In a 2006 interview, you gave the country a D+ grade when it comes to the current state of port and cargo security. And that D+ was up from an F a few years prior. Where do we stand now in 2008? We are moving probably to a C-minus. There are essentially three challenges in the area of port security and cargo security. The first is that potentially our ports can be used as a conduit to bring destructive things into country, such as a dirty bomb, a radiological device, or, in a worst case scenario, a nuclear bomb. So the first set of challenges is to figure out how do I find the needle in haystack in the tremendous volume of cargo and in a complex environment like our ports if someone wanted to smuggle something in.
The port environment itself contains tremendous critical infrastructure that is essential to our economy and puts at risk, particularly in communities like Seattle, where you have a lot of port infrastructure close to where people live, things like refineries, power generation plants, transportation hubs and bridges. There is a lot that is truly critical. A lot of our population was built around ports and a lot of the infrastructure is essential to our way of life.
The area where the government has the longest way to go is in creating a reaction where we basically shut things down to sort things out. That is, the need to see that the interval of transportation system itself beyond the port environment is a critical infrastructure. This is absolutely indispensible to our environment; potentially targeting that system verse exploiting it.
We’ve made considerable progress from where we were before. We have a kind of framework that’s been put in place since 9/11 — from the pushing of borders out, to having customs agents overseas, to having efforts to get companies to be far more security minded than they were before with programs like CTPAC. But this last problem, the ability to recover and have a measured response, that’s where efforts are close to failing and is something that should give all of us considerable pause.
It’s been a few years since operation cargo safety commenced. With regard to that effort, have we learned anything? The results have not been widely published or shared. So most of us don’t know what we learned from running those pilots.
That operation goes back to an initiative that was launched after 9/11. A first shipment from Czech Republic was followed through to the United States through Vermont and New Hampshire. The results of that first effort in May 2002 spawned legislative action.
There were always pieces that I thought were essential to that early work. One was to get people to understand what we are really trying to manage as a challenge was more about global supply chain than it was about our borders. Immediately after 9/11, I was concerned the reflex would be: Stop everything and check it at our border crossings. We did that for a little while and found out it wasn’t sustainable as everything was backed up at borders and in ports. Fundamentally, now happily, there is much great understanding that things arrive through a very complex cycle known as the supply chain. But people needed to understand that was ultimately the problem we were dealing with.
The second piece was to ID whether were new tools and technology that would give us better transparency for both combination of visibility and accountability of what was moving through the system. Were there tools out there that could be applied? My interest was driven through sensing there were tools out there, but also that there was a lot that would be oversold as a silver bullet.
When you are trying to sort out where to go, you need basic data. What’s out there that sounds reasonable and what’s out there that is still in the realm of science fiction? The goal there was largely educational. The real partners had to be non-government players.
I wanted to make sure we were going to be very open about what results were. The problem was there was opposite instinct, rather than create open and inclusive process. First responders are always going to be private players, members of the public. But the program ended up being managed as a closed government process. The results were sealed off and not well-shared. Most folks who would be part of the solutions have been mostly kept in the dark.
The opportunity for commerce is to ask: How have you developed tools to ensure you’ve minimized the risk of exploitation of critical lifelines by an adversary? That is not going to be an inherently governmental activity. What it is at its heart is a business continuity challenge for the inter-transportation system and those who rely on it. So what we have is problem that lies in the private sectors lap. They have to be at heart of tools to safeguard it.
We need a reorientation away from thinking the government will figure out what is going to make us secure and pass these tablets down and set reasonable deadlines and check in once in a while. We need to go in the direction of a true partnership that largely originates with those who operate the business and is validated by government.
How do we accomplish that? At the heart of challenge is a global set of systems where some portions are very concentrated; mega-ports for instance. But we also have, when we go back to the factories, a widely-dispersed system. So the challenge, from a single company standpoint, is: I can control what happens on my real estate. But then I get into the system, and it has lot of anarchical qualities, chaotic qualities, as to how it operates. So it quickly gets out of my control.
What we are struggling with, on one hand, people who own and operate need to develop tools. But that needs to be done on as close to a global basis as possible. The public sector is going to be part of kibitzing on how this is going to happen. So it’s a massive choreography challenge. It’s often less about technology as it is choreography of getting all participants public and private into the plan of how to move forward.
I think what we have is some basic tools that get us in direction we need to go. We’ve begun processes like CTPAC. We’ve set framework through ASME code of common sets of requirements of things that need to happen in facilities and on vessels, etc. So we have a skeleton at least around which this can happen.
Where I think the next steps come are really an effort on which we rely — continue in ISO fashion — to have a heavy voice on what we want to do with safeguards in facilities, what we want to do on container level. What’s been missing is effort to validate that these efforts are being done. This is where government efforts are getting in way. Customs has not supported third party validation. Screening of cargo is going to have to be done as they have been done in aviation sector with private efforts to do that. Government’s job will have to be validate the validators.
Where do you think stand companies now?? There are certainly a lot more in parts of the system companies can control than there were in the past. A lot has been animated by CTPAC protocol which basically says we need private sectors companies to take great ownership. A lot of good companies have stepped up to that plate and made efforts in factories, in physical security on loading docks. There clearly has been a lot of activity in that realm.
The biggest challenge in maturing our efforts to improve supply chain security involve things that lie largely outside the scope of what individual companies can do and what government officials can do. Even one as powerful as the U.S. government. This is because global logistics operate in what is essentially a transnational environment where direct contact with government authorities is limited and where the capabilities, and integrity, of those government authorities are very uneven. What is required is that the security regimes operate much like the modern safety and quality regimes where there are industry-wide efforts to develop standards, like ISO, and to police those standards, like classification societies such as Bureau Veritas, American Bureau of Shipping, and auditors, where governments play essentially a spot-check role.
In my experience, the evolution of container security has been constrained not because there is active resistance from the private sector. I continue to find interest and concern that more needs to be done among many responsible companies. The problem lies with the fact that the development of the regime continues to be too government-centric in its design and execution. That is, CBP has largely tried to maintain control of setting the global requirements and it has been reluctant to accept third party policing mechanisms to verify those standards are being kept.