A Report Card on DHS Security Policies, Standards and Programs
Part 3 of 5: a look at CBP’s Sealed-Door Standard and the RFID Standard. By Dr. Jim Giermanski, Chairman of Powers Global Holdings, Inc. and President of Powers International, LLC, an international transportation security company.
– Jason P. Ahern, Acting Commissioner, Customs and Border Protection
Although the introductory quotation of J. Ahern represents just one issue of this country’s treatment of container security, it is based on the standards against which Ahern and others in DHS form their conclusions. It is not the issue of only standards that influence their decisions, laws and policies are equally important. In the case of container security, Ahern’s statement demonstrates the lack of knowledge of container and cargo security technology and practice that relates directly back to standards established by DHS. If one looks seriously at the claimed standards of technology and/or practices of Congress, the Department of Homeland Security (DHS), and Customs and Border Protection (CBP) in the global container and cargo security arena, it becomes obvious that the standards and practices to which they adhere are either unsupportable scientifically, or practically, or at best, weak in light of standards in the rest of the world. Of course, this is easy to say. Therefore, to be reasonable, honest, and convincing, it is necessary to treat with specificity examples of laws, standards, programs or practices of Congress, CBP or DHS. My analysis will examine only eight standards or criteria against which security decisions are made:
• CBP’s False Positive Standard;
• Legislation on 100% Scanning;
• CBP’s Container Management Standard;
• CSI and The 24-hours Manifest;
• Sealed-Door Standard;
• RFID Standard;
• In-bonds standard; and the
• Science and Technology Directorate CSD standard.
5. Sealed-Door Standard
Perhaps, the dumbest policy, model, or standard of all is the sealed-door standard. No scientific or empirical data are necessary to demonstrate its weakness. It was the outcome of DHS’ inability to develop and alternative. For some time now, when treating conveyance security devices, both DHS and CBP have focused on only doors. First, in November 2005, a Request for Information (RFI), an information-gathering and planning vehicle used by DHS in support of Customs and Border Protection, Johns Hopkins University’s Applied Physics Laboratory on behalf of DHS stated, The purpose of this request is to gather information to identify and evaluate available state-of-the-art container and trailer tracking devices suitable for in-bond shipments. The level of sophistication needed and stated in the RFI seems clear.
Sensing
(a.) The container and trailer security device must be able to electronically detect closing and opening of either door of the container/trailer. Monitoring the door status must be continuous from time of arming to disarming by authorized personnel.
The former Commissioner of CBP, Ralph Basham, diverged from his predecessor and said in 2007 that “… any device developed to monitor the security of a shipping container must be able to detect unauthorized intrusions anywhere on the container, not just through the doors, to be part of a layered defense strategy in securing the global supply chain….I'm saying that just because you have a device that secures the doors does not mean that the container is secure. It just means that the doors are secure and not the whole container. If technology is being developed it should be toward making sure the entire container is tamper proof."(1) But, in the same year on December 18, as posted in American Shippers NewsWire, Basham’s boss, Homeland Security Secretary Michael Chertoff went to the other extreme by saying Therefore, effective Oct. 15, 2008, we expect to have the requirement in place mandating that all containers be secured with a standard bolt seal. Or, in my words, let’s just bolt the doors. And, one week before Chertoff’s deadbolt-the-doors statement, CBP released an RFI on its Conveyance Security Device (CSD) requirements. This RFI, like the one two years before, is still focusing on “doors only” in spite of Commissioner Basham’s statement on the need to secure the whole container. It is also interesting to note that the new 2007 RFI is still referencing the old “in-bond” shipment problem known to it and acknowledged in 2005, essentially admitting that for two years CBP has failed to address the in-bond security issue, therefore, ignorant of how many in-bond shipments were accessed during their travel through the United States, or for that matter what was really in placed the in-bond containers at their foreign origin. In the face of fairly clear direction contained in the SAFE Port Act of 2006, DHS and CBP failed to move at the pace specified in the law with respect to container security. They are also inconsistent with and lag behind the progress of the private sector in moving away from doors-only detection and reporting. The private sector already has affordable technology that begins “at-stuffing” with the verification of contents and identification of the verifier, “all-sides” detection of entry and satellite communication and control through to destination, including the identity of the authorized agent opening the container. One such system was demonstrated between Bremerhaven, Germany and Port Everglades, Florida in December 2006. Although the Germany-U.S. pilot was for demonstration purpose, in reality the system actually caught thieves stealing from one of the containers and it located one of the containers unintentionally lost in transit. DHS is so far behind industry in container security that its decision-making in this area is anything but confidence-producing.
Two important observations must be addressed here. First, CBP acknowledges that the doors-only concept is flawed and unworkable. Second, CBP acknowledges that it is ignorant of existing security systems that detect and report access to any part of the container, including doors! The conclusion: Doors-Only, while still our standard, is fatally flawed and constitutes a vulnerability still not addressed!
6. The RFID Standard
It seems that RFID – the short term used to refer to radio frequency identification – has become the current “buzz word” among some of the largest retailers and importers in the country. Wal-Mart and Target are just two of the giants discussed in the literature. Recently, an A. T. Kearney report entitled Smart Boxes (1) lauded the potential and actual use of RFID for certain supply chain applications. However, the application of RFID to container security and port security is less laudable, less effective, more costly, and certainly questionable as a primary means of international transportation security for containers. RFID applications, whether active or passive, have very clear weaknesses and impediments to usage in a worldwide context. The impediments are these: the absence of agreement on RFID worldwide standards; its land-based character and historical nature; its acquisition rights to real property for antenna placement, its cost, control, and maintenance of fixed antennas and related infrastructure; divergent world frequencies; and divergent RF (Radio Frequency) protocols.
Seriously considering these applications is not only foolish, but also dangerous, again putting into question CBP’s knowledge of what constitutes smart box security. The use of almost any Radio Frequency applications to container security becomes, in effect, an Improvised Explosive Device (IED) if the container carries a bomb. The RF signal can trigger that bomb when that container arrives at one of our ports. The only difference between this IED and those used by terrorists, is that our own U.S. personnel “pull the trigger” causing the explosion! On November 13, 2007 a small team of private and public sector scientists along with security and bomb experts performed a controlled blast in a container at a municipal bomb range. At the range, a detonator and a small amount of explosives were placed in the container. A transceiver, like the ones used by our CBP and DOD and operating on frequencies mandated by the Federal Communications Commission (FCC), sent a normal signal interrogating the container as is done everyday at our ports. The explosives in the container detonated. In simple terms, there is now scientific evidence that the use of RFID technology approved for container security and employed today by CBP at all of our seaports and land ports-of-entry can be used as an IED trigger, an indisputable fact unknown to CBP.
What was exceptionally relevant in this demonstration was that it showed that encrypting data as required in CBP’s new RFI would not prevent the triggering of the explosives. Of course, maybe CBP doesn’t know this either. If it did know, one would assume it would immediately stop RFID usage at our ports until a fix to the vulnerability was found. The truth has to be that CBP’s leadership is uninformed. But this begs the question: how is that possible? The following may explain the ignorance factor. CBP, DHS, the Office of the Secretary of Defense (OSD), the Government Accountability Office (GAO), the Coast Guard, multiple port authorities, and congressional offices were invited to witness the blast demonstration. CBP was not only invited in writing but also by telephone. CBP, DHS, GAO, Coast Guard, and the port authorities refused to attend. One congressional office and specifically relevant and important OSD personnel did attend. As a result, OSD stated in writing that the demo was valid and confirmed the findings that current RF signals used today can act as an IED trigger. Additionally, because of the poignancy of this demonstration, a follow-up meeting of Congressional staff, private sector security, and scientific experts was called by a U.S. Congressional Representative for the first week of January, 2008 to address this vulnerability. Yet, in the face of known risks, CBP is continuing to use RFID as a standard at our ports, demonstrating its ignorance of this vulnerability or its lack of concern over it.
(1) Passive RFID devices respond only when activated by an outside signal emitted from a transceiver. A passive device has no independent power supply. An active RFID device has its own power and can emit a signal on its own without having to be triggered by a transceiver.
NEXT WEEK: Part Four; In-bonds standard; and the Science and Technology Directorate CSD standard.
LAST WEEK – Part Two; CBP’s Container Management Standard; and CSI and The 24-hours Manifest.
FIRST WEEK – Part One; CBP’s False Positive Standard, and Legislation on 100% Scanning.
• About Dr. Giermanski:
Dr. Giermanski is the Chairman of Powers Global Holdings, Inc. and President of Powers International, LLC, an international transportation security company. He served as Regents Professor at Texas A&M International University, and as an adjunct graduate faculty member at the University of North Carolina at Charlotte. He was Director of Transportation and Logistics Studies, Center for the Study of Western Hemispheric Trade at Texas A&M International University.
Dr. Giermanski is co-inventor of a patent issued in the U.S. and in 32 other countries connected to transport container security. He is a recognized expert in global supply chain and container security by the World Bank and the World Customs Organization (WCO). He has frequently given invited testimony on NAFTA, transportation, and other international business issues before the U.S. Senate and House, the Texas Senate and House, EPA, and the U.S. International Trade Commission. He served as the co-chairman of the Texas Transportation Committee of the Task Force to prepare for NAFTA, sat for 5 years on the Texas Office of the Attorney General’s Trans-border Trucking International Working Group, and for three years as a member of the Research Advisory Committee on Management and Policy, Technical Advisory Panel, Texas Department of Transportation. He consults on international transportation and transportation security, border logistics, and trade matters involving Mexico, and has served as a border expert to assist the Arizona Department of Transportation in developing concepts and practices to improve the border crossing activities on the Arizona-Mexico border. And at the request of the White House, Council of Economic Advisors, he provided insight on trade issues and barriers on the southern border.
He has authored over 130 articles, books, and monographs with most focusing on container and supply chain security, international transportation and trade issues and for five years wrote the International Insight column in Logistics Management. He has appeared nationally as a special guest on the FOX News Channel’s Special Report with Brit Hume, CNN, NBC, CBS, NPR, BBC, Voice of America and the Canadian Broadcasting Corporation in addition to many local and regional affiliates.
Finally, with his background as a former FBI special agent, OSI special agent and a Colonel in the Office of Special Investigations where he handled counterintelligence matters, He currently provides transportation security lectures on C-TPAT, and other Customs and Border Protection (CBP) programs.
Dr. Giermanski has a Masters degree from the University of North Carolina in Charlotte, a Masters from Florida International University, and a Doctorate from the University of Miami. He is a graduate of Air Command and Staff College, and The Air War College. And while serving as a visiting scholar at the Center of Aerospace Doctrine, Research, and Education, (CADRE), an Air Force think tank, he wrote a book on the counterintelligence training of Air Force Office of Special Investigation Special Agents which was published by the Department of Defense.