Securing a Supply Chain

Executive Summary

The tragic events of September 11, 2001, triggered a legitimate renewed focus on the security aspect of Trade and Transport-related matters. The most visible initiatives in this area have been:

• In 2001, the Customs-Trade Partnership Against Terrorism (C-TPAT) voluntary certification program (USA)
  
• In 2003, the implementation of the "24hr advanced manifest rule" for shipments to US ports
  
• In 2004, the implementation of the International Ship and Port Facility Security Code (ISPS Code) addressing the port and vessel segments of the maritime trade and transport security.
  

In 2005, the World Customs Organization (WCO) published its "Framework of Standards to Secure and Facilitate Global Trade". To date, 156 WCO Members have signed a letter of intent to implement the Framework. With such a heavy-weight prime mover, it is likely that the Framework of Standards will shape the majority of the future national supply chain security programs.

But these are only the visible part of the iceberg. When attempting to map out the current status of supply chain security, analysts find themselves confronted with a mosaic of "initiatives", programs, codes, "solutions", technological applications, regulations, which may be international, national, regional, sectoral, compulsory, voluntary, unilateral, bilateral, multilateral, mutually complementary or overlapping.

Non-specialists can legitimately become perplexed by the fluctuating and complex nature of the issue. Choosing the right orientations and making the right decisions while planning one's certification against such an evolving and dynamic background may leave many executives somewhat puzzled.

The same goes when one has to prepare for compliance to mandatory programs.

Source: Michel Donner and Cornelis Kruk, https://openknowledge.worldbank.org/handle/10986/28128
This work is licensed under a Creative Commons Attribution 3.0 IGO License.

The multi-layered approach

The generally accepted trend calls for a layered approach, made of essential regulatory, conceptual, technological, programmatic and procedural components. More specifically, the main SCS elements are:

• Advance (electronic) Cargo Information (ACI)
  
• Risk Management
  
• Non-Intrusive Inspection (NII)
  
• Operators' Certification (Authorized Economic Operator - AEO)
  

The variety of programs that compose the layered approach are mutually complementing and even sometimes slightly overlapping each other in such a way that is meant to reinforce the whole structure:

• The ACI programs capture cargo information at an early stage, allowing the concerned Government Agencies to screen and analyze them through robust risk management techniques.
  
• The certification or credentialing programs aim at ensuring that supply chain actors are proven to be legitimate, self-disciplined and trustworthy.
  
• The application of recent technologies to SCS themes is being developed. For example: scanning and radiation detection, RFID-based "e-seals" and GPS-based container tracking, computer-based data-analysis and targeting systems, designed to screen and interpret themass of cargo data supplied every day by the ACI programs.
  
• The ISPS code and the ship-tracking systems cover the port-vessel interface and the ocean- leg of the voyage at vessel level. The ISPS code provides for the security norms for port installations.
  

However a number of variances and discordant sounds can be heard.

Compulsory or voluntary?

• The ACI programs, the ISPS Code and the vessel tracking systems are compulsory. The latter are globally compulsory for IMO Member States, the former are compulsory on the specific trade route they are regulating.
• While most AEO certification programs are not (yet?) compulsory, an increasing market- and peer-pressure is and will be felt by the supply chain actors, mainly exporters, importers and logistics operators, to become certified. Since AEO-certified operators must ensure that their vendors, subcontractors and trade-partners are themselves implementing adequate security measures, it will become more and more commercially risky not to be certified.
  

As the European Shippers Council (ESC) puts it, these voluntary programs are becoming "mandatory by default or design".

The carrot takes the shape of privileged "green lane" treatment of certified operators' cargoes at border- crossing point, materialized by faster clearance and less frequent inspections.

Mutual recognition

It is generally agreed that there is a compelling case in favor of the international mutual recognition and interoperability between national AEO programs. The WCO Framework of Standards provides a common platform for AEO certification programs, which should facilitate their mutual recognition. There are, however, still some questions on the mutual recognition between C-TPAT and WCO-inspired AEO certification programs.

Capacity building

One notable initiative conducted by WCO is the Columbus Program, which is dedicated to the capacity building of Customs Administrations in support of the implementation of the Framework of Standards. This major effort might have been partly inspired by the difficulties met in many countries during the implementation of the ISPS code, and should contribute greatly to the implementation of the WCO Framework of Standards world-wide.

100% scanning

A bill was passed in the US in 2007, under the title "Implementing Recommendations of the United States 9/11 Commission Act of 2007", mandating overseas radiation scanning and NII inspection of 100% of all cargo containers destined for the U.S. by 2012. The word "overseas" contains a dimension of extraterritoriality that might be the stumbling stone of the so-called "100% scanning" program. On the other hand, it is already a law in one of the major players in international trade, even if its enforcement date has been set in the, not too distant, future.

Many analysts and observers consider that this initiative is running at cross-purposes with the prevailing multi- layered approach inasmuch as:

• It is contrary to the strategy of risk management and targeting of high-risk shipments, which enables the Government Agencies to allocate their limited resources to the areas where they are most needed.
  
• Given limited resources, 100% scanning may actually end up providing a lower level of security as the focused attention on specific high-risk shipments is being diluted and diverted to a "blanket" approach covering ALL containers, if customs officers are diverted from focusing on high-risk container cargo. "Under the current risk-management system, for example, the scanned images of high-risk containers are to be reviewed in a very detailed manner. However, according to WCO and industry officials, if all containers are to be scanned, the reviews may not be as thorough".
  
• Its systematic approach might, paradoxically, give a delusive sense of security, whereas many specialists contend that truly high-risk shipments will actually receive less specific attention.
  

Other concerns relate to:

• The impact on the productivity of the ports and shipping industries and infrastructure, in general.
  
• The ability of the USA to reciprocate, should trade partners demand reciprocity
  
• The adoption of similar reciprocal exigencies by the other main global trade partners: BRIC (Brazil, Russia, India and China), EU, ASEAN+3, which would mean applying 100% scanning at origin de facto to the whole world
  
• The potential distortion of existing trade routes, and consequent further marginalization of smaller ports, which are many in the developing countries. This would not be neutral on the competitive position of traders from said countries.
  

Technology

An inconsiderate push towards a more extensive use of potentially costly technology, again, could affect the competitiveness of developing countries, should the lawmakers loose sight of the sustainability aspect.

Initially, good old basic common sense "pater familias" security measures and procedures in one's own backyard will often address the issue for individual exporters, importers or logistics operators' facilities, at least in the early stages. On this basis, more sophisticated sustainable technological enhancements can gradually be added that are proportionate to the size of the assets and the operations to be covered, as a result of a sound risk assessment.

To make a parallel, the ISPS Code does not mandate CCTV or biometrics, but does recommend fencing, access control, patrolling and appropriate lighting of the facility. Each entity must decide the most adequate technological enhancements it can afford, based upon its own specific cost/benefit analyses.

On the role of technology, the US Bureau of Customs & Border Protection (CBP) recently expressed that: "DHS (department of Homeland Security) does not believe that, at the present time, the necessary technology exists to adequately improve container security without significantly disrupting the flow of commerce "

A great deal of work is still necessary to harmonize the various technologies derived from inventory control solutions, such as RFID, Infra Red seals, GPS-like tracking or similar, in order to ensure their mutual compatibility and interoperability through international standardization before they can even be considered as solutions worth being generalized to the container transportation. For example, the following areas need to be addressed: handling of alerts and tolerance levels, radio frequency allocation and standards, requirements for the installation and operation of the reading, transmission, communication and interface infrastructures. Many of the above issues will not have been solved in 2009, and there still exist concerns about the vulnerability of the devices themselves against "e-tampering".

A pragmatic note to conclude on technology: "No one technology provides 100% compliance. A carefully selected mix to suit local conditions will become the norm"

Costs

A detailed study of the costs of SCS has yet to be made. Very preliminary estimates for scanning costs range from US$ 10 to US$ 440 per scanned container, depending of the throughput at the scanner. Active E-seals have been estimated to cost between US$ 10 and US$15 apiece. The estimated lifecycle cost for one of the new generation Advanced Spectroscopic Portal (ASP), a radiation detecting scanner developed under the aegis of the US Government, exceeds US$ 800,000, almost the triple of the cost of existing radiation scanners.

Conclusion

There is no single path to achieve supply chain security. There is an overall consensus on the need to improve the security of the supply chains, world-wide. There is a multitude of programs, some endowed with the force of international law, others merely optional, with an array of in-between initiatives, including some that will likely become compulsory in practice, due to market pressure, and some others, technology-based, that are striving to become mandatory.

The layered approach seems to enjoy the broadest consensus, world-wide, and it is important to follow how it will fare in relation to the US 100% scanning law, and vice-versa. Within the layered approach, the mutual recognition between national certification programs remains a serious issue, in spite of a professed consensus.

Stakeholders also need to keep an eye on the question of technology. Some of the proposed technological solutions might provide significant improvements in the conduct of SCS measures. They must however adapt to the existing structure and infrastructure of international transport, and correspond and contribute to the needs and requirements of the transport industry and the international trade flows, not vice-versa. Technology-based solutions must remain proportionate, well thought-out, affordable and sustainable in all types of scenarios to reduce the risk of further marginalization of smaller ports and economies that could not afford the related investment and operational costs. In addition, lawmakers must ensure that endorsed technological solutions are mutually compatible and comply with universal technical and operational standards.

Finally, for Government Agencies, Port Authorities, private importers/exporters and transport operators, the time to start looking seriously at SCS is NOW.

Introduction

A supply chain is a system of resources, organizations, people, technologies, activities and information involved in the act of transporting goods from producer to consumer/user.

In the context of globalization, it also refers to the network of supply chains that form today's global commerce.

Threats to the supply chain can come:

• From outside the supply chain, threatening to disrupt the chain
  
• From inside the supply chain, when it is used to perform and cover illegal activities, like contraband, terrorism, or piracy.
  

Supply chain security (SCS) is the concept which encompasses the programs, systems, procedures, technologies and solutions applied to address threats to the supply chain and the consequent threats to the economic, social and physical well-being of citizens and organized society.

Unless explicitly computer related, the word program in this guide is understood as being a complex, a whole composed of interconnected or interwoven related parts, of integrated and sequenced methods, procedures, systems, rules and regulations applied to segments or components of the supply chain in order to enhance its security.

The programs that, in SCS parlance, are sometimes called "initiatives", may be:

• Global, regional, national, governmental, sectorial
  
• Multilateral, bilateral, unilateral
  
• Compulsory, voluntary.
  

They mostly apply to specific elements, areas, segments, sectors, links or events of the supply chain, or groups thereof. They may require the use of specific technologies or equipments, or sets thereof.

Background

This - (SCS) Guide is intended for Trade and Transport Government officials, Port Authorities and Transport, Cargo and Logistics Communities, in particular in developing countries. The guide will in broad terms describe all components of SCS and will preliminarily be directed toward Port and Trading Communities at large, but making references to other modes and nodal points as well.

This document is not an exhaustive encyclopedia of all the aspects of supply chain security.

Following the prevailing trend in the industry, the guide gives more attention to the maritime containerized transport than to other sectors or modes of transport, as it is currently the most evolutive sector.

The purpose of the guide is to make concerned trade and transport-related officials, managers and personnel in developing countries acquainted with, and aware of, the many initiatives mushrooming in the field of supply chain security, what these will mean for their respective organizations, and how to tackle the inlaid challenges.

The main avenues presently explored in the pursuit of security in the supply chain are:

• The early detection of threats through the timely acquisition, analysis and validation of cargo information by the relevant Government Agencies, using advance cargo information broadcast and a consistent risk management system
  
• The certification or credentialing of the actors of the supply chain, to ensure that only legitimate, bona fide entities or individuals with an adequate security awareness and self- discipline actively participate to the supply chain. This ideally implies that mechanisms are in place for the mutual recognition by Governments of their respective certification programs
  
• The use of appropriate, sustainable technology to enable enforcement agencies to timely and speedily screen or examine a larger portion of the commercial flows, while facilitating the flows of legitimate trade.
  
• The improvement of cargo and container integrity during the whole transport cycle, centered on seals, track and trace, positioning and scanning technologies.
  
• A set of international regulations covering the tracking of vessels at sea, the interface between merchant vessels and ports and the security of the port facilities.
  

These five elements form what is being called a multi-layered approach. This approach is the one supported by the most active SCS drivers, namely the US Department of Homeland Security (DHS) and the World Customs Organization (WCO). The respective layers focus on different segments of the supply chain, providing multi-angle assessments of the cargo and ensuring that security does not rely on any single point that could be compromised. The idea is that the layers complement each other and reinforce the whole.

Figure 1-1 Layered Approach

24 hours Manifest "10+2" Advance Cargo information Risk Management

1. Early detection
2. Certification & credentialing
   
3. Scanning technology
   
4. Container integrity
   
5. ISPS International Ship & Port Security Code, vessel tracking at sea AIS/LRIT
   

Structure of the Guide

Considering the targeted audience, the guide will discuss the issues in the following sequence:

Supply Chain Security Programs

1. Major compulsory programs affecting the actors of the Supply Chain
2. Main voluntary programs (discussing those that are likely to become compulsory either by law or by market pressure)
3. Other significant programs.

Technology

1. Container integrity device technologies
2. Track & trace and positioning technologies
   
3. Non Intrusive Inspection technologies.

In addition, the guide offers a glossary, an index, a "linkography", a FAQ section, elements for a roadmap for users in the form of specific checklists, and other annexes.