Containing Risk
Every organization responsible for security at America’s seaports battles its own particular terrorist nightmare.
Officials at Customs and Border Protection (CBP) are concerned about cargo containers. What if a terrorist loaded a nuclear bomb into a container and shielded it to avoid detection?
Some suspect that terrorists do not have the technical ability to assemble a nuclear weapon, but they could clearly build conventional explosive devices. What if a terrorist group acquired a quantity of radioactive material, packed it into a container with conventional explosives and produced an explosion that could contaminate a major seaport with radiation for decades?
Port operators worry about containers, too, but they have by and large left that problem to CBP, which is an agency within the Transportation Security Administration. Port operators — and the U.S. Coast Guard — worry about a suicide bomber in a vehicle packed with explosives: a truck by land, a speedboat by sea, or a plane by air. What if a bomb-laden vehicle rammed a ship or a building?
The Coast Guard routinely inspects and assesses the security of U.S. ports in accordance with its responsibilities under U.S. law. Every regulated U.S. port facility must implement a security plan that controls access, verifies credentials of port workers, inspects cargo for tampering, designates security responsibilities, trains, and reports all security breaches or suspicious activities.
But officials continue to have nightmares.
In a new book, The Edge of Disaster, author Stephen Flynn, a senior fellow with the National Security Studies Program at the Council on Foreign Relations and an internationally known expert on trade and transportation security issues, imagines a coordinated attack on tankers carrying liquefied natural gas (LNG) into harbors at the Ports of Boston and Long Beach. What if terrorists in speedboats packed with radioactive material made a swift 30-second surprise assault on the tankers? Before patrolling Coast Guard boats could fire, bombers in two speedboats in each harbor could attach powerful explosive devices to the hulls of the tankers and set them off.
The charges would blow holes in the tankers’ LNG tanks. The heat of the explosion would cause the gas to catch fire. The ship would blow up and take the speedboats with it. Plumes of radiation would spew into the atmosphere.
Before 9/11, security operations in seaports around the world barely considered the need to prevent a terrorist attack. Since 9/11, those responsible for U.S. seaport security have thought of little else.
“Before 9/11, our mission was to stop dope smuggling,” says Patrick Simmons, deputy director for non-intrusive technology with Customs and Border Protection (CBP). “Our mission statement now says that our number one mission is anti-terrorism.”
Before 9/11, port officials, like all business executives, sought ways to move incoming and outgoing goods faster and more efficiently through their ports. Today, they have the additional responsibility of devising (and often funding) security strategies to prevent terrorist attacks and to keep the ports open for business.
Technology Is Watching
Seaports have enormous, rambling perimeters, much of it along water. Trouble can arrive from land, sea or air.
Ports also offer up complex, busy environments with lots of moving parts. The nation’s largest ports deal with passengers as well as cargo containers, maintain huge storage facilities, employ massive cranes to move containers onto and off of ships, and support connections with rail and truck terminals.
How does a port operator with a limited budget for security establish a perimeter, patrol a port, and provide for security without interrupting the free flow of trade?
“The larger the facility, the more cameras are required,” says Mariann McDonagh, vice president of global marketing with Verint Systems Inc., a video analytics provider based in Melville, N.Y. “The Port of Houston, for example, has a 52-mile perimeter and uses more than 1,000 cameras. An average port will use 200 to 300 cameras. No security staff can watch all those cameras.”
The technological eyes of video and infrared cameras and radars have begun to keep up, and the capabilities of these systems are steadily improving.
Video cameras can monitor everything on a clear day. Infrared cameras can take over at night. Fog and severe weather may require the radar to stay in touch with perimeter.
Some large ports have installed video analytics software capable of responding to events. According to McDonagh, Verint technology is now scanning perimeters in approximately 50 seaports around the world, including the Ports of Houston, Los Angeles, Baltimore, and Galveston in the United States. The Port of Houston, an early adopter of video analytics three years ago, recently installed the second generation of video analytics technology.
“Intelligent systems are doing three things: identify threats, enable a response (by alerting security), and facilitate post-event investigation,” McDonagh says. “The port has to define potential security breaches” for the video analytics to look for.
A breach might, for example, occur at the water perimeter with the sudden appearance of a couple of small, fast-moving boats. A breach might occur when an X-Ray scanner discovers possible explosive material and alarms the video system.
When something happens that a video analytics system has been set to watch for, the system will click over from low to high-resolution video and send video to monitors in the security center. It may also distribute the video to law enforcement agencies. It may page officials. It may push video to handheld devices carried by security officers.
These systems also integrate with other systems. A video alarm can cause barriers to raise or lower, sound sirens and shut down access-controlled doors. “System responses are only limited by imagination,” McDonagh says.
The TWIC Security Layer
Video analytic systems stand watch at the perimeter, and access control systems stand watch at the docks, ensuring that only authorized workers enter secured areas.
At the end of January, Bethesda, Md.-based Lockheed Martin won a contract to supply 750,000 maritime workers with Transportation Worker Identification Credentials (TWIC) within 16 months. During the five-year contract, Lockheed Martin expects to enroll 1.1 million port workers in the program. Workers will pay $137.25 each for the credentials.
The high cost comes from the smart card technology designed into the credential. “Ports today use a variety of technologies,” says Jon Rambeau, director of identity and access management solutions with Lockheed Martin’s Transportation and Security Solutions unit. “The purpose of TWIC is to provide security and consistency across all ports. The credential uses two authenticating technologies: biometrics and cryptographic PKI.”
While not part of the federal government’s FIPS 201 smart card program, TWIC is similar.
More than a card, TWIC is a program that includes background checks consistent with federal standards. “The federal government wants to make sure that everyone with unescorted access to secure areas of ports has undergone a comprehensive background check,” Rambeau says.
TWIC cards store two fingerprint templates to provide biometric authentication in addition to the digital certification.
The cards also employ Personal Identification Number (PIN) authentication. “You can use one-, two-, or three-factor authentication,” Rambeau says.
But it is still early in the TWIC program. For now, those who receive cards will flash them at a security officer to gain entry. According to Rambeau, the government will soon issue a reader specification for public comment later this year.
Containing Containers
While port operators and the Coast Guard secure the ports, CBP and shippers have been working to secure the 18 million cargo containers constantly circling the globe. Estimates suggest each cargo container takes 10 to 12 trips per year for a total of 200 million annual cargo container journeys.
Nearly 11 million containers arrive in U.S. ports every year. All of them are screened before being loaded onto a ship bound for the United States.
Under the 24-hour rule instituted several years ago, container manifest information must be provided to CBP 24 hours before containers are loaded onto vessels at foreign ports. Using advanced software, CBP screens the manifest and shipper information. Cargo determined to be “high-risk” is inspected at the foreign port or upon arrival into the United States. Facilitating the process is a CBP program called the Container Security Initiative (CSI), which stations CBP officers at foreign ports to carry out inspections.
Another CBP initiative called Safe Freight will undergo pilot testing this year. Under this plan, fiber-optic communications systems will transmit gamma and X-Ray images from scans made at foreign ports to CBP personnel in the United States, with the goal of reducing overseas personnel assignments.
About 5 million containers — 45 percent of the total delivered to U.S. ports — arrive at one of 14 major container terminals at the Ports of Long Beach and Los Angeles in Southern California each year. That’s about 26,000 containers per day.
Upon arrival in Long Beach/Los Angeles, suspect containers that were not scanned at their port of embarkation are scheduled for inspection by one of seven advanced radiation scanners. “We have four gamma systems, a conventional X-Ray system and two high energy X-Ray systems,” says Todd A. Hoffman, the CBP port director for Long Beach/Los Angeles.
According to CBP’s Simmons, about 90 of these scanning systems have been deployed across the U.S. network of seaports. Ports tend to deploy mobile scanners installed in vans capable of scanning 100 containers per hour, as well as high-energy inspection systems capable of carrying out detailed analyses of about 25 containers per hour.
“Each device has a different purpose,” says Joe Reiss, vice president of marketing with American Science and Engineering Inc., a scanner manufacturer based in Billerica, Mass. “Vans help look for smuggled goods and stowaways. High-energy X-ray systems can penetrate densely loaded containers and offer the most reliable means of detecting contraband and threatening materials such as weapons and explosives hidden in cargo containers, tankers and large vehicles.”
Before leaving port by truck or by train, CBP wants all containers checked one more time for radiation. Since 9/11, the agency has installed 333 radiation portal monitors (RPMs) at ports. RPMs consist of two walls (made of two panels stacked on top of each other) set up at the width of a truck lane. Vehicles loaded with containers drive between the walls. Vehicles that pass are waved through and go on their way.
Vehicles that set off a radiation alarm are inspected more closely, with handheld radiation isotope identifier (RIID) wands that can differentiate among radiation types. For example, ceramic tiles radiate thorium, a form of radiation considered harmless.
“In mid-December we reached a milestone where every container that arrives here from an international port is screened before leaving the port for a domestic destination,” says Hoffman.
While that sounds good, there are problems with what CBP calls nuisance alarms. Since 9/11, inspectors have resolved 151 million RPM alerts. Some 800,000 of those alarms required opening the container. Officers with RIID wands resolved the rest by determining the type of radiation and checking the manifest. Ceramic tiles, bananas, cat litter and a host of other everyday materials emit forms of radiation that set off radiation portal monitors. Each of those nuisance alarms must be investigated.
Hoping to reduce the rate of nuisance alarms, CBP is testing a new generation of scanners called advanced spectroscopic portals (ASPs) at Pacific Northwest National Laboratory in Richland, Washington. In fact, the tests are being carried out on a second generation of ASP. The first generation was heavily criticized in a General Accounting Office report citing a high rate of nuisance alarms.
Business Strategies To Keep Commerce Moving
Containers that must be stopped and specially inspected slow commerce and harm legitimate companies whose containers are consistently inspected. This problem spawned a CBP program called the Customs-Trade Partnership Against Terrorism (C-TPAT).
A company that applies for C-TPAT undergoes a rigorous background check that includes past compliance history and the development of a security profile. The company must also meet exacting international supply chain security standards — which are validated by CBP.
Cargo from companies that have earned C-TPAT status receives expedited handling at ports. According to CBP, 10,000 companies have applied to C-TPAT. More than 5,600 companies have been certified as having implemented acceptable security measures. Nearly half of these companies have had their supply chains validated or have validations under way.
Adapting Supply Chain Technology To Port Security
Private companies have also begun to adapt RFID tracking systems to the requirements of modern security in the hopes of reducing or avoiding delays at ports and other transfer points along the supply chain.
Savi Networks, Mountain View, Calif., sells radio frequency identification (RFID) tracking systems to manufacturers and importers who want to track shipments through the supply chain. These systems attach an active RFID device to a cargo container. The device communicates with sensors that Savi has installed at terminals and ports around the world. When a customer’s container passes a sensor at a seaport, the RFID device on the container gives an identification number to the sensor, which passes that information to a Web site maintained by Savi and accessible by customers.
“We can provide data in several ways to customers,” says Steve Sewell, senior vice president at Savi. “A customer could look it up at our Web site. The system could send email alerts. Or we could integrate it into their existing system.”
The transmission could send an identification number with or without additional data such as purchase orders, shipment orders, the names of shippers and receivers, when the containers were loaded, and more.
Savi RFID tags connect to and communicate with other devices that provide information related to security. Container security devices (CSDs) placed inside a container might, for example, record if and when the container is opened, if and when the humidity or light levels change, if and when the container suffers a shock of some kind. “All of this data can be tracked,” Sewell says.
Bradenton, Fla.-based GE Security has introduced a product called CommerceGuard, which focuses RFID technology on security. “We have taken a main security vulnerability — breached containers — and solved that problem for about $15 per container trip or less than 1 percent of shipping costs,” says Randy Koch, general manager for cargo security with GE and CEO for CommerceGuard.
Like Savi’s RFID devices, the CommerceGuard system communicates with sensor installed at transfer points throughout the logistics system. According to Koch, GE Security has installed a network of sensors in 18 ports globally and several dozen overseas distribution centers.
A GE Security CSD attaches to the door of a container and reports when a container has been securely armed to detect intrusion; when an authorized person disarms and rearms the CDS; and when an unauthorized person opens the container. Sensors along the route pick up this information, while recording the container’s progress along its logistical route.
The CSD design includes expansion ports that can accept inputs from other sensors and communicate additional information to shippers. These other sensors might be designed to detect the presence of radioactive, explosive, narcotic or other kinds of materials.
CBP has taken an interest in the Savi and GE Security concepts and is studying CSD systems. “We’ve made no decision about mandates,” says Simmons. “But if CSDs fit our requirements, we might integrate them into our C-TPAT program as another assurance about a container.”
In the end, several different entities have taken a share of the responsibility for helping to avoid a nightmare scenario at an American seaport.
Are they doing the right things? Are these measures enough? What else can be done? Perhaps it is important to return to these fundamental questions after each step forward.
