You may think you have supply chain security worries now … and with some cause. As the government seeks to foil terrorists intent on smuggling radioactive, explosive or biologically hazardous materials in the bellies of aircraft, on ships' decks or secreted in trailers and railcars, it's trained its spotlights on the shippers that own the cargo and the carriers that move it. Importing and exporting takes longer today than it did two years ago, and costs have soared. But the worst may be yet to come.
In a post-Sept. 11 world, the U.S. government needs to ensure that its transportation systems aren't being used as a vehicle for terrorism. That's no small task. In 2002, according to the World Shipping Council, around 202,800 U.S. importers received goods from more than 178,200 foreign exporters via ocean liner shipping. On average, something like $1.4 billion worth of goods are moved through U.S. ports every day, most of it in shipping containers—6 million a year. At the same time, U.S. airlines are moving around 22 billion ton-miles of freight annually.At any given hour, 61,000 people are airborne over the United States. There's no way of making all of that 100 percent safe any time soon—45 pounds of Semtex fits in the trunk of a car and can blow the front off a three-story building. Securing the international supply chain, or even just the bit of it that snakes through the United States, is a tall order. But then, some argue, so was eradicating smallpox.
Over the last two years, the U.S. and other governments have started to implement what they hope are solutions—an intimidating array of international initiatives known mostly by their acronyms. To name but a few, there's the Container Security Initiative (CSI), the Advance Manifest Rule (AMR), Smart & Secure Trade Lanes (SST), the Customs-Trade Partnership Against Terrorism (C-TPAT), the U.S. Customs' Automated Targeting System (ATS) and the International Maritime Organization's International Ship and Port Security Code (the IMO ISPS Code)—some of them voluntary, most mandatory. And if you think that all this is the transportation companies' problem, think again. Although the U.S. authorities are currently concentrating on ship and port security, cargo security is next on the docket and legislation about to go into force could affect you soon.
Take the ISPS Code, for example. The U.S. version of it, the Maritime Transportation Security Act, was introduced in 2002, and its requirements will be enforced beginning on July 1 of this year. Under the act, all U.S. ports and all ships visiting U.S. ports must have trained their staff in awareness, drawn up a security assessment document that includes plans for responding to a terrorist emergency, and have had those plans assessed and approved by the U.S.Coast Guard. Failure to do so will result in their being turned away, in the case of a ship, or locked down completely, in the case of a port.
That may sound like the carriers' problem, but it will most assuredly become your problem as well. For one thing, ocean shipping will cost more. Adrian Gonzalez, supply chain analyst at ARC Advisory Group in Dedham, Mass., reckons compliance will cost carriers some $1 billion in the first year and $4 billion over the next five years. It's a given that carriers will pass these costs on to their customers.
But the more immediate problem is the threat of delays. Even if the carriers and the ports you use are fully ISPS compliant, your cargo could still be held up. Christopher Koch, president and CEO of the World Shipping Council, brought this up during his testimony before the Senate Committee on Commerce, Science and Transportation on March 24. What will the U.S. Coast Guard do if an ISPScompliant vessel has called at a non-compliant port on its way to an ISPS-compliant U.S. port? That issue remains unresolved, he pointed out. "Vessels calling between such ports and the cargo on those vessels are caught in the middle," said Koch. "It is not yet clear what a vessel can expect in those situations."
Earl Agron, director of port and container security for APL Ltd., based in Oakland, Calif., shares Koch's concerns. "Authorities are reluctant to share any details because they don't want to let anyone off the hook," says Agron. "That's vessel related, but another question is: What happens to cargo that comes from a non-compliant port?"
Koch's feeling is that, at the very least, such cargo would be held up for inspection. Partly, it's about politics, and the tricky business of the United States' imposing security standards on the rest of the world. "While the government may be highly reluctant to stop trade with such countries [that have non-ISPS compliant facilities], we expect it is likely to undertake measures designed to impose pressure on such ports and governments to comply, and those consequences may become more substantial as time passes and the government becomes less tolerant of foreign ports that are not compliant with the Code," Koch said.
Naming names
If the image of a tightening noose comes to mind here— one that's putting a stranglehold on your supply chain— brace yourself. There's more to come. Another international program, the Container Security Initiative—designed to foster cooperation between trading countries in allowing U.S. officers to screen cargo in foreign ports—is still in its infancy, with details yet to be spelled out. But you can be sure there will be shipper involvement somewhere.
Meanwhile, U.S. Customs is wrestling with the problem of what actually constitutes a "shipper" for the purposes of ATS security screening, and whether the 14 cargo manifest data elements currently required are sufficient for the security task at hand. Koch describes this as a "significant pending question," and one that affects importers directly. One way or another, whether or not such information appears on a bill of lading, the U.S. authorities want the names of the original vendors, suppliers and manufacturers for all cargo. Koch urged the Senate Committee to recognize that this information is not the responsibility of the carriers but of the importers. Although importers provide much of this info to the Customs data system in the merchandise entry process, it's not currently filed before vessel loading and is therefore of no use to ATS, Koch said. He warned that importers should expect the equivalent of the Advance Manifest Rule under which carriers have to file cargo information 24 hours before the ship sails from a foreign port, bound for the United States.
"There is in fact an overarching and broader question that underlies this issue and the effort to make ATS as effective a cargo security screening system as possible, namely: What information does the government need, from whom, when, and filed into what information system?" Koch said. That raises yet another question: If importers will be required to provide extensive and detailed lists about their foreign vendors, do they want that information broadly distributed via carrier manifests, where competitors might see it? It's virtually certain that all these questions will be addressed in the next year or so, and they will directly affect U.S. importers.
Getting ready
What to do? Gonzalez and others have some suggestions for shippers that want to secure their supply chains as well as prepare for the future. Gonzalez says the first thing to do is appoint a chief security officer, today, and establish a team with members from the full range of company departments.
He also suggests joining voluntary security programs, notably C-TPAT, which will help get you thinking about security issues. To obtain C-TPAT accreditation, you have to convince Customs that you have rigorous security measures in force along your entire supply chain. That takes time, but it cuts the risk that your containers will be singled out for costly and time-consuming inspections. (Bob Perez, director of the C-TPAT program, says Customs now inspects around 6 percent of all containers entering the United States, and 100 percent of those considered "high risk.") Alan Hicks, director of business development and governmental policy at P&O Nedlloyd North America, based in East Rutherford, N.J., also endorses C-TPAT. "[C-TPAT] gets flak for being a voluntary program and having no teeth but it's made people aware of the risk and it's been hugely successful in that regard,"Hicks says. "Making people aware of the risk is the single most important weapon we have, having people looking in terms of the normal course of business saying: this doesn't look right."
Third, Gonzalez suggests you incorporate trade security requirements into your vendor and carrier qualification processes, and ask your existing vendors and carriers to comply with them as well. Furthermore, you should investigate the technology being developed to guard cargo once it leaves your loading dock—smart seals for containers, RFID and satellite tracking systems. Keep in mind you'll also need software to help you trawl through tracking data. "You have to worry about the database management and software applications," says Agron. "Very few companies are investing a lot of time on the application side."
Software capable of automatically separating the security wheat from the chaff is going to be increasingly crucial as shippers and carriers install more smart tags on cargo—whether they're passive or active RFID chips, or GPS tags that can send out messages about position and status to earthcircling satellites. It might appear that an ideal solution to the cargo security problem would be to tag every one of the world's 12 million to 15 million containers in active use with a whiz-bang transmitting device. But, Agron points out, that would result in a flood of information of biblical proportions. Ten million containers sending out signals once an hour would produce a quarter of a billion messages a day to be evaluated, swamping the receivers' systems.
Others urge shippers to get involved in the ongoing legislative process. Hicks at P&O echoes the sentiments of many when he says he's found working with the U.S. Coast Guard and Customs on a voluntary basis has led to a lot of useful debate. For example, he says, the authorities have already backed down on a requirement that advance manifest information be sent for empty containers on ships. Koch and the World Shipping Council, among other trade groups, also made Customs back off from a proposal to make the carrier responsible for naming parties other than the one that had contracted for the transportation service as the cargo's responsible "shipper." Importers should be getting involved too, lobbying national and international representatives, and participating in shipper groups. The Toy Association of America is one that's particularly active in this regard. Barry O'Brien, its chairman, announced at a security panel at a conference in Cleveland in March that he intended to pool the accreditation and inspection of all toy manufacturers in China used by Toy Shippers Association Inc. members in order to cut down on duplicate effort (and expenditure), and is working with the Toy Association of China to make that happen. Other vertical industries should take note. Importers are increasingly going to have to provide information about their business partners abroad. Starting now, and pooling resources to do so, is simply good supply chain policy.
Lastly, don't confuse supply chain efficiency with supply chain security. For example, with RFID tags, there's been no clear industry distinction so far between that technology's uses for container security and for supply chain management objectives. "These are not trivial issues," said Koch. "The issues, the challenges and the requirements involved in addressing the two are not the same. The purposes and the use are not the same. A failure to clearly distinguish between security requirements and commercial supply chain management objectives will create confusion; will impede progress on these issues; and may in fact create significant security vulnerabilities."
