added. He did not explain why C-TPAT, which is designed to raise or lower risk scores based on a company’s level of best security practices, doesn’t accomplish that goal.
“Our job, I think, is to try and help drive a common operating platform, a business model that is rooted more in what you know, own and can give to multiple governments and how you do that. My thought is we have to do something different. We have to switch the business model to create intermediary institutions which are non-profit or for-profit, which are essentially you in the middle between the actors in the supply chain and governments who need to gather information about the pre-history of a container, Jackson said.
“So in the middle you have a data fusion center that can pull various pieces of data about the pre-history of the move, a schedule for the movement of that freight associated with a cargo container, beginning with an order.
Data from purchase orders, transportation bookings and other early transactions would allow CBP “to do a much more sophisticated job about profiling which containers we need to inspect,” he said.
“Government does wholesale. You do retail. We need retail. We need to reach down and touch all the actors as much as possible that touch the supply chain and find out how to mine that data. It doesn’t mean that analytical pieces is not done by the government. It means that the industry can gather and help present, coordinate common data sets and reduce concerns about privacy,' he said.
“They can manage this in a more coherent and functional way. What we need is a risk analysis engine on the front so the government actors can take core data” about a container movement and analyze it.
“You can build an algorithm that each country can own and fine tune that is mining the data that you can present.”
Jackson said he understood there would be skeptics about his vision. “This is at one level a certifiable, goofball idea to some people because it sounds like it is hard. It is hard, but not necessarily as hard as what we’re trying to do right now, which is figure out how one country can gather enough data like this, and how then another country does it all on their own. I think we can find ways to manage this in a fashion that will drive as much out to the private sector as is possible and reasonable. It gives us visibility and transparency into the rules of how the data is aggregated, reported, maintained so that just as we don’t want to run it, but we can audit it enough to know the strengths and weaknesses.
“There shouldn’t be one person in the middle. There should be competition in the middle so that over time if one company can figure out how to do it a little bit cheaper, better faster there can be competition,' he said.
“We couldn’t do this as a bunch of government pukes on their own nickel. But we can do it in ways that does mess up your business, we can do it in ways that makes your business better, and helps you move your freight faster and cheaper.'
Jackson said he has had discussions with a dozen countries about the Secure Freight concept, and hoped to find a couple of nations and several companies to help launch a small pilot program to explore how to get commercial data. The pilot would comprise a data aggregation center and running live container moves through the supply chain.
Jackson never referred to CBP’s Advance Trade Data Initiative, an 18-month program through which the agency is exploring with industry partners ways to identify and collect a whole series of commercial data sets about the buyer, seller, cargo contents and transportation provider from the point of origin.
He reassured industry representatives assisting with ACE development, saying, “Don’t despair. Your work is being built on and will be needed.”
Reaction ranged from anger to confusion to agreement in an audience that varied from importers, brokers, trade and security consultants, to ocean and motor carriers and former government officials.
One consultant with intimate knowledge of automated trade data systems said Jackson is correct that the government is not good at keeping existing systems such as the Automated Commercial System up to date.
“He took a logical step that the industry should keep the data current and the technology current, but he’s not offering anything as a tradeoff or a subsidy,” the consultant said.
Others questioned how the private sector would be any better than the government at protecting confidential data given recent episodes of hacking into systems operated by data aggregators like ChoicePoint and credit card companies.
Jackson isn’t necessarily proposing that the private sector create a whole new data collection network from scratch, said Sam Banks, senior vice president with Sandler & Travis Trade Advisory Services. Secure Freight could be a more modest concept that would basically tap private networks run by automated trade management, security, communications or transportation companies such as NextLinx, Savi Networks, GE Security, Motorola, IBM and Maersk, FedEx, and UPS, Banks suggested. These types of companies support existing clients by using technology to help them gain visibility into and control their inventory.
They operate closed loop systems with information that is not shared with other commercial entities, but could be shared with the government, said Banks, a former deputy commissioner of Customs.
“Take his theory, but change it a bit. Maybe we can access all these private databases. Then it’s not so crazy anymore. Those companies already are getting paid to do this.”